PKI agility support in SEND
Hello CSI people,
We (Michaela, Sean, Maryline and myself) are currently working on the PKI
agility for SEND. This will offer, for example, support of ECC based CGA
(see draft draft-shen-csi-ecc-01) to SEND. Our work is primarily focused
on a negotiation algorithm for nodes supporting different PKI algorithms.
We introduce a new ICMP error message called "ICMP Unsupported PKI" and an
option to this ICMP message called "supported PKI option". This addition
allows use to have a basic negotiation mechanism that permit
interoperability in most cases.
For scenario where nodes aren't sharing any common PKI algorithm, we then
introduce a new optional entity called "notary" (functionality assumed by
the router for now).
This all will be part of work that Sean will present next Wednesday during
the CSI meeting.
With this mail, you will have an email attachment that contains more
details on the basic ideas to permit PKI agility.
Thanks you in advance for all your review and comments.
1. PKI agility basic support:
The PKI agility basic support implies:
- Two IPv6 nodes supporting at least plain ND (RFC 4861) must be able to perform neighbor discovery