| base.txt | issue81.txt | |||
|---|---|---|---|---|
| skipping to change at page 12, line 26 | skipping to change at page 12, line 26 | |||
| which allows the owner of an address and the signer to be | which allows the owner of an address and the signer to be | |||
| different parties. | different parties. | |||
| Padding | Padding | |||
| A variable length field making the option length a multiple of 8, | A variable length field making the option length a multiple of 8, | |||
| containing as many octets as specified in the Pad Length field. | containing as many octets as specified in the Pad Length field. | |||
| 5.1.1 Processing Rules for Senders | 5.1.1 Processing Rules for Senders | |||
| The CGA option MUST be present in all Neighbor Solicitation and | If the node has been configured to use SEND, the CGA option MUST be | |||
| Advertisement messages, and MUST be present in Router Solicitation | present in all Neighbor Solicitation and Advertisement messages, and | |||
| messages unless they are sent with the unspecified source address. | MUST be present in Router Solicitation messages unless they are sent | |||
| The CGA option MAY be present in other messages. | with the unspecified source address. The CGA option MAY be present in | |||
| other messages. | ||||
| A node sending a message using the CGA option MUST construct the | A node sending a message using the CGA option MUST construct the | |||
| message as follows. | message as follows. | |||
| The CGA Parameter field in the CGA option is filled in according to | The CGA Parameter field in the CGA option is filled in according to | |||
| the rules presented above and in [13]. The public key in the field is | the rules presented above and in [13]. The public key in the field is | |||
| taken from the node's configuration used to generate the CGA; | taken from the node's configuration used to generate the CGA; | |||
| typically from a data structure associated with the source address. | typically from a data structure associated with the source address. | |||
| The address MUST be constructed as specified in Section 4 of [13]. | The address MUST be constructed as specified in Section 4 of [13]. | |||
| Depending on the type of the message, this address appears in | Depending on the type of the message, this address appears in | |||
| skipping to change at page 16, line 40 | skipping to change at page 16, line 40 | |||
| Signature option minus the length of the other fields (including | Signature option minus the length of the other fields (including | |||
| the variable length Pad field). | the variable length Pad field). | |||
| Padding | Padding | |||
| This variable length field contains padding, as many bytes as | This variable length field contains padding, as many bytes as | |||
| remains after end of the signature. | remains after end of the signature. | |||
| 5.2.1 Processing Rules for Senders | 5.2.1 Processing Rules for Senders | |||
| Neighbor Solicitation, Neighbor Advertisement, Router Advertisement, | If the node has been configured to use SEND, Neighbor Solicitation, | |||
| and Redirect messages MUST contain the RSA Signature option. Router | Neighbor Advertisement, Router Advertisement, and Redirect messages | |||
| Solicitation messages not sent with the unspecified source address | MUST contain the RSA Signature option. Router Solicitation messages | |||
| MUST contain the RSA Signature option. | not sent with the unspecified source address MUST contain the RSA | |||
| Signature option. | ||||
| A node sending a message using the RSA Signature option MUST | A node sending a message using the RSA Signature option MUST | |||
| construct the message as follows: | construct the message as follows: | |||
| o The message is constructed in its entirety, without the RSA | o The message is constructed in its entirety, without the RSA | |||
| Signature option. | Signature option. | |||
| o The RSA Signature option is added as the last option in the | o The RSA Signature option is added as the last option in the | |||
| message. | message. | |||
| skipping to change at page 21, line 33 | skipping to change at page 21, line 33 | |||
| Nonce | Nonce | |||
| A field containing a random number selected by the sender of the | A field containing a random number selected by the sender of the | |||
| solicitation message. The length of the random number MUST be at | solicitation message. The length of the random number MUST be at | |||
| least 6 bytes. The length of the random number MUST be selected so | least 6 bytes. The length of the random number MUST be selected so | |||
| that the length of the nonce option is a multiple of 8 octets. | that the length of the nonce option is a multiple of 8 octets. | |||
| 5.3.3 Processing rules for senders | 5.3.3 Processing rules for senders | |||
| All solicitation messages MUST include a Nonce. When sending a | If the node has been configured to use SEND, all solicitation | |||
| solicitation, the sender MUST store the nonce internally so that it | messages MUST include a Nonce. When sending a solicitation, the | |||
| can recognize any replies containing that particular nonce. | sender MUST store the nonce internally so that it can recognize any | |||
| replies containing that particular nonce. | ||||
| All solicited advertisements MUST include a Nonce, copied from the | If the node has been configured to use SEND, all solicited | |||
