Francis: > => in fact the home address impersonation attack exists only in the mobile > node - home agent case, not in the mobile node - correspondent case. If a > node can use the address of another node to communicate with the > correspondent, establish some security association, etc, this is an IPsec > issue if the address gives some specific authorizations.
I do agree with you that the issue is with IPsec IF THE IP ADDRESS IS USED FOR AUTHORIZATION. Therefore, in the non-mobile case, IP address ownership may or may not be important. However, the specialty of the mobility case is that the IP (home) address is ALWAYS used for authorization. The whole purpose of using IPsec is IP (home) address ownership verification. This is what is important and should be more carefully attended to in your draft. Best regards, - Christian _______________________________________________ Gen-art mailing list [email protected] https://www1.ietf.org/mailman/listinfo/gen-art
