Re: Comments on draft-ietf-csi-proxy-send-01
Thanks for reviewing the draft!
Replying to your concern on the security considerations "t would be nice to have a warning text such as:
"Note that if a Secure Proxy ND is corrupted, it can impersonate all the node in the subnet in which it is
authorized to act as a proxy."
I wouldn't use the term impersonate -- the delegation certificate doesn't allow the proxy to impersonate
nodes (they're only used for SEND), only to issue ND signalling on their behalf. So a compromised proxy is
able, like a compromised router, to siphon off traffic from the host, or mount a man-in-the-middle
Looking at RFC 3971 for compromised router, it states:
SEND does not protect against brute force attacks on the router, such
as DoS attacks, or against compromise of the router, as described in
Sections 4.4.2 and 4.4.3 of [RFC3756].
(as a side note the sections number of RFC 3756 being referred to above do not exist, I believe it should say
4.2.2 and 4.2.3. Could be fixed in a revision of RFC 3971)
So maybe we want to say something like:
Thanks to the authorization certificate it is provisioned with, a proxy ND
is authorized to issue ND signalling on behalf of nodes on the subnet.
Thus, a compromised proxy is able, like a compromised router, to siphon off
traffic from the host, or mount a man-in-the-middle attack. As for SEND,
which does not protect against against compromise of the route as
described in Sections 9.2.4 of [RFC3971], Secure Proxy ND Support for