Hi Julien, 2008/6/12, Julien Laganier <[EMAIL PROTECTED]>: > Hello Jean-Michel, > > > On Saturday 07 June 2008, Jean-Michel Combes wrote: > > Hi, > > > > After a quick review, I have one comment and one question: > > - IMHO, your solution should work too with anycast addresses case > > > It seems so. It also seems it would work to secure NS/NA exchange based > on certificates rather than CGA.
Not sure that certs defined in krishnan-cgaext-send-cert-eku are well adapted for such a use: IMHO, prefix ownership is not the same as address ownership. > To achieve that it would also be > necessary to define another EKU (extended key usage) for "Address > ownership", in addition to "Router" and "Proxy". But what is in the cert when you want to use it to proxy NS/NA? An address or a prefix? > > > > - How will a ND-Proxy get the certificate authorizing it to act as an > > ND-Proxy? > > > In the same fashion that a Router gets the certificate authorizing it to > act as a router. May I have details in the case of the MIPv6 scenario? Specially, who does provide the cert? Cheers. JMC. > > Cheers, > > > --julien > > > > 2008/6/6, Julien Laganier <[EMAIL PROTECTED]>: > > > Folks, > > > > > > Sorry for the noise, but another update of the Secure Proxy ND > > > Support for SEND has been posted. It fixes some misreferences and > > > has a filename matching the WG name, thus it should appear in the > > > tools.ietf.org page. > > > > > > The new draft has support for ND proxy as per: > > > - ND proxies [RFC4389] > > > - MIPv6 Home Agent [RFC3775] > > > - PMIPv6 Mobility Access Gateway [I-D.ietf-netlmm-proxymip6] > > > > > > You can find it there: > > > > > > > > > <http://www.ietf.org/internet-drafts/draft-krishnan-csi-proxy-send- > > >00.txt> > > > > > > Comments are still welcome! > > > > > > > > > --julien > > > > > > > > > > > > ---------- Message transféré ---------- > > > From: IETF I-D Submission Tool <[EMAIL PROTECTED]> > > > To: [EMAIL PROTECTED] > > > Date: Fri, 6 Jun 2008 08:24:12 -0700 (PDT) > > > Subject: New Version Notification for > > > draft-krishnan-csi-proxy-send-00 > > > > > > A new version of I-D, draft-krishnan-csi-proxy-send-00.txt has > > > been successfuly submitted by Julien Laganier and posted to the > > > IETF repository. > > > > > > Filename: draft-krishnan-csi-proxy-send > > > Revision: 00 > > > Title: Secure Proxy ND Support for SEND > > > Creation_date: 2008-06-06 > > > WG ID: Independent Submission > > > Number_of_pages: 22 > > > > > > Abstract: > > > Secure Neighbor Discovery (SEND) specifies a method for securing > > > Neighbor Discovery (ND) signaling against specific threats. As > > > specified today, SEND assumes that the node advertising an address > > > is the owner of the address and is in possession of the private key > > > used to generate the digital signature on the message. This means > > > that the Proxy ND signaling initiated by nodes that do not possess > > > knowledge of the address owner's private key cannot be secured > > > using SEND. This document extends the current SEND specification > > > with support for Proxy ND, the Secure Proxy ND Support for SEND. > > > > > > > > > > > > The IETF Secretariat. > > > > > > > > > > > > > > > _______________________________________________ > > > CGA-EXT mailing list > > > [email protected] > > > https://www.ietf.org/mailman/listinfo/cga-ext > > > > _______________________________________________ > > CGA-EXT mailing list > > [email protected] > > https://www.ietf.org/mailman/listinfo/cga-ext > > > _______________________________________________ CGA-EXT mailing list [email protected] https://www.ietf.org/mailman/listinfo/cga-ext
