On 4/7/17, 5:30 PM, "Les Ginsberg (ginsberg)" <ginsberg(_at_)cisco(_dot_)com>
wrote:
Les:
Hi!
System-id duplication is a problem for any deployment - not just autoconfig
deployments. And it will be disruptive in any network until it is resolved.
The only thing autoconfig has added is a way to resolve this w/o manual
intervention. This in no way increases the vulnerability nor the disruption
the
attacker can produce. (Yes - I state that quite intentionally).
I don’t know about Robert, but that is part of the discussion I would like to
see.
Yes, duplicate system-ids have always been a potential problem, but this
document introduces a new de-duplication mechanism that results not just in
unsync’d databases, but in restarting adjacencies – so at least the
manifestation of the problem is different.
So you are asking us to repeat a discussion which has already been held in
the context of
RFC 5304 and RFC 5310.
It would be more appropriate to add the normal reference to RFC 5304/5310 in
the
Security section than what you propose.
I don’t think it hurts to add a reference to those RFCs, but they are both
about adding authentication – the problem in this document is exacerbated by
the fact that there’s no authentication by default.
The lower layer authentication mechanisms are quite weak, specially knowing
that, if in a home environment, for example, it may be relatively easy to
connect to the WiFi network.
Alvaro.