Re: [RPSEC] rate limiting management traffic, redux

[Stephen Kent <kent@bbn.com>]

At 12:38 AM +0200 4/18/03, Iljitsch van Beijnum wrote:
> On vrijdag, apr 18, 2003, at 00:13 Europe/Amsterdam, Mark Handley wrote:
>
> > > If the management entity is a peer router at the other end of a link,
> > > one might decide that less stringent resync mechanisms are needed, if
> > > one does not assume a MITM attack capability.
> > I guess I think you need to assume MITM attack capability.  Routers
> > are quite often peered across LANs, and I wouldn't want to count on an
> > ethernet switch for routing protection.
> The question is whether we need to be able to do man in the middle 
> protection at line rate. If a man in the middle needs a real packet 
> for every forged packet, it would be ok for the line cards to let 
> these packets through and let the CPU do the strong crypto to detect 
> this.
Yes that is exactly the rationale underlying why it seems to be OK to 
not tie the authentication tag to the packet.

But, I interpreted Mark's comment to be a response to the question of 
what sort of attacks we have to worry about under restart conditions, 
where I suggested that we could relax the constraints after a crash 
where the sequence number info was lost.

Steve
_______________________________________________
RPSEC mailing list
RPSEC@ietf.org
https://www1.ietf.org/mailman/listinfo/rpsec