Re: Node Requirements: Issue 13 - CGA/SeND support

To: Eric Levy-Abegnoli <elevyabe at cisco.com>
Subject: Re: Node Requirements: Issue 13 - CGA/SeND support
From: Hesham Soliman <hesham at elevatemobile.com>
Date: Fri, 24 Jul 2009 23:57:16 +1000
Cc: Thomas Narten <narten at us.ibm.com>, john.loughney at nokia.com, julienl at qualcomm.com, ipv6 at ietf.org, "\(Arnaud Ebalard\)" <arno at natisbad.org>, Brian E Carpenter <brian.e.carpenter at gmail.com>
Delivered-to: ipv6 at core3.amsl.com
In-reply-to: <4A69BD0F.4030100 at cisco.com>
List-archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-help: <mailto:ipv6-request@ietf.org?subject=help>
List-id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-post: <mailto:ipv6@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
Thread-index: AcoMZqbp4WkEJ5+JckiX5sN/eb/D7g==
Thread-topic: Node Requirements: Issue 13 - CGA/SeND support
User-agent: Microsoft-Entourage/12.19.0.090515

On 24/07/09 11:54 PM, "Eric Levy-Abegnoli" <elevyabe at cisco.com> wrote:

> Hesham Soliman a écrit :
>>   
>>> SeND is theoretically not easy to deploy - you need to provision
>>> 
>>> cryptography material on all nodes.
>>>     
>> 
>> => Why? You only need to provision routers if you want them to support proof
>> of prefix ownership, but you certainly don't need to provision all nodes,
>> that's the advantage of CGAs.
>> 
>>   
> That's true for CGA, but not for router authorization. Any node that
> want to verify router authorization need to be provisionned with the
> anchor certificate.

=> Yes of course. 

Hesham


> Eric
>> Hesham
>> 
>> 
>> 
>> That implementations are not even
>>   
>>> properly integrated into operating systems makes it worse. I somewhat
>>> 
>>> expect that somewhat secure networks will use network-side filtering as is
>>> 
>>> done for ARP instead, as it requires no host-side changes.
>>> 
>>> 
>>> 
>>> I don't think it deserves a "SHOULD" at this point.
>>> 
>>> 
>>>     
>> 
>> 
>> --------------------------------------------------------------------
>> IETF IPv6 working group mailing list
>> ipv6 at ietf.org
>> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
>> --------------------------------------------------------------------
>> 
>>   
>

References:
- Re: Node Requirements: Issue 13 - CGA/SeND support
  - From: Eric Levy-Abegnoli

Prev by Date: Re: Node Requirements: Issue 13 - CGA/SeND support
Next by Date: Node Requirements: Issue 14 - Privacy Extensions
Previous by thread: Re: Node Requirements: Issue 13 - CGA/SeND support
Next by thread: Re: Node Requirements: Issue 13 - CGA/SeND support
Index(es):
- Date
- Thread

Re: Node Requirements: Issue 13 - CGA/SeND support

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.