[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: New multi6 draft: WIMP



On 28-jan-04, at 16:57, Jukka Ylitalo wrote:

We have submitted a new multi6 draft to I-D directory. The draft defines a Weak Identifier Multihoming Protocol (WIMP), and we wrote it in order to see how opportunistic/weak authentication methods could be used to sove the multi6 problem.

Ok. This is basically a secure negotiation mechanism. All other aspects of multihoming are only addressed fleetingly, if at all.


When a host wants to negotiate new addresses, some info is split into n pieces and sent to n addresses. What happens if less than the full set of n addresses is reachable?

I believe there is a problem with the gradual release of secret information (such as hash chains) when a man in the middle can trick both sides to become desynchronized such that side A has two messages in transit, messages M+1 and M+2, with an ealier message being M. M, M+1 and M+2 are protected using hashes X, X+1 and X+2, respectively. Side B can check whether message M+1 is authentic by taking X+1, performing a function over it and determining whether the result is equal to X. However, a man in the middle that already has X+2 could create X+1 and then use this value to create an authentic-looking message M+1. Or am I missing something?