| base.txt | issue84.txt | |||
|---|---|---|---|---|
| skipping to change at page 2, line 34 | skipping to change at page 2, line 34 | |||
| 5.3.1 Timestamp Option . . . . . . . . . . . . . . . . 19 | 5.3.1 Timestamp Option . . . . . . . . . . . . . . . . 19 | |||
| 5.3.2 Nonce Option . . . . . . . . . . . . . . . . . . 20 | 5.3.2 Nonce Option . . . . . . . . . . . . . . . . . . 20 | |||
| 5.3.3 Processing rules for senders . . . . . . . . . . 21 | 5.3.3 Processing rules for senders . . . . . . . . . . 21 | |||
| 5.3.4 Processing rules for receivers . . . . . . . . . 22 | 5.3.4 Processing rules for receivers . . . . . . . . . 22 | |||
| 6. Authorization Delegation Discovery . . . . . . . . . . . . . 25 | 6. Authorization Delegation Discovery . . . . . . . . . . . . . 25 | |||
| 6.1 Certificate Format . . . . . . . . . . . . . . . . . . 25 | 6.1 Certificate Format . . . . . . . . . . . . . . . . . . 25 | |||
| 6.1.1 Router Authorization Certificate Profile . . . . 25 | 6.1.1 Router Authorization Certificate Profile . . . . 25 | |||
| 6.2 Certificate Transport . . . . . . . . . . . . . . . . 28 | 6.2 Certificate Transport . . . . . . . . . . . . . . . . 28 | |||
| 6.2.1 Delegation Chain Solicitation Message Format . . 28 | 6.2.1 Delegation Chain Solicitation Message Format . . 28 | |||
| 6.2.2 Delegation Chain Advertisement Message Format . 30 | 6.2.2 Delegation Chain Advertisement Message Format . 30 | |||
| 6.2.3 Trust Anchor Option . . . . . . . . . . . . . . 32 | 6.2.3 Trust Anchor Option . . . . . . . . . . . . . . 33 | |||
| 6.2.4 Certificate Option . . . . . . . . . . . . . . . 34 | 6.2.4 Certificate Option . . . . . . . . . . . . . . . 34 | |||
| 6.2.5 Processing Rules for Routers . . . . . . . . . . 35 | 6.2.5 Processing Rules for Routers . . . . . . . . . . 35 | |||
| 6.2.6 Processing Rules for Hosts . . . . . . . . . . . 36 | 6.2.6 Processing Rules for Hosts . . . . . . . . . . . 36 | |||
| 7. Addressing . . . . . . . . . . . . . . . . . . . . . . . . . 38 | 7. Addressing . . . . . . . . . . . . . . . . . . . . . . . . . 39 | |||
| 7.1 CGAs . . . . . . . . . . . . . . . . . . . . . . . . . 38 | 7.1 CGAs . . . . . . . . . . . . . . . . . . . . . . . . . 39 | |||
| 7.2 Redirect Addresses . . . . . . . . . . . . . . . . . . 38 | 7.2 Redirect Addresses . . . . . . . . . . . . . . . . . . 39 | |||
| 7.3 Advertised Prefixes . . . . . . . . . . . . . . . . . 38 | 7.3 Advertised Prefixes . . . . . . . . . . . . . . . . . 39 | |||
| 7.4 Limitations . . . . . . . . . . . . . . . . . . . . . 39 | 7.4 Limitations . . . . . . . . . . . . . . . . . . . . . 40 | |||
| 8. Transition Issues . . . . . . . . . . . . . . . . . . . . . 40 | 8. Transition Issues . . . . . . . . . . . . . . . . . . . . . 41 | |||
| 9. Security Considerations . . . . . . . . . . . . