[rbridge] ARP proxying
Joe Touch
touch at ISI.EDU
Tue Dec 20 13:50:40 PST 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Gray, Eric wrote:
> Joe,
>
> Thanks for the explanation.
>
> I will leave this to be argued by those who are strong proponents
> of ARP/ND Optimization. I think the idea has value, but it is not my
> battle.
>
> However, in general, the trust model implicit in a bridged network
> (and further implied by the zero-configuration objective) is one in which
> it is likely that security mechanisms such as these are not used.
Hard to say. It's more useful in wireless scenarios, but even then the
infrastructure is typically trusted (see below).
> Most
> likely, ARP/ND Optimization can be turned on and off in those RBridges
> that implement it.
>
> In addition, since the RBridge enjoys a man-in-the-middle position,
> it is likely that implementers may well implement some hack or another
> to get around this.
There doesn't need to be a hack - though I expect that would be
prohibited by the security model in SEND anyway. But SEND doesn't
prohibit sharing the keys, which the rbridge could be party to.
Joe
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFDqHywE5f5cImnZrsRAg/QAJ0fUiMS1PbtS8BSmur2ckoRno09tgCfQASM
DLWi5sZHlLirBJKKZNVe7C4=
=q5ew
-----END PGP SIGNATURE-----
More information about the rbridge
mailing list