| 1/base.txt | 2/issue41.txt | |
|---|---|---|
| Skipping to change at page 32, line 15: | ||
| allows the host to anchor trust for the router's public key in the | allows the host to anchor trust for the router's public key in the | |
| trust anchor. Note that there MAY be multiple certificates issued by | trust anchor. Note that there MAY be multiple certificates issued by | |
| a single trust anchor. | a single trust anchor. | |
| 6.5.1 Router Authorization Certificate Profile | 6.5.1 Router Authorization Certificate Profile | |
| Router Authorization Certificates be X.509v3 certificates, as defined | Router Authorization Certificates be X.509v3 certificates, as defined | |
| in RFC 3280 [10], and MUST contain at least one instance of the X.509 | in RFC 3280 [10], and MUST contain at least one instance of the X.509 | |
| extension for IP addresses, as defined in [11]. The parent | extension for IP addresses, as defined in [11]. The parent | |
| certificates in the certificate chain MUST contain one or more X.509 | certificates in the certificate chain MUST contain one or more X.509 | |
| IP address extensions, back up to the delegating authority (the | IP address extensions, back up to a trusted party (such as the user's | |
| Regional Address Registry or IANA) that delegated the original IP | ISP) that configured the original IP address space block for the | |
| address space block. The certificates for intermediate delegating | router in question, or delegated the right to do so for someone. The | |
| authorities MUST contain X.509 IP address extension(s) for | certificates for intermediate delegating authorities MUST contain | |
| subdelegations. The router's certificate is signed by the delegating | X.509 IP address extension(s) for subdelegations. The router's | |
| authority for the prefixes the router is authorized to to advertise. | certificate is signed by the delegating authority for the prefixes | |
| the router is authorized to to advertise. | ||
| The X.509 IP address extension MUST contain at least one | The X.509 IP address extension MUST contain at least one | |
| addressesOrRanges element that contains an addressPrefix element with | addressesOrRanges element that contains an addressPrefix element with | |
| an IPv6 address prefix for a prefix the router or the intermediate | an IPv6 address prefix for a prefix the router or the intermediate | |
| entity is authorized to advertise. If the entity is allowed to route | entity is authorized to advertise. If the entity is allowed to route | |
| any prefix, the used IPv6 address prefix is the null prefix, 0/0. | any prefix, the used IPv6 address prefix is the null prefix, 0/0. | |
| The addressFamily element of the containing IPAddrBlocks sequence | The addressFamily element of the containing IPAddrBlocks sequence | |
| element MUST contain the IPv6 Address Family Identifier (0002), as | element MUST contain the IPv6 Address Family Identifier (0002), as | |
| specified in [11] for IPv6 prefixes. Instead of an addressPrefix | specified in [11] for IPv6 prefixes. Instead of an addressPrefix | |
| element, the addressesOrRange element MAY contain an addressRange | element, the addressesOrRange element MAY contain an addressRange |