Re: multi-addressing review (was:RE: New multiaddressing review and new MAST draft)

[Dave Crocker <dhc@dcrocker.net>]

marcelo,

mb> The only considered threat is connection hijacking. I guess there much other
mb> issues to consider.

Thank you for raising this point.  I'll start by commenting that I expected
folks to take exception with the paper, on this matter, and that I think it is
extremely important to have consensus about the security issues that need to
be covered for multiaddressing.

I took an extreme position, in the paper, because I think we need to make sure
that the number and type of security issues are kept to the bare minimum
necessary.

The key question is:  What are security issues are created by
multiaddressing and alter the existing IP security?


mb> However, it is also important to consider the
mb> new threats that the adoption of multi-addressing mechanisms means for other
mb> hosts in the internet (for instance non-mobile, non multi-homed hosts)
mb> For instance, flooding attacks, dos attacks.

However, existing IP is subject to these attacks, is it not?


mb> Other type of attacks should also be considered such as time shifting
mb> attacks.

What is a "time shifting attack"?


d/
--
 Dave Crocker <dcrocker-at-brandenburg-dot-com>
 Brandenburg InternetWorking <www.brandenburg.com>
 Sunnyvale, CA  USA <tel:+1.408.246.8253>