Francis, the purpose of Mobile IPv6 is to redirect packets for a home address to a care-of address. To authorize such redirection, one needs to ensure that the node requesting it is the home address owner. This is why it is necessary to have a strong binding between an IPsec SA and the home address.
> an attacker can not do significantly more damage with a fake home address > than with just a fake address. With IPsec alone, an attacker wouldn't be reachable if it used a fake IP address. This is different when you add Mobile IPv6 because the attacker may then be reachable at the care-of address even if the home address is fake. - Christian _______________________________________________ Gen-art mailing list [email protected] https://www1.ietf.org/mailman/listinfo/gen-art
