Hosting Provided By

[Hipsec-rg] New I-D: draft-vogt-hip-credit-based-authorization-00.txt

From: Christian Vogt <chvogt(at)tm.uka.de>
Date: Tue Feb 15 2005 - 06:10:02 EST

Hi HIP folks.

End-Host Mobility with HIP as well as Mobile IPv6 require a reachability test of a mobile node's new IP address. This test must be performed before packets are sent to this new IP address to prevent malicious redirection attacks and third-party flooding.

In the MIP6 and Mobopts groups, we have thought about a secure way to check a mobile node's reachability at a new IP address, subsequent to handover, *in parallel* with already having communications go through this new IP address. We particularly discussed a credit-based solution, Credit-Based Authorization (CBA).

It turns out that CBA can be applied to End-Host Mobility with HIP as well. Pekka and I talked about this at the IETF 61 meeting in Washington D.C.

The draft cited below gives an overview on CBA and explains its integration with HIP mobility. Your folks' opinions on this topic are greatly appreciated.

Best regards,

Christian

PS: I posted this email on the HIP WG's mailing list as well.

Title...: Credit-Based Authorization for HIP Mobility with

Do you need help?
In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related honor.trusecure.com Links hipsec-rg Request more information about Pantek

Concurrent IP-Address Tests
Author..: Christian Vogt
http://www.tm.uka.de/~chvogt/ro2/pub/2005/draft-vogt-hip-credit-based-authorization-00.txt

Abstract

End-host mobility with the Host Identity Protocol uses IP-address tests to protect against malicious packet redirection and third-party flooding. The tests cause handover signaling delays to increase by one round-trip time. This document proposes a credit-based strategy that allows peers to securely resume active communications after handover as soon as possible, and to pursue a concurrent IP-address test subsequently. The optimization thus eliminates the additional handover delay that IP-address tests entail.

-- 
Christian Vogt, Institute of Telematics, University of Karlsruhe
www.tm.uka.de/~chvogt/pubkey/

   "No great genius has ever existed without some touch of
    madness." (Aristotle)


_______________________________________________
Hipsec-rg mailing list
Hipsec-rg@honor.trusecure.com
http://honor.trusecure.com/mailman/listinfo/hipsec-rg

Received on Tue Feb 15 06:11:15 2005

This message: [ Message body ]
Next message: Teemu Koponen: "[Hipsec-rg] Re: [Hipsec] FW: I-D ACTION:draft-henderson-hip-generalize-00.txt"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 12:42:50 EDT