[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: identifiers and security

To: Iljitsch van Beijnum <iljitsch@muada.com>
Subject: Re: identifiers and security
From: marcelo bagnulo braun <marcelo@it.uc3m.es>
Date: Mon, 28 Jun 2004 17:46:51 +0200
Cc: Multi6 <multi6@ops.ietf.org>, Erik Nordmark <Erik.Nordmark@sun.com>
In-reply-to: <1599E638-C917-11D8-B450-000A95CD987A@muada.com>
References: <Roam.SIMC.2.0.6.1088423539.21284.nordmark@bebop.france> <1599E638-C917-11D8-B450-000A95CD987A@muada.com>

I've certainly entertained ideas that are a lot weaker than NOID,
for instance just have the peers exchange their sets of locators
plus a cleartext cookie/context tag when the setup the state,
and then do a RR check before sending packets to a new locator,
but I've received pushback from folks that I wouldn't characterize as
security geeks, that this would be too weak.
I don't think this is universally true. Certainly, this is too weak for TLS or IPsec sessions that can now be broken by an attacker, unlike before. But why would this be too weak for talking to Google over unprotected TCP/IP?
But perhaps it is time to writeup something like that and subject it
to wider scruteny, combined with your suggestion below.

From a security POV, how different do you think that this solution would be from a solution based in mipv6 with infinite BCE lifetimes?

i mean, a RR solution would likely be very similar to the HoTI/HoT and CoTI/CoT exchange of mipv6, right?

regards, marcelo

References:
- Re: identifiers and security
  - From: Erik Nordmark <Erik.Nordmark@sun.com>
- Re: identifiers and security
  - From: Iljitsch van Beijnum <iljitsch@muada.com>

Prev by Date: Re: identifiers and security
Next by Date: Re: identity persistence and comparison issues
Previous by thread: Re: identifiers and security
Next by thread: Re: identifiers and security
Index(es):
- Date
- Thread