On 24/07/09 11:54 PM, "Eric Levy-Abegnoli" <[email protected]> wrote:
> Hesham Soliman a écrit :
>>
>>> SeND is theoretically not easy to deploy - you need to provision
>>>
>>> cryptography material on all nodes.
>>>
>>
>> => Why? You only need to provision routers if you want them to support proof
>> of prefix ownership, but you certainly don't need to provision all nodes,
>> that's the advantage of CGAs.
>>
>>
> That's true for CGA, but not for router authorization. Any node that
> want to verify router authorization need to be provisionned with the
> anchor certificate.
=> Yes of course.
Hesham
> Eric
>> Hesham
>>
>>
>>
>> That implementations are not even
>>
>>> properly integrated into operating systems makes it worse. I somewhat
>>>
>>> expect that somewhat secure networks will use network-side filtering as is
>>>
>>> done for ARP instead, as it requires no host-side changes.
>>>
>>>
>>>
>>> I don't think it deserves a "SHOULD" at this point.
>>>
>>>
>>>
>>
>>
>> --------------------------------------------------------------------
>> IETF IPv6 working group mailing list
>> [email protected]
>> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
>> --------------------------------------------------------------------
>>
>>
>
--------------------------------------------------------------------
IETF IPv6 working group mailing list
[email protected]
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
