RE: Node Requirements: Issue 13 - CGA/SeND support
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Node Requirements: Issue 13 - CGA/SeND support
- To: "john.loughney at nokia.com" <john.loughney at nokia.com>, "hesham at elevatemobile.com" <hesham at elevatemobile.com>, "narten at us.ibm.com" <narten at us.ibm.com>, "ipv6 at ietf.org" <ipv6 at ietf.org>
- Subject: RE: Node Requirements: Issue 13 - CGA/SeND support
- From: "Laganier, Julien" <julienl at qualcomm.com>
- Date: Wed, 22 Jul 2009 21:32:07 -0700
- Accept-language: en-US
- Acceptlanguage: en-US
- Delivered-to: ipv6 at core3.amsl.com
- Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=qualcomm.com; i=julienl at qualcomm.com; q=dns/txt; s=qcdkim; t=1248323595; x=1279859595; h=from:to:date:subject:thread-topic:thread-index: message-id:references:in-reply-to:accept-language: content-language:x-ms-has-attach:x-ms-tnef-correlator: acceptlanguage:content-type:content-transfer-encoding: mime-version:x-ironport-av; z=From:=20"Laganier,=20Julien"=20<julienl at qualcomm.com> |To:=20"john.loughney at nokia.com"=20<john.loughney at nokia.c om>,=0D=0A=20=20=20=20=20=20=20=20"hesham at elevatemobile.c om"=20<hesham at elevatemobile.com>,=0D=0A=20=20=20=20=20=20 =20=20"narten at us.ibm.com"=0D=0A=09<narten at us.ibm.com>,=0D =0A=20=20=20=20=20=20=20=20"ipv6 at ietf.org"=20<ipv6 at ietf.o rg>|Date:=20Wed,=2022=20Jul=202009=2021:32:07=20-0700 |Subject:=20RE:=20Node=20Requirements:=20Issue=2013=20- =20CGA/SeND=20support|Thread-Topic:=20Node=20Requirements :=20Issue=2013=20-=20CGA/SeND=20support|Thread-Index:=20A coKS01yiUkHuYRsQSqsMip3ZoGTygA85SlwAAJKBpgAAJEX4AAA9/GQ |Message-ID:=20<BF345F63074F8040B58C00A186FCA57F1C22ACCA8 F at NALASEXMB04.na.qualcomm.com>|References:=20<BF345F63074 F8040B58C00A186FCA57F1C22ACCA8D at NALASEXMB04.na.qualcomm.c om>=0D=0A=20<C68E1A01.E678%hesham at elevatemobile.com>=0D =0A=20<1F18D6510CF0474A8C9500565A7E41A2054A3322A4 at NOK-EUM SG-02.mgdnok.nokia.com>|In-Reply-To:=20<1F18D6510CF0474A8 C9500565A7E41A2054A3322A4 at NOK-EUMSG-02.mgdnok.nokia.com> |Accept-Language:=20en-US|Content-Language:=20en-US |X-MS-Has-Attach:|X-MS-TNEF-Correlator:|acceptlanguage: =20en-US|Content-Type:=20text/plain=3B=20charset=3D"us-as cii"|Content-Transfer-Encoding:=20quoted-printable |MIME-Version:=201.0|X-IronPort-AV:=20E=3DMcAfee=3Bi=3D"5 300,2777,5685"=3B=20a=3D"21114999"; bh=H8kW4ZGFs1BSDxcu4ZeQaC6XG54VD600f0bwFMytGXg=; b=VzwAxOalstSrWl6jzqAPtsiF3KyGs3F0b+E5QEd1xURfEbcoPIXMxmCc Kivnt/rGGkIBUh4Lgh4cusI0yVtI6n8UEjpGGiT7UUEu94e75VXiYTHeC xZfThzOlo8Czie8qv9JIToDvReC/CuHDW7pWeSd7qkfK10SlgbBd059gY o=;
- In-reply-to: <1F18D6510CF0474A8C9500565A7E41A2054A3322A4 at NOK-EUMSG-02.mgdnok.nokia.com>
- List-archive: <http://www.ietf.org/mail-archive/web/ipv6>
- List-help: <mailto:ipv6-request@ietf.org?subject=help>
- List-id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
- List-post: <mailto:ipv6@ietf.org>
- List-subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
- List-unsubscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
- References: <BF345F63074F8040B58C00A186FCA57F1C22ACCA8D at NALASEXMB04.na.qualcomm.com> <C68E1A01.E678%hesham at elevatemobile.com> <1F18D6510CF0474A8C9500565A7E41A2054A3322A4 at NOK-EUMSG-02.mgdnok.nokia.com>
- Thread-index: AcoKS01yiUkHuYRsQSqsMip3ZoGTygA85SlwAAJKBpgAAJEX4AAA9/GQ
- Thread-topic: Node Requirements: Issue 13 - CGA/SeND support
John,
I think the node can know this in a number of situations, and if it doesn't, it can still use SEND in mixed mode which would let the node issue SEND protected ND signaling, while accepting both SEND-protected and unprotected ND signaling.
