Diff: base.txt - issue64.txt

base.txt		issue64.txt

Skipping to change at page 2, line 40:
6. Authorization Delegation Discovery . . . . . . . . . . . . . 24		6. Authorization Delegation Discovery . . . . . . . . . . . . . 24
6.1 Certificate Format . . . . . . . . . . . . . . . . . .24		6.1 Certificate Format . . . . . . . . . . . . . . . . . .24
6.1.1 Router Authorization Certificate Profile . . . 24		6.1.1 Router Authorization Certificate Profile . . . 24
6.2 Certificate Transport . . . . . . . . . . . . . . . .27		6.2 Certificate Transport . . . . . . . . . . . . . . . .27
6.2.1 Delegation Chain Solicitation Message Format . 27		6.2.1 Delegation Chain Solicitation Message Format . 27
6.2.2 Delegation Chain Advertisement Message Format 29		6.2.2 Delegation Chain Advertisement Message Format 29
6.2.3 Trust Anchor Option . . . . . . . . . . . . . 31		6.2.3 Trust Anchor Option . . . . . . . . . . . . . 31
6.2.4 Certificate Option . . . . . . . . . . . . . . 32		6.2.4 Certificate Option . . . . . . . . . . . . . . 32
6.2.5 Processing Rules for Routers . . . . . . . . . 33		6.2.5 Processing Rules for Routers . . . . . . . . . 33
6.2.6 Processing Rules for Hosts . . . . . . . . . . 34		6.2.6 Processing Rules for Hosts . . . . . . . . . . 34
7. Addressing . . . . . . . . . . . . . . . . . . . . . . . . . 37		7. Addressing . . . . . . . . . . . . . . . . . . . . . . . . . 36
7.1 CGA Addresses . . . . . . . . . . . . . . . . . . . .37		7.1 CGA Addresses . . . . . . . . . . . . . . . . . . . .36
7.2 Redirect Addresses . . . . . . . . . . . . . . . . . .37		7.2 Redirect Addresses . . . . . . . . . . . . . . . . . .36
7.3 Advertised Prefixes . . . . . . . . . . . . . . . . .37		7.3 Advertised Prefixes . . . . . . . . . . . . . . . . .36
7.4 Limitations . . . . . . . . . . . . . . . . . . . . .38		7.4 Limitations . . . . . . . . . . . . . . . . . . . . .37
8. Transition Issues . . . . . . . . . . . . . . . . . . . . . 39		8. Transition Issues . . . . . . . . . . . . . . . . . . . . . 38
9. Security Considerations . . . . . . . . . . . . . . . . . . 41		9. Security Considerations . . . . . . . . . . . . . . . . . . 40
9.1 Threats to the Local Link Not Covered by SEND . . . .41		9.1 Threats to the Local Link Not Covered by SEND . . . .40
9.2 How SEND Counters Threats to NDP . . . . . . . . . . .41		9.2 How SEND Counters Threats to NDP . . . . . . . . . . .40
9.2.1 Neighbor Solicitation/Advertisement Spoofing . 42		9.2.1 Neighbor Solicitation/Advertisement Spoofing . 41
9.2.2 Neighbor Unreachability Detection Failure . . 42		9.2.2 Neighbor Unreachability Detection Failure . . 41
9.2.3 Duplicate Address Detection DoS Attack . . . . 42		9.2.3 Duplicate Address Detection DoS Attack . . . . 41
9.2.4 Router Solicitation and Advertisement Attacks 43		9.2.4 Router Solicitation and Advertisement Attacks 42
9.2.5 Replay Attacks . . . . . . . . . . . . . . . . 43		9.2.5 Replay Attacks . . . . . . . . . . . . . . . . 42
9.2.6 Neighbor Discovery DoS Attack . . . . . . . . 44		9.2.6 Neighbor Discovery DoS Attack . . . . . . . . 43
9.3 Attacks against SEND Itself . . . . . . . . . . . . .44		9.3 Attacks against SEND Itself . . . . . . . . . . . . .43
10. Protocol Constants . . . . . . . . . . . . . . . . . . . . . 46		10. Protocol Constants . . . . . . . . . . . . . . . . . . . . . 45
11. IANA Considerations . . . . . . . . . . . . . . . . . . . . 47		11. IANA Considerations . . . . . . . . . . . . . . . . . . . . 46
Normative References . . . . . . . . . . . . . . . . . . . . 48		Normative References . . . . . . . . . . . . . . . . . . . . 47
Informative References . . . . . . . . . . . . . . . . . . . 50		Informative References . . . . . . . . . . . . . . . . . . . 49
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . 51		Authors' Addresses . . . . . . . . . . . . . . . . . . . . . 50
A. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 52		A. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 51
B. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . 53		B. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . 52
C. Cache Management . . . . . . . . . . . . . . . . . . . . . . 54		C. Cache Management . . . . . . . . . . . . . . . . . . . . . . 53
Intellectual Property and Copyright Statements . . . . . . . 55		Intellectual Property and Copyright Statements . . . . . . . 54

