> Mohan Parthasarathy wrote: > > > t very clear as to why you have to reserve a bit in the > > address to express different security mechanisms being > used. Why can't > > this be built into the protocol itself ? Is it because > that the future > > security mechanisms will not use the same set of message > exchanges as > > RR and hence you want a protocol independent way of > indicating the method ? > > I would assume that any mechanism to establish the > binding between home > > address and care of address would have a few message > exchanges. Can you
Jari wrote: > > Because the MitM attacker can change everything related to these > messages, it doesn't help to put anything to the messages for the > bidding down protection. > > Note that the MitM can also change the IP address, but if he does > so, he is *not* attacking the original host, as the address is > changed. > => For all those opposing the addition of the bit in the IID, I really hope you would carefully consider Jari's text above. For mechanisms designed to prove address ownership (relevant to securing ND, MIPv6 BUs and I can think of more), you MUST include the distinction in the _IP_address. The IP address _is_ the identifier relevant for this case, not the host name, URL or anything else. Hesham -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
