[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: The state of IPv6 multihoming development

To: Peter Tattam <peter@jazz-1.trumpet.com.au>
Subject: Re: The state of IPv6 multihoming development
From: Iljitsch van Beijnum <iljitsch@muada.com>
Date: Sun, 27 Oct 2002 23:55:36 +0100 (CET)
Cc: <multi6@ops.ietf.org>
In-reply-to: <Pine.BSF.3.96.1021028074206.20854B-100000@jazz-1.trumpet.com.au>

On Mon, 28 Oct 2002, Peter Tattam wrote:

> The
> only security requirement that a MH solution needs to conform to would be
> equivalent to what we have in IPv4.  I believe this requirement is fully met by
> a syn/ack exchange of addresses on the primary addresses between the hosts.
> While this does not preclude a man in the middle attack steal the connection,
> neither does the BGP model preclude a man in the middle attack also in such a
> scenario.  I believe it could withstand a man on the side attack though.

This is a good point.

Sometimes the security people get carried away...

References:
- Re: The state of IPv6 multihoming development
  - From: Peter Tattam <peter@jazz-1.trumpet.com.au>

Prev by Date: RE: The state of IPv6 multihoming development
Next by Date: RE: The state of IPv6 multihoming development
Previous by thread: Re: The state of IPv6 multihoming development
Next by thread: The cost of crypto in end-host multi-homing (was Re: The state ofIPv6 multihoming development)
Index(es):
- Date
- Thread