RE: Identifiers

["marcelo bagnulo" <mbagnulo@ing.uc3m.es>]

> My intent is to observe that for the problem this WG is supposed to
> solve, we don't care whether the claimed identifier at the beginning
> of a session is genuine. What we care about (rather like TLS) is whether
> the two communicating entities remain the same even if the session suffers
> a rehoming event. I don't think we are disagreeing.

I think that we may not care if the source address is genuine but we do care
that the destiantion address is genuine. I mean, if i know that the address
IPA belongs to www.foo.com (suppose that i have learned it through the DNS),
i want that when i send packets to IPA they get to www.foo.com. It would be
bad that becuase of multihoming mechanisms,when i start sending packets to
IPA, they end up in somewhere else.

The point is that if we care about destination addresses being genuine, we
may also need to care about source addresses being genuine, depending on the
sense of direction that the considered solution has. I mean, if the source
address of established communications will be used as destiantion address
for following communcations, if an attacker succeed in convincing a victim
that IPA is one of its source addresses, following communications
established by the victim to IPA will be routed to the attacker.



Regards, marcelo
>
>    Brian
>