> It seems that in mobileip wg, reflector attack scenarios were > identified for routing headers in Savola's draft. One solution, > which seems to me feasible to implement (no state needed), > was to mandate segments left to 1 and check that the address > in the routing header is owned by the receiving MN host. > Seems these scenarios are not necessarily mobileip-specific. > I am wondering, are routing headers in this wg considered > a special-purpose mechanism that cannot be used?
While such a check is reasonable for a host, a firewall can't actually check this since it doesn't know the relationship between Care of Addresses and Home Addresses. I don't know how significant this issue is but given the concerns expressed in Savola's draft about allowing general routing headers through firewalls it seems worth-while to think about this and not immediately dismiss it - having a separate packet format for routing headers (specifying addresses of one ore more hops) from the ability to specify an extra IP address for the destination *might* be the better thing to do. > For home address options there are sections in Arkko's second > draft in mobileip where it is recommended them always to be protected > and (indirectly) to support both weak and strong authentication. Yep. Erik -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
