Re: Reasonable to use crypto in all communications? (Re: Fwd: Minutes/Notes)

[Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>]

Marcelo;

> > > Yes. However, the attack is only possible at the begining of the
> > > communication and it is not possible for the rest of the communication
> > > lifetime (which would be the mobility case)
> >
> > Right.  However, the attacker is most probably able to select
> > the most convenient time to initiate communication.  Hence, I don't
> > see this much changing the situation.
> 
> I think there is an important difference. As you mention, the attacker can
> initiate a new communication whenever he wants, but he cannot hijack an
> already initiated communication, which would be possible in the mip scenario
> by just sending a BU in an existent communication.

You are too optimistic. There is no meaningful difference.

A reasonable attacker will act as a MITM always hijacking new
communications. As the MITM relay them to legitimate peers most
of the time, you won't notice the presense of MITM.

Then, the attacker, at will, can suspend relaying and insert any
forged data into an already initiated communication.

> > I am starting to think that we would need a proper security
> > analysis on multi-address multi-homing.

So far, it is just a well known MITM attack no specific to multihoming.

							Masataka Ohta