Hello folks,
It would be simple enough to make some sort of end-to-end security with
positive effects. Not a cure-all, of course, but perhaps worthwhile.
Suppose that OrigNode and TargNode share a security association. Then:
a) OrigNode could include a signature as one of the RFC 5444 TLVs in the
RREQ, calculated including its sequence number
b) TargNode could do the same in the RREP.
This would at least assure each node that they were in communication
with a real partner, even if there were compromised intermediate nodes.
With a small bit of encouragement, I will write this up and submit it
straightaway. It does not need to include the method by which the
security association is established.
Regards,
Charlie P.
