[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: cb64
On 29-jun-04, at 10:43, Erik Nordmark wrote:
But the protocol can still defer the public key operations until the
first
locator change as far as I can tell.
But then this locator change wouldn't be protected by the key, so
what's the point of having it? To provide proof that the third locator
belongs to the same entity as the second locator?
I think it's essential to exchange _something_ that allows the other
side to recognize its correspondent after a rehoming event before such
a rehoming event happens (for the first time). Still, this doesn't have
to be a very heavy-weight thing: transmitting some kind of hash would
be enough, later this hash value can be used to authenticate a full key
or hash chain. A good way to do this is would probably be in an
extension header or end-to-end option in one of the early packets (not
in the first one because it will delay session establishment if a
firewall rejects the packet with the option, and we don't want to
create state before return routability is established to avoid being
too easily DoSable).
- Follow-Ups:
- Re: cb64
- From: Erik Nordmark <Erik.Nordmark@sun.com>
- Re: cb64
- From: marcelo bagnulo braun <marcelo@it.uc3m.es>
- References:
- Re: cb64
- From: Erik Nordmark <Erik.Nordmark@sun.com>