Lorenzo Colitti <[email protected]> wrote:
david> Is there any data that shows ICMP (and its insecurity) being used
david> for off-path attacks like this today? Networks (as they do today) may
david> just filter out ICMP they don't support from the edge.
> Regardless of whether this is happening today, it seems unwise to
> propose something with an obvious security hole like this. The risk is
> that we do a bunch of work and then security review tells us "?REDO
> FROM START".
We have secdir secretary Tero on the list now...
Even if offpath attacks are challenging, given typical coffee shop wifi,
on-path attacks are trivial.
The ICMP is a hint. That's also good for many reasons involving rate
limiting and idempotency.
(Sorry I missed the WG session. IASA2 was more important)
--
Michael Richardson <[email protected]>, Sandelman Software Works
-= IPv6 IoT consulting =-
Attachment:
signature.asc
Description: PGP signature