[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: The state of IPv6 multihoming development
> > > If the level of trust is zero to begin with, there should
> > > be no problem extending this "trust" so a third party.
>
> > => Is this an argument for global PKI? Presumably
> > this protocol would work between arbitray sites?
>
> No, this is an argument for not building elaborate security
> mechanisms
> when there is nothing to secure.
=> Hmm, see below, now I have a _lot_ of questions :)
If someone who I don't
> know visits my
> web site
=> Why do you assume you don't know this someone?
or connects to my mail server, and then halfway through the
> session the connection is transferred to another IP addres,
> why would I
> care?
=> Because:
- The new source address (that you'll reply to) could be someone
else that will accuse you of bombing them
- Your server might be offering secure internet banking and
suddenly it's not so secure
- You might be a popular server and all of a sudden people
can't reach you because their traffic is diverted to a victim.
Maybe the victim will become popular :)
I'm pretty sure there are more reasons.
The only time this is dangerous would be when I
> communicate with a
> trusted host but if this trusted host tells me it has
> another address
> then presumably, I should trust this information as well.
=> Yes but how did you establish that trust?
The identifier used is the key problem here.
Hesham@ericsson.com tells you nothing about
whether I can divert traffic from 3ffe::1 to ABCD::1.
This is the exact problem we had in MIPv6.
Obviously
> things are different when someone at an address I don't
> know tells me
> she is a trusted host. Then she has to present credentials.
=> Careful how you pick "credentials".
> No, but that doesn't mean we have to start with this part. :-)
>
=> oh no, it's MIPv6 all over again :) trust me if you
don't start thinking about this early on it won't be fun later !
Hesham