Re: security requirement for multi6

[Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>]

marcelo;

> Let me see if i understand what you are saying: (please correct me if i am
> wrong, (i know you will ;-)
> - you assume that all communications will use DNS to obtain addresses
> - DNS is susceptible to temporary MITM attacks
> - so, the proposed solution should not protect against temporary MITM
> attacks since they are already there.
>
> is this right?
>
> Well i don't know if the first one is a reasonable assumption.
> This would imply that we would be actually make the internet weaker, since
> you won't be protected from temporary MITM attack eevn if you don't use DNS.

My point is that temporary MITM attacks are no new and common.

If you don't like DNS, consider temporary MITM in FTP control
channel to redirect data connection.

Or, consider temporary MITM compromise a host in the middle, which
works as a MITM to do anything.

Prevention of connection hijack against a temporary MITM
is not a requirement, at all.

> If it weren't we could just use MIPv6 and end of the story

At Vienna, I gave three reasons on why MIPv6 is hopeless
and can not be used for M6.

As you agreed with me:

> >>A point is that a set of locators of a host is stable, which
> >> makes the requirement different from that for mobility.

> This assumption does not take into account a renumbering event, but i agree
> that this is common scenario.

Difference of security model requirement makes security mechanism
different.

The only interaction I can see so far between mobility and
multihoming is that they should use same packet format, which
should address the MTU problem of mobility forwarding.

						Masataka Ohta

PS

Renumbering can be addressed by making DNS query again after
TTL expiration or by sending set of locators in TCP option again,
though I'm not sure it worthes the effort.