The proxied NA would have to be signed by both the source and the proxy, using some kind of encapsulation. As you said, it could be done, but we should perhaps wait first for a commercial deployment of either solution.
> -----Original Message----- > From: James Kempf [mailto:[EMAIL PROTECTED] > Sent: Tuesday, March 02, 2004 6:42 PM > To: Christian Huitema; Fred Templin; Erik Nordmark; Dave Thaler > Cc: [EMAIL PROTECTED] > Subject: Re: ndproxy and SEND > > Christian, > > At one level, I agree with you. But I do think it would be possible to > provide security for proxy ND (having thought about the issue a bit and > even > written something on it that I did not publish), but I believe it would > take > stronger security than is currently in SEND for ND. One obvious approach > would be to require a third party trust root, like RD in SEND already > does. > But there might be others. > > jak > > ----- Original Message ----- > From: "Christian Huitema" <[EMAIL PROTECTED]> > To: "Fred Templin" <[EMAIL PROTECTED]>; "James Kempf" > <[EMAIL PROTECTED]>; "Erik Nordmark" <[EMAIL PROTECTED]>; "Dave > Thaler" <[EMAIL PROTECTED]> > Cc: <[EMAIL PROTECTED]> > Sent: Tuesday, March 02, 2004 6:00 PM > Subject: RE: ndproxy and SEND > > > > ND proxy is the equivalent of ARP spoofing. > > SEND is the antidote to ARP spoofing. > > Why should we be surprised that they are not compatible? > > > > -- Christian Huitema > > > > > > > > -------------------------------------------------------------------- > > IETF IPv6 working group mailing list > > [EMAIL PROTECTED] > > Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 > > -------------------------------------------------------------------- > > > > -------------------------------------------------------------------- IETF IPv6 working group mailing list [EMAIL PROTECTED] Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
