Hello, In your IESG comments on draft-ietf-ipv6-rfc2462bis-07.txt, you said:
> RFC 3756 says that IPsec really does not work for neighbor > discovery. Even if it does work in some cases, there is not > enough detail in this document to say how to use it. SEND > is the answer, of course. However, this document cannot > have a normative reference to SEND because this document is > going for publication as Draft Standard. > My recommendation is to delete the text regarding the use of > IPsec and replace it with an Informative reference to SEND. > I think this is better than misleading the reader. I do not necessarily think the current text (with proper references) will mislead the reader, I agree that simply referring to IPsec-AH is almost meaningless in the context of secure address autoconfiguration. So, I don't mind replace the reference with a reference to the SEND RFC. And this is mostly just an editorial work: the only references to IPsec-AH in this document are the followings: 2. If RemainingLifetime is less than or equal to 2 hours, ignore the Prefix Information option with regards to the valid lifetime, unless the Router Advertisement from which this option was obtained has been authenticated (e.g., via IP security [RFC2402]). If the Router Advertisement was authenticated, the valid lifetime of the corresponding address should be set to the Valid Lifetime in the received option. (Section 5.5.3 e-2) [...] These attacks can be addressed by requiring that Neighbor Discovery packets be authenticated with IP security [RFC2402]. (Section 6 "SECURITY CONSIDERATIONS") If we replace "IP security [RFC2402]" with "SEcure Neighbor Discovery [RFC3971]", the work will be done without introducing oddity due to the change of the reference. The only possible problem is, as you pointed out, the down-reference issue. While I originally categorized the reference to RFC2402 as normative, I actually think the reference could be informative, and the change of the reference to SEND does not change the impression (as long as the reference context is not changed from the above simple ones). What do others (in the wg) think? Does anyone have an objection to the following change? 1. change the references to RFC2402 (IPsec-AH) to references to RFC3971(SEND), and 2. categorize the new reference as informative JINMEI, Tatuya Communication Platform Lab. Corporate R&D Center, Toshiba Corp. [EMAIL PROTECTED] -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------