| base.txt | issue68.txt | |||
|---|---|---|---|---|
| skipping to change at page 15, line 19 | skipping to change at page 15, line 19 | |||
| 5.2 Signature Option | 5.2 Signature Option | |||
| The Signature option allows public-key based signatures to be | The Signature option allows public-key based signatures to be | |||
| attached to NDP messages. Configured trust anchors, CGAs, or both | attached to NDP messages. Configured trust anchors, CGAs, or both | |||
| are supported as the trusted root. The format of the Signature | are supported as the trusted root. The format of the Signature | |||
| option is described in the following diagram: | option is described in the following diagram: | |||
| 0 1 2 3 | 0 1 2 3 | |||
| 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| | Type | Length | Pad Length | Reserved | | | Type | Length | Reserved | | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| | | | | | | |||
| | Key Hash | | | Key Hash | | |||
| | | | | | | |||
| | | | | | | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| | | | | | | |||
| . . | . . | |||
| . Digital Signature . | . Digital Signature . | |||
| . . | . . | |||
| skipping to change at page 16, line 4 | skipping to change at page 16, line 4 | |||
| Type | Type | |||
| TBD <To be assigned by IANA for Signature>. | TBD <To be assigned by IANA for Signature>. | |||
| Length | Length | |||
| The length of the option (including the Type, Length, Pad Length, | The length of the option (including the Type, Length, Pad Length, | |||
| Reserved, Key Hash, Digital Signature, and Padding fields) in | Reserved, Key Hash, Digital Signature, and Padding fields) in | |||
| units of 8 octets. | units of 8 octets. | |||
| Pad Length | ||||
| An 8-bit integer field, giving the length of the Pad field in | ||||
| units of an octet. | ||||
| Reserved | Reserved | |||
| An 8-bit field reserved for future use. The value MUST be | A 16-bit field reserved for future use. The value MUST be | |||
| initialized to zero by the sender, and MUST be ignored by the | initialized to zero by the sender, and MUST be ignored by the | |||
| receiver. | receiver. | |||
| Key Hash | Key Hash | |||
| A 128-bit field containing the most significant (leftmost) | A 128-bit field containing the most significant (leftmost) | |||
| 128-bits of a SHA-1 hash of the public key used for constructing | 128-bits of a SHA-1 hash of the public key used for constructing | |||
| the signature. The SHA-1 hash is taken over the presentation used | the signature. The SHA-1 hash is taken over the presentation used | |||
| in the Key Information field of the CGA option. Its purpose is to | in the Key Information field of the CGA option. Its purpose is to | |||
| associate the signature to a particular key known by the receiver. | associate the signature to a particular key known by the receiver. | |||
| skipping to change at page 17, line 6 | skipping to change at page 16, line 50 | |||
| The signature value is computed with the RSASSA-PKCS1-v1_5 | The signature value is computed with the RSASSA-PKCS1-v1_5 | |||
| algorithm and SHA-1 hash as defined in [14]. | algorithm and SHA-1 hash as defined in [14]. | |||
| This field starts after the Key Hash field. The length of the | This field starts after the Key Hash field. The length of the | |||
| Digital Signature field is determined by the length of the | Digital Signature field is determined by the length of the | |||
| Signature option minus the length of the other fields (including | Signature option minus the length of the other fields (including | |||
| the variable length Pad field). | the variable length Pad field). | |||
| Padding | Padding | |||
| This variable length field contains padding, as many bytes as is | This variable length field contains padding, as many bytes as | |||
| given by the Pad Length field. | remains after end of the signature. | |||
| 5.2.1 Processing Rules for Senders | 5.2.1 Processing Rules for Senders | |||
| Neighbor Solicitation, Neighbor Advertisement, Router Advertisement, | Neighbor Solicitation, Neighbor Advertisement, Router Advertisement, | |||
| and Redirect messages MUST contain the Signature option. Router | and Redirect messages MUST contain the Signature option. Router | |||
| Solicitation messages not sent with the unspecified source address | Solicitation messages not sent with the unspecified source address | |||
| MUST contain the Signature option. | MUST contain the Signature option. | |||
| A node sending a message using the Signature option MUST construct | A node sending a message using the Signature option MUST construct | |||
| the message as follows: | the message as follows: | |||
| skipping to change at page 33, line 9 | skipping to change at page 33, line 9 | |||
| 6.2.3 Trust Anchor Option | 6.2.3 Trust Anchor Option | |||
| The format of the Trust Anchor option is described in the following: | The format of the Trust Anchor option is described in the following: | |||
| 0 1 2 3 | 0 1 2 3 | |||
| 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| | Type | Length | Name Type | Pad Length | | | Type | Length | Name Type | Pad Length | | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| | Name ... | | Name ... | | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ||||
