| base.txt | issue82.txt | |||
|---|---|---|---|---|
| skipping to change at page 14, line 19 | skipping to change at page 14, line 19 | |||
| minbits | minbits | |||
| The minimum acceptable key length for public keys used in the | The minimum acceptable key length for public keys used in the | |||
| generation of CGAs. The default SHOULD be 1024 bits. | generation of CGAs. The default SHOULD be 1024 bits. | |||
| Implementations MAY also set an upper limit in order to limit the | Implementations MAY also set an upper limit in order to limit the | |||
| amount of computation they need to perform when verifying packets | amount of computation they need to perform when verifying packets | |||
| that use these security associations. The upper limit SHOULD be at | that use these security associations. The upper limit SHOULD be at | |||
| least 2048 bits. Any implementation should follow prudent | least 2048 bits. Any implementation should follow prudent | |||
| cryptographic practice in determining the appropriate key lengths. | cryptographic practice in determining the appropriate key lengths. | |||
| minSec | ||||
| The minimum acceptable Sec value, if CGA verification is required. | ||||
| This parameter is intended to facilitate future extensions and | ||||
| experimental work. Currently, the minSec value SHOULD always be | ||||
| set to zero. | ||||
| See Section 2 in [13]. | ||||
| All nodes that support the sending of the CGA option MUST record the | All nodes that support the sending of the CGA option MUST record the | |||
| following configuration information: | following configuration information: | |||
| CGA parameters | CGA parameters | |||
| Any information required to construct CGAs, including the used Sec | Any information required to construct CGAs, as described in [13]. | |||
| and Modifier values, and the CGA address itself. | ||||
| 5.2 Signature Option | 5.2 Signature Option | |||
| The Signature option allows public-key based signatures to be | The Signature option allows public-key based signatures to be | |||
| attached to NDP messages. Configured trust anchors, CGAs, or both are | attached to NDP messages. Configured trust anchors, CGAs, or both are | |||
| supported as the trusted root. The format of the Signature option is | supported as the trusted root. The format of the Signature option is | |||
| described in the following diagram: | described in the following diagram: | |||
| 0 1 2 3 | 0 1 2 3 | |||
| 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | |||
| End of changes. | ||||
This html diff was produced by rfcdiff v1.06, available from http://www.levkowetz.com/ietf/tools/rfcdiff/ | ||||