Securing IPv6 Neighbor Discovery Using Cryptographically Generated Addresses (CGAs)
draft-arkko-send-cga-00

Document Type Expired Internet-Draft (individual)
Last updated 2002-06-26
Stream (None)
Intended RFC status (None)
Formats
Expired & archived
plain text pdf html bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at
https://www.ietf.org/archive/id/draft-arkko-send-cga-00.txt

Abstract

IPv6 nodes use the Neighbor Discovery (ND) protocol to discover other nodes on the link, to determine each other's link-layer addresses, to find routers and to maintain reachability information about the paths to active neighbors. The original ND specifications called for the use of IPsec for protecting the ND messages. However, in this particular application the use of IPsec may not always be feasible, mainly due to difficulties in key management. If not secured, ND protocol is vulnerable to various attacks. This document specifies a ightweight security solution for ND that does not rely on pre- configuration or trusted third parties. The presented solution uses Cryptographically Generated Addresses.

Authors

Jari Arkko (jari.arkko@piuha.net)
Pekka Nikander (Pekka.Nikander@nomadiclab.com)
Vesa-Matti Mantyla (vesa-matti.mantyla@ericsson.fi)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)