[ipv6hackers] IPv6 security presentation at Hack.lu 2011
Gert Doering
gert at space.net
Thu Sep 22 20:01:19 CEST 2011
Hi,
On Wed, Sep 21, 2011 at 09:37:11PM -0300, Arturo Servin wrote:
> Jean,
> Regarding SEND AFAIK, you need a certificate in each device requesting network information to validate the source. For that requirement only, SEND is not easy to deploy.
You need the PKI infrastructure to validate RAs.
For securing ND, you need CGAs, and those are (sort of) self-contained
CERTs (strongly simplified). So no PKI structure is needed there - but
of course you can't do SEND with arbitrary IPv6 addresses on the hosts.
Gert Doering
-- NetMaster
--
have you enabled IPv6 on something today...?
SpaceNet AG Vorstand: Sebastian v. Bomhard
Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279
More information about the Ipv6hackers
mailing list