> > ND proxy is the equivalent of ARP spoofing.
> > SEND is the antidote to ARP spoofing.
> > Why should we be surprised that they are not compatible?
>
> Agreed.
>
> Question is what we should do about it.
> Having two conflicting things move forward towards the standards track
> doesn't seem like the best solution.
>
So following up on Jari's note, I think it depends on what the ND-Proxy
draft is intended for. If it is intended primarily for link layer boxes,
then there isn't much one can do about securing it outside of specifying
that it should only be used on secure link layers. In that case, it seems
like putting such a statement in the Security Considerations section might
be a possibility. On the other hand, if ND-Proxy is intended for IP layer
entities such as a Mobile IP home agent, then we could continue working on
ND proxy security in SEND, or it could be taken up specifically by the IPv6
WG.
jak
--------------------------------------------------------------------
IETF IPv6 working group mailing list
[EMAIL PROTECTED]
Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
