Re: ndproxy and SEND

Tue, 02 Mar 2004 20:10:33 -0800 

Agree.

        jak

----- Original Message ----- 
From: "Christian Huitema" <[EMAIL PROTECTED]>
To: "James Kempf" <[EMAIL PROTECTED]>; "Fred Templin"
<[EMAIL PROTECTED]>; "Erik Nordmark" <[EMAIL PROTECTED]>; "Dave Thaler"
<[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Tuesday, March 02, 2004 7:23 PM
Subject: RE: ndproxy and SEND


> The proxied NA would have to be signed by both the source and the proxy,
> using some kind of encapsulation. As you said, it could be done, but we
> should perhaps wait first for a commercial deployment of either
> solution.
>
> > -----Original Message-----
> > From: James Kempf [mailto:[EMAIL PROTECTED]
> > Sent: Tuesday, March 02, 2004 6:42 PM
> > To: Christian Huitema; Fred Templin; Erik Nordmark; Dave Thaler
> > Cc: [EMAIL PROTECTED]
> > Subject: Re: ndproxy and SEND
> >
> > Christian,
> >
> > At one level, I agree with you. But I do think it would be possible to
> > provide security for proxy ND (having thought about the issue a bit
> and
> > even
> > written something on it that I did not publish), but I believe it
> would
> > take
> > stronger security than is currently in SEND for ND. One obvious
> approach
> > would be to require a third party trust root, like RD in SEND already
> > does.
> > But there might be others.
> >
> >             jak
> >
> > ----- Original Message -----
> > From: "Christian Huitema" <[EMAIL PROTECTED]>
> > To: "Fred Templin" <[EMAIL PROTECTED]>; "James Kempf"
> > <[EMAIL PROTECTED]>; "Erik Nordmark" <[EMAIL PROTECTED]>;
> "Dave
> > Thaler" <[EMAIL PROTECTED]>
> > Cc: <[EMAIL PROTECTED]>
> > Sent: Tuesday, March 02, 2004 6:00 PM
> > Subject: RE: ndproxy and SEND
> >
> >
> > > ND proxy is the equivalent of ARP spoofing.
> > > SEND is the antidote to ARP spoofing.
> > > Why should we be surprised that they are not compatible?
> > >
> > > -- Christian Huitema
> > >
> > >
> > >
> > > --------------------------------------------------------------------
> > > IETF IPv6 working group mailing list
> > > [EMAIL PROTECTED]
> > > Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
> > > --------------------------------------------------------------------
> > >
> > >
>
>
>


--------------------------------------------------------------------
IETF IPv6 working group mailing list
[EMAIL PROTECTED]
Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------

Reply via email to