[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[RRG] Re: Six/One question
> The first packet contains the new Destination option, Context setup, to
> establish the context, ie the address bunch. This enables the
> correspondent to re-write the 'active' address in received packets into
> the stable primary address as seen by applications etc. However, what
> happens if a new active address is subsequently used that wasn't in the
> Context setup option? ie does the initial Context setup option have to
> contain all the potential addresses (routing prefixes)?
Philip,
you are right, the Context Setup option contains all subnet prefixes of the
initiating host. This is a security measure that prevents an attacker from
injecting bogus subnet prefixes and thereby redirect packet illegitimately.
Based on the subnet prefixes in the Context Setup option and the
cryptographically generated interface identifier of the initiating host, a
correspondent host can verify which subnet prefixes are legitimate.
Take care,
- Christian
--
to unsubscribe send a message to rrg-request@psg.com with the
word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/rrg/> & ftp://psg.com/pub/lists/rrg