[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: I-D ACTION:draft-nordmark-multi6dt-shim-00.txt

To: marcelo bagnulo braun <marcelo@it.uc3m.es>
Subject: Re: I-D ACTION:draft-nordmark-multi6dt-shim-00.txt
From: Erik Nordmark <erik.nordmark@sun.com>
Date: Wed, 03 Nov 2004 11:27:52 -0800
Cc: Multi6 <multi6@ops.ietf.org>, Brian E Carpenter <brc@zurich.ibm.com>
In-reply-to: <058D9A20-2D8D-11D9-8458-000D93ACD0FE@it.uc3m.es>
References: <200410191148.HAA14355@ietf.org> <4180E82C.302@zurich.ibm.com> <4182B26D.2050306@sun.com> <496A5E72-2AA5-11D9-AB06-000D93ACD0FE@it> <4185F340.2080701@zurich.ibm.com> <3AB79A56-2CE5-11D9-8458-000D93ACD0FE@it.uc3m.es> <4188263E.7060009@sun.com> <058D9A20-2D8D-11D9-8458-000D93ACD0FE@it.uc3m.es>
User-agent: Mozilla Thunderbird 0.8 (X11/20040916)

marcelo bagnulo braun wrote:

Well, if we allow hosts to accept packets coming from unverified locators and present them as belonging to a different ULP identifier, then not even ingress filtering would prevent such attacks. I mean, today, if ingress filtering is deployed, then the problem of spoofed addresses is reduced. If we allow the reception from unverified locators, ingress filtering won't help any more in this problem.


Agreed.

OTOH, i understand that there is a long way between the level of security provided by a semi deployed ingress filtering and the level of security resulting from requiring the usage of cga or hbas to verify any incoming locator. Perhaps a cookie would be enough to validate incoming packets (it is clearly not enough to send packet to that locator though)

A hard-to-guess cookie would probably make things stronger than today in the absense of ingress filtering. Today's ULP have varying verification from SCTPs use of a 32-bit verification tag, TCP's reliance on the sequence number being in the window, and UDP with nothing (but applications using UDP might have something).

Another point related to this is whether we consider this new incoming locator as a hint to rehome the communication to that new locator. In this case, we need additional certainty i guess.

If it is merely a hint, and there is a cookie to prevent the off-path attackers from triggering the hint, that might be sufficient.

   Erik

References:
- Re: I-D ACTION:draft-nordmark-multi6dt-shim-00.txt
  - From: Brian E Carpenter <brc@zurich.ibm.com>
- Re: I-D ACTION:draft-nordmark-multi6dt-shim-00.txt
  - From: Erik Nordmark <erik.nordmark@sun.com>
- Re: I-D ACTION:draft-nordmark-multi6dt-shim-00.txt
  - From: marcelo bagnulo braun <marcelo@it.uc3m.es>
- Re: I-D ACTION:draft-nordmark-multi6dt-shim-00.txt
  - From: Brian E Carpenter <brc@zurich.ibm.com>
- Re: I-D ACTION:draft-nordmark-multi6dt-shim-00.txt
  - From: marcelo bagnulo braun <marcelo@it.uc3m.es>
- Re: I-D ACTION:draft-nordmark-multi6dt-shim-00.txt
  - From: Erik Nordmark <erik.nordmark@sun.com>
- Re: I-D ACTION:draft-nordmark-multi6dt-shim-00.txt
  - From: marcelo bagnulo braun <marcelo@it.uc3m.es>

Prev by Date: Re: I-D ACTION:draft-huitema-multi6-addr-selection-00.txt
Next by Date: Re: Multi6 WG Last Call (3 of 3) draft-ietf-multi6-v4-multihoming-02.txt
Previous by thread: Re: I-D ACTION:draft-nordmark-multi6dt-shim-00.txt
Next by thread: about draft-arkko-multi6dt-failure-detection-00.txt
Index(es):
- Date
- Thread