(Durable) Link identity is defined in terms of the tuple (source container id, target container id, name). As such if a connection is created to remote container C identifying itself as (local) container L, then that connection can recover (or steal) any durable links between L and R.

As such it is important that container identities are somehow tied to a security context. Each side in connection establishment should have some mechanism for verifying that their remote peer has the authority to claim the container-id they are presenting.