Re: multi6-threats-00.txt vs. MIPv6 - different strength verifications?

[Erik Nordmark <Erik.Nordmark@sun.com>]

> No, this is no good at all. In multihoming, when a line goes down it 
> may not come back up again. Ever.

Yes, but a weak verification can be converted to a strong verification
at any time by invoking the strong verification mechanism (be it DNS
or CBID-based).

> This is susceptible to a "man listening at the sidelines" attack. 

You mean somebody which is on the path and can see the content of packets, but
is unable to prevent packets from being deliverd on the correct path?

> That's a relatively common capability.

Do you have examples where seeing the content of packets is possible or 
significanty easier than also being able to supressing the delivery of
packets or modifying the packets?

> However, we can do better than 
> this with by adding some hashing and gradual release of previously 
> secret information. This is only susceptible to actual man in the 
> middle attacks, but then so is everything else, as a MITM can always 
> blackhole traffic if nothing else.

Good point.
One can do a limited length hash chain and reveal it in reverse
reverse order as an improvement. If the chains are short enough (length 10?)
the cost of creating them might not be that significant; just run MD5 (or SHA1)
10 times. Should the chain run out, then one can fallback to the stronger 
verification.

  Erik