> >> I'm afraid that there's more to this than that. > >> One of the implications of Pekka's observation is > >> that the binding cache is no longer a cache. That > >> is, you cannot evict the cache entry and still > >> function properly. The reason is not the CoA and > >> RH which will clearly still work, but the HAO. If > >> you drop the cache entry, the CN will see a HAO > >> which it doesn't know whether to believe and thus > >> would have to drop (or send a binding solicit, > >> etc). This bothers me quite a bit as going from > >> soft state to hard state should never be taken > >> lightly. > > > > Hmm, if there is a way to set up weak authentication state > > in an initialization, it can also be done again, even after > > expiration. However, this concerns the properties of > > weak authentication where you may not have a proof > > of identity the way of strong authentication (e.g., > > you may need to "believe" the first HAO). > > I'm afraid Mike's right here. Of course the weak authentication > can be rerun, but before it is rerun, many packets have gone > to /dev/null because the MN kept sending route optimized stuff > with HAOs, and the CN through them away because of the security > issue.
Ah, let me clarify. Currently the way you describe of implementing MN is allowed because HAOs in the MIPv6 draft itself are not required to be protected. Here the question is what if we _did_ have the fix of always protecting the HAO, and with weak authentication. I was thinking the other way to implement MN, to send a CN BU in good time before lifetime expires (soft timeout before hard one), even without receiving a BR. Once actual lifetime of BU in BUL is expired (hard timeout), MN knows it needs to re-start. Hence it also can know not to send those HAOs. I am not sure how hard state this is, the credentials would expire by hard timeout after communication is terminated. For robustness, there is BR, losing a BU would not break it since CN would send BR before hard timeout in CN side. True, this would require using BU when using HAO (if a chosen weak authentication uses BU for its operation). But, having seen something like this (timeout behavior) in action, why not use it? > Jari BR, -Jari -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
