Keith Moore wrote:
> in that case, I think the solution is the null set. because none of: > > - the fact that traffic from a client appears to come from an address > - the fact that the client appears to respond to traffic sent to > an address > - the fact that a client claims to be authorized to make assertions > about an address > > are suitable as verification that a client is authorized to make > assertions about that address. such authorizations are *inherently* > made by third parties - i.e. network administrators who are responsible > for assigning addresses for use by clients. the *only* way to verify > client assertions about address bindings is to verify that the client > has been given the authority I think I disagree about the third party part. First, it turns out that return routability _is_ strong enough to correspond roughly to the (current) security of the IPv6 Internet. This would imply that that traffic coming from an address and apparently responding to an address _can_ be used to make decisions about whether a binding can be accepted or not. Similarly, CGA is somewhat stronger than this and interestingly the nodes give an authority to themselves, in a manner that others can verify this. (Subject to bidding down attacks of course if we don't know what scheme to follow.) Read more from http://www.piuha.net/~jarkko/publications/mipv6/Residual_Threats.txt Jari -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
