So, thinking some more about it, I have this nasty feeling about the usefulness of SEND. Compare the two topologies:
Host-A <---> learning bridge <---> Host-B Host-A <---> ND-Proxy <---> Host-B SEND will work just fine with the learning bridge topology, but will not work with the ND-Proxy topology. Yet, do you really believe that one is inherently more secure than the other? Learning bridges can do all kinds of interesting tricks, in fact more so than proxies. SEND secures the mapping between an IPv6 address and a MAC address, but it does nothing to guarantee that the L2 topology actually delivers the packets to the intended destination. When we expand all that energy signing neighbor discovery packets, have we really improved security? -- Christian Huitema -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------