> But frankly - as someone who wants to deploy zillions of these > devices soon - we are somewhat unsure how to proceed regarding > this issue. Since I know you Pekka were involved in the Home Address > Option discussion, perhaps you could comment on where do you think > the WG goes? Will it disallow the option unless accompanied by a > Binding Cache Entry established securely earlier? Will it throw away > the option and start to use tunneling? Or decide that there is no > security issue? Or perhaps we can't yet say for sure?
I'm very concerned that the current assumptions around security for the Home Address Option is based on a poorer understanding of security, DDoS, reflectors, etc that we (including myself as co-chair of Mobile-IP) had a few years back. Thus I, including with an IESG member hat on, currently think that allowing Home Address Options to be processed as currently described is asking for problems and that we need better security in this area. One *possible* solution to this is to only accept packets with a HAOpt when there is a matching binding cache entry for the sender, but there might be other solutions as well. But I'd sure like to see closure around the requirements document in the Mobile IP WG on this point. Note that this issue is independent of how to information contained in the HAOpt is carried - whether as a HAOpt in the Destination Options header or as a tunneling header. But thinking of it as a form of (restricted) tunneling has helped me understand the security implications of it. Erik -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------