[rbridge] What should be the goal in terms of security?
Joe Touch
touch at ISI.EDU
Wed Feb 2 09:42:57 PST 2005
marcelo bagnulo braun wrote:
> Hi all,
>
> after all the discussion about ARP and flooding and so on, i guess that
> an important point should be to clearly define what is the goal of the
> rbridge solution in terms of security. I mean it seems to me that the
> security provided by a router and the security provided by a bridge are
> quite different. I mean, in arp, hijacking a link layer address seems to
> be an important vulnerability, since it may allow sniffing and spoofing
> any interface of the cloud. Besides, the potential DOS attakcs that may
> result because of broacasts used for discovery may be important. All
> this issues are not present in a routed network AFAICT.
>
> So i guess that the first question is: an rbridge solution should
> provide the level of security of a bridged network or the level of
> security of a routed network?
>
> If the goal is to replace routers by rbridges, i would say that the
> routed network security level is required....
The goal, IMO, is to replace bridges by rbridges. rbridges ought to
provide no worse security than bridges, with better performance
(cross-section bandwidth, more than anything else IMO).
Joe
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 254 bytes
Desc: OpenPGP digital signature
Url : http://www.postel.org/pipermail/rbridge/attachments/20050202/8f72733d/signature.bin
More information about the rbridge
mailing list