The Secure Neighbor Discovery (SEND) Hash Threat Analysis
Draft of message to be sent after approval:
From: The IESG <email@example.com> To: IETF-Announce <firstname.lastname@example.org> Cc: RFC Editor <email@example.com>, csi mailing list <firstname.lastname@example.org>, csi chair <email@example.com> Subject: Document Action: 'SEND Hash Threat Analysis' to Informational RFC (draft-ietf-csi-hash-threat-12.txt) The IESG has approved the following document: - 'SEND Hash Threat Analysis' (draft-ietf-csi-hash-threat-12.txt) as an Informational RFC This document is the product of the Cga & Send maIntenance Working Group. The IESG contact persons are Ralph Droms and Jari Arkko. A URL of this Internet Draft is: http://datatracker.ietf.org/doc/draft-ietf-csi-hash-threat/
Technical Summary Neighbor Discovery Proxies are used to provide an address presence on a link for nodes that are no longer present on the link. They allow a node to receive packets directed at its address by allowing another device to perform neighbor discovery operations on its behalf. Neighbor Discovery Proxy is used in Mobile IPv6 and related protocols to provide reachability from nodes on the home network when a Mobile Node is not at home, by allowing the Home Agent to act as proxy. It is also used as a mechanism to allow a global prefix to span multiple links, where proxies act as relays for Neighbor discovery messages. Neighbor Discovery Proxy currently cannot be secured using SEND. Today, SEND assumes that a node advertising an address is the address owner and in possession of appropriate public and private keys for that node. This document describes how existing practice for proxy Neighbor Discovery relates to Secured Neighbor Discovery. Working Group Summary Nothing extraordinary that is worth noting. Not a controversial document. The document has been extensively revised based on comments received during IESG review. The document was put through a second WG last call and there is consensus from the WG to resubmit the document for IETF last call and IESG review. Document Quality The document is an informational problem statement. The problem described in one of the main issues the CSI is chartered to work on. There is already a WG document describing a proposed solution to the problem. The document had 5 through reviews, including reviews from Julien Laganier, Sheng Jiang, Tony Cheneau, Jean Michel Combes and no substantive issues were identified. The document has been extensively revised based on comments received during IESG review. Personnel Marcelo Bagnulo is the document shepherd. Ralph Droms is the responsible AD. RFC Editor Note Add citations in section 3,2 to new references: OLD: Researchers demonstrated attacks against PKIX certificates with MD5 signatures in 2005 [NEW-HASHES] and in 2007 [X509-COLL]. NEW: Researchers demonstrated attacks against PKIX certificates with MD5 signatures in 2005 [NEW-HASHES], in 2007 [X509-COLL][STEV2007][SLdeW2007], and in 2009 [SSALMOdeW2009][SLdeW2009].