[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Peer address update and DPD

To: Ravi <ravivsn@roc.co.in>
Subject: Re: Peer address update and DPD
From: Francis Dupont <Francis.Dupont@enst-bretagne.fr>
Date: Mon, 14 Apr 2003 18:57:17 +0200
cc: ipsec@lists.tislabs.com
In-reply-to: Your message of Mon, 14 Apr 2003 10:08:00 +0530. <3E9A3B28.2040805@roc.co.in>
Sender: owner-ipsec@lists.tislabs.com

 In your previous mail you wrote:

           I saw in one of the recent emails that, DPD is should be
  used to check the existence of new updated address by the receiver,
  before start using this. May somebody give the reasoning for checking
  the liveness of the address.

=> easy: this is a return routability check: a request is sent to
the peer at its new address and when the response comes back one knows
the peer is able to receive messages sent to this address. This is not
high security but you catch attackers using random fake addresses (note:
attackers knowing the keys negociated in phase one, i.e., this is more
an issue about the trust one puts on its peer than other thing.

Regards

Francis.Dupont@enst-bretagne.fr

References:
- Peer address update and DPD
  - From: Ravi <ravivsn@roc.co.in>

Prev by Date: RE: CALL FOR DISCUSSION: DHCP over IKE vs Configuration Payload
Next by Date: Interoperability - Overlapping requests
Prev by thread: Peer address update and DPD
Next by thread: DPD and Clear notification message
Index(es):
- Date
- Thread