The Secure Neighbor Discovery (SEND) Hash Threat Analysis
draft-ietf-csi-hash-threat-12

Approval announcement
Draft of message to be sent after approval:

Announcement

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: RFC Editor <rfc-editor@rfc-editor.org>,
    csi mailing list <cga-ext@ietf.org>,
    csi chair <csi-chairs@tools.ietf.org>
Subject: Document Action: 'SEND Hash Threat Analysis' to Informational RFC (draft-ietf-csi-hash-threat-12.txt)

The IESG has approved the following document:
- 'SEND Hash Threat Analysis'
  (draft-ietf-csi-hash-threat-12.txt) as an Informational RFC

This document is the product of the Cga & Send maIntenance Working Group.

The IESG contact persons are Ralph Droms and Jari Arkko.

A URL of this Internet Draft is:
http://datatracker.ietf.org/doc/draft-ietf-csi-hash-threat/

Ballot Text

Technical Summary

  Neighbor Discovery Proxies are used to provide an address presence on
  a link for nodes that are no longer present on the link.  They allow
  a node to receive packets directed at its address by allowing another
  device to perform neighbor discovery operations on its behalf.

  Neighbor Discovery Proxy is used in Mobile IPv6 and related protocols
  to provide reachability from nodes on the home network when a Mobile
  Node is not at home, by allowing the Home Agent to act as proxy.  It
  is also used as a mechanism to allow a global prefix to span multiple
  links, where proxies act as relays for Neighbor discovery messages.

  Neighbor Discovery Proxy currently cannot be secured using SEND.
  Today, SEND assumes that a node advertising an address is the address
  owner and in possession of appropriate public and private keys for
  that node.  This document describes how existing practice for proxy
  Neighbor Discovery relates to Secured Neighbor Discovery.

Working Group Summary

  Nothing extraordinary that is worth noting. Not a controversial
  document.

  The document has been extensively revised based on comments
  received during IESG review.  The document was put through a
  second WG last call and there is consensus from the WG to resubmit
  the document for IETF last call and IESG review.

Document Quality

  The document is an informational problem statement. The problem
  described in one of the main issues the CSI is chartered to work
  on. There is already a WG document describing a proposed solution to
  the problem.

  The document had 5 through reviews, including reviews from Julien
  Laganier, Sheng Jiang, Tony Cheneau, Jean Michel Combes and no
  substantive issues were identified.

  The document has been extensively revised based on comments
  received during IESG review.

Personnel

   Marcelo Bagnulo is the document shepherd.  Ralph Droms is the
responsible AD.

RFC Editor Note

Add citations in section 3,2 to new references:

OLD:

   Researchers demonstrated attacks against PKIX certificates with MD5
   signatures in 2005 [NEW-HASHES] and in 2007 [X509-COLL].

NEW:

   Researchers demonstrated attacks against PKIX certificates with MD5
   signatures in 2005 [NEW-HASHES], in 2007
   [X509-COLL][STEV2007][SLdeW2007], and in 2009 [SSALMOdeW2009][SLdeW2009].

RFC Editor Note