> > ND proxy is the equivalent of ARP spoofing. > > SEND is the antidote to ARP spoofing. > > Why should we be surprised that they are not compatible? > > Agreed. > > Question is what we should do about it. > Having two conflicting things move forward towards the standards track > doesn't seem like the best solution. >
So following up on Jari's note, I think it depends on what the ND-Proxy draft is intended for. If it is intended primarily for link layer boxes, then there isn't much one can do about securing it outside of specifying that it should only be used on secure link layers. In that case, it seems like putting such a statement in the Security Considerations section might be a possibility. On the other hand, if ND-Proxy is intended for IP layer entities such as a Mobile IP home agent, then we could continue working on ND proxy security in SEND, or it could be taken up specifically by the IPv6 WG. jak -------------------------------------------------------------------- IETF IPv6 working group mailing list [EMAIL PROTECTED] Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------