Browse Prior Art Database

SEcure Neighbor Discovery (SEND) (RFC3971)

IP.com Disclosure Number: IPCOM000099093D
Original Publication Date: 2005-Mar-01
Included in the Prior Art Database: 2005-Mar-12

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

J. Arkko: AUTHOR [+5]

Abstract

IPv6 nodes use the Neighbor Discovery Protocol (NDP) to discover other nodes on the link, to determine their link-layer addresses to find routers, and to maintain reachability information about the paths to active neighbors. If not secured, NDP is vulnerable to various attacks. This document specifies security mechanisms for NDP. Unlike those in the original NDP specifications, these mechanisms do not use IPsec.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 2% of the total text.

Network Working Group                                      J. Arkko, Ed.

Request for Comments: 3971                                      Ericsson

Category: Standards Track                                       J. Kempf

                                          DoCoMo Communications Labs USA

                                                                 B. Zill

                                                               Microsoft

                                                             P. Nikander

                                                                Ericsson

                                                              March 2005

                    SEcure Neighbor Discovery (SEND)

Status of This Memo

   This document specifies an Internet standards track protocol for the

   Internet community, and requests discussion and suggestions for

   improvements.  Please refer to the current edition of the "Internet

   Official Protocol Standards" (STD 1) for the standardization state

   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2005).

Abstract

   IPv6 nodes use the Neighbor Discovery Protocol (NDP) to discover

   other nodes on the link, to determine their link-layer addresses to

   find routers, and to maintain reachability information about the

   paths to active neighbors.  If not secured, NDP is vulnerable to

   various attacks.  This document specifies security mechanisms for

   NDP.  Unlike those in the original NDP specifications, these

   mechanisms do not use IPsec.

Arkko, et al.               Standards Track                     [Page 1]

RFC 3971               SEcure Neighbor Discovery              March 2005

Table of Contents

   1.  Introduction. . . . . . . . . . . . . . . . . . . . . . . . .   3

       1.1.  Specification of Requirements . . . . . . . . . . . . .   4

   2.  Terms . . . . . . . . . . . . . . . . . . . . . . . . . . . .   4

   3.  Neighbor and Router Discovery Overview. . . . . . . . . . . .   6

   4.  Secure Neighbor Discovery Overview. . . . . . . . . . . . . .   8

   5.  Neighbor Discovery Protocol Options . . . . . . . . . . . . .   9

       5.1.  CGA Option. . . . . . . . . . . . . . . . . . . . . . .  10

             5.1.1.  Processing Rules for Senders. . . . . . . . . .  11

            ...