D106 NAT-P

From: Jari Arkko
Subject: [Mobike] design draft issue: nat-p
Date: Wed, 21 Dec 2005 12:51:56 +0200

|   This gives extra
|    protection against 3rd party bombing attacks (the attacker cannot
|    divert the traffic to some 3rd party). 


This seems inaccurate, or at least too strong. We have
other mechanisms to prevent that, and the NAT-T based
attack only works for on-path attackers. Just say
"This avoids any possibility of on-path attackers modifying
addresses in headers" and refer to Francis's pseudonat
attack draft.

From: Tero Kivinen
Subject: [Mobike]  D106 design draft issue: nat-p
Date: Tue, 3 Jan 2006 18:38:02 +0200

Why do you think that NAT-preventation does not protect against 3rd
party bombing attacks?

If we do put all IP addresses used inside the packets, and
cryptographically integrity protect them, and we enable NAT
preventation, which means we do not allow NATs, how can attacker
divert the traffic to some 3rd party?

From: Jari Arkko
Subject: Re: [Mobike] D106 design draft issue: nat-p
Date: Thu, 26 Jan 2006 15:35:27 +0200

A man-in-the-middle can't, but one of the participants
still can. You could explain this, but the resulting
text would be longer than what I proposed.

From: Tero Kivinen
Subject: Re: [Mobike] D106 design draft issue: nat-p
Date: Fri, 27 Jan 2006 15:41:46 +0200

Ok, changed to your text (but left out the reference, as the pseudonat
draft is expired last summer).