Re: draft-nordmark-multi6-threats-01.txt

[Erik Nordmark <Erik.Nordmark@sun.com>]

> that was not my intention. i am assuming that it is worse that an 
> attacker hijacks all the present and future communications than just 
> hijacking a single connection. So, a single communication requires less 
> security than all the present and future communications in one 
> direction which in turns requires less security that all present and 
> future communication communications in both directions.
> 
> I mean, if a single communication is at stake the solution needs less 
> security than when all the communications are at stake.

But that is a weak statement about uniformity.
If a host has 1 communication which is used to sound the fire alarm,
plus lots of communications which provide rather unimportant statistics,
I would argue that the single "fire alarm" communication is as important
as all the communication that host performs.

> I guess that different apps will have different security requirements. 
> However, i am considering the default scenario here. I mean the multi6 
> solution will provide some default level of security based on some 
> security tools used by the solution.
> If a particular communication requires additional security, it will 
> obtain it by special means (TLS for instance)

But TLS wouldn't by itself prevent a weakness in the multihoming layer
being used to redirect the packets to a black hole; neither would IPsec
when IPsec is layer above the multihoming layer.

  Erik