On Sep 25, 2009, at 5:10 PM, Noel Chiappa wrote:
I think, for example, that we may return the answer to the source RLOCin the outer header, right?Err, what answer? Map-Registers are not acknowledged.
Oh, right. Sorry. Please ignore my other comment about where the reply will be sent, as well...
Why is this set to 0? ... Why include the field in the Map-Register message if it will always be 0?Ummm, I think I might be the cause of that - unless it's there becausethere's a desire to make all the control packets look similar (i.e. include anonce field).When the issue of replay protection was raised, since replay is generally an on-path attack, I was trying to add a 'hook' to the Map-Register packet that would allow us to add replay protection _later_, without changing the packet format. (I.e. defer adding the _mechanism_ to deal with that attack till later, since it's an unlikely attack; but at the same time, putting a field in now would avoid interoperability problems - or using another opcode for a new format Map-Register - later. I.e. a cheap thing to do now - since we're chaning the packet format _anyway_ - to avoid a painful change later.) I hadworked out a mechanism using a nonce, so perhaps that's what this is? But that's something of a guess!
I'm not sure that I agree with setting aside this big block in the message to add replay protection later, but that isn't a blocking issue for me. If we are setting aside this field for later use, though, it should be labeled "reserved for later use", not "nonce".
Margaret
Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.