[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: additional attack for multi6 threat draft?
Gentlemen, I think this thread has reached the end of its
useful life. When Erik updates the threats draft, I am sure he
will know whether to add this point to it.
Thanks
Brian
co-chair hat on
marcelo bagnulo wrote:
>
> > > Why?
> >
> > Why?
> >
> > Can you name some protocol that does not do this?
>
> Take mip and remove the rr check.
> You are supposedly talking to the HoA but you are sending packets to the
> CoA, so you don't have a RR check of the address that you are supposed to be
> talking to i.e. the HoA
>
> Again, RR is fine to verify locators but it is not so great to verify
> identifiers.
>
> In multi6 where we may need redirection, you cannot assume that RR will be
> available to verify identities
>
> Regards, marcelo
>
> >
> > If you can't, guess "why?".
> >
> > Masataka Ohta
> >
> >
--
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Brian E Carpenter
Distinguished Engineer, Internet Standards & Technology, IBM
NEW ADDRESS <brc@zurich.ibm.com> PLEASE UPDATE ADDRESS BOOK