> The scenario Brian mentioned > > will not be an issue for bidding down attacks > > related to mobility. > > Can you explain? I don't see why you can't have an evil MitM > intercepting binding updates and bidding them down. > => In the case where the iids are somehow cryptographigally generated, if you change one bit in the address, the result is that the 2 nodes will end up talking to 2 different nodes. Or if the attack is only done in one direction then Bob will talk to Sam instead of Alice. This is because by changing the bit in the address, you have changed the identity of the device that is establishing the SA. This is the advantage of having the bit inside the address. For the mobility cases, the identity is the address, so changing the address == changing the identity => A talks to C instead of talking to B.
Establishing the SA takes more than one RT, so changing it in only one of the messages will cause the whole process to fail. Hesham -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
