Securing IPv6 Neighbor Discovery Using Cryptographically Generated Addresses (CGAs)
draft-arkko-send-cga-00
| Document | Type |
Expired Internet-Draft
(individual)
Expired & archived
|
|
|---|---|---|---|
| Authors | Jari Arkko , Pekka Nikander , Vesa-Matti Mantyla | ||
| Last updated | 2002-06-26 | ||
| RFC stream | (None) | ||
| Intended RFC status | (None) | ||
| Formats | |||
| Stream | Stream state | (No stream defined) | |
| Consensus boilerplate | Unknown | ||
| RFC Editor Note | (None) | ||
| IESG | IESG state | Expired | |
| Telechat date | (None) | ||
| Responsible AD | (None) | ||
| Send notices to | (None) |
This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:
Abstract
IPv6 nodes use the Neighbor Discovery (ND) protocol to discover other nodes on the link, to determine each other's link-layer addresses, to find routers and to maintain reachability information about the paths to active neighbors. The original ND specifications called for the use of IPsec for protecting the ND messages. However, in this particular application the use of IPsec may not always be feasible, mainly due to difficulties in key management. If not secured, ND protocol is vulnerable to various attacks. This document specifies a ightweight security solution for ND that does not rely on pre- configuration or trusted third parties. The presented solution uses Cryptographically Generated Addresses.
Authors
Jari Arkko
Pekka Nikander
Vesa-Matti Mantyla
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)