RE: Node Requirements: Issue 13 - CGA/SeND support
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Node Requirements: Issue 13 - CGA/SeND support
- To: Thomas Narten <narten at us.ibm.com>, "ipv6 at ietf.org" <ipv6 at ietf.org>
- Subject: RE: Node Requirements: Issue 13 - CGA/SeND support
- From: "Laganier, Julien" <julienl at qualcomm.com>
- Date: Wed, 22 Jul 2009 19:59:37 -0700
- Accept-language: en-US
- Acceptlanguage: en-US
- Delivered-to: ipv6 at core3.amsl.com
- Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=qualcomm.com; i=julienl at qualcomm.com; q=dns/txt; s=qcdkim; t=1248318000; x=1279854000; h=from:to:date:subject:thread-topic:thread-index: message-id:references:in-reply-to:accept-language: content-language:x-ms-has-attach:x-ms-tnef-correlator: acceptlanguage:content-type:content-transfer-encoding: mime-version:x-ironport-av; z=From:=20"Laganier,=20Julien"=20<julienl at qualcomm.com> |To:=20Thomas=20Narten=20<narten at us.ibm.com>,=20"ipv6 at iet f.org"=20<ipv6 at ietf.org>|Date:=20Wed,=2022=20Jul=202009 =2019:59:37=20-0700|Subject:=20RE:=20Node=20Requirements: =20Issue=2013=20-=20CGA/SeND=20support|Thread-Topic:=20No de=20Requirements:=20Issue=2013=20-=20CGA/SeND=20support |Thread-Index:=20AcoKS01yiUkHuYRsQSqsMip3ZoGTygA85Slw |Message-ID:=20<BF345F63074F8040B58C00A186FCA57F1C22ACCA8 D at NALASEXMB04.na.qualcomm.com>|References:=20<20090720202 5.n6KKPenJ002195 at cichlid.raleigh.ibm.com>=0D=0A=09<200907 21133210.GH24319 at login.ecs.soton.ac.uk>=0D=0A=09<EMEW3=7C b7c1a148396b9aa3130611fae696010cl6KEWY03tjc=7Cecs.soton.a c.uk=7C3210.GH24319 at login.ecs.soton.ac.uk>=0D=0A=20<20090 7212136.n6LLaBAH005633 at cichlid.raleigh.ibm.com> |In-Reply-To:=20<200907212136.n6LLaBAH005633 at cichlid.rale igh.ibm.com>|Accept-Language:=20en-US|Content-Language: =20en-US|X-MS-Has-Attach:|X-MS-TNEF-Correlator: |acceptlanguage:=20en-US|Content-Type:=20text/plain=3B=20 charset=3D"us-ascii"|Content-Transfer-Encoding:=20quoted- printable|MIME-Version:=201.0|X-IronPort-AV:=20E=3DMcAfee =3Bi=3D"5300,2777,5685"=3B=20a=3D"21112038"; bh=lYNHMqb96ge6lvYMmdhzL72BiEWA8hNBjQsA06G4z2w=; b=qT5KkWdwVvxKkM1i5Uah2LbNW5ULl/mM51O1kmeue4VOgpZlev0P6gxg KsjBzOIWSYxZnzkF7Biy5616tBy4xoAMOpPn4Cx/maAnWdbYxu8R1kMCk WF7TpnLy0c7nFmyexKkjaO7/yOv+YTe8uEdIs9r2ZL+HOZlhDEU300DUy w=;
- In-reply-to: <200907212136.n6LLaBAH005633 at cichlid.raleigh.ibm.com>
- List-archive: <http://www.ietf.org/mail-archive/web/ipv6>
- List-help: <mailto:ipv6-request@ietf.org?subject=help>
- List-id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
- List-post: <mailto:ipv6@ietf.org>
- List-subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
- List-unsubscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
- References: <200907202025.n6KKPenJ002195 at cichlid.raleigh.ibm.com> <20090721133210.GH24319 at login.ecs.soton.ac.uk> <EMEW3|b7c1a148396b9aa3130611fae696010cl6KEWY03tjc|ecs.soton.ac.uk|3210.GH24319 at login.ecs.soton.ac.uk> <200907212136.n6LLaBAH005633 at cichlid.raleigh.ibm.com>
- Thread-index: AcoKS01yiUkHuYRsQSqsMip3ZoGTygA85Slw
- Thread-topic: Node Requirements: Issue 13 - CGA/SeND support
Just for the sake of getting the discussion started, I drafted some text
we can discuss:
Secure Neighbor Discovery [RFC3971] SHOULD be supported. [RFC4861] states:
Cryptographic security mechanisms for Neighbor Discovery are outside
the scope of this document and are defined in [RFC3971].
Secure Neighbor Discovery [RFC3971] SHOULD be used when physical security
on the link is not assured. [RFC3971] states:
The SEND protocol is designed to counter the threats to NDP. These
threats are described in detail in [22]. SEND is applicable in
environments where physical security on the link is not assured (such
as over wireless) and attacks on NDP are a concern.
Secure Neighbor Discovery [RFC3971] MAY be disabled when the link is
point-to-point and link-layer security is assured, including mutual
authentication of the link end-points and data origin integrity protection.
What do you think?
--julien
> -----Original Message-----
> From: ipv6-bounces at ietf.org [mailto:ipv6-bounces at ietf.org] On Behalf Of
> Thomas Narten
> Sent: Tuesday, July 21, 2009 2:36 PM
> To: ipv6 at ietf.org
> Subject: Node Requirements: Issue 13 - CGA/SeND support
>
> Tim Chown <tjc at ecs.soton.ac.uk> writes:
>
> > What about CGA/SeND support? I can't see any reference to this
> > currently. Should there be? It's often waved as the answer to
> > make rogue RAs 'go away', so perhaps we should.
>
> I agree we need to have a section that addresses this topic.
>
> If no one suggests text, I'll take a stab.
>
> Thomas
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6 at ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.
