On Tue, 2006-05-09 at 17:12 -0700, Erik Nordmark wrote:
That type of leap-of-faith has a problem with address ownership (and
isn't very secure as you state). The ownership problem is as follows:
- Alice arrives on the IETF terminal room. Is assigned IPv6 address
IP1. Alice communicates with www.example.com and conveys her secret.
www.example.com binds that secret to her current IP address. This means
that Alice can move and signal www.example.com her new IP address using
this secret.
- Alice leaves the IETF terminal room, her DHCP lease expires, but she
continues to communicate with www.example.com (which maintains the
secret they setup)
- Bob arrives in the IETF termincal room. The DHCP server gives him
the IP address IP1. Bob tries to communicate with www.example.com. One
With 62 bits of usable IID, this is a problem that is trivially easy to
avoid.