| 7 | 7 | The primary and foremost question for a security analysis is: what environment (and thus threat model) does the system run in? Absent disclaimer, the Internet Threat Model of [https://www.rfc-editor.org/rfc/rfc3552.html RFC 3552] is assumed, and we have to consider that an attacker can modify, drop, or spoof any protocol message. It's important to consider the potential for off- vs. on-path attackers (e.g., as in [https://www.rfc-editor.org/rfc/rfc7430.html RFC 7430]), privacy considerations ([https://www.rfc-editor.org/rfc/rfc6973.html RFC 6973]), and the potential interaction with pervasive monitoring ([https://www.rfc-editor.org/rfc/rfc7258.html RFC 7258]). Additionally, a sufficiently powerful off-path attacker can become on-path using techniques like DNS poisoning and BGP hijacking. |
![(please configure the [header_logo] section in trac.ini)](https://www.ietf.org/images/ietflogotrans.gif)