But the question you're asking is indeed a good one: is SEND a basic feature of IPv6 that all nodes SHOULD support. Probably we should try to answer this before entering into the details of when to use it or not.
--julien
> -----Original Message-----
> From: john.loughney at nokia.com [mailto:john.loughney at nokia.com]
> Sent: Wednesday, July 22, 2009 9:03 PM
> To: hesham at elevatemobile.com; Laganier, Julien; narten at us.ibm.com;
> ipv6 at ietf.org
> Subject: RE: Node Requirements: Issue 13 - CGA/SeND support
>
> Hesham,
>
> I agree with you, the Node cannot know this, it can only do the right
> thing once the SeND process starts. Do people feel that SeND should be
> a basic feature of IPv6 that all nodes SHOULD support?
>
> John
>
> -----Original Message-----
> From: ipv6-bounces at ietf.org [mailto:ipv6-bounces at ietf.org] On Behalf Of
> ext Hesham Soliman
> Sent: Wednesday, July 22, 2009 11:46 PM
> To: Laganier, Julien; Thomas Narten; ipv6 at ietf.org
> Subject: Re: Node Requirements: Issue 13 - CGA/SeND support
>
> Looks good in general, but I'm not sure if the host can always
> determine the nature of the link or the level of security available on
> that link. It can probably infer (sometimes inaccurately) but it's not
> laways possible to know.
>
> I agree with the SHOULDs and the intention of the MAY, I just don't
> know if a host knows enough to decide about the MAY.
>
> Hesham
>
>
> On 23/07/09 12:59 PM, "Laganier, Julien" <julienl at qualcomm.com> wrote:
>
> > Just for the sake of getting the discussion started, I drafted some
> > text we can discuss:
> >
> > Secure Neighbor Discovery [RFC3971] SHOULD be supported.
> [RFC4861] states:
> >
> > Cryptographic security mechanisms for Neighbor Discovery are
> outside
> > the scope of this document and are defined in [RFC3971].
> >
> > Secure Neighbor Discovery [RFC3971] SHOULD be used when physical
> security
> > on the link is not assured. [RFC3971] states:
> >
> > The SEND protocol is designed to counter the threats to NDP.
> These
> > threats are described in detail in [22]. SEND is applicable in
> > environments where physical security on the link is not assured
> (such
> > as over wireless) and attacks on NDP are a concern.
> >
> > Secure Neighbor Discovery [RFC3971] MAY be disabled when the link
> is
> > point-to-point and link-layer security is assured, including
> mutual
> > authentication of the link end-points and data origin integrity
> protection.
> >
> > What do you think?
> >
> > --julien
> >
> >
> >> -----Original Message-----
> >> From: ipv6-bounces at ietf.org [mailto:ipv6-bounces at ietf.org] On Behalf
> >> Of Thomas Narten
> >> Sent: Tuesday, July 21, 2009 2:36 PM
> >> To: ipv6 at ietf.org
> >> Subject: Node Requirements: Issue 13 - CGA/SeND support
> >>
> >> Tim Chown <tjc at ecs.soton.ac.uk> writes:
> >>
> >>> What about CGA/SeND support? I can't see any reference to this
> >>> currently. Should there be? It's often waved as the answer to
> >>> make rogue RAs 'go away', so perhaps we should.
> >>
> >> I agree we need to have a section that addresses this topic.
> >>
> >> If no one suggests text, I'll take a stab.
> >>
> >> Thomas
> >> --------------------------------------------------------------------
> >> IETF IPv6 working group mailing list
> >> ipv6 at ietf.org
> >> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> >> --------------------------------------------------------------------
> > --------------------------------------------------------------------
> > IETF IPv6 working group mailing list
> > ipv6 at ietf.org
> > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> > --------------------------------------------------------------------
>
>
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6 at ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.
