Bound, Jim wrote:
But it is a clear DOS and can happen in ARP, ES-IS, et al. I would
argue if this is a problem then IPsec can be used before ICMP in ND.
And this has been implemented by some. I would think most SA
verification code happens at the IP layer when the packet is received by
routine like ip_input (v4 or v6) and IPsec mandates all packets be
checked for SA.
Yes, though you run into a couple of practical problems when you actually try to do this, namely problems getting IKE to run before you can send UDP packets, and the relatively large number of manual SAs if manual keying is used (2*n+2 SAs per node where n is the number of interface ids on the network, or something like that).
The other point is except for the mobile nodes roaming the link is secure at layer -0 (the link in the building and your not allowed in the building without an identification per the armed guards). But for public links this is an issue and for wireless nodes but that is the work for SEND to do is my belief. I think you need to look at using IPsec as one method. But redefining the ND or Addrconf architecture should not be in the SEND charter.
Exactly, so that's why SEND is actually trying to use IPsec and Pekka is asking clarifications on why certain things are like they are in ND. We are working on the problems mentioned above. Work still remains, as you can see one of the issues we are thinking about is the relevance of link layer addresses and what checks are necessary or possible. Jari -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
