[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: About draft-arifumi-lin6-multihome-api-00.txt (was Re: Call forpresentations)
On Wed, 2003-06-25 at 05:46, Arifumi Matsumoto wrote:
> Hi,
>
> > > Another question is related to security, i.e. how do you authenticate
> > > the addresses actually belong to the node that is claiming its
> > > ownership? This is a very important and difficult issue as far i can
> > > tell, and it should be addressed.
> >
> > This is also mentioned in the LIN6's draft above. In LIN6
> > layer, address information are exchanged and updated in
> > a secure manner using cookies exchanged through a location
> > query to the MA.
>
> I made a mistake at this point. This issue hasn't yet
> mentioned in this draft. But note that this simple
> cookie authentication mechanism has already implemented
I do not know what do you mean by simple, but i would say that security
issues related to multi-homing are very relevant and i am not sure that
a so simple solution would do the job. Check the mobileip security
issues which are addressing somehow related problems.
> in LIN6 so that every LIN6 node can notify his addresses to
> his correspondent securely.
> There is a paper on this cookie authentication mechanism
> submitted by LIN6 developers. But, unfortunately, this is
> in japanese only.
>
> I'm not sure whether the LIN6 draft will be updated or not.
>
I guess that this would be a problem for your draft, especially if the
solution relies on LIN6 undocumented security features (at least not
documented in English :-) since we will not be capable to understand the
security implications.
Regards, marcelo
> --
> Arifumi Matsumoto
>