Re: identifiers and security

[marcelo bagnulo braun <marcelo@it.uc3m.es>]

> > I think if the redirection problem by attackers that are on-path
> > temporarily is limited to individual unprotected sessions, we are not
> > materially worse off than today as the same attacker could break the
> > sessions today also, and redirecting an unprotected session presumably
> > isn't worse than breaking it as the contents aren't secret.
>
> I think there is a difference between
>  - someone breaking into to office looking at the pieces of paper on
>    my desk
>  - someone breaking into my office and installing a device which allows
>    them to look at all future pieces of paper I will place on my desk
>
> Thus there is a difference between looking at unprotected communication
> while being on the path, and looking at unprotected communication
> long after having left the path.
> But this might be a case where we can make things be slightly worse 
> than
> in today's Internet since this communication was unprotected in any 
> case.

I am not sure how slightly this is...

suppose a host A with Locator LA
A server B with locator LB
and an attacker X with locator LX

A usually connects to B to get some information, for instance the news.

Now, X manages to be on the path between A and B for a while.
Now, X starts a communication with A and pretends to be B, and X 
creates a state in A mapping the identifier of A with locator LX.
Note that it can do that because the verification will be based on the 
RR and X will succeed because he is on the path.
Then, X leaves the place and goes to somewhere more comfortable for him

Now, in the future when A tries to reach B he will contacting X... 
forever ;-)

I don't feel that this would be acceptable

Regards, marcelo


>   Erik