Hi Xiaohu,
>>>>> CONCERN #1: Host ID Theft Threat >> >> True, you can steal anyone's identifier, just like you can today. > However, > > This is true for ILNP, but not true for today's architecture. In today's > architecture with uRPF enabled, you can only steal the identifier of > somebody who is located in the same network as you are located in. In > addition, if uRPF is enabled on each subnet, ID (a.k.a. IP address) theft > becomes impossible due to DAD mechanism. And in an ILNP architecture with uRPF enabled, you cannot steal someone's address. If you use the same identifier as someone else, you cannot simply claim to be that host, as you cannot share their locators and cannot subvert their connections. Theft of a name when you cannot use it is wholly irrelevant. >> what can you do with it? Today, you can forge a source address and send a >> packet with that forgery. Unfortunately, the response will follow > routing, >> and unless routing has been compromised, the packet will not come back to >> you. >> >> This is still true under ILNP. > > Then where the response packets will be really forwarded to? Whether to the > malicious host or to the legitimate owner of that identifier? Since you forged the locator, the responses will go back to the legitimate owner. > Here I'm not talking about connection hijacking issue. Then what are we talking about? >>>>> CONCERN #2: Host ID Global Uniqueness Assurance >>> Again, absolutely nothing will happen. Identifiers are not global, they are >> only unique _within_ a locator. Thus, if your cache contains: >> >> (Locator A, Identifier I, Nonce N, Destination D) >> (Locator B, Identifier I, Nonce K, Destination D) >> >> And you now receive a packet with >> >> (Locator C, Identifier I, Nonce L, Destination D) >> >> Then the receiver drops it per the above rule. It's clearly a forgery. > > Why do you clearly believe the packet with (Locator C, Identifier I, Nonce > L, Destination D) is a forgery? ILNP doesn't require the identifier to be > globally unique. In other words, it is absolutely possible and legitimate > that two hosts having the same identifier communicate with a third party at > the same time. You're correct. I should have said that the packet does NOT match any current connection and thus appears to be an independent entity. > According to your above logic, if a malicious host impersonates the > legitimate identifier owner and establishes a session with a given server in > advance, does that mean the legitimate identifier owner will not be able to > access that server later? No, since a new connection was established. Regards, Xiaohu _______________________________________________ rrg mailing list [email protected] http://www.irtf.org/mailman/listinfo/rrg
