Re: shim6 and bit errors in data packet headers

[Erik Nordmark <erik.nordmark@sun.com>]

marcelo bagnulo braun wrote:

> > This implies that in the bit error case above, since B can't tell the
> > difference between a bit error and the case when it has lost/discarded
> > the state, B needs to at least send an error message to A saying "I have
> > no matching shim6 context".
>
>
> why?
> i would argue that silently discarding the packet would be enough. I 
> mean, i think that soft state approach is an interesting approach, but i 
> would like to explore the possibility of silently discarding packets 
> that don't match with any existent contexts.

I think if you want to discard packets for which you don't have a 
context, then I think you effectively end up assuming some hard(er) 
state management, where the two ends coordinate when they discard their 
state. But I can't see how this can work in a soft-state approach - soft 
state seems to imply that a node can rebuild the state when it receives 
packets.

FWIW I've suggested a way to handle a close handshake for hard state 
management in the past, which has made it into the HIP spec.

> I mean, i think that (as i 
> think you mentioned a while ago) defining a error message in order to 
> reply to those packets belonging to non existent contexts may introduce 
> some security issues. In particular, it may allow an attacker to force 
> to communicating end nodes to re-do the initial exchange, allowing the 
> attacker to become a MiTM.

Yes, but that isn't any worse than in today's Internet; an attacker can 
arrive on the path and use e.g. ARP spoofing in the local link (which 
might be the link between two routers in the path) to redirect the traffic.

   Erik