[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: security requirement for multi6

To: Tony Li <Tony.Li@procket.com>
Subject: Re: security requirement for multi6
From: Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>
Date: Thu, 13 Nov 2003 13:48:25 +0900
Cc: Kurt Erik Lindqvist <kurtis@kurtis.pp.se>, Iljitsch van Beijnum <iljitsch@muada.com>, Multi6 Mailing List <multi6@ops.ietf.org>
In-reply-to: <D2EC481073504E498A8DB9C0687E8CAF08449855@EXCHANGE0-0.na.procket.com>
References: <D2EC481073504E498A8DB9C0687E8CAF08449855@EXCHANGE0-0.na.procket.com>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)

Tony;

Even more importantly, we shouldn't create new ones.

What do you mean "ones"?

It is not a problem to create new form of DoS in an existing
situation such as that there is temporal MITM.

Otherwise, we can't develop new protocols.

For example, with MITM assumed, cryptographic security, which is
computationaly expensive, protection agaist which was cookie, which
is ineffective against MITM, amplifies DoS effect, especially with
public key one.

However, we should be careful if we are creating a new situation
to enable DoS, we should be careful.

But, it does not mean that we can't use cryptographic security.

This is an operations group:

That is, we are talking about situations.

An advanced fact on security is that DoS by MITM can not be prevented.

Masataka Ohta

References:
- RE: security requirement for multi6
  - From: "Tony Li" <Tony.Li@procket.com>

Prev by Date: Re: security requirement for multi6
Next by Date: RE: Summary of work areas
Previous by thread: RE: security requirement for multi6
Next by thread: Some Comments on ID/Loc Separation Proposals
Index(es):
- Date
- Thread