Tony Cheneau wrote: > [...] > This is the attack I described to the list in this mail: > http://www.ietf.org/mail-archive/web/cga-ext/current/msg00057.html > And then a thread (providing some other solutions): > http://www.ietf.org/mail-archive/web/cga-ext/current/msg00075.html > > > A simple solution would be for the possible victim to discard > > received DAD NSOLs for the same address that it has in tentative > > state that have equal <public key, nonce, timestamp> than the DAD > > NSOL that it had sent before. > > (The probability of a legitimate collision in which another host that > > generates a DAD NSOL with the same public address, nonce and > timestamp > > should be really low). > Just comparing the nonce value should suffice.
So I understand a node receiving a DAD NS after having sent out a DAD NS happens when two nodes are performing DAD simultaneously as per RFC 4862. If so, are you Tony suggesting that incoming DAD NS's with nonce similar to a nonce included in an outgoing DAD NS be discarded? The probability that two nodes ends up generating the same public-private key should be zero unless the public key scheme is broken, so I think when a node receives a SEND protected message where the public key is the same as its own, the node MUST assumes the message was sent by himself and MUST discard the message. --julien _______________________________________________ CGA-EXT mailing list [email protected] https://www.ietf.org/mailman/listinfo/cga-ext
