[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: additional attack for multi6 threat draft?



> > Why?
>
> Why?
>
> Can you name some protocol that does not do this?

Take mip and remove the rr check.
You are supposedly talking to the HoA but you are sending packets to the
CoA, so you don't have a RR check of the address that you are supposed to be
talking to i.e. the HoA

Again, RR is fine to verify locators but it is not so great to verify
identifiers.

In multi6 where we may need redirection, you cannot assume that RR will be
available to verify identities

Regards, marcelo

>
> If you can't, guess "why?".
>
> 						Masataka Ohta
>
>