Hi Erik, > The fact that SEND doesn't currently provide security for proxy neighbor > advertisements is an indication that 1) there isn't much perceived need > for it and/or 2) it is hard to do since authorization is a challenge. >
Indeed, proxy ND was perceived to be one of two hard problems during the SEND design discussions, the other being cert-based ND, which would require provisioning of every host with a cert. After discussion, the SEND WG decided not to move forward with a solution primarily for tactical reasons. In short, the WG felt that it would be better to wait for clear indication of market acceptance for SEND rather than continuing and doing yet another RFC that nobody really cared enough about to implement, put in their products, and deploy. The original idea was to wait for some time to see whether market acceptance was forthcoming, then do a BOF and restart the WG to work on the remaining problems. It's an interesting technical problem, though. From one perspective, one could view it as an instance of trust transitivity, which is something that in general is not considered to be very secure, hence the authorization challenge. jak -------------------------------------------------------------------- IETF IPv6 working group mailing list [EMAIL PROTECTED] Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------