[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
security requirement for multi6
- To: multi6@ops.ietf.org
- Subject: security requirement for multi6
- From: Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>
- Date: Tue, 11 Nov 2003 13:37:20 +0900
- User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)
Here is the security requirement for multihoming with or without
DNS.
A point is that a set of locators of a host is stable, which
makes the requirement different from that for mobility.
That is, if a set of all the locators of a host is obtained
with certain security, it's OK. Peer of the host should accept
any locator in the set.
With DNS, a set of all the locators of a host can be simply
obtained as a RR set with reasonable security. Those insisting
on more complex security may use secure DNS (though secure DNS
is impractical to deploy).
Without DNS, a cookie and a set of all the locators of a
host should be exchanged with the peer as 3 way handshake
at the beginning of a communication. The cookie is to prevent
DoS with source address spoofing. The handshaking may be
performed as a special protocol or piggybacked on an existing
protocol. Especially, the handshaking may be piggybacked on
initial 3 way handshaking of TCP with sequence numbers as cookies.
Even with DNS, the set of locators may still be exchanged, in
which case, DNS reverse-forward lookup should be used
to verify the set.
As the entire process is light weighted (unless secure DNS is
used, which is one of a reason why secure DNS is impractical),
further attempt of DoS prevention is unreasonable only
to increases the chance of DoS.
Masataka Ohta