[ipv6hackers] IPv6 security presentation at Hack.lu 2011
Fernando Gont
fgont at si6networks.com
Sun Sep 25 09:25:44 CEST 2011
Hi, Geoff,
On 09/22/2011 04:45 PM, Geoff Huston wrote:
> Actually, as far as I am aware the answer is yes, RPKI can be used to
> support EE certs issued to routers, or at least that was the
> intention back in 2009 when we were working on the RPKI and SEND
> documents in the IETF.
Even with this in place, I don't see how this would make SEND deployment
easier for an edge network.
Are e.g. home/organisational networks expected to receive a certificate
from their ISPs such that they can use SEND as a mitigation for ND-based
attacks?
Leveraging RPKI might make sense for some carrier/ISP networks, but I
can't see how that would ease SEND deployment for the general case.
Thanks,
--
Fernando Gont
SI6 Networks
e-mail: fgont at si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
More information about the Ipv6hackers
mailing list