On vrijdag, apr 18, 2003, at 00:13 Europe/Amsterdam, Mark Handley wrote:
If the management entity is a peer router at the other end of a link, one might decide that less stringent resync mechanisms are needed, if one does not assume a MITM attack capability.
The question is whether we need to be able to do man in the middle protection at line rate. If a man in the middle needs a real packet for every forged packet, it would be ok for the line cards to let these packets through and let the CPU do the strong crypto to detect this.I guess I think you need to assume MITM attack capability. Routers are quite often peered across LANs, and I wouldn't want to count on an ethernet switch for routing protection.