mip6-3----Page:8
1 2 3 4 5 6 7 8 9 10 11
|
Security of Home Agent Address Host to server authorization can be done by using DNS TSIG RFC 2845 Upside Only authorized hosts can get the address Downside Requires MSP DNS server to perform auth on SRV Rqst in real time (i.e. no caching) Address is unencrypted in transit so it can be intercepted by MiTM Confidentiality protection can be provided by encrypting the address before inserting into DNS Anybody can get the record, only authorized users with keys can decrypt Draft in preparation for DNSEXT Assumption: These measures assume some utility to “hiding” the address in the first place, presumably to prevent DoS |