[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

security requirement for multi6

To: multi6@ops.ietf.org
Subject: security requirement for multi6
From: Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>
Date: Tue, 11 Nov 2003 13:37:20 +0900
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)

Here is the security requirement for multihoming with or without
DNS.

A point is that a set of locators of a host is stable, which
makes the requirement different from that for mobility.

That is, if a set of all the locators of a host is obtained
with certain security, it's OK. Peer of the host should accept
any locator in the set.

With DNS, a set of all the locators of a host can be simply
obtained as a RR set with reasonable security. Those insisting
on more complex security may use secure DNS (though secure DNS
is impractical to deploy).

Without DNS, a cookie and a set of all the locators of a
host should be exchanged with the peer as 3 way handshake
at the beginning of a communication. The cookie is to prevent
DoS with source address spoofing. The handshaking may be
performed as a special protocol or piggybacked on an existing
protocol. Especially, the handshaking may be piggybacked on
initial 3 way handshaking of TCP with sequence numbers as cookies.

Even with DNS, the set of locators may still be exchanged, in
which case, DNS reverse-forward lookup should be used
to verify the set.

As the entire process is light weighted (unless secure DNS is
used, which is one of a reason why secure DNS is impractical),
further attempt of DoS prevention is unreasonable only
to increases the chance of DoS.

						Masataka Ohta

Follow-Ups:
- RE: security requirement for multi6
  - From: "marcelo bagnulo" <mbagnulo@ing.uc3m.es>

Prev by Date: ipv6 / multi6 clash
Next by Date: Re: survivability, rewriting
Previous by thread: ipv6 / multi6 clash
Next by thread: RE: security requirement for multi6
Index(es):
- Date
- Thread