[Nfd-dev] PIB service causes remote registration of every prefix
Junxiao Shi
shijunxiao at email.ARIZONA.EDU
Thu May 7 07:02:22 PDT 2015
Hi Dave
There's no risk of cache poisoning.
The gateway router registers a route to the laptop only if the laptop user
owns the prefix, as proved by a certificate.
There's no increased risk of DoS'ing the certificate store (PIB service).
The DoS risk is the same when a laptop registers at least one prefix onto
the gateway router.
Yours, Junxiao
On Thu, May 7, 2015 at 6:12 AM, Dave Oran (oran) <oran at cisco.com> wrote:
>
> > On May 6, 2015, at 6:26 PM, Junxiao Shi <shijunxiao at email.arizona.edu>
> wrote:
> > 20150506 conference call discussed this problem.
> > We conclude that it's acceptable to remote register prefixes for all
> certificates, because certificates should be made available on the networks
> so that others can verify previously generated Data that references those
> certificates.
> > No design change is needed.
> >
> Does this open up a cache poisoning attack?
> Or a DoS attack against the routing to certificate stores?
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/nfd-dev/attachments/20150507/241e3445/attachment.html>
More information about the Nfd-dev
mailing list