[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: multi6-threats-00.txt vs. MIPv6 - different strength verifications?
Erik;
One case where MIPv6 is no weaker than today's Internet is that
an attacker which is on the path for a few seconds can, by modifying
DNS answer, redirect packets for weeks.
Correct if the attacker is on the path between the host and the DNS
infrastructure.
But part of the point is that
Your point is that you said "today's Internet".
there is a solution to make DNS more secure.
If you are talking about secure DNS, it was proposed even before
IPv6 and still is not deployed at all. And, there are reasons why
it is not deployed. In short, it is useless.
But, your argument is broken in other ways, too.
So, let's assume that we were talking about an imaginary IP network
where secure DNS were deployed and a pair of hosts were actually
using it for their forward and reverse domains.
Once that is starting to get deployed it would be nice if we haven't
designed a multihoming solution which makes the network less secure again.
Then, there is no reason to make some part of address of a host
a hash of host's public key, as the host can simply put its full
public key in DNS.
Then, the pair of hosts can and will exchange a session key with
which the communication, including parts for multihoming control,
is secured.
Still, you may argue that DoS of telling wrong locators should be
possible. But, you are wrong because MITM can issue as much DoS
as he wants regardless of security mechanism used. DoS by MITM,
agaist which cookies does not work, is fatally efficient, if
public key (that is, *EXPENSIVE*) cryptography is used.
Finally, as a set of locators of a host can be securely obtained
from secure DNS that there is no need to dynamically authenticate
the set, which is the fundamental difference between MIPv6 and M6.
That is, comparison to MIPv6 has been pointless, from the beginning
both on the today's Internet and the imaginary IP network.
Masataka Ohta