[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: about draft-nordmark-multi6-noid-00



> Red herring.
> 
> Encapsulation and notification formats are a merely minor issue
> of multihoming.

Thanks for sharing, but being able to do this without making security
worse than in the current Internet is a challenge. See 
draft-nordmark-multi6-threats for an initial cut at the threats that we
need to be concerned about.

You might believe that security is a minor issue that can be added
as an afterthought but experience has shown that this
is not the most efficient and expedient way to design secure enough protocols.

> It should also be noted that changes on host identification
> (from IP address to something else such as FQDN) means a
> protocol change at upper (at least at the transport) layers
> that "all upper layer protocols can operate unmodified" is
> a false statement.

I honestly disagree.

> It is really a wast of bandwidth to read poor proposals not
> understanding requirements described in my drafts long ago.

The tone of your note in general and this sentence in particular makes
me wonder what you want to accomplish in this working group.
Can we please have a civil discussion!!!

> Do read the drafts.

I did. And I understood them I think. But they didn't seem to address key
important issues like redirection attacks - saying "cookie-based weak security 
for a host authorize changes of locators of its peer." is missing all the
details of the complexity of providing this without introducing new (DoS)
attacks, and is probably too weak since it would make redirection attacks much
easier to perform and harder to detect than in today's Internet.
 
  Erik