On Mon, Mar 09, 2009 at 04:50:51PM +0100, Felipe Alfaro Solana wrote: > ARP is insecure by default. If you care, move to IPv6 and use IPSec/SeND.
SeND will not be coming to OpenBSD any time soon. http://www.ietf.org/rfc/rfc3971.txt http://www.ietf.org/rfc/rfc3972.txt 80 pages across two RFCs for mapping layer 2 addresses to layer 3 addresses?!? Public key crypto (ASN.1 encoded, "of course") to verify them? I guarantee that implementing this will create more security problems than it solves. If you do not trust your local network, use crypto at a higher layer (ipsec, ssh, ssl, etc).
