1. Suresh Krishnan csiBOF@IETF70
Secure Proxy ND
Suresh Krishnan

2. Background Neighbor Discovery (ND) Proxies SEND Defined in RFC4389
Used to bridge multiple links into one
Modifies link layer addresses in ND packets
SEND
Defined in RFC3971
Used to protect against attacks against ND including modification of ND packets
Utilizes digital signatures to protect integrity of the ND packets

3. Proxy ND Behavior Proxied Node Proxy Receiver Receiver Proxy Proxied

4. Problems NDProxies need to modify the ND packets in order to work
SEND requires that packets not be modified
Conclusion: SEND and NDProxies are fundamentally incompatible
Similar issues rise when a Home Agent performs proxy neighbor discovery for a node that is away from home

5. Root cause
The incompatibility between proxying and SEND arises because of the following reason
SEND assumes that the address owner and the advertiser are always the same
Hence an advertiser who is authorized to modifies fields in the packet (e.g. HA, NDProxy) cannot resign the packet to protect it.

6. Steps towards solution
Separate address owner and advertiser roles
Add some kind of indication of proxying into SEND packet
Provide mechanism(s) to establish trust between the proxy, proxied and the receiver
Proxy recognized by trusted authority
Allows proxy to be transparent to proxied
Proxy recognized by the proxied
Proxies must be known in advance by proxied

7. Next steps Comments and questions? Is this problem important to solve?
Is the suggested approach acceptable?