[ipv6hackers] IPv6 security presentation at Hack.lu 2011

Fernando Gont fgont at si6networks.com
Sun Sep 25 09:25:44 CEST 2011

Hi, Geoff,

On 09/22/2011 04:45 PM, Geoff Huston wrote:

> Actually, as far as I am aware the answer is yes, RPKI can be used to
> support EE certs issued to routers, or at least that was the
> intention back in 2009 when we were working on the RPKI and SEND
> documents in the IETF.

Even with this in place, I don't see how this would make SEND deployment
easier for an edge network.

Are e.g. home/organisational networks expected to receive a certificate
from their ISPs such that they can use SEND as a mitigation for ND-based

Leveraging RPKI might make sense for some carrier/ISP networks, but I
can't see how that would ease SEND deployment for the general case.

Fernando Gont
SI6 Networks
e-mail: fgont at si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492

More information about the Ipv6hackers mailing list