[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: I-D ACTION:draft-nordmark-multi6dt-shim-00.txt
marcelo bagnulo braun wrote:
Just one additional nit...
note that HBAs are particularly restrictive in this aspect, since all
locators need to be known a priori. However, even if you use alternative
schemes that don't impose such restriction, like CGAs, you still need to
add security information at least in the same packet that carries the
That requirement isn't obvious to me so I think it would warrant discussion.
The issue is whether it would be ok for the multi6 shim to pass a packet
to the ULP when the source locator has not been verified as belonging to
the peer. We all agree that we need to do such verification before
*sending* packets to a new locator, but what about just accepting the
Things to take into account:
In today's Internet, when there is no ingress filtering anybody can
spoof the source IP address and the packets will be passed by IP to the
ULP. However, in today's Internet when there is some ingress filtering
it is possible to restrict the nodes which can actually spoof the source
IP address to those that are close to the path between the real location
of the IP address and the receiving node.
If a host wants to prevent packet injection attacks today (such as
spoofed RCP RST packets, if it wants to prevent it from all nodes and
not depend on ingress filtering, wouldn't it use IPsec?