IETF Logo Mail Archive

Re: [v6ops] [EXTERNAL] Improving ND security

"Templin (US), Fred L" <Fred.L.Templin@boeing.com> Fri, 31 July 2020 19:55 UTC

Return-Path: <Fred.L.Templin@boeing.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D84643A0836; Fri, 31 Jul 2020 12:55:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=boeing.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2Wlnr8nBTfpz; Fri, 31 Jul 2020 12:55:18 -0700 (PDT)
Received: from clt-mbsout-02.mbs.boeing.net (clt-mbsout-02.mbs.boeing.net [130.76.144.163]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4C70F3A07F5; Fri, 31 Jul 2020 12:55:18 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by clt-mbsout-02.mbs.boeing.net (8.15.2/8.15.2/DOWNSTREAM_MBSOUT) with SMTP id 06VJtEuR007624; Fri, 31 Jul 2020 15:55:15 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=boeing.com; s=boeing-s1912; t=1596225315; bh=HViah2sTSr7DNvrB/YhL+iRkTYe0PIkcdOGdWpl4EB4=; h=From:To:CC:Subject:Date:References:In-Reply-To:From; b=dcv49BOk+qg0Llwqz5SUrGjtkye7tP77jihVN7T3K9oIlDCxAPKZd8BzFhia0XD+N avH2vNZbjyt5PDt63OwGb85zPvGs0Q3nS5wBuu/O3AnV/bMQ4mdHSBJfyu7F9fhcnt 4CtbzfIVv6sk4sCjGEiTq72WSFUIVZVwO2zEWEcRDI4o8jlspYL9ZPhYoKPOvyseeg eor61/nqvqG15+zryuDWAFmtjcTwLvBDV9B9JaF53ZyxVjfy7zQa4A8XS7m2Hxc13U ljtL3ZakRLA8WX7qP8G0jYQCC5Bo4d6kaE4kD3SKHnEcpSM9HR97CnWt1lZ5VAFw1S BT/T/O1rEL5Qg==
Received: from XCH16-07-07.nos.boeing.com (xch16-07-07.nos.boeing.com [144.115.66.109]) by clt-mbsout-02.mbs.boeing.net (8.15.2/8.15.2/8.15.2/UPSTREAM_MBSOUT) with ESMTPS id 06VJt59I006419 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=OK); Fri, 31 Jul 2020 15:55:05 -0400
Received: from XCH16-07-10.nos.boeing.com (144.115.66.112) by XCH16-07-07.nos.boeing.com (144.115.66.109) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.1.1979.3; Fri, 31 Jul 2020 12:55:04 -0700
Received: from XCH16-07-10.nos.boeing.com ([fe80::1522:f068:5766:53b5]) by XCH16-07-10.nos.boeing.com ([fe80::1522:f068:5766:53b5%2]) with mapi id 15.01.1979.003; Fri, 31 Jul 2020 12:55:04 -0700
From: "Templin (US), Fred L" <Fred.L.Templin@boeing.com>
To: Fernando Gont <fgont@si6networks.com>, "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>, v6ops list <v6ops@ietf.org>
CC: 6man <ipv6@ietf.org>
Thread-Topic: [v6ops] [EXTERNAL] Improving ND security
Thread-Index: AQHWZ1UXpJjqh6zAPESbZadyenD7WakiF1W3gAACAVA=
Date: Fri, 31 Jul 2020 19:55:04 +0000
Message-ID: <8c4b0bf58d694ee3ad84e98d9dc3427d@boeing.com>
References: <96fa6d80137241dd9b57fcd871c8a897@huawei.com> <CAFU7BARePzdeU5DFgoOWyrF0xZCj67_xkC2t8vMN2nH0d8aUig@mail.gmail.com> <37e2a7110f6b423eba0303811913f533@huawei.com> <CAFU7BATiD8RkiWXjrxGuAJU-BUwRQCErYZivUPZ-Mc_up_qGxQ@mail.gmail.com> <aebc46c9b813477b9ae0db0ef33e7bd9@huawei.com> <CAO42Z2yL7+GbO6QRaNzFYoBXLF-JZ2NfwgTTt2zerKhJLwt2Lw@mail.gmail.com> <3C1ECB6F-E667-4200-964F-AB233A0A56E9@cisco.com> <91D98D51-4045-4331-A711-8387ECE73400@fugue.com> <a43ffd94d6364a0f869cd4c694ab7432@boeing.com> <5FB3E98B-6CEE-458C-90B7-E6FD73C7AFDE@fugue.com> <caa62d8d93594f7ea445a403fac8c140@boeing.com> <25FAEE9A-3D14-4428-A573-5EFE863219D2@fugue.com> <483c9813-4a19-cb0b-b054-ef6b65202d4a@gont.com.ar> <88AD0E70-071A-4E51-AB4B-19F7F4571769@lists.zabbadoz.net> <0c73e349-32aa-1fc6-79d3-7822c24f44e9@si6networks.com>
In-Reply-To: <0c73e349-32aa-1fc6-79d3-7822c24f44e9@si6networks.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [137.137.12.6]
x-tm-snts-smtp: 43F210DA7BBA5DFE25AD63B39A716773882CC5310212287CF05E8FE4A02606882000:8
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-TM-AS-GCONF: 00
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/7KNQ8hpjMGEkMt8rn5g3bL4RYww>
Subject: Re: [v6ops] [EXTERNAL] Improving ND security
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 31 Jul 2020 19:55:20 -0000

Fernando,

> Besides, the expectations for IPv6 are similar to those for IPv4.
> Somehow folks have been able to secure the ipv4 first-hop (when/where
> needed) without the need of understanding something like SEND, or going
> through the hassle of deploying it. So the question "Why do I need this
> for IPv6 when I never required it for IPv4?" may not an easy one to respond.
[>] 

We are engineering for a new link model (the OMNI link) which was not previously
used. The link model can support both IPv4 and IPv6 nodes, but both can use SEND.

Again, we are at the dawning of a new era where SEND may finally find its use.

Fred

v2.23.0 | Report a Bug | By Email