Hi Jean-Michel,
Jean-Michel Combes wrote:
Hi Suresh,
Sorry but some points are unclear for me.
At first, what are assumptions you have regarding the MN?
From my point of view, the MN is able to use SEND: in using either CGA
or a cert linked to its address. Is it the same assumption for you
because I am not sure this is the case? :)
Yes. I am working under the same assumption as you :-).
Second point, if the MN have a CGA, how does the ND Proxy get the cert
which will allow it to sign the NDP signaling instead of the MN?
I think I am beginning to understand your issue. One thing I would like
to point out is that the ND proxy gets the authority to do this not from
the MN being proxied but from some other entity that is trusted by the
receiving MN.
Last point, if the MN have a cert linked to its address, how does this
cert is provided to the MN?
This is out of scope of this document. The document does not talk about
certificates for end nodes.
Cheers
Suresh
_______________________________________________
CGA-EXT mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/cga-ext
