Re: using the received source address as destiantion locator (was RE: architecture draft)

[Iljitsch van Beijnum <iljitsch@muada.com>]

On 4-mei-04, at 19:42, marcelo bagnulo wrote:

> > > While I agree that doing this sounds reasonable, there is no
> > > requirement that this should be the case.

> > I can't think of a scenario where the same would not be true, even if
> > this was not a requirement. You need the src address to map to the
> > communication stream in one way or the other. Unless I am to tried.

> I guess that there could be security issues with this. I mean, if the 
> source
> address used will be used as destiantion address, then the sending 
> host has
> a simple way to redirect the reply packets to another host and produce 
> for
> instance a flooding attack.

Right. This is one of the points I've been hammering on extensively a 
while back: you can't trust that the source address belongs to the 
actual correspondent, and you also can't trust that it's reachable. So 
both for security and robustness, a host has to determine which 
destination address it's going to use to reach a correspondent 
regardless of the original source address.