In this deliberately preposterous paper, we show that the inclusion of the source IP addresses in the IPv6 header is completely unnecessary and usually harmful. In particular, we show that whenever IPsec is used in conjunction with IPv6, we would do much better using the 128 bits that are currently wasted for the source address with something much more useful, such as passing randomly looking bits. Furthermore, we argue that the source addresses pose one of the worst privacy threats in the IPv6 architecture; simply leaving them out would be a clear improvement of privacy. Finally, we show how a simple destination option is better than the current practice for providing the source address in the rare cases where it is really needed.

Abstract: Currently IP addresses are used both for node identifiers and topological location names in the Internet. The semantic overloading and non-cryptographic nature of IP addresses makes it impossible to use them as identifiers from the security point of view. The problem becomes even worse with multi-homed mobile nodes. Multi-homed mobile nodes have several interfaces bound to dynamically changing IP addresses. When a node changes its point of attachment to the network or it reroutes traffic fromone interface to another, the connection identifiers are changed. A peer node cannot verify the validity of the new identifiers without a naming trust relationship between the identifiers and the identity of the node. The peer must have evidence that an identifier belongs to a specific identity. Currently, there are no way for a node, using traditional IP addresses, to prove that it owns a specific address, i.e., an identifier. We present in this paper the philosophy behind separation of end-point identifiers from location names, which is an essential part in designing secure multi-homed mobility architectures.

When IPv6 Neighbor and Router Discovery functions were defined, it was assumed that the local link would consist of mutually trusting nodes. However, the recent developments in public wireless networks, such as WLANs, have radically changed the situation. The nodes on a local link cannot necessarily trust each other any more, but they must become mutually suspicious even when the nodes have completed an authentication exchange with the network. This creates a number of operational difficulties and new security threats. In this paper we provide a taxonomy for the IPv6 Neighbor and Router Discovery threats, describe two new cryptographic methods, Cryptographically Generated Addresses (CGA) and Address Based Keys (ABK), and discuss how these new methods can be used to secure the Neighbor and Router discovery mechanisms.

Abstract. This paper recounts some lessons that we learned from the deployment of host-to-host IPsec in a large corporate network. Several security issues arise from mismatches between the different identifier spaces used by applications, by the IPsec security policy database, and by the security infrastructure (X.509 certificates or Kerberos). Mobile hosts encounter additional problems because private IP addresses are not globally unique, and because they rely on an untrusted DNS server at the visited network. We also discuss a feature interaction in an enhanced IPsec firewall mechanism. The potential solutions are to relax the transparency of IPsec protection, to put applications directly in charge of their security and, in the long term, to redesign the security protocols not to use IP addresses as host identifiers. 1

By submitting this Internet-Draft, I certify that any applicable patent or other IPR claims of which I am aware have been disclosed, and any of which I become aware will be disclosed, in accordance with RFC 3668. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at

Abstract Mobile IPv6 is a network-layer mobility protocol for the IPv6 Internet. The protocol includes several security mechanisms, such as the return-routability tests for the ��������������������������care-of addresses. This paper

draft-ietf-hip-arch-00 This document is an Internet-Draft and is subject to all provisions of section 3 of RFC 3667. By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she become aware will be disclosed, in accordance with RFC 3668. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at

IPv6 is used for a variety of tasks, such as autoconfiguration, neighbor detection, and router discovery.

Abstract not found