Mohan,
I think the problem is in using the bit to convey whether you want a secure exchange or not. And at the end of the exchange (which effectively created a binding in the mobility case), MN thinks it established securely with CN which it has not i.e I set the bit to indicate I want a secure exchange with some arbitrary node (CN), but this does not really gurantee anything. It does not matter whether you set the bit or not. It all depends on whether MiTM will occur or not. So, in the absence of MiTM attack, the bit reaches CN safely and hence tells CN whether MN needs a secure exchange or not. But in the absence of MiTM attack, RR seems sufficient and hence the bit is not needed. What am I missing ? => The bit was not suggested to remove MiTM attacks, it was suggested to disallow bidding down attacks by a MiTM. I.e. if the bit was replaced by some other piece of information in the packet, this can always be modified and both sides will simply revert to a weaker mechanism. But having it in the address will mean that, if modified, the SA can not be established, at least not with the intended identities. The identities being the owners of the IP addresses in question. Hesham -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
