> I am sorry, but this is misguided. Current nodes will never care about > CGA, so they won't try to verify them. New nodes can verify the > addresses, so they know the originator either cared because the CGA > matched, or didn't care or was incapable of generating a CGA. In either > case it has the appropriate info to decide to accept or reject.
Tony, I wonder if this use of words like "misguided" is a case of strong words covering up a weak argument. Can we have a technical discussing without such adjectives please. One of the issues here is that 5 years from now, if an MN cares about the security that the existing (old) MIPv6 correspondent nodes require for BUs for that MNs home address, how can the MN express it? If you leave this decision up to the CN things are quite different. Perhaps you don't think it is necessary for the MN to be able to express this. But it is the packets to that MN that are being "redirected" by an attacker. Erik -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
