Re: [DNA] Confirming today's face-to-face meeting decisions

[Erik Nordmark <erik.nordmark@sun.com>]

Sathya Narayanan wrote:

> Agreed. I thought about this - it has some advantages. My concern
> with this is, by allowing any router to respond, we are brnging back
> the problem of requiring random-delay before RA response. With the
> current AR being the 'chosen' one to respond first, we could have the
> other routers go through the normal (or preferably a new) random
> process and this will help with mitigating the packet loss problem as
> well.

Yes, but don't we want an immediate RA whether on the same link or on a 
different link? (Making sure we agree on the goal.)

If we do, we can't restrict things so that only an old router can 
respond, since on a new link the old router would not be present.
Thus we need to allow any router to respond and use some other technique 
to avoid the random delay. We have at least an existence proof that such 
techniques are possible in DET.


> Yeah - I was primarily referring to the Rtr-to-Rtr messages having
> different and possibly new set of concerns. I don't have any threat
> analysis on this either (thats why I was careful to qualify my
> earlier comment), but my gut feeling is that it adds new security
> requirements. I think we should look into this possible security
> overhead as part of the cost of doing link-scoped identifier.

You can't think about the security overhead without knowing what to 
secure which requires some idea of the threats. I don't think this is 
particularly complicated - just requires sitting down seeing what an 
attacker can accomplish by spoofing the linkid to the routers.

    Erik