[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: shim6 control packets coming from unkown locators



Hi Brian,

One of the requisites in the mobile context is that CGAs must be used
because HBA are based on the in-advance knowledge of all the address set of
the node. We have based our study on this.

IMHO the CGA stuff can then be used to verify a new locator. From Sec 7.2 of
the draft:

" There are two separate aspects of locator verification.  One is to
   verify that the locator is tied to the ULID, i.e., that the host
   which "owns" the ULID is also the one that is claiming the locator
   "ownership".  The Shim6 protocol uses the HBA or CGA techniques for
   doing this verification.  The other is to verify that the host is
   indeed reachable at the claimed locator...."

If the locator could be verified to be tied to an ULID, then this could be
matched against existing contexts ULIDs, with the help of a received context
tag.

The draft authors are for sure who can evaluate how the acceptance or not of
unknown locators could be done in a safe way.

Regards,
Alvaro Vives
Consulintel

> -----Mensaje original-----
> De: owner-shim6@psg.com [mailto:owner-shim6@psg.com] En nombre de Brian E
> Carpenter
> Enviado el: viernes, 19 de octubre de 2007 0:02
> Para: alvaro.vives@consulintel.es
> CC: 'Jari Arkko'; 'shim6'
> Asunto: Re: shim6 control packets coming from unkown locators
> 
> On 2007-10-19 06:38, Alvaro Vives Martinez wrote:
> ...
> 
> > Yes, in fact, actual work seems to go in that direction but following
> this
> > path we reach an almost-MIPv6 solution. The SHIM6 only approach had some
> > advantages over MIPv6 if it does not use the rendez-vous point. A
> balance
> > among them seems to be the key.
> 
> It seems to me that to accept control packets from unknown
> locators, we'd need a trust anchor of some kind - an entity
> that can provide a nonce to be included in such unexpected
> control packets, for example. That seems like a rendez-vous
> point, even if its only job is as a trust anchor.
> 
>     Brian




**********************************************
The IPv6 Portal: http://www.ipv6tf.org

Bye 6Bone. Hi, IPv6 !
http://www.ipv6day.org

This electronic message contains information which may be privileged or confidential. The information is intended to be for the use of the individual(s) named above. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, including attached files, is prohibited.