Hi Jim,
> What is the point of this meeting. We have so many meetings to go to.
>
> Just turn on IPsec whats not in ND to support this?
>
> What problem are you trying to solve?
>
> IPsec works for ND?
>
We are interested in discussing how to secure IPv6 Neighbor Discovery in
a way that would work well for public access networks (but not
exclusively confined to that).
RFC 2461 specifies that IPsec should be used to secure the signaling
involved in ND, but does not provide any details about how this should
be done, and, specifically, how key distribution would be done. IKE
won't work because it requires ND so there is a bootstrapping problem.
Manual keying would work for a small private network, and possibly even
for a larger enterprise network, but it would be extremely inconvenient
for public access networks. There have also been some proposals to use
other security protocols rather than IPsec for ND security.
The immediate need for this work comes out of plans by ISPs, especially
in Asia, to deploy public access IPv6 wireless networks (NTT
Communications is running a prototype deployment in Kyoto at the
moment). While the problem of ND security is not, in principle, any
better or worse with wireless than with wireline, current wireline links
tend to have less of a problem because they typically are point to point
rather than multi-access, so the issue doesn't arise, though it might
also be a problem with wireline multi-access links that do not use PPPoE
or other solutions to make the link look point to point.
If you are interested in the potential threats, I'd suggest reading
draft-kempf-netaccess-threats-01.txt, which I've just resubmitted to the
Internet drafts editor (it had timed out in April), and if you have
something specific you would like to speak about, please let either
Pekka or myself know.
jak
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
