[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: An idea: GxSE

To: Paul Francis <paul@francis.com>
Subject: Re: An idea: GxSE
From: Mohan Parthasarathy <Mohan.Parthasarathy@eng.sun.com>
Date: Wed, 20 Jun 2001 14:26:42 -0700 (PDT)
CC: "Jon \\(Taz\\) Mischo" <taz@tazlore.com>, multi6@ops.ietf.org
Delivery-date: Wed, 20 Jun 2001 14:28:15 -0700
Envelope-to: multi6-data@psg.com

<snip>
> >
> 
> Could you give me a clear explanation of your suggestion?  I don't
> understand it.
> 
> 
> Also, regarding Add IP (another message from you about SCTP came in while I
> reply to this one...), you can't do this securely unless there is a trust
> relationship.  Otherwise any spoofer can send a packet out of the blue with
> its GR and somebody else's SK and hijack the connection.  Maybe this is what
> you mean by "bind to the SK only"---allow any GR to be used once the SK is
> established?
> 
> The reason GxSE binds the whole list of addresses from the beginning is to
> prevent spoofing.  If we have the luxury of establishing a secure
> relationship between both ends, then may as well use HIP.
>
I don't understand how you would know about the whole list of addresses.
I assume that the trigger to add the list of addresses happens during
the beginning of the connection. Renumbering can happen always after
that so that your peer does not know your new address. Am i missing
something ?

-mohan
> 
> 
>

Prev by Date: Re: Regionally aggregatable address space for multihoming
Next by Date: Re: An idea: GxSE
Prev by thread: Re: An idea: GxSE
Next by thread: Re: An idea: GxSE
Index(es):
- Date
- Thread