[ipv6hackers] IPv6 security presentation at Hack.lu 2011

Gert Doering gert at space.net
Thu Sep 22 20:01:19 CEST 2011


Hi,
On Wed, Sep 21, 2011 at 09:37:11PM -0300, Arturo Servin wrote:
> Jean,
>    Regarding SEND AFAIK, you need a certificate in each device requesting network information to validate the source. For that requirement only, SEND is not easy to deploy.

You need the PKI infrastructure to validate RAs.

For securing ND, you need CGAs, and those are (sort of) self-contained
CERTs (strongly simplified).  So no PKI structure is needed there - but
of course you can't do SEND with arbitrary IPv6 addresses on the hosts.

Gert Doering
        -- NetMaster
-- 
have you enabled IPv6 on something today...?

SpaceNet AG                        Vorstand: Sebastian v. Bomhard
Joseph-Dollinger-Bogen 14          Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen                   HRB: 136055 (AG Muenchen)
Tel: +49 (89) 32356-444            USt-IdNr.: DE813185279


More information about the Ipv6hackers mailing list