additional attack for multi6 threat draft?

["marcelo bagnulo" <mbagnulo@ing.uc3m.es>]

Hi,

Perhaps there is an additional attack that should be included in the threat
draft

The attack would be something like this

an attacker X wants to impersonate another host B in future communications
initiated by A to B

(i will use mip notation to simplify)

X sends to A a sort of BU binding X as the CoA and B as the HoA (in order to
do this X may need to be on the path between A and B, but if this is only
for a short period of time that attack can be successful)
If the attacker has a mean to maintain the binding in host A (for instance
sending periodic pings to it or other packets that will end up being
discarded by the ULP), then when eventually A wants to communicate with B, A
will send packets to X

Do you think this is a real threat?
IMHO, this is the real attack that can be prevented by limiting BCE in mip6.

I think this threat is not considered in the threat draft...
IMHO this is related to the attacks included in the 4.1.2 section about
premeditated redirection but i don't think that it is inlcuded there.

the example considered in the threat draft is that  A and B will comunicate,
so X sends a BU to B containing A as a HoA and X as a CoA
then the described attack continues considering that A tries to communicate
with B and the problems that arise

The attack described above is about the case when B initiates the
communication. IMHO this is potentially more dangerous, because probably X
will be able to impersonate A, and B will actually believe that it is
communicating with A when he is actually communicating with X

So if you think this is important enough to be included, i can try to write
a paragraph about it if you want.

Regards, marcelo