| | ... Padding | | ||||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| Type | Type | |||
| TBD <To be assigned by IANA for Trust Anchor>. | TBD <To be assigned by IANA for Trust Anchor>. | |||
| Length | Length | |||
| The length of the option, (including the Type, Length, Name Type, | The length of the option, (including the Type, Length, Name Type, | |||
| Pad Length, and Name fields) in units of 8 octets. | Pad Length, and Name fields) in units of 8 octets. | |||
| skipping to change at page 34, line 8 | skipping to change at page 34, line 10 | |||
| In the FQDN case the Name field is an "IDN-unaware domain name | In the FQDN case the Name field is an "IDN-unaware domain name | |||
| slot" as defined in [11]. That is, it can contain only ASCII | slot" as defined in [11]. That is, it can contain only ASCII | |||
| characters. An implementation MAY support internationalized | characters. An implementation MAY support internationalized | |||
| domain names (IDNs) using the ToASCII operation; see [11] for more | domain names (IDNs) using the ToASCII operation; see [11] for more | |||
| information. | information. | |||
| All systems MUST support the DER Encoded X.501 Name. | All systems MUST support the DER Encoded X.501 Name. | |||
| Implementations MAY support the FQDN name type. | Implementations MAY support the FQDN name type. | |||
| Padding | ||||
| A variable length field making the option length a multiple of 8, | ||||
| beginning after the ASN.1 encoding of the previous field ends, and | ||||
| continuing to the end of the option, as specified by the Length | ||||
| field. | ||||
| 6.2.4 Certificate Option | 6.2.4 Certificate Option | |||
| The format of the certificate option is described in the following: | The format of the certificate option is described in the following: | |||
| 0 1 2 3 | 0 1 2 3 | |||
| 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| | Type | Length | Cert Type | Pad Length | | | Type | Length | Cert Type | Reserved | | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| | Certificate ... | | Certificate ... | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| | ... Padding | | ||||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ||||
| Type | Type | |||
| TBD <To be assigned by IANA for Certificate>. | TBD <To be assigned by IANA for Certificate>. | |||
| Length | Length | |||
| The length of the option, (including the Type, Length, Cert Type, | The length of the option, (including the Type, Length, Cert Type, | |||
| Pad Length, and Certificate fields) in units of 8 octets. | Pad Length, and Certificate fields) in units of 8 octets. | |||
| Cert Type | Cert Type | |||
| The type of the certificate included in the Certificate field. | The type of the certificate included in the Certificate field. | |||
| This specification defines only one legal value for this field: | This specification defines only one legal value for this field: | |||
| 1 X.509v3 Certificate, as specified below | 1 X.509v3 Certificate, as specified below | |||
| Reserved | ||||
| Pad Length | An 8-bit field reserved for future use. The value MUST be | |||
| initialized to zero by the sender, and MUST be ignored by the | ||||
| The number of padding octets beyond the end of the Certificate | receiver. | |||
| field but within the length specified by the Length field. | ||||
| Padding octets MUST be set to zero by senders and ignored by | ||||
| receivers. | ||||
| Certificate | Certificate | |||
| When the Cert Type field is set to 1, the Certificate field | When the Cert Type field is set to 1, the Certificate field | |||
| contains an X.509v3 certificate [10], as described in Section | contains an X.509v3 certificate [10], as described in Section | |||
| 6.1.1. | 6.1.1. | |||
| Padding | ||||
| A variable length field making the option length a multiple of 8, | ||||
| beginning after the ASN.1 encoding of the previous field ends, and | ||||
| continuing to the end of the option, as specified by the Length | ||||
| field. | ||||
| 6.2.5 Processing Rules for Routers | 6.2.5 Processing Rules for Routers | |||
| Routers should be configured with a key pair and a certificate from | Routers should be configured with a key pair and a certificate from | |||
| at least one certificate authority. | at least one certificate authority. | |||
| A router MUST silently discard any received Delegation Chain | A router MUST silently discard any received Delegation Chain | |||
| Solicitation messages that do not conform to the message format | Solicitation messages that do not conform to the message format | |||
| defined in Section 6.2.1. The contents of the Reserved field, and of | defined in Section 6.2.1. The contents of the Reserved field, and of | |||
| any unrecognized options, MUST be ignored. Future, | any unrecognized options, MUST be ignored. Future, | |||
| backward-compatible changes to the protocol may specify the contents | backward-compatible changes to the protocol may specify the contents | |||
| End of changes. | ||||
This html diff was produced by rfcdiff v1.06, available from http://www.levkowetz.com/ietf/tools/rfcdiff/ | ||||