In general, I think proxy SEND is doable, and doesn't even need any new trust roots or anything. Its a question of delegating the right to do advertisements for someone else. The protocol details are left as an exercise for the reader ;-).
However, I can see different use cases and we can use the secure version only in some cases. For instance, you could be proxying ND because you are a home agent and defending a mobile node's home address on its behalf. Or you could be proxying ND because of some link layer bridging scheme.
Now, for the delegation that I mentioned above to work, there has to be some kind of (security) relationship between the real node and the proxy. There would be such a relationship in the case of Mobile IP, for instance. But it isn't clear that you would always have it in the bridging case -- typically there's no security association with the bridge! But you might be able to do this securely if you had layer 2 security from the node to the bridge.
--Jari
-------------------------------------------------------------------- IETF IPv6 working group mailing list [EMAIL PROTECTED] Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