| received solicitation. Note that routers may decide to send a | advertisements MUST include a Nonce, copied from the received | |||
| multicast advertisement to all nodes instead of a response to a | solicitation. Note that routers may decide to send a multicast | |||
| specific host. In such case the router MAY still include the nonce | advertisement to all nodes instead of a response to a specific host. | |||
| value for the host that triggered the multicast advertisement. | In such case the router MAY still include the nonce value for the | |||
| Omitting the nonce value may, however, cause the host to ignore the | host that triggered the multicast advertisement. Omitting the nonce | |||
| router's advertisement, unless the clocks in these nodes are | value may, however, cause the host to ignore the router's | |||
| sufficiently synchronized so that timestamps can be relied on. | advertisement, unless the clocks in these nodes are sufficiently | |||
| synchronized so that timestamps can be relied on. | ||||
| All solicitation, advertisement, and redirect messages MUST include a | If the node has been configured to use SEND, all solicitation, | |||
| Timestamp. Senders SHOULD set the Timestamp field to the current | advertisement, and redirect messages MUST include a Timestamp. | |||
| time, according to their real time clock. | Senders SHOULD set the Timestamp field to the current time, according | |||
| to their real time clock. | ||||
| 5.3.4 Processing rules for receivers | 5.3.4 Processing rules for receivers | |||
| The processing of the Nonce and Timestamp options depends on whether | The processing of the Nonce and Timestamp options depends on whether | |||
| a packet is a solicited advertisement. A system may implement the | a packet is a solicited advertisement. A system may implement the | |||
| distinction in various ways. Section 5.3.4.1 defines the processing | distinction in various ways. Section 5.3.4.1 defines the processing | |||
| rules for solicited advertisements. Section 5.3.4.2 defines the | rules for solicited advertisements. Section 5.3.4.2 defines the | |||
| processing rules for all other messages. | processing rules for all other messages. | |||
| In addition, the following rules apply in all cases: | In addition, the following rules apply in all cases: | |||
| o Messages received without at least one of the the Timestamp and | ||||
| Nonce options MUST be treated as insecure, i.e., processed in the | ||||
| same way as NDP messages sent by a non-SEND node. | ||||
| o Messages received with the RSA Signature option but without the | o Messages received with the RSA Signature option but without the | |||
| Timestamp option MUST be silently discarded. | Timestamp option MUST be silently discarded. | |||
| o Solicitation messages received with the RSA Signature option but | o Solicitation messages received with the RSA Signature option but | |||
| without the Nonce option MUST be silently discarded. | without the Nonce option MUST be silently discarded. | |||
| o Advertisements sent to a unicast destination address with the RSA | o Advertisements sent to a unicast destination address with the RSA | |||
| Signature option but without a Nonce option MUST be silently | Signature option but without a Nonce option MUST be silently | |||
| discarded. | discarded. | |||
| skipping to change at page 35, line 33 | skipping to change at page 35, line 33 | |||
| Padding | Padding | |||
| A variable length field making the option length a multiple of 8, | A variable length field making the option length a multiple of 8, | |||
| beginning after the ASN.1 encoding of the previous field ends, and | beginning after the ASN.1 encoding of the previous field ends, and | |||
| continuing to the end of the option, as specified by the Length | continuing to the end of the option, as specified by the Length | |||
| field. | field. | |||
| 6.2.5 Processing Rules for Routers | 6.2.5 Processing Rules for Routers | |||
| Routers should be configured with a key pair and a certificate from | If the router has been configured to use SEND, it should be | |||
| at least one certificate authority. | configured with a key pair and a certificate from at least one | |||
| certificate authority. | ||||
| A router MUST silently discard any received Delegation Chain | A router MUST silently discard any received Delegation Chain | |||
| Solicitation messages that do not conform to the message format | Solicitation messages that do not conform to the message format | |||
| defined in Section 6.2.1. The contents of the Reserved field, and of | defined in Section 6.2.1. The contents of the Reserved field, and of | |||
| any unrecognized options, MUST be ignored. Future, | any unrecognized options, MUST be ignored. Future, | |||
| backward-compatible changes to the protocol may specify the contents | backward-compatible changes to the protocol may specify the contents | |||
| of the Reserved field or add new options; backward-incompatible | of the Reserved field or add new options; backward-incompatible | |||
| changes may use different Code values. The contents of any defined | changes may use different Code values. The contents of any defined | |||
| options that are not specified to be used with Router Solicitation | options that are not specified to be used with Router Solicitation | |||
