Re: Where is the flaw?

"you effectively specify which path packets should take"

That's the idea.

"so you can overload intermediate sites as well when doing the nasty."

Ok, that's true, but what about a single source route instead of an entire path? That's all that would be needed for mobile users.

The harm caused by attackers would be very similar to the harm caused by malicious ip spoofing today (where one packet can attack two hosts as well as intermediate routers).

"The problem for mobile users is how to recognize and authenticate legit users, and there are other, more reliable ways to do that already, even in IPv6."

Where did you got the idea that source routing should be used to authenticate users? It is intended to take the most efficient route to the user.

Obviously we could move this complexity into the application layer. But ideally we could use any existing application (like ssh) without breaking the connection.

If the harm is too great then we'll have to do without source routing, but I'm still not convinced that this feature causes that much harm.