Philip Homburg wrote: > > In your letter dated Fri, 22 Oct 2010 11:05:42 -0400 you wrote: > >On 10-10-22 11:01 AM, Philip Homburg wrote: > >> Then I guess the obvious next question is how this interacts with > >> SEND if the original 3 RS messages are lost. > > > >The AN-initiated RSs in this case will not be SEND protected RSs (since > >we do not have the host's private key), but the edge router is still > >free to send SEND protected RAs back to the host in response to this RS. > >Then the host and the edge router can use SEND for protecting any > >further ND messages. > > I wonder what to make of that. If the SEND protected RS messages can be > replaced with AN-initiated (unprotected) RS messages, then what purpose > does protecting those messages serve in the SEND framework?
The customer host will receive a SEND protected RA, which makes it possible to validate that it comes from a legitimate router (via certificates validation) and is not being replayed (via timestamps.) BTW - I support adoption of this draft. --julien -------------------------------------------------------------------- IETF IPv6 working group mailing list [email protected] Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
