>If somebody wants to build a network where anybody can walk up and connect >yet want to limit the damage one "visitor" can do to another, it seems >like assuming pre-configured IPsec SAs for the multicast addresses used >by Neighbor Discovery is a non-starter.
Yes. (It could be a non-starter even if the network wasn't public.) Also, in your draft you write: >In addition, Neighbor Discovery and Address Autoconfiguration use a >few fixed multicast addresses plus a range of 4 billion "solicited >node" multicast addresses. A naive application of pre-configured >SAs would require pre-configuring an unmanagable number of SAs on >each host and router just in case a given solicited node multicast >address is used. Preconfigured SAs are impractical for securing such >a large potential address range. FYI: An old I-D dealing with the problems of preconfiguring SAs for IPv6 'infrastructure' messages can be found from the following URL. It includes a discussion of the kinds of attacks the IPv6 ND and other 'link' functionality has. http://www.arkko.com/publications/draft-arkko-manual-icmpv6-sas-00.txt Jari -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
