Skip to main content

Securing IPv6 Neighbor Discovery Using Cryptographically Generated Addresses (CGAs)

Document Type Expired Internet-Draft (individual)
Authors Jari Arkko , Pekka Nikander , Vesa-Matti Mantyla
Last updated 2002-06-26
Stream (None)
Expired & archived
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date (None)
Responsible AD (None)
Send notices to (None)
This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at:


IPv6 nodes use the Neighbor Discovery (ND) protocol to discover other nodes on the link, to determine each other's link-layer addresses, to find routers and to maintain reachability information about the paths to active neighbors. The original ND specifications called for the use of IPsec for protecting the ND messages. However, in this particular application the use of IPsec may not always be feasible, mainly due to difficulties in key management. If not secured, ND protocol is vulnerable to various attacks. This document specifies a ightweight security solution for ND that does not rely on pre- configuration or trusted third parties. The presented solution uses Cryptographically Generated Addresses.


Jari Arkko
Pekka Nikander
Vesa-Matti Mantyla

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)