Re: Time shifitng/future redirection attacks (was RE: Identifiers

[Iljitsch van Beijnum <iljitsch@muada.com>]

On 29-mrt-04, at 15:32, marcelo bagnulo wrote:

> The protection for a connection can be done once in the connection 
> lifetime.
> The problem here, then is at which layer your solution is working.
> If you adopt a transport layer solution which the locator set 
> exchanged only
> applies to that particular connection, the security checks can be
> simplified, IMHO like one RR check.
> However, if you adopt a shim layer or IP layer solution, the solution 
> has no
> knowledge about
> connections, so the exchanged locator set will apply to all 
> connections,
> present and future, incoming and outgoing. That is why IMHO we have to 
> take
> care of time shifting attacks when considering shim/IP layer solutions 
> which
> may require additional mechanisms

Ok, this is a useful constraint: either our mechanisms must work 
per-session (or group of sessions created within a short timeframe) or 
we need strong(er) authentication than just return routability.

> as i said in previous mails, i think CBID add value and are a good 
> option
> and of course the provide protection from this attacks.

Yes. The nice thing about 64 bit CBIDs is that you can just put them in 
the bottom 64 bits and they're not in the way. This allows being 
backward compatible as long as there are no outages. It's not even 
necessary to negotiate additional addresses at this point if good hints 
towards available addresses for the correspondent are available at at 
least one end.

However, in this case the upper layers must still be aware of the 
locator bits. Having ULPs work with identifiers exclusively would be 
cooler but more complex.