|
Hi, We have uploaded a new version of the SEND SAVI draft. The main changes from version -00 are the following: -
Now deployment is
perimetrical (with trusted and untrusted ports). Therefore, only border SEND
SAVI devices have to check for the validity of a binding. -
The mechanism is
described as a state machine -
Bindings are created by
making a SEND SAVI devices issue secured NUD NSOL messages with their own
addresses. -
SEND Anchors,
Certification Path Solicitations/Advertisements… are considered -
A mechanism is provided to
protect against DoS attacks by blocking for some time ports from which validation
was unsuccessful. Regards, Alberto Title : SEND-based Source-Address Validation
Implementation Author(s) : M. Bagnulo, A. Garcia-Martinez Filename : draft-ietf-savi-send-01.txt Pages
: 19 Date
: 2009-10-23 This memo
describes SEND SAVI, a mechanism to provide source address validation using
the SEND protocol. The proposed mechanism is intended to
complement ingress filtering techniques to provide a higher
granularity on the control of the source addresses used. A URL for this
Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-savi-send-01.txt |
Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.