Re: Next steps on Reserving bits in RFC 2473 Interface IDs?

Tue, 12 Mar 2002 08:46:32 -0800 

Erik,

I might have missed this point, but let me ask the question just in case
it hasn't been asked.

One of the purposes of reserving this bit is to avoid "bidding down"
attacks in Mobile IPv6 binding update security, whereby an attacker
requests a less secure method so it can mount an attack. One issue that
comes to mind is that, by reducing the size of the address space, a
reserved bit essentially makes it easier for an attacker to randomly
seek through the address space for addresses that aren't protected by
the bit. I've not actually gone through an in-depth analysis of this, so
the statistics may still put such search in the category of a hard
problem, but nevertheless I think it needs some consideration (if it
hasn't already had some).

Has this been considered?

            jak

----- Original Message -----
From: "Erik Nordmark" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, March 12, 2002 12:55 AM
Subject: Next steps on Reserving bits in RFC 2473 Interface IDs?


>
> A while back I sent an email to the list talking about
> Reserving bits in RFC 2473 Interface IDs.
>
> Not much email has followed on this topic so it isn't clear whether
> people are having too much fun debating other topics, think it is
> a good/bad idea, or just don't care.
>
> I think our choices are:
> 1. Do nothing
> 2. Reserve a quarter of the IID space i.e. universal=1, group=1
becomes
>    explicitly reserved.
> 3. Reserve half of the IID space i.e. all addresses with group=1
become
>    explicitly reserved.
>
> It would be good to try to make progress on the mailing list on this
question
> otherwise it's likely to appear on the agenda in the meetings next
week :-)
>
>   Erik
>
>
> --------------------------------------------------------------------
> IETF IPng Working Group Mailing List
> IPng Home Page:                      http://playground.sun.com/ipng
> FTP archive:                      ftp://playground.sun.com/pub/ipng
> Direct all administrative requests to [EMAIL PROTECTED]
> --------------------------------------------------------------------
>

--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page:                      http://playground.sun.com/ipng
FTP archive:                      ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------

Reply via email to