[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: security requirement for multi6



> Prevention of connection hijack against a temporary MITM
> is not a requirement, at all.

I would like other opinions about this particular issue... does anyone care
to comment?

>
> > If it weren't we could just use MIPv6 and end of the story
>
> At Vienna, I gave three reasons on why MIPv6 is hopeless
> and can not be used for M6.
>

Sorry i remeber the following ones:
1) timing in mip is not compatible with multi-homing
My answer to this is that the idea is not to use mip as is, but use the
packet format and the CN route optimization capabilities. So mip timing is
not really being used, so i think this should not be an issue.

the next one would be security as you mention, right?

> Difference of security model requirement makes security mechanism
> different.

Well if you don't care about tmeporary MITM attacks, mip provides all the
security that you need, so i don't see a problem here

>
> The only interaction I can see so far between mobility and
> multihoming is that they should use same packet format, which
> should address the MTU problem of mobility forwarding.

Well as i mention above, not only packet format but CN route optimization
capabilities, which IMHO is the main benefit of using mip, (i.e. you don't
need to deploy new mechanisms in external hosts)
I agree that PMTU is an issue, but i would say that we could do some
optimizations to improve that, and that capability of re-using CN RO
capabilities outweights this particular drawback IMHO

Regards, marcelo
>
> 						Masataka Ohta
>
> PS
>
> Renumbering can be addressed by making DNS query again after
> TTL expiration or by sending set of locators in TCP option again,
> though I'm not sure it worthes the effort.
>
>
>