70 likes | 234 Vues
Secure Proxy ND. Suresh Krishnan csiBOF@IETF70. Background. Neighbor Discovery (ND) Proxies Defined in RFC4389 Used to bridge multiple links into one Modifies link layer addresses in ND packets SEND Defined in RFC3971
 
                
                E N D
Secure Proxy ND Suresh Krishnan csiBOF@IETF70
Background • Neighbor Discovery (ND) Proxies • Defined in RFC4389 • Used to bridge multiple links into one • Modifies link layer addresses in ND packets • SEND • Defined in RFC3971 • Used to protect against attacks against ND including modification of ND packets • Utilizes digital signatures to protect integrity of the ND packets
Proxy ND Behavior Receiver Proxy Proxied Node Proxied Node Proxy Receiver
Problems • NDProxies need to modify the ND packets in order to work • SEND requires that packets not be modified • Conclusion: SEND and NDProxies are fundamentally incompatible • Similar issues rise when a Home Agent performs proxy neighbor discovery for a node that is away from home
Root cause • The incompatibility between proxying and SEND arises because of the following reason • SEND assumes that the address owner and the advertiser are always the same • Hence an advertiser who is authorized to modifies fields in the packet (e.g. HA, NDProxy) cannot resign the packet to protect it.
Steps towards solution • Separate address owner and advertiser roles • Add some kind of indication of proxying into SEND packet • Provide mechanism(s) to establish trust between the proxy, proxied and the receiver • Proxy recognized by trusted authority • Allows proxy to be transparent to proxied • Proxy recognized by the proxied • Proxies must be known in advance by proxied
Next steps • Comments and questions? • Is this problem important to solve? • Is the suggested approach acceptable?