> Or am I missing something? Pekka,
Perhaps the question was about the whole address and not just the interface ID. You've described how the interface ID is crypgraphically tied to a public key. But this doesn't per-se prevent somebody fabricating a CGA address using an arbitrary prefix. The way to avoid this for MIPv6 is to do a return routability test when the CGA address is verified. The RR test would ensure that the peer is reachable at the prefix. (And the RR test would essentially be done as part of the challenge to have the peer sign the nonce using the private key.) Erik -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
