Re: peer address protection and NAT Traversal

[Francis Dupont <Francis.Dupont@xxxxxxxxxxxxxxxx>]

 In your previous mail you wrote:

   > => My purpose is not to drop the NAT traversal feature but to make it
   > optional. This should place the discussion on the default, IMHO we should
   > be default enable NAT traversal for IPv4 and disable it for IPv6.
   
   Well, if you don't have a NAT in an IPv6 (or whatever version of IP) case,
   no UDP encapsulation will be done. So a better solution is to deploy
   IPv6 and not deploy NATs.
   
=> I agree but NAT traversal is in the charter of the WG...

   > => this is my claim: there is no easy defense against the attack which
   > keeps the NAT traversal feature...
   
   This is not suprising. If there's somebody who can change traffic between
   you and the other guy you want to talk to, all bets are off anyway. Is there
   a real case where some hacker may be able to do this for a short while, but
   not arbitrarily long?
   
=> with IKEv2 on a rekey exchange the hacker has only to modify the headers
of two packets... Only a keepalive mechanism will detect it (far too late).
(note I refer to a SA keepalive, not to a NAT keepalive)

   >    So what I'd like to propose is that IPsec SAs *not* try to survive
   >    mid-connection NAT renumberings.
   
   Well, it's intentionally left out of the current NAT traversal drafts.
   It was discussed at some point between the authors. Instead we specify
   NAT keepalives.
   
=> we have to specify in details the peer address management, and not only
for NAT traversal but also for mobility and multi-homing.

Thanks

Francis.Dupont@xxxxxxxxxxxxxxxx