11. Security Considerations
Questo documento aggiorna IPv6 Neighbor Discovery e le specifiche 6LoWPAN/RPL correlate per consentire a un nodo di registrare un IPv6 prefix presso router vicini. I dettagli di protocollo essenziali sono conservati sotto dal testo RFC.
11. Security Considerations
This specification updates [RFC8505], and the security considerations
of that document also apply to this document. In particular, the
link layer SHOULD be sufficiently protected to prevent rogue access,
else a rogue node with physical access to the network may inject
packets and perform an attack from within.
Section 9 leverages AP-ND [RFC8928] to prevent a rogue node from
registering a unicast address that it does not own. The mechanism
could be extended to anycast and multicast addresses if the values of
the ROVR they use are known in advance, but how this is done is not
in scope for this specification. One way would be to authorize in
advance the ROVR of the valid users. A less preferred way could be
to synchronize the ROVR and TID values across the valid registering
nodes as a preshared key material.
In the latter case, it could be possible to update the keys
associated to a prefix in all the 6LNs, but the flow is not clearly
documented and may not complete in due time for all nodes in LLN use
cases. It may be simpler to install an all-new address with new keys
over a period of time and switch the traffic to that address when the
migration is complete.