> Tony! > > If i understand well the description if your attack Mallory needs to be > present for every single packet that Bob is sending to Alice and not only > during the bidding down process. > > In the scenario that you describe Alice will receive traffic from Bob > without performing "strong" exchange and hence Alice will be aware of the > presence of Mallory. > > Alice requires a "strong exchange" that Mallory can not impersonate. > Mallory can fool Bob to use a weak method but can not fool Alice that is > expecting a strong one from Bob.
Sir, You are correct, and this in mentioned on the last paragraph of page 5: Of course, if Alice implements the "strong" exchange, a very valid policy would be for it not to engage any more in "weak" exchanges. This simplifies Alice's protocol processing and is more secure because Alice avoids any risk of falling victim to a bidding down attack. For a mobile node, this translates to requiring a "strong" mechanism for route optimization. The mobile node simply forgoes the benefits of route optimization and limits itself to bidirectional... However, I think a more important point is written in the last paragraph of page 3: For an unsuspecting stationary node that is not interested in redirecting its address, (3) may not be a viable tradeoff. It essentially means that the node only obtains the negative side of the tradeoff (it becomes a potential victim of the vulnerabilities in RR), as it is not at all interested in the benefit (route optimization of its addresses). Of course, I'm still in the process of reading the draft, so I may be wrong. Best Regards, -jj -- Users of C++ should consider hanging themselves rather than shooting their legs off--it's best not to use C++ simply as a better C. -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
