Re: Node Requirements: Issue 13 - CGA/SeND support

To: "Laganier, Julien" <julienl at qualcomm.com>
Subject: Re: Node Requirements: Issue 13 - CGA/SeND support
From: Rémi Després <remi.despres at free.fr>
Date: Thu, 23 Jul 2009 09:20:07 +0200
Cc: Thomas Narten <narten at us.ibm.com>, "ipv6 at ietf.org" <ipv6 at ietf.org>
Delivered-to: ipv6 at core3.amsl.com
In-reply-to: <BF345F63074F8040B58C00A186FCA57F1C22ACCA8D at NALASEXMB04.na.qualcomm.com>
List-archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-help: <mailto:ipv6-request@ietf.org?subject=help>
List-id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-post: <mailto:ipv6@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
References: <200907202025.n6KKPenJ002195 at cichlid.raleigh.ibm.com> <20090721133210.GH24319 at login.ecs.soton.ac.uk> <EMEW3|b7c1a148396b9aa3130611fae696010cl6KEWY03tjc|ecs.soton.ac.uk|3210.GH24319 at login.ecs.soton.ac.uk> <200907212136.n6LLaBAH005633 at cichlid.raleigh.ibm.com> <BF345F63074F8040B58C00A186FCA57F1C22ACCA8D at NALASEXMB04.na.qualcomm.com>

Julien,


Le 23 juil. 09 à 04:59, Laganier, Julien a écrit :

Secure Neighbor Discovery [RFC3971] SHOULD be supported.[RFC4861] states:
Cryptographic security mechanisms for Neighbor Discovery areoutside
      the scope of this document and are defined in [RFC3971].
Secure Neighbor Discovery [RFC3971] SHOULD be used when physicalsecurity
   on the link is not assured.  [RFC3971] states:
The SEND protocol is designed to counter the threats to NDP.These
      threats are described in detail in [22].  SEND is applicable in
environments where physical security on the link is notassured (such
      as over wireless) and attacks on NDP are a concern.


Excellent IMHO.
Full support

Secure Neighbor Discovery [RFC3971] MAY be disabled when thelink is
   point-to-point and link-layer security is assured, including mutual
authentication of the link end-points and data origin integrityprotection.

This seems to me redundant in view of previous sentences, andunnecessarily subject to debate.

I suggest to just delete this one.

Regards,
RD

References:
- Node requirements: draft-ietf-6man-node-req-bis-03.txt
  - From: Thomas Narten
- Re: Node requirements: draft-ietf-6man-node-req-bis-03.txt
  - From: Tim Chown
- Node Requirements: Issue 13 - CGA/SeND support
  - From: Thomas Narten
- RE: Node Requirements: Issue 13 - CGA/SeND support
  - From: Laganier, Julien

Prev by Date: RE: Node Requirements: Issue 13 - CGA/SeND support
Next by Date: RE: Node requirements: Issue 12 - status/scope of document
Previous by thread: Re: Node Requirements: Issue 13 - CGA/SeND support
Next by thread: RE: Node Requirements: Issue 13 - CGA/SeND support
Index(es):
- Date
- Thread

Re: Node Requirements: Issue 13 - CGA/SeND support

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.