[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Comments on draft-crocker-mast-proposal-00.txt

To: Dave Crocker <dcrocker@brandenburg.com>
Subject: Re: Comments on draft-crocker-mast-proposal-00.txt
From: Erik Nordmark <Erik.Nordmark@sun.com>
Date: Fri, 12 Sep 2003 10:38:46 -0700 (PDT)
Cc: multi6@ops.ietf.org
In-reply-to: "Your message with ID" <11438719956.20030906195815@brandenburg.com>
Reply-to: Erik Nordmark <Erik.Nordmark@sun.com>

> I had not known about the Purpose-Built Key internet-draft.  It seems perfect
> for the security MAST needs to provide, specifically to avoid hijacking the
> MAST association.

A perhaps useful data point is that during the exercise of securing MIPv6
binding updates to arbitrary correspondents I originally thought that
something  like PBK would be the result, but some careful anaylsis resulted in
a simpler  scheme which just uses 3-way handshake to effictive establish a
cookie. (Both PBK and MIPv6 with this technique are subject to MiTM attacks
by somebody on the path over which the packets travel, so the
resulting security is close to the same.)

YMMV - multihoming locator switching might have some other factors to
take into account when doing the tradeoffs on how to provide security.

  Erik

Follow-Ups:
- Re: Comments on draft-crocker-mast-proposal-00.txt
  - From: Dave Crocker <dhc@dcrocker.net>

References:
- Re: Comments on draft-crocker-mast-proposal-00.txt
  - From: Dave Crocker <dhc@dcrocker.net>

Prev by Date: Re: Mast vs HIP (was Re: Comments on draft-crocker-mast-proposal-00.txt)
Next by Date: Re: Mast vs HIP (was Re: Comments on draft-crocker-mast-proposal-00.txt)
Previous by thread: Re: Comments on draft-crocker-mast-proposal-00.txt
Next by thread: Re: Comments on draft-crocker-mast-proposal-00.txt
Index(es):
- Date
- Thread