On Aug 18, 2011, at 4:49 PM, james woodyatt wrote: > > ...then sleep proxies will need to possess the RSA private keys for all the > CGAs that their client hosts register with them...
Correction: I think SEND as it is currently constituted actually just breaks sleep proxies entirely. A cryptographically generated address is one-way function of the link-local address, and I'm pretty sure that sleep proxies shouldn't be sending source link-layer address options in neighbor discovery packets that don't match their own source hardware address. And besides, if they did that to make SEND work, you'd still be going against section 9.1, which says: Even on a secured link layer, SEND does not require that the addresses on the link layer and Neighbor Advertisements correspond. However, performing these checks is RECOMMENDED if the link layer technology permits. Really, I think SEND is basically incompatible with sleep proxies, which is the main reason I'm not in a big hurry to recommend implementing it in Apple products. -- james woodyatt <j...@apple.com> member of technical staff, core os networking -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
