In your letter dated Fri, 22 Oct 2010 10:25:45 -0700 you wrote: >Philip Homburg wrote: >> In your letter dated Fri, 22 Oct 2010 11:05:42 -0400 you wrote: >> I wonder what to make of that. If the SEND protected RS messages can be >> replaced with AN-initiated (unprotected) RS messages, then what purpose >> does protecting those messages serve in the SEND framework? > >The customer host will receive a SEND protected RA, which makes it possible= > to validate that it comes from a legitimate router (via certificates valid= >ation) and is not being replayed (via timestamps.)
This implies that the end-device has to be able to match RS messages using timestamp, i.e. its clock has to be sufficiantly accurate (to within 5 minutes, according to the SEND RFC) to do that or (in the case of failure) you would get hard to diagnose problems. An end-device that requires its own nonce would fail similarly. I think the draft needs more text about the interaction with SEND in the case of failure. -------------------------------------------------------------------- IETF IPv6 working group mailing list [email protected] Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
