Hesham Soliman a écrit :
SeND is theoretically not easy to deploy - you need to provision
cryptography material on all nodes.
=> Why? You only need to provision routers if you want them to support proof
of prefix ownership, but you certainly don't need to provision all nodes,
that's the advantage of CGAs.
That's true for CGA, but not for router authorization. Any node that
want to verify router authorization need to be provisionned with the
anchor certificate.
Eric
Hesham
That implementations are not even
properly integrated into operating systems makes it worse. I somewhat
expect that somewhat secure networks will use network-side filtering as is
done for ARP instead, as it requires no host-side changes.
I don't think it deserves a "SHOULD" at this point.
--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------