List Info

Thread: Default Router in NETLMM (was RE: New I-D: SecurityThreats to NETLMM)
Default Router in NETLMM (was RE: New I-D: SecurityThreats to NETLMM)
user name
 2006-03-17 16:58:54 
With SEND, the new AR would need to sign the RA with the old
AR's public 
key, or both routers would need to have the same public key.
Probably not a 
good idea from a security standpoint.

            jak

----- Original Message ----- 
From: "Christian Vogt" <chvogttm.uka.de>
To: "Templin, Fred L" <Fred.L.Templinboeing.com>
Cc: "Genadi Velev" <Genadi.Veleveu.panasonic.com>; <netlmmngnet.it>; 
"James Kempf" <kempfdocomolabs-usa.com>;
<Mohan.Parthasarathynokia.com>; 
<vidyanqualcomm.com>; <gerardo.giarettatelecomitalia.it>; "Julien 
Laganier" <julien.IETFlaposte.net>
Sent: Thursday, March 16, 2006 3:22 PM
Subject: Re: Default Router in NETLMM (was RE: [netlmm] New
I-D: 
SecurityThreats to NETLMM)


> Fred.
>
>> How are you thinking the ARs would configure the
same link-local
>> address - manual configuration?
>
> Yes, that's right.
>
>> How can the ARs know each others' MAC address -
manual config also?
>
> I see your point.  Yes, if the old AR sends the
Redirect message, you
> need manual configuration or, alternatively, snooping
as Genadi
> suggested.  (Sorry, Genadi, I missed that in my
previous email.)
>
> However, if the new AR sends the Redirect message, it
could send the
> message from its own MAC address and put its MAC
address into the
> TLLAO--- unless I'm missing something.  RFC2461bis
does not require MNs
> to verify the MAC address from the Redirect message's
link-layer frame...
>
> - Christian
>
> -- 
> Christian Vogt, Institute of Telematics, Universitaet
Karlsruhe (TH)
> www.tm.uka.de/~chvogt/pubkey/
>
>
> Templin, Fred L wrote:
>> Christian,
>>
>>> Yes, I'm assuming that all ARs use the same
link-local address (albeit
>>> they use different MAC addresses).
>>
>> How are you thinking the ARs would configure the
same link-local
>> address - manual configuration?
>>
>>> Still, even if the link-local address is the
same across ARs,
>>> the old AR
>>> would have to know the MAC address of the new
AR to which it wants to
>>> redirect the MN--- be it for the purpose of
load balancing or for
>>> something else.
>>
>> How can the ARs know each others' MAC address -
manual config also?
>>
>> Fred
>> fred.l.templinboeing.com
>
>
> 


_______________________________________________
netlmm mailing list
netlmmngnet.it
https://vesuvio.ipv6.cselt.it/mailman/listinfo/netlmm
[1]

about | contact  Other archives ( Real Estate discussion Medical topics )