[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: I-D Action:draft-ietf-v6ops-ipv6-cpe-router-03.txt

To: Gert Doering <gert@space.net>
Subject: RE: I-D Action:draft-ietf-v6ops-ipv6-cpe-router-03.txt
From: "Templin, Fred L" <Fred.L.Templin@boeing.com>
Date: Mon, 11 Jan 2010 08:53:33 -0800
Accept-language: en-US
Acceptlanguage: en-US
Cc: Ole Troan <ot@cisco.com>, Mark Smith <ipng@69706e6720323030352d30312d31340a.nosense.org>, IPv6 Operations <v6ops@ops.ietf.org>
In-reply-to: <20100109105430.GK32226@Space.Net>
References: <20091218104501.538103A6782@core3.amsl.com> <8BB9490E-B674-4D45-971A-3D25AC455B10@cisco.com> <20091219163604.0bc27ad9@opy.nosense.org> <0ACAAC20-3F15-47FA-8E44-9E58BA67CB29@cisco.com> <E1829B60731D1740BB7A0626B4FAF0A6467F04AC66@XCH-NW-01V.nw.nos.boeing.com> <20100108171347.GI32226@Space.Net> <E1829B60731D1740BB7A0626B4FAF0A6467F04ACA2@XCH-NW-01V.nw.nos.boeing.com> <20100108223434.GJ32226@Space.Net> <E1829B60731D1740BB7A0626B4FAF0A6467F04AE26@XCH-NW-01V.nw.nos.boeing.com> <20100109105430.GK32226@Space.Net>

Gert,

> -----Original Message-----
> From: Gert Doering [mailto:gert@space.net]
> Sent: Saturday, January 09, 2010 2:55 AM
> To: Templin, Fred L
> Cc: Gert Doering; Ole Troan; Mark Smith; IPv6 Operations
> Subject: Re: I-D Action:draft-ietf-v6ops-ipv6-cpe-router-03.txt
> 
> Hi,
> 
> On Fri, Jan 08, 2010 at 02:50:55PM -0800, Templin, Fred L wrote:
> > > > > How do you verify those are not malicious?
> > > >
> > > > The sending CPE has to supply sufficient credentials to
> > > > prove that it is authorized to advertise a given set of
> > > > prefixes.
> > >
> > > Which is, as far as I understand, not part of any currently
> > > standardized RAs.  Are there any drafts specifying this?
> >
> > RFC3971 is the primary example I had in mind.
> 
> OK, on re-reading 3971, I agree that it could work if the ISP hands out
> certificates to the individual routers that cover exactly the IPv6 network
> that the ISP has assigned to this router (and it would imply that the
> IPv6 assignment is mostly statical, or you get lots of certificat churn
> otherwise).

What I am looking for is a way for a CE router to inject
its own PI prefixes into the service provider's routing
system. For this, the CE router would first need a way
to prove to the SP router that it owns the prefixes, and
this is the area where I am considering the use of SEND.
To your point about static assignment - yes, I expect
that the CE router would want to retain its PI prefixes
for the long term so that it would not have to renumber.

> So the RAs received from "my neighbours" could indeed be verified against
> the ISP CA.

Good.

Fred
fred.l.templin@boeing.com

> Still not something I expect to see any time soon...
> 
> Gert Doering
> --
> Total number of prefixes smaller than registry allocations:  144438
> 
> SpaceNet AG                        Vorstand: Sebastian v. Bomhard
> Joseph-Dollinger-Bogen 14          Aufsichtsratsvors.: A. Grundner-Culemann
> D-80807 Muenchen                   HRB: 136055 (AG Muenchen)
> Tel: +49 (89) 32356-444            USt-IdNr.: DE813185279

References:
- Re: I-D Action:draft-ietf-v6ops-ipv6-cpe-router-03.txt
  - From: Ole Troan <ot@cisco.com>
- RE: I-D Action:draft-ietf-v6ops-ipv6-cpe-router-03.txt
  - From: "Templin, Fred L" <Fred.L.Templin@boeing.com>
- Re: I-D Action:draft-ietf-v6ops-ipv6-cpe-router-03.txt
  - From: Gert Doering <gert@space.net>
- RE: I-D Action:draft-ietf-v6ops-ipv6-cpe-router-03.txt
  - From: "Templin, Fred L" <Fred.L.Templin@boeing.com>
- Re: I-D Action:draft-ietf-v6ops-ipv6-cpe-router-03.txt
  - From: Gert Doering <gert@space.net>
- RE: I-D Action:draft-ietf-v6ops-ipv6-cpe-router-03.txt
  - From: "Templin, Fred L" <Fred.L.Templin@boeing.com>
- Re: I-D Action:draft-ietf-v6ops-ipv6-cpe-router-03.txt
  - From: Gert Doering <gert@space.net>

Prev by Date: Re: I-D Action:draft-ietf-v6ops-ipv6-cpe-router-03.txt
Next by Date: RE: I-D Action:draft-ietf-v6ops-ipv6-cpe-router-03.txt
Previous by thread: Re: I-D Action:draft-ietf-v6ops-ipv6-cpe-router-03.txt
Next by thread: Re: I-D Action:draft-ietf-v6ops-ipv6-cpe-router-03.txt
Index(es):
- Date
- Thread