On Thu, 21 Mar 2002, Dave Thaler wrote: > For transition (and maybe other reasons), the receiving node wants to > also be able to communicate with nodes which do not do the above, and > hence needs to distinguish upon receipt of the packet in question > whether it should drop the packet because the "owner" of the source > address (which may or may not be reachable at that instant) would have > always included the authentication data, or not. > > Since a spoofer can construct any packet they like, and NOT include any > authentication data, a bit in the source address seems to be the only > way for a receiver who cares, to know whether to drop it (because auth > data is missing) or accept it (because it's a legacy insecure address).
What about the receiver having two IP-addresses, one for legacy and one for "secure-only" source addresses? Then the receiver can at least be sure that the packets received at the "secure" IP address would not be spoofed as they will always be verified. -- Pekka Savola "Tell me of difficulties surmounted, Netcore Oy not those you stumble over and fall" Systems. Networks. Security. -- Robert Jordan: A Crown of Swords -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
