Re: [RAM] Tunnelling Route Reduction Protocol

[jnc at mercury.lcs.mit.edu (Noel Chiappa)]

    > From: "William Herrin" <bill at herrin.us>

    >> an obvious path to take in looking for delay improvments, which is
    >> to 'piggyback' the reverse mapping information on the connection
    >> opening.

    > There are several potential problems but the most serious is
    > authentication.

Yeah, I know - I've been doing some thinking in this area myself recently.
I know about the authentication - what are the other problems?

    > Theoretically a man-in-the-middle attack is possible, but
    > operationally it has proven to be a non-issue.

Well, there's also plain DoS - someone sends a packet claiming to be from
X, with a mapping for X, and the mapping is bogus, and sends the traffic to
somewhere random, or non-existent.

(Or by MITM did you mean that a bogus mapping would send the reply traffic
somewhere, which inspects it, and passes it on? I assumed you meant MITM in
procuring the binding, not MITM in the ensuing user data traffic stream.)

    > I can never trust data encoded in a random received packet to give me
    > valid route to a particular destination without first applying a
    > fairly elaborate authentication scheme.

Yes, that's the problem I'm struggling with ... :-(

	Noel

_______________________________________________
RAM mailing list
RAM at iab.org
https://www1.ietf.org/mailman/listinfo/ram