[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: security requirement for multi6

To: "Masataka Ohta" <mohta@necom830.hpcl.titech.ac.jp>
Subject: RE: security requirement for multi6
From: "marcelo bagnulo" <mbagnulo@ing.uc3m.es>
Date: Tue, 11 Nov 2003 17:44:57 -0600
Cc: <multi6@ops.ietf.org>
In-reply-to: <3FB14B79.7050600@necom830.hpcl.titech.ac.jp>
Reply-to: <mbagnulo@ing.uc3m.es>

> So, a cookie is used by the initiating host to securely get a set
> of locators of its peer using the initial locator of the peer.
>
> Another cookie is used by the peer to securely get a set of
> locators of the initiating host using the locator initially
> used by the initiating host.

So if you don't use RR to verify address owbership for each of the locators,
could you explain me how do you deal with threats detailed in section 4.3.
Third Party Denial-of-Service Attacks of
draft-nordmark-multi6-threats-00.txt?

>
> >>As the entire process is light weighted (unless secure DNS is
> >>used, which is one of a reason why secure DNS is impractical),
> >>further attempt of DoS prevention is unreasonable only
> >>to increases the chance of DoS.
>
> > The remaining attack AFAICS, is how do you prevent connection
> hijack from an
> > attacker that intercept the initial three way handshake and
> then moves away.
> > Note that currenlty an attacker can only hijack a connection as
> long as he
> > stays in the path intercepting packets,
>
> Such a attack will be meaningful as a faked peer (server) of a
> host (client) initiating a connection.
>
> However, prevention of connection hijack against a temporary MITM
> is not a requirement, at all.

I think it is.
If it weren't we could just use MIPv6 and end of the story

[...]

>
> Considering that it is not realistic to type raw IPv6 addresses,
> it may be reasonable to assume that addresses are obtained from
> DNS or some electric media, in either of which case, the entire
> set of locators can be stored that there is nothing to worry
> about.

Let me see if i understand what you are saying: (please correct me if i am
wrong, (i know you will ;-)
- you assume that all communications will use DNS to obtain addresses
- DNS is susceptible to temporary MITM attacks
- so, the proposed solution should not protect against temporary MITM
attacks since they are already there.

is this right?

Well i don't know if the first one is a reasonable assumption.
This would imply that we would be actually make the internet weaker, since
you won't be protected from temporary MITM attack eevn if you don't use DNS.

Regards, marcelo

>
>
>

Follow-Ups:
- Re: security requirement for multi6
  - From: Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>

References:
- Re: security requirement for multi6
  - From: Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>

Prev by Date: Re: Bash IETF, not RIRs
Next by Date: Re: Bash IETF, not RIRs
Previous by thread: Re: security requirement for multi6
Next by thread: Re: security requirement for multi6
Index(es):
- Date
- Thread