Re: New multi6 draft: WIMP

[Jukka Ylitalo <jukka.ylitalo@nomadiclab.com>]

Iljitsch van Beijnum wrote:

> Ok. This is basically a secure negotiation mechanism. All other 
> aspects of multihoming are only addressed fleetingly, if at all.

Hi Iljitsch,

The same phrase applies to several multi-homing I-Ds conversely. "Ok. 
This is a
multi-homing mechanism. All aspects of security are only addresses 
fleetingly,
if at all" :-)

The main purpose of the WIMP is to present a way to protect hosts from 
re-direction
attacks. I don't believe that using IKE nor IPSec are the best ways to 
solve the
re-direction problem. WIMP offers a weak, but sufficient security model 
for multi-homing.

We are willing to combine the presented WIMP exchange with other multi6
ideas. Multi-homing architecture is a puzzle. Our purpose is to bring a 
couple
of new pieces to the puzzle that might complete the final solution. I 
believe
that the final solution contains features of several proposals.    

> When a host wants to negotiate new addresses, some info is split into 
> n pieces and sent to n addresses. What happens if less than the full 
> set of n addresses is reachable?
WIMP works fine also in that case.

Let's say that the responder receives a set of new IP addresses, IP1, 
IP2, and IP3.
It sends a challenge to each of them. However, IP2 is not reachable. The 
initiator
reveices only messages with IP1 and IP3. It constructs a combined key 
using the
received key pieces in the challenge messages and sends a response to 
the responder.
The responder finds out which of the challenge messages the initiator 
received,
using the key mask. The responder is able to verify the answer to the 
challenge
using the combined key.

That part of the draft requires clarification. Thanks!

-- Jukka