Issue 173: Significance of colliding peer-id/interface address attacks - nsis-ntlp issue tracker

Issue Title	Significance of colliding peer-id/interface address attacks
Document:	GIST Protocol Specification v11	Section:	4.4.2
Category:	Editorial	Priority:	Should Fix
Status:	Text Proposed

Created on 2007-01-30.21:48:38 by reh, last changed 2007-02-13.16:16:06.

Messages
msg491	Author: reh	Date: 2007-02-12.22:33:29
The text in 4.4.2 (first bullet) now simply reads: This will lead to multiplexing on an association to the wrong node if signalling nodes have colliding Peer-Identities and one is reachable at the same Interface-Address as another. This could be done by an on- path attacker; on-path attacks are discussed further in Section 8.7. 8.7 contains the old discussion of why we don't attempt to prevent off-path attacks non-cryptographically.
msg477	Author: reh	Date: 2007-01-30.21:48:38
The case of colliding interface-address and peer-identity should be described more objectively than simply being called a failure, and there should be a reference to the protection/recovery mechanisms. (Actually, protection/recovery in this case is intrinsically hard since this is a case of an on-path attack which we don't attempt to handle. This issue, and the related topic of peer node authentication, are discussed later in the security considerations section.)

History
Date	User	Action	Args
2007-02-13 16:16:07	reh	set	status: No Discussion -> Text Proposed
2007-02-12 22:33:29	reh	set	messages: + msg491
2007-01-30 21:48:39	reh	create