nsis-1----Page:12
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
|
Supplementary Question [Highlighted by a number of the security questions, but with a broader scope:] Should we document somewhere the benefits that an implementation can get in “dense deployment” modes Where every node can determine a priori the addresses of its signalling peers Example: if all peers are 1 IP hop away, addresses can be determined from the IP forwarding table Benefits include: Downstream routing state is trivial to store Route change detection is easier Could use certificates in TLS to verify that a peer really is the peer at a particular IP address Could secure against a number of on-path attacks Preference: don’t put this in the base specification! |