1. Introduction		1. Introduction

IPv6 defines the Neighbor Discovery Protocol (NDP) in RFCs 2461 [7]		IPv6 defines the Neighbor Discovery Protocol (NDP) in RFCs 2461 [7]
and 2462 [8]. Nodes on the same link use NDP to discover each		and 2462 [8]. Nodes on the same link use NDP to discover each
other's presence, to determine each other's link-layer addresses, to		other's presence, to determine each other's link-layer addresses, to
find routers, and to maintain reachability information about the		find routers, and to maintain reachability information about the
paths to active neighbors. NDP is used both by hosts and routers.		paths to active neighbors. NDP is used both by hosts and routers.
Its functions include Neighbor Discovery (ND), Router Discovery (RD),		Its functions include Neighbor Discovery (ND), Router Discovery (RD),
Address Autoconfiguration, Address Resolution, Neighbor		Address Autoconfiguration, Address Resolution, Neighbor

Skipping to change at page 33, line 36:
When the Cert Type field is set to 1, the Certificate field		When the Cert Type field is set to 1, the Certificate field
contains an X.509v3 certificate [10], as described in Section		contains an X.509v3 certificate [10], as described in Section
6.1.1.		6.1.1.

6.2.5 Processing Rules for Routers		6.2.5 Processing Rules for Routers

Routers SHOULD possess a key pair and a certificate from at least one		Routers SHOULD possess a key pair and a certificate from at least one
certificate authority.		certificate authority.

A router MUST silently discard any received Delegation Chain		A router MUST silently discard any received Delegation Chain
Solicitation messages that do not satisfy all of the following		Solicitation messages that do not satisfy all of the requirements
validity checks:		listed in Section 6.2.1.

o All requirements listed in Section 6.2.1 are fulfilled.

o If the message includes an IP Authentication Header, the message
authenticates correctly.

The contents of the Reserved field, and of any unrecognized options,		The contents of the Reserved field, and of any unrecognized options,
MUST be ignored. Future, backward-compatible changes to the protocol		MUST be ignored. Future, backward-compatible changes to the protocol
may specify the contents of the Reserved field or add new options;		may specify the contents of the Reserved field or add new options;
backward-incompatible changes may use different Code values. The		backward-incompatible changes may use different Code values. The
contents of any defined options that are not specified to be used		contents of any defined options that are not specified to be used
with Router Solicitation messages MUST be ignored and the packet		with Router Solicitation messages MUST be ignored and the packet
processed in the normal manner. The only defined option that may		processed in the normal manner. The only defined option that may
appear is the Trust Anchor option. A solicitation that passes the		appear is the Trust Anchor option. A solicitation that passes the
validity checks is called a "valid solicitation".		validity checks is called a "valid solicitation".

Skipping to change at page 34, line 42:
solicited.		solicited.

6.2.6 Processing Rules for Hosts		6.2.6 Processing Rules for Hosts

Hosts SHOULD possess the public key and trust anchor name of at least		Hosts SHOULD possess the public key and trust anchor name of at least
one certificate authority, they SHOULD possess their own key pair,		one certificate authority, they SHOULD possess their own key pair,
and they MAY posses a certificate from the above mentioned		and they MAY posses a certificate from the above mentioned
certificate authority.		certificate authority.

A host MUST silently discard any received Delegation Chain		A host MUST silently discard any received Delegation Chain
Advertisement messages that do not satisfy all of the following		Advertisement messages that do not satisfy all of the requirements
validity checks:		listed in Section 6.2.2.

o All requirements listed in Section 6.2.2 are fulfilled.

o If the message includes an IP Authentication Header, the message
authenticates correctly.

The contents of the Reserved field, and of any unrecognized options,		The contents of the Reserved field, and of any unrecognized options,
MUST be ignored. Future, backward-compatible changes to the protocol		MUST be ignored. Future, backward-compatible changes to the protocol
may specify the contents of the Reserved field or add new options;		may specify the contents of the Reserved field or add new options;
backward-incompatible changes may use different Code values. The		backward-incompatible changes may use different Code values. The
contents of any defined options that are not specified to be used		contents of any defined options that are not specified to be used
with Delegation Chain Advertisement messages MUST be ignored and the		with Delegation Chain Advertisement messages MUST be ignored and the
packet processed in the normal manner. The only defined options that		packet processed in the normal manner. The only defined options that
may appear are the Certificate and Trust Anchor options. An		may appear are the Certificate and Trust Anchor options. An
advertisement that passes the validity checks is called a "valid		advertisement that passes the validity checks is called a "valid

End of changes.
This html diff was produced by rfcdiff v0.42, available from http://www.levkowetz.com/ietf/tools/rfcdiff/