IPv6 is rapidly deploying globally. NDP replaces the role of ARP in IPv6 and provides mapping from IP address to MAC address.
However, the NDP protocol is as insecure as the ARP protocol, and can be easily spoofed, and then the attacker can conduct man-in-the-middle attacks. The solution to the weak security problem is to use Secure Neighbor Discovery, Abbreviation, SeND. SeND uses Cryptographically Generated Addresses and public keys to authenticate information provided by NDP messages. I think SeND is a very important security facility under IPv6. I found some implementations in user space, but not in the kernel. I searched the mail records in lkml.org and found that no one was discussing SeND. So I am confused, is the kernel planning to implement SeND? Or should SeND be implemented in user space?
