Technical Summary
Neighbor Discovery Proxies are used to provide an address presence on
a link for nodes that are no longer present on the link. They allow
a node to receive packets directed at its address by allowing another
device to perform neighbor discovery operations on its behalf.
Neighbor Discovery Proxy is used in Mobile IPv6 and related protocols
to provide reachability from nodes on the home network when a Mobile
Node is not at home, by allowing the Home Agent to act as proxy. It
is also used as a mechanism to allow a global prefix to span multiple
links, where proxies act as relays for Neighbor discovery messages.
Neighbor Discovery Proxy currently cannot be secured using SEND.
Today, SEND assumes that a node advertising an address is the address
owner and in possession of appropriate public and private keys for
that node. This document describes how existing practice for proxy
Neighbor Discovery relates to Secured Neighbor Discovery.
Working Group Summary
Nothing extraordinary that is worth noting. Not a controversial
document.
The document has been extensively revised based on comments
received during IESG review. The document was put through a
second WG last call and there is consensus from the WG to resubmit
the document for IETF last call and IESG review.
Document Quality
The document is an informational problem statement. The problem
described in one of the main issues the CSI is chartered to work
on. There is already a WG document describing a proposed solution to
the problem.
The document had 5 through reviews, including reviews from Julien
Laganier, Sheng Jiang, Tony Cheneau, Jean Michel Combes and no
substantive issues were identified.
The document has been extensively revised based on comments
received during IESG review.
Personnel
Marcelo Bagnulo is the document shepherd. Ralph Droms is the
responsible AD.
RFC Editor Note
Add citations in section 3,2 to new references:
OLD:
Researchers demonstrated attacks against PKIX certificates with MD5
signatures in 2005 [NEW-HASHES] and in 2007 [X509-COLL].
NEW:
Researchers demonstrated attacks against PKIX certificates with MD5
signatures in 2005 [NEW-HASHES], in 2007
[X509-COLL][STEV2007][SLdeW2007], and in 2009 [SSALMOdeW2009][SLdeW2009].