Middlebox Authentication & Integrity Issue A middlebox may combine, add, modify and remove metadata The original sender signature will be invalidated in some cases Solutions: Trusted (by sender) middlebox – re-signs using original authority Inter-domain trust issues Middlebox request to sender for new signing (post-modification) Middlebox just signs new and changed metadata Requires appropriately small fragmentation of metadata Possibly: changeable metadata as small fragments, and stable metadata as large fragments (most applications we have discussed do not use a middlebox) +----------+ +----------+ | IMG | | IMG | | Sender |---- ---->| Receiver | +----------+ \ / +----------+ \ / . \ +-----------+ / . . -->|IMG |----- . . -->|Transceiver| \ . / +-----------+ \ +----------+ / \ +----------+ | IMG | / ---->| IMG | | Sender |---- | Receiver | +----------+ +----------+ |