[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: delayed multihoming/mobility set-up



Iljitsch;

1) Start a communication using one of the available pairs of src/dest
addresses.
2) If the communication is determined to be worth it (i.e. last long
enough), engage in "multi-homing signaling" to obtain a "set of
equivalent addresses"


Hm, this is problematic. Simply exchanging addresses isn't good enough, as this allows for redirection attacks. So the addresses must be validated by using them in a way that can't be spoofed by a third party. I.e., one side must contact the other using a new address and include authentication information that tells the correspondent it's still talking to the same party. If we're doing this anyway there is little need to exchange the addresses beforehand.

Redirection is inherent to the Internet and is no issue.


The approach is simply wrong, because it is connection oriented.

Depending on the type of rehoming authentication used it may be necessary to set up authentication state before rehoming happens.

Rehoming has nothing to do with multihoming.


A singly homed host can rehome. A dual homed host may keep using
the homes forever without rehoming.

Masataka Ohta