RE: Node Requirements: Issue 13 - CGA/SeND support

To: "'Laganier, Julien'" <julienl at qualcomm.com>, 'Thomas Narten' <narten at us.ibm.com>, ipv6 at ietf.org
Subject: RE: Node Requirements: Issue 13 - CGA/SeND support
From: Hongyu Li <lihy at huawei.com>
Date: Thu, 23 Jul 2009 16:52:16 +0800
Delivered-to: ipv6 at core3.amsl.com
In-reply-to: <BF345F63074F8040B58C00A186FCA57F1C22ACCA8D at NALASEXMB04.na.qualcomm.com>
List-archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-help: <mailto:ipv6-request@ietf.org?subject=help>
List-id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-post: <mailto:ipv6@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
Thread-index: AcoKS01yiUkHuYRsQSqsMip3ZoGTygA85SlwAAzqJGA=

I would support this. SeND is useful in some case, but not necessary for all cases. It would be helpful to say when it is SHOULD or
MAY be used.

Hongyu
 

> -----Original Message-----
> From: ipv6-bounces at ietf.org [mailto:ipv6-bounces at ietf.org] On 
> Behalf Of Laganier, Julien
> Sent: Thursday, July 23, 2009 11:00 AM
> To: Thomas Narten; ipv6 at ietf.org
> Subject: RE: Node Requirements: Issue 13 - CGA/SeND support
> 
> Just for the sake of getting the discussion started, I 
> drafted some text we can discuss:
>  
>    Secure Neighbor Discovery [RFC3971] SHOULD be supported.  
> [RFC4861] states:
> 
>       Cryptographic security mechanisms for Neighbor 
> Discovery are outside
>       the scope of this document and are defined in [RFC3971].
> 
>    Secure Neighbor Discovery [RFC3971] SHOULD be used when 
> physical security 
>    on the link is not assured.  [RFC3971] states:
> 
>       The SEND protocol is designed to counter the threats to 
> NDP.  These
>       threats are described in detail in [22].  SEND is applicable in
>       environments where physical security on the link is not 
> assured (such
>       as over wireless) and attacks on NDP are a concern.
> 
>    Secure Neighbor Discovery [RFC3971] MAY be disabled when 
> the link is 
>    point-to-point and link-layer security is assured, 
> including mutual 
>    authentication of the link end-points and data origin 
> integrity protection. 
> 
> What do you think?
> 
> --julien
> 
> 
> > -----Original Message-----
> > From: ipv6-bounces at ietf.org [mailto:ipv6-bounces at ietf.org] 
> On Behalf 
> > Of Thomas Narten
> > Sent: Tuesday, July 21, 2009 2:36 PM
> > To: ipv6 at ietf.org
> > Subject: Node Requirements: Issue 13 - CGA/SeND support
> > 
> > Tim Chown <tjc at ecs.soton.ac.uk> writes:
> > 
> > > What about CGA/SeND support?  I can't see any reference to this
> > > currently.   Should there be?   It's often waved as the answer to
> > > make rogue RAs 'go away', so perhaps we should.
> > 
> > I agree we need to have a section that addresses this topic.
> > 
> > If no one suggests text, I'll take a stab.
> > 
> > Thomas
> > --------------------------------------------------------------------
> > IETF IPv6 working group mailing list
> > ipv6 at ietf.org
> > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> > --------------------------------------------------------------------
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6 at ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
>

References:
- RE: Node Requirements: Issue 13 - CGA/SeND support
  - From: Laganier, Julien

Prev by Date: RE: Node requirements: Issue 12 - status/scope of document
Next by Date: Re: Node Requirements: Issue 13 - CGA/SeND support
Previous by thread: Re: Node Requirements: Issue 13 - CGA/SeND support
Next by thread: Node Requirements: Issue 5 - DNS RA Option (RFC 5006)
Index(es):
- Date
- Thread

RE: Node Requirements: Issue 13 - CGA/SeND support

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.