[EMAIL PROTECTED] wrote: > 1. Addresses for which something stronger than Return Routability > is needed. > > 2. Addresses for which Return Routability is sufficient. > > I thought that further study on CGA was needed, in order to get consensus > on if the protection it provides is sufficient.
Well, in this discussion CGA was used as one example of an infrastructureless but strong method. I personally believe CGA is roughly as well studied as RR is. In any case, that doesn't matter as the argument is really about how to be able to upgrade RR into something else later, *if* that proves to be necessary. > One comment I would like to make about this topic, which I don't think > has been addressed (no pun intended), is that this 'bit method' for addresses > essentially can identify nodes which are 'potentially' mobile. I am not a > security expert, so this may not really be a threat, but my feeling is that > most mobile devices will probably be small devices, that are > battery/processor/l2 (i.e. wireless) limited devices. By identifying > nodes this way, do we open up the possibility for addition DoS attacks > (small device with limited processor, battery & bandwidth capacity) is > more susceptible to flooding attacks. Is this an issue? Perhaps, but I'm not sure about its practical consequences. A host which goes around and requests Route Optimization from servers, or declines pictures from web pages will be pretty obviously a mobile node regardless of what its address says. Sending a jumbogram to all IP addresses in DNS under <bigmobileoperator>.com might also cause some trouble in the manner you describe above. Also, in the current real-world situation a node that uses mobile IP is more likely to be a laptop on a WLAN rather than a constrained device on a cellular network that uses link-specific mobility mechanisms. Furthermore, there's always a trade-off. In your list above you discussed the situation only from the point of view of mobile nodes. If you look at it from the point of view of stationary nodes, they might think that a bombproof method against ever being involved in Route Optimization attacks is quite valuable. Jari -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
