Francis,
unless you bind the IPsec security association to the home address, an
attacker could send a Binding Update message with a spoofed home address
using its own IPsec SA. The correspondent node's IPsec instance would
accept that message and hand it on to the Mobile IPv6 instance. The
Mobile IPv6 instance would rely on the message being authenticated and
update the binding cache entry for the spoofed home address.
You can eliminate this issue with one or two additional, clarifying
sentences in your draft.
- Christian
Francis Dupont wrote:
In your previous mail you wrote:
> an attacker can not do significantly more damage with a fake home address
> than with just a fake address.
With IPsec alone, an attacker wouldn't be reachable if it used a fake IP
address. This is different when you add Mobile IPv6 because the attacker
may then be reachable at the care-of address even if the home address is
fake.
=> as this is the point we disagree about, just explain how this can happen!
Regards
[EMAIL PROTECTED]
_______________________________________________
Gen-art mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/gen-art
