would be
> done by an extension to SEND
>
> -Dave
>
> > -Original Message-
> > From: Erik Nordmark [mailto:[EMAIL PROTECTED]
> > Sent: Wednesday, March 03, 2004 9:06 AM
> > To: Dave Thaler
> > Cc: [EMAIL PROTECTED]
> > Subject: ndproxy and SEND
&g
g proxyied NA's would be
done by an extension to SEND
-Dave
> -Original Message-
> From: Erik Nordmark [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, March 03, 2004 9:06 AM
> To: Dave Thaler
> Cc: [EMAIL PROTECTED]
> Subject: ndproxy and SEND
>
> draft-th
> > ND proxy is the equivalent of ARP spoofing.
> > SEND is the antidote to ARP spoofing.
> > Why should we be surprised that they are not compatible?
>
> Agreed.
>
> Question is what we should do about it.
> Having two conflicting things move forward towards the standards track
> doesn't seem lik
In general, I think proxy SEND is doable, and doesn't even need
any new trust roots or anything. Its a question of delegating
the right to do advertisements for someone else. The protocol
details are left as an exercise for the reader ;-).
However, I can see different use cases and we can use the
s
> ND proxy is the equivalent of ARP spoofing.
> SEND is the antidote to ARP spoofing.
> Why should we be surprised that they are not compatible?
Agreed.
Question is what we should do about it.
Having two conflicting things move forward towards the standards track
doesn't seem like the best soluti
lt;[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Tuesday, March 02, 2004 7:23 PM
Subject: RE: ndproxy and SEND
> The proxied NA would have to be signed by both the source and the proxy,
> using some kind of encapsulation. As you said, it could be done, but we
> should p
TECTED]
> Sent: Tuesday, March 02, 2004 6:42 PM
> To: Christian Huitema; Fred Templin; Erik Nordmark; Dave Thaler
> Cc: [EMAIL PROTECTED]
> Subject: Re: ndproxy and SEND
>
> Christian,
>
> At one level, I agree with you. But I do think it would be possible to
> provide secu
"
<[EMAIL PROTECTED]>; "Erik Nordmark" <[EMAIL PROTECTED]>; "Dave
Thaler" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Tuesday, March 02, 2004 6:00 PM
Subject: RE: ndproxy and SEND
> ND proxy is the equivalent of ARP spoofing.
> SEN
n" <[EMAIL PROTECTED]>
To: "James Kempf" <[EMAIL PROTECTED]>; "Erik Nordmark"
<[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Tuesday, March 02, 2004 5:44 PM
Subject: Re: ndproxy and SEND
> If what you are both sa
All right then; I know what SEND is good for, so tell me what
ND proxy is good for (if what you are saying is true)?
Thanks - Fred
[EMAIL PROTECTED]Christian Huitema <[EMAIL PROTECTED]> wrote:
ND proxy is the equivalent of ARP spoofing.SEND is the antidote to ARP spoofing.Why should we be surpris
ND proxy is the equivalent of ARP spoofing.
SEND is the antidote to ARP spoofing.
Why should we be surprised that they are not compatible?
-- Christian Huitema
IETF IPv6 working group mailing list
[EMAIL PROTECTED]
Administrat
If what you are both saying is correct, then perhaps either SEND
or ND-Proxy (or both) is only half-baked. Which one is it?
Fred L. Templin
[EMAIL PROTECTED]James Kempf <[EMAIL PROTECTED]> wrote:
Hi Erik,> The fact that SEND doesn't currently provide security for proxy neighbor> advertisements is
Hi Erik,
> The fact that SEND doesn't currently provide security for proxy neighbor
> advertisements is an indication that 1) there isn't much perceived need
> for it and/or 2) it is hard to do since authorization is a challenge.
>
Indeed, proxy ND was perceived to be one of two hard problems dur
draft-thaler-ipv6-ndproxy-02.txt says:
> oSupport secure IPv6 neighbor discovery. This is discussed in
> the Security Considerations section.
I don't understand what it means to support SEND, given that the
combination of SEND and ndproxy currently doesn't work.
> As a result, securing
14 matches
Mail list logo