In TCP the attacker can anticipate what you send and send you faked acks, probably even trick you to send data on much faster rate than what you otherwise would do.Good point. We need something to protect against that.The checking just takes on round trip, and you can even piggypack your regular data.Yes, that would be a good way to handle it. Do you agree that doing this at the time the first choice address becomes unavailable makes more sense than doing it at the time of initialization?
From the security point of view it doesn't make much difference whether you make the check in the beginning or when the first choice address becomes unavailable. What is important is that you can strongly bind the existing connection between the first address pair to the secodary addresses, and that you check the validity of the secondary address before sending any larger amounts of data. --Pekka