Re: shim6 control packets coming from unkown locators

[marcelo bagnulo braun <marcelo@it.uc3m.es>]

El 19/10/2007, a las 0:02, Brian E Carpenter escribió:

> On 2007-10-19 06:38, Alvaro Vives Martinez wrote:
> ...
>
> > Yes, in fact, actual work seems to go in that direction but  
> > following this
> > path we reach an almost-MIPv6 solution. The SHIM6 only approach  
> > had some
> > advantages over MIPv6 if it does not use the rendez-vous point. A  
> > balance
> > among them seems to be the key.
>
> It seems to me that to accept control packets from unknown
> locators, we'd need a trust anchor of some kind - an entity
> that can provide a nonce to be included in such unexpected
> control packets, for example. That seems like a rendez-vous
> point, even if its only job is as a trust anchor.

i don't think that is strictly the only option

I mean you could send the UPDATE message from an unknown locator, but  
that the unknown locator is contained also in the locator list  
contained in the LOCATOR message (as well as the CGA signature for  
this new previously unknonw locator)

So, the receiving node would need to first verify the locator list  
signature and if it is successfull, then accept the message, and if  
not discard it.


regards, marcelo


>    Brian