[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: An idea: GxSE



<snip>
> >
> 
> Could you give me a clear explanation of your suggestion?  I don't
> understand it.
> 
> 
> Also, regarding Add IP (another message from you about SCTP came in while I
> reply to this one...), you can't do this securely unless there is a trust
> relationship.  Otherwise any spoofer can send a packet out of the blue with
> its GR and somebody else's SK and hijack the connection.  Maybe this is what
> you mean by "bind to the SK only"---allow any GR to be used once the SK is
> established?
> 
> The reason GxSE binds the whole list of addresses from the beginning is to
> prevent spoofing.  If we have the luxury of establishing a secure
> relationship between both ends, then may as well use HIP.
>
I don't understand how you would know about the whole list of addresses.
I assume that the trigger to add the list of addresses happens during
the beginning of the connection. Renumbering can happen always after
that so that your peer does not know your new address. Am i missing
something ?

-mohan
> 
> 
>