Hello Jean-Michel, On Saturday 07 June 2008, Jean-Michel Combes wrote: > Hi, > > After a quick review, I have one comment and one question: > - IMHO, your solution should work too with anycast addresses case
It seems so. It also seems it would work to secure NS/NA exchange based on certificates rather than CGA. To achieve that it would also be necessary to define another EKU (extended key usage) for "Address ownership", in addition to "Router" and "Proxy". > - How will a ND-Proxy get the certificate authorizing it to act as an > ND-Proxy? In the same fashion that a Router gets the certificate authorizing it to act as a router. Cheers, --julien > 2008/6/6, Julien Laganier <[EMAIL PROTECTED]>: > > Folks, > > > > Sorry for the noise, but another update of the Secure Proxy ND > > Support for SEND has been posted. It fixes some misreferences and > > has a filename matching the WG name, thus it should appear in the > > tools.ietf.org page. > > > > The new draft has support for ND proxy as per: > > - ND proxies [RFC4389] > > - MIPv6 Home Agent [RFC3775] > > - PMIPv6 Mobility Access Gateway [I-D.ietf-netlmm-proxymip6] > > > > You can find it there: > > > > > > <http://www.ietf.org/internet-drafts/draft-krishnan-csi-proxy-send- > >00.txt> > > > > Comments are still welcome! > > > > > > --julien > > > > > > > > ---------- Message transféré ---------- > > From: IETF I-D Submission Tool <[EMAIL PROTECTED]> > > To: [EMAIL PROTECTED] > > Date: Fri, 6 Jun 2008 08:24:12 -0700 (PDT) > > Subject: New Version Notification for > > draft-krishnan-csi-proxy-send-00 > > > > A new version of I-D, draft-krishnan-csi-proxy-send-00.txt has > > been successfuly submitted by Julien Laganier and posted to the > > IETF repository. > > > > Filename: draft-krishnan-csi-proxy-send > > Revision: 00 > > Title: Secure Proxy ND Support for SEND > > Creation_date: 2008-06-06 > > WG ID: Independent Submission > > Number_of_pages: 22 > > > > Abstract: > > Secure Neighbor Discovery (SEND) specifies a method for securing > > Neighbor Discovery (ND) signaling against specific threats. As > > specified today, SEND assumes that the node advertising an address > > is the owner of the address and is in possession of the private key > > used to generate the digital signature on the message. This means > > that the Proxy ND signaling initiated by nodes that do not possess > > knowledge of the address owner's private key cannot be secured > > using SEND. This document extends the current SEND specification > > with support for Proxy ND, the Secure Proxy ND Support for SEND. > > > > > > > > The IETF Secretariat. > > > > > > > > > > _______________________________________________ > > CGA-EXT mailing list > > [email protected] > > https://www.ietf.org/mailman/listinfo/cga-ext > > _______________________________________________ > CGA-EXT mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/cga-ext _______________________________________________ CGA-EXT mailing list [email protected] https://www.ietf.org/mailman/listinfo/cga-ext
