Brian E Carpenter wrote: > This I still don't understand. A header option can assert "weak" > or "strong" (or better, "algorithm ID") just as well as magic > bits in an address, without overloading the address and stealing > bits already allocated in EUI-64. A header option can also be > cryptographically authenticated. > > I fully understand why we need bidding-down protection and the > newly suggested step down procedure. I just can't see a case > for putting the required semantics in the address.
The difference is that when we speak about routing-related attacks, a modification of a header can be done by MitMs, but if the MitMs change the addresses, the whole attack is changed. For instance, if the intent of the attack was to install a BCE at www.cnn.com for my laptop's traffic to be directed somewhere else, changing the address results in the BCE entry being installed for someone else. I.e., an attacker can't redirect my traffic anywhere. Similarly, if stationary nodes have the 'don't accept RR' bit on then they will not be vulnerable to any MIPv6 based attacks. Jari -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
