Re: Reasonable to use crypto in all communications? (Re: Fwd: Minutes/Notes)

[Pekka Nikander <pekka.nikander@nomadiclab.com>]

marcelo bagnulo wrote:
> > Hmm.  Good points.  The real question is whether the verifying peer
> > is able to make a distinction between a mobility and multi-homing
> > situation.  That is, if there is a real multi-homed host, it probably
> > has a set of fairly stable addresses.  However, there might be an
> > attacker that has a transient address but that claims that the transient
> > address is one of its stable addresses.  If it is able to convince
> > the verifying party that the transient address is a stable address,
> > that seems to open up time shifting attacks.
> Yes. However, the attack is only possible at the begining of the
> communication and it is not possible for the rest of the communication
> lifetime (which would be the mobility case)
Right.  However, the attacker is most probably able to select
the most convenient time to initiate communication.  Hence, I don't
see this much changing the situation.

> This is still less secure than regular IPv6 but the time that the nodes are
> exposed to attacks is much more limited. I do not know if this would be good
> enough, though.
The real question is whether there are attacks against standard
non-multi-homed hosts or flooding attacks against networks.
It looks like there might be.

I am starting to think that we would need a proper security
analysis on multi-address multi-homing.  I might be willing
to spend some cycles on writing a draft on that, but only
later in the fall  (starting from mid September or so).

--Pekka NIkander