[ipv6hackers] IPv6 security presentation at Hack.lu 2011

fred fred at fredbovy.com
Thu Sep 22 18:15:09 CEST 2011


Hi,

A bit more about SEND.
I was the CISCO IPv6 engineer who did the dev-test for SEND. I wrote the
test plan and all the TCL scripts to test it all and I also developed the
template to decode the protocol with the Cisco Internal tool...

I would have love to see Microsoft keeps its word and implements it in Vista
as I heard they will but once we (CISCO) developed it, then Microsoft did
not :-(

I wrote this post about SEND:
http://www.fastlaneus.com/blog/2011/08/30/secure-the-ipv6-network-access-wit
h-secure-neighbor-discovery-send-rfc3971-and-cga-rfc3972/

I believe that there would be no protocol safer than IPv6 if SEND was
implemented by Microsoft and Apple... It's a shame they did not!

Having PKI is not a big deal. We get a certificates in France in 10 minutes
from the French Tax when we do our tax return online ! And you only need to
do it sometimes. You don't need a new certificate everyday !

You also need strong time synchronization to make it work but this is not a
big issue neither.

The only big problem is that neither Microsoft neither Apple implemented it.

Fred




Le 22/09/2011 17:56, « Jim Small » <jim.small at cdw.com> a écrit :

> Karl,
> 
> To address your questions:
> 1) SeND (Secure Neighbor Discovery Protocol) Info including sources:
> http://en.wikipedia.org/wiki/Secure_Neighbor_Discovery_Protocol
> And a good overview (saw lots of comments on the list):
> http://ipv6.com/articles/research/Secure-Neighbor-Discovery.htm
> 
> Ideally I could point you to a Live CD but I couldn't find one.  I'll ask
> around and post back if I can find one.  I know several people well who have
> setup SeND with Linux/IOS so I know it's possible.
> 
> 
> 2) Official proclamation from Microsoft the SeND is not implemented in
> Windows:
> http://technet.microsoft.com/en-us/library/bb726956.aspx
> Updated this August, from the Authorization for Automatically Assigned
> Addresses and Configurations section, "Microsoft does not support SEND in any
> version of Windows."
> 
> 3) Definitive information on SeND support from Apple for OS X - unfortunately
> I couldn't find it.  I'll post back if I can.
> 
> 4) Bonus - How to setup SeND in IOS:
> http://www.cisco.com/en/US/docs/ios/ipv6/configuration/guide/ip6-first_hop_sec
> urity.html#wp1112987
> 
> --Jim
> 
> _______________________________________________
> Ipv6hackers mailing list
> Ipv6hackers at lists.si6networks.com
> http://lists.si6networks.com/listinfo/ipv6hackers

-- 

Fred Bovy
fred at fredbovy.com
Skype: fredericbovy
Mobile: +33676198206
Siret: 5221049000017
Twitter: http://twitter.com/#!/FredBovy
Blog: http://fredbovyipv6.blogspot.com/
ccie #3013
 






More information about the Ipv6hackers mailing list