| base.txt | issue83.txt | |||
|---|---|---|---|---|
| skipping to change at page 21, line 43 | skipping to change at page 21, line 43 | |||
| If the node has been configured to use SEND, all solicitation | If the node has been configured to use SEND, all solicitation | |||
| messages MUST include a Nonce. When sending a solicitation, the | messages MUST include a Nonce. When sending a solicitation, the | |||
| sender MUST store the nonce internally so that it can recognize any | sender MUST store the nonce internally so that it can recognize any | |||
| replies containing that particular nonce. | replies containing that particular nonce. | |||
| If the node has been configured to use SEND, all solicited | If the node has been configured to use SEND, all solicited | |||
| advertisements MUST include a Nonce, copied from the received | advertisements MUST include a Nonce, copied from the received | |||
| solicitation. Note that routers may decide to send a multicast | solicitation. Note that routers may decide to send a multicast | |||
| advertisement to all nodes instead of a response to a specific host. | advertisement to all nodes instead of a response to a specific host. | |||
| In such case the router MAY still include the nonce value for the | In such case the router MAY still include the nonce value for the | |||
| host that triggered the multicast advertisement. Omitting the nonce | host that triggered the multicast advertisement. (Omitting the nonce | |||
| value may, however, cause the host to ignore the router's | value may cause the host to ignore the router's advertisement, unless | |||
| advertisement, unless the clocks in these nodes are sufficiently | the clocks in these nodes are sufficiently synchronized so that | |||
| synchronized so that timestamps can be relied on. | timestamps can be relied on.) | |||
| If the node has been configured to use SEND, all solicitation, | If the node has been configured to use SEND, all solicitation, | |||
| advertisement, and redirect messages MUST include a Timestamp. | advertisement, and redirect messages MUST include a Timestamp. | |||
| Senders SHOULD set the Timestamp field to the current time, according | Senders SHOULD set the Timestamp field to the current time, according | |||
| to their real time clock. | to their real time clock. | |||
| 5.3.4 Processing rules for receivers | 5.3.4 Processing rules for receivers | |||
| The processing of the Nonce and Timestamp options depends on whether | The processing of the Nonce and Timestamp options depends on whether | |||
| a packet is a solicited advertisement. A system may implement the | a packet is a solicited advertisement. A system may implement the | |||
| skipping to change at page 22, line 26 | skipping to change at page 22, line 26 | |||
| Nonce options MUST be treated as insecure, i.e., processed in the | Nonce options MUST be treated as insecure, i.e., processed in the | |||
| same way as NDP messages sent by a non-SEND node. | same way as NDP messages sent by a non-SEND node. | |||
| o Messages received with the RSA Signature option but without the | o Messages received with the RSA Signature option but without the | |||
| Timestamp option MUST be silently discarded. | Timestamp option MUST be silently discarded. | |||
| o Solicitation messages received with the RSA Signature option but | o Solicitation messages received with the RSA Signature option but | |||
| without the Nonce option MUST be silently discarded. | without the Nonce option MUST be silently discarded. | |||
| o Advertisements sent to a unicast destination address with the RSA | o Advertisements sent to a unicast destination address with the RSA | |||
| Signature option but without a Nonce option MUST be silently | Signature option but without a Nonce option SHOULD be processed as | |||
| discarded. | unsolicited advertisements. | |||
| o An implementation MAY utilize some mechanism such as a timestamp | o An implementation MAY utilize some mechanism such as a timestamp | |||
| cache to strengthen resistance to replay attacks. When there is a | cache to strengthen resistance to replay attacks. When there is a | |||
| very large number of nodes on the same link, or when a cache | very large number of nodes on the same link, or when a cache | |||
| filling attack is in progress, it is possible that the cache | filling attack is in progress, it is possible that the cache | |||
| holding the most recent timestamp per sender becomes full. In | holding the most recent timestamp per sender becomes full. In | |||
| this case the node MUST remove some entries from the cache or | this case the node MUST remove some entries from the cache or | |||
| refuse some new requested entries. The specific policy as to | refuse some new requested entries. The specific policy as to | |||
| which entries are preferred over the others is left as an | which entries are preferred over the others is left as an | |||
| implementation decision. However, typical policies may prefer | implementation decision. However, typical policies may prefer | |||
| skipping to change at page 25, line 4 | skipping to change at page 24, line 23 | |||
| TSnew + fuzz > TSlast + (RDnew - RDlast) x (1 - drift) - fuzz | TSnew + fuzz > TSlast + (RDnew - RDlast) x (1 - drift) - fuzz | |||
| If this inequality does not hold, the receiver SHOULD silently | If this inequality does not hold, the receiver SHOULD silently | |||
| discard the message. On the other hand, if the inequality holds, | discard the message. On the other hand, if the inequality holds, | |||
| the receiver SHOULD process the message. | the receiver SHOULD process the message. | |||
| Moreover, if the above inequality holds and TSnew > TSlast, the | Moreover, if the above inequality holds and TSnew > TSlast, the | |||
| receiver SHOULD update RDlast and TSlast. Otherwise, the receiver | receiver SHOULD update RDlast and TSlast. Otherwise, the receiver | |||
| MUST NOT update update RDlast or TSlast. | MUST NOT update update RDlast or TSlast. | |||
| As unsolicited messages may be used in a Denial-of-Service attack to | ||||
| cause the receiver to verify computationally expensive signatures, | ||||
| all nodes SHOULD apply a mechanism to prevent excessive use of | ||||
| resources for processing such messages. | ||||
| 6. Authorization Delegation Discovery | 6. Authorization Delegation Discovery | |||
| NDP allows a node to automatically configure itself based on | NDP allows a node to automatically configure itself based on | |||
| information learned shortly after connecting to a new link. It is | information learned shortly after connecting to a new link. It is | |||
| particularly easy to configure "rogue" routers on an unsecured link, | particularly easy to configure "rogue" routers on an unsecured link, | |||
| and it is particularly difficult for a node to distinguish between | and it is particularly difficult for a node to distinguish between | |||
| valid and invalid sources of router information, because the node | valid and invalid sources of router information, because the node | |||
| needs this information before being able to communicate with nodes | needs this information before being able to communicate with nodes | |||
| outside of the link. | outside of the link. | |||
| End of changes. | ||||
This html diff was produced by rfcdiff v1.06, available from http://www.levkowetz.com/ietf/tools/rfcdiff/ | ||||