[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Reasonable to use crypto in all communications? (Re: Fwd: Minutes/Notes)
Marcelo,
Allowing an unprotected packet to set up or change
identifier -> locator mapping seems to be dangerous.
If this is dangerous, a possibility is to use some sort of crypto for each
node that you are communicating with in order to perform the binding. the
other possibility is some sort of RR check, as you mention below. Other
choices?
I am not aware of other possibilities, but of course there may
be others.
What comes to crypto binding, I am only aware of two possibilities:
Using asymmetric keys (or something similar) as primary identifiers,
or using CGA (or something similar). All the other solutions that
I know about require some kind of infrastructure, some kind of
an enrollment procedure, or both.
CGA is encumbered with IPRs, as we know.
Using public keys as primary identifiers is basically HIP.
Of course, you can design the exact details to be fairly
different from what HIP currently is, but it is most probably
very hard to do without a kind of four-way handshake without
opening serious DoS vulnerabilities.
The problem with RR check is that it has to be done periodically in order to
prevent time shifting attacks. However, in the multi-homed case, perhaps
this could be avoided. I mean, an important difference between mobility and
multi-homing is that in multi-homing all the possible addresses are known in
advance.
Hmm. Good points. The real question is whether the verifying peer
is able to make a distinction between a mobility and multi-homing
situation. That is, if there is a real multi-homed host, it probably
has a set of fairly stable addresses. However, there might be an
attacker that has a transient address but that claims that the transient
address is one of its stable addresses. If it is able to convince
the verifying party that the transient address is a stable address,
that seems to open up time shifting attacks.
--Pekka Nikander