RFC 6496

Secure Proxy ND Support for SEcure Neighbor Discovery (SEND), February 2012

File formats:
icon for text file icon for PDF icon for HTML
Status:
EXPERIMENTAL
Authors:
S. Krishnan
J. Laganier
M. Bonola
A. Garcia-Martinez
Stream:
IETF
Source:
csi (int)

Cite this RFC: TXT  |  XML  |   BibTeX

DOI:  https://doi.org/10.17487/RFC6496

Discuss this RFC: Send questions or comments to the mailing list cga-ext@ietf.org

Other actions: Submit Errata  |  Find IPR Disclosures from the IETF  |  View History of RFC 6496


Abstract

SEcure Neighbor Discovery (SEND) specifies a method for securing Neighbor Discovery (ND) signaling against specific threats. As defined today, SEND assumes that the node sending an ND message is the owner of the address from which the message is sent and/or possesses a key that authorizes the node to act as a router, so that it is in possession of the private key or keys used to generate the digital signature on each message. This means that the Proxy ND signaling performed by nodes that do not possess knowledge of the address owner's private key and/or knowledge of a router's key cannot be secured using SEND. This document extends the current SEND specification in order to secure Proxy ND operation. This document defines an Experimental Protocol for the Internet community.


For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 8729.




Advanced Search