> The general case of proxy ND, which this specification uses, can not > provide any security against MiTM because by definition the proxy is a > MiTM. Thus it is completely unreasonably to assume that SeND will solve > this.
What do you mean, unreasonable? It is certainly possible to write and sign something like "I am a secure host, I am behind an proxy, and the proxy address ix X:Y:Z". Obviously, that places requirement on SEND or ND-Proxy. SEND would have to allow a new format, or ND-Proxy would have to allow some explicit proxy discovery. But it is certainly neither unreasonable nor impossible. -- Christian Huitema -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------