Julien,
Le 23 juil. 09 à 04:59, Laganier, Julien a écrit :
Secure Neighbor Discovery [RFC3971] SHOULD be supported.
[RFC4861] states:
Cryptographic security mechanisms for Neighbor Discovery are
outside
the scope of this document and are defined in [RFC3971].
Secure Neighbor Discovery [RFC3971] SHOULD be used when physical
security
on the link is not assured. [RFC3971] states:
The SEND protocol is designed to counter the threats to NDP.
These
threats are described in detail in [22]. SEND is applicable in
environments where physical security on the link is not
assured (such
as over wireless) and attacks on NDP are a concern.
Excellent IMHO.
Full support
Secure Neighbor Discovery [RFC3971] MAY be disabled when the
link is
point-to-point and link-layer security is assured, including mutual
authentication of the link end-points and data origin integrity
protection.
This seems to me redundant in view of previous sentences, and
unnecessarily subject to debate.
I suggest to just delete this one.
Regards,
RD
--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------