Issue # 15 -- What kind of tests? A regular DPD-like exchange Legitimate, but compromised peer can predict request and respond even if not at that address DPD-like exchange + cookie Does not have the above problem Authentication of addresses Can detected an en-route modification of an address (= NAT or attacker) Already decided: Use cookies (and NAT-T payloads to detect NATs) |