[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 6to4 security questions



 In your previous mail you wrote:

   > => this is the solution for the home address option similar issue
   > (the option is checked against the binding cache, i.e., is validated
   > only when two-way communication is used).
   
   The amount of harm one can do is similar, but the model seems otherwise a
   bit different.
   
   Mobile nodes _were able to_ (speaking about the old spec where unverified
   HAO was still ok) communicate without HAO's.  Your regular honest 6to4
   node can't as it's its only address; they have no care-of addresses for
   bootstrapping, regular/no-frills operation, etc.
   
=> I don't buy this argument: 6to4 is not the only transition technology.

Francis.Dupont@enst-bretagne.fr