| messages MUST be ignored and the packet processed in the normal | messages MUST be ignored and the packet processed in the normal | |||
| skipping to change at page 36, line 34 | skipping to change at page 36, line 36 | |||
| include the Trust Anchor option(s) in the advertisement for which the | include the Trust Anchor option(s) in the advertisement for which the | |||
| delegation chain was found. | delegation chain was found. | |||
| If the router is unable to find a chain to the requested anchor, it | If the router is unable to find a chain to the requested anchor, it | |||
| SHOULD send an advertisement without any certificates. In this case | SHOULD send an advertisement without any certificates. In this case | |||
| the router SHOULD include the Trust Anchor options which were | the router SHOULD include the Trust Anchor options which were | |||
| solicited. | solicited. | |||
| 6.2.6 Processing Rules for Hosts | 6.2.6 Processing Rules for Hosts | |||
| Hosts SHOULD possess the public key and trust anchor name of at least | If the host has been configured to use SEND, it SHOULD possess the | |||
| one certificate authority, they SHOULD possess their own key pair, | public key and trust anchor name of at least one certificate | |||
| and they MAY possess certificates from certificate authorities. | authority, they SHOULD possess their own key pair, and they MAY | |||
| possess certificates from certificate authorities. | ||||
| A host MUST silently discard any received Delegation Chain | A host MUST silently discard any received Delegation Chain | |||
| Advertisement messages that do not conform to the message format | Advertisement messages that do not conform to the message format | |||
| defined in Section 6.2.2. The contents of the Reserved field, and of | defined in Section 6.2.2. The contents of the Reserved field, and of | |||
| any unrecognized options, MUST be ignored. Future, | any unrecognized options, MUST be ignored. Future, | |||
| backward-compatible changes to the protocol MAY specify the contents | backward-compatible changes to the protocol MAY specify the contents | |||
| of the Reserved field or add new options; backward-incompatible | of the Reserved field or add new options; backward-incompatible | |||
| changes MUST use different Code values. The contents of any defined | changes MUST use different Code values. The contents of any defined | |||
| options that are not specified to be used with Delegation Chain | options that are not specified to be used with Delegation Chain | |||
| Advertisement messages MUST be ignored and the packet processed in | Advertisement messages MUST be ignored and the packet processed in | |||
| skipping to change at page 41, line 22 | skipping to change at page 41, line 22 | |||
| messages but give priority to "secured" ones. Here, the "secured" | messages but give priority to "secured" ones. Here, the "secured" | |||
| messages are ones that contain a valid signature option, as specified | messages are ones that contain a valid signature option, as specified | |||
| above, and "insecure" messages are ones that contain no signature | above, and "insecure" messages are ones that contain no signature | |||
| option. | option. | |||
| A SEND node SHOULD have a configuration option that causes it to | A SEND node SHOULD have a configuration option that causes it to | |||
| ignore all insecure Neighbor Solicitation and Advertisement, Router | ignore all insecure Neighbor Solicitation and Advertisement, Router | |||
| Solicitation and Advertisement, and Redirect messages. This can be | Solicitation and Advertisement, and Redirect messages. This can be | |||
| used to enforce SEND-only networks. The default for this | used to enforce SEND-only networks. The default for this | |||
| configuration option SHOULD be that both secure and insecure messages | configuration option SHOULD be that both secure and insecure messages | |||
| are allowed. | are allowed. A SEND node MAY also have a configuration option that | |||
| causes it to disable the use of SEND even the messages it sends | ||||
| itself. | ||||
| SEND nodes MUST send only secured messages. Plain (non-SEND) | SEND nodes MUST send only secured messages. Plain (non-SEND) | |||
| Neighbor Discovery nodes will obviously send only insecure messages. | Neighbor Discovery nodes will obviously send only insecure messages. | |||
| Per RFC 2461 [7], such nodes will ignore the unknown options and will | Per RFC 2461 [7], such nodes will ignore the unknown options and will | |||
| treat secured messages in the same way as they treat insecure ones. | treat secured messages in the same way as they treat insecure ones. | |||
| Secured and insecure nodes share the same network resources, such as | Secured and insecure nodes share the same network resources, such as | |||
| prefixes and address spaces. | prefixes and address spaces. | |||
| In a mixed environment SEND nodes follow the protocols defined in RFC | In a mixed environment SEND nodes follow the protocols defined in RFC | |||
| 2461 and RFC 2462 with the following exceptions: | 2461 and RFC 2462 with the following exceptions: | |||
| End of changes. | ||||
This html diff was produced by rfcdiff v1.06, available from http://www.levkowetz.com/ietf/tools/rfcdiff/ | ||||