[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Comments on draft-crocker-mast-proposal-00.txt



> I had not known about the Purpose-Built Key internet-draft.  It seems perfect
> for the security MAST needs to provide, specifically to avoid hijacking the
> MAST association.

A perhaps useful data point is that during the exercise of securing MIPv6
binding updates to arbitrary correspondents I originally thought that
something  like PBK would be the result, but some careful anaylsis resulted in
a simpler  scheme which just uses 3-way handshake to effictive establish a
cookie. (Both PBK and MIPv6 with this technique are subject to MiTM attacks
by somebody on the path over which the packets travel, so the
resulting security is close to the same.)

YMMV - multihoming locator switching might have some other factors to
take into account when doing the tradeoffs on how to provide security.

  Erik