Christian Huitema wrote:
Don't get me wrong, I like SEND. My point was just that if we allow "transparent" bridges at all, then we essentially allow the same man-in-the-middle attacks that are also possible with ND proxy.
But doesn't the layering inherent in the SeND vs. IEEE make this rather different in practice than ndproxy?
With SeND in hand, the user can deploy IEEE technologies (whether .1x with MAC address somehow bound to the authenticated user, or future things - .16 talks of certificates bound to MAC addresses I think).
Once the user deploys both, then the resulting system is secure, with SeND protecting the mapping between IP and L2 address, and IEEE protocol protecting the mapping between L2 address and authenticated "user".
The user can even use IEEE 802.1D bridges in the part of the network that is physically secured (i.e., where no clients can connect) without loss of security.
Can the user accomplish the same if ndproxy is used?
The applicability of ndproxy seems to be towards the "edge" of the link i.e. to allow extensions of a single /64. Doesn't that mean that it would be natural for it to be deployed outside of the "trusted wiring closet" when the user keeps their 802.1D bridges?
Erik
-------------------------------------------------------------------- IETF IPv6 working group mailing list [email protected] Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
