I am not sure how slightly this is...
suppose a host A with Locator LA
A server B with locator LB
and an attacker X with locator LX
A usually connects to B to get some information, for instance the
news.
Now, X manages to be on the path between A and B for a while.
Now, X starts a communication with A and pretends to be B, and X
creates a state in A mapping the identifier of A with locator LX.
Note that it can do that because the verification will be based on the
RR and X will succeed because he is on the path.
Then, X leaves the place and goes to somewhere more comfortable for
him
Now, in the future when A tries to reach B he will contacting X...
forever ;-)
I don't feel that this would be acceptable
I agree at some level, because this was the conservative approach that
was taken in the MIPv6 security design.
But one can argue against that by:
- if the attacker was on the path, why couldn't the attacker leave a
small
device (running on a battery for a month for instance) attached?