RE: Time shifitng/future redirection attacks

["Kanchei Loa" <loa@ieee.org>]

Brian,

Brian E Carpenter wrote:

> > My point is that the final decision of some security threats 
> > belongs to the
> > application. As the multi6 solution is at network/transport 
> > layer, we should
> > strive to be flexible in negotiating security mechanisms or 
> > lack of it. We
> > should learn the lesson from the deployment and operation of IPsec.
> 
> I agree for attacks (even MitM attacks) against the application 
> layer. But there
> may be MitM attacks that are directed at lower layers. It would 
> be hard to explain
> to the IESG that we chose to ignore those.
> 

Security is always a double edges sword.

I agree with you 100% on the "right way" to do networking and multi6
should be compatible with architectural approaches to these
problems, which is going to be part of future Internet. I also 
understand the sensitivity with IESG if we are perceived to be 
ignoring some attacks in our proposals.

I am not suggesting to ignore those attacks. But considering that 
we have been deploying equipments to do IP networking the 
"wrong" way" for last 15 years, the architecture documents 
should provide a balance view on those problems, such that the 
protocol designer would put knobs in their mechanisms to allow 
some security features being turn on/off by applications or 
operators, which would facilitate incremental deployment.

If we don't consider these knobs in the architecture, we might come 
out a super-secure multi6 solution then wondering why there 
is deployment and operation difficulty.

------------
Kanchei Loa
loa@ieee.org