[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: shim6 control packets coming from unkown locators
Hi Marcelo,
Within the ENABLE project (www.ist-enable.org) SHIM6 has been evaluated as a
possible mobility solution. The fact that UPDATE REQUEST message that comes
from an unknown locator is not accepted was a problem in this context.
So, if this possibility is still open I would like to push for it, at least
for the UPDATE REQUEST message and if no security risks are introduced, of
course.
This would open the field for SHIM6 as a mobility solution, there are other
missing pieces being evaluated as well, because of its LOC/ID split nature.
This would be in addition to the multihoming support.
We will follow with attention whatever is said about this issue.
Regards,
Alvaro Vives
Consulintel
> -----Mensaje original-----
> De: owner-shim6@psg.com [mailto:owner-shim6@psg.com] En nombre de marcelo
> bagnulo braun
> Enviado el: viernes, 28 de septiembre de 2007 8:48
> Para: Brian E Carpenter
> CC: Jari Arkko; shim6
> Asunto: Re: shim6 control packets coming from unkown locators
>
> Hi Brian,
>
>
> El 27/09/2007, a las 21:51, Brian E Carpenter escribió:
>
> > Marcelo,
> >
> > On 2007-09-28 02:45, marcelo bagnulo braun wrote:
> >
> > <big snip>
> > ...
> >> For the R1bis message, it would result in a reduction of security,
> >> since anyone knowing the context tag value could tear down a
> >> context even if he is not located along the path. this could be
> >> enough, though
> >> So, the question is general for all the spec, should we support
> >> control messages from unknown locators?
> >
> > This makes me very nervous that we'd be opening a fairly big security
> > hole that would be quite painful to close.
> >
>
> agree that security issues should be addressed carefully, but i think
> this is possible, at least for UPDATE packets. Probe packets may
> require a bit more thought, and will require an UPDATE before
> actually sending packets to the locators, but i think it should work.
>
> Regards, marcelo
>
>
> > Brian
>
**********************************************
The IPv6 Portal: http://www.ipv6tf.org
Bye 6Bone. Hi, IPv6 !
http://www.ipv6day.org
This electronic message contains information which may be privileged or confidential. The information is intended to be for the use of the individual(s) named above. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, including attached files, is prohibited.