Right,
So do people understand why having it in the address provides more protection?
Now let's assume that we did not allow just RR, this would avoid the bidding down attack IFF there was only one strong method. But I suspect there may be more than one strong method and arguments as to which strong method is better will fourish and the bidding down attack may still be protrayed as being there between the strong mechanisms.
Again this putting the bit in the address for extra protection may be in question over and over, IMHO. I.e. if a field that indicates which strong method to use is in place above the address then it can be alterred as well using the same logic for the bit being in the address now.
> -----Original Message-----
> From: gabriel montenegro [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, March 21, 2002 9:23 PM
> To: Keith Moore
> Cc: Jari Arkko; Mohan Parthasarathy; Pekka Nikander; Pekka Savola;
> [EMAIL PROTECTED]; Erik Nordmark
> Subject: Re: Allocating a bit in the RFC2374 Interface Identifier
>
>
> Keith Moore wrote:
>
> > > Note that the MitM can also change the IP address, but if he does
> > > so, he is *not* attacking the original host, as the address is
> > > changed.
> >
> > unless of course the MitM can convince that host to take on
> that address
> > as an alias.
>
> So Mallory says that his address M is an alias for Alice's
> address A. Ok.
> What if Bob looking at A could know (yes, signalled by a bit) that A
> it is only aliasable by very secure mechanisms. That's the
> whole point.
> Mallory would then be forced to break any of several very strong
> (using crypto and explicit trust relationships) mechanisms:
>
> - AAA
> - PKI
> - CGA
> - etc
>
> RR would definitely not be included here.
>
> -gabriel
>
> --------------------------------------------------------------------
> IETF IPng Working Group Mailing List
> IPng Home Page: http://playground.sun.com/ipng
> FTP archive: ftp://playground.sun.com/pub/ipng
> Direct all administrative requests to [EMAIL PROTECTED]
> --------------------------------------------------------------------
>
