Thomas Narten wrote:
For those MNs, we do not yet have a mechanisms
to allow for RFC3041 type home addresses. So there would be
no point in having them for the CoA since the HoA is always
visible for traffic analysis.
Specifically, I assume you mean that there is no way for an MN to use
temporary addresses because there is no way for the MN to tell the HA
what other addresses it is using?
The problem is figuring out if MN A has a right to register
a binding at the home agent for address X. This is pretty easy
if the credentials <-> home address relationship is specified statically.
If you relax this requirement the matter is not so clear. Is anyone
you authenticate allowed to register any binding? What if one of the
MNs served by a home agent (say at an ISP) wants to take over someone
else's address? Or should the home agent allow this only if there is
no existing registration? But what if the attacker is the first
to register all bindings after the home agent boots up? Or is
it enough for the home agent to perform DAD?
> Also, how much of a problem is this perceived to be?
Someone could also ask what the point is in being simultaneously
reachable at a known address and trying to hide one's address.
There is no point, but you could still benefit from keeping your
sessions alive while moving, even if your address is dynamic.
Naturally you could use RFC 3041 for your communications that use the
care-of address as a source address.
In conclusion: its not a big problem at the moment, in my opinion.
Worth solving at some point though. Its on my todo-list of future
extensions for mobility...
Jari
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
