It seems to me that the important point is that a host needs to assert something about the strength of security it requires. This is a property of a host, not a property of an address. I become more and more convinced that asserting this property via an address bit is both unnecessary (it can be done by a header field that is equally subject to authentication) and undesirable (overloading).
Brian "Hesham Soliman (ERA)" wrote: > > > The scenario Brian mentioned > > > will not be an issue for bidding down attacks > > > related to mobility. > > > > Can you explain? I don't see why you can't have an evil MitM > > intercepting binding updates and bidding them down. > > > > => In the case where the iids are somehow cryptographigally > generated, if you change one bit in the address, the result > is that the 2 nodes will end up talking to 2 different > nodes. Or if the attack is only done in one direction > then Bob will talk to Sam instead of Alice. This is > because by changing the bit in the address, you have > changed the identity of the device that is establishing > the SA. > This is the advantage of having the bit inside the > address. For the mobility cases, the identity is > the address, so changing the address == changing > the identity => A talks to C instead of talking > to B. > > Establishing the SA takes more than one RT, so > changing it in only one of the messages will > cause the whole process to fail. > > Hesham -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------