[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [secdir]Comments on draft-ietf-shim6-hba-01



Steven Blake wrote:
On Tue, 2006-05-09 at 17:12 -0700, Erik Nordmark wrote:

That type of leap-of-faith has a problem with address ownership (and
isn't very secure as you state). The ownership problem is as follows:
  - Alice arrives on the IETF terminal room. Is assigned IPv6 address
IP1. Alice communicates with www.example.com and conveys her secret.
www.example.com binds that secret to her current IP address. This means that Alice can move and signal www.example.com her new IP address using this secret.

- Alice leaves the IETF terminal room, her DHCP lease expires, but she continues to communicate with www.example.com (which maintains the secret they setup)

- Bob arrives in the IETF termincal room. The DHCP server gives him the IP address IP1. Bob tries to communicate with www.example.com. One

With 62 bits of usable IID, this is a problem that is trivially easy to
avoid.

I agree that HBA and CGA avoids it.

My comment was in response to the comment to "just use IPsec and it solves all your problems" that ekr made.

We do need CGA/HBA to solve address ownership issues.

   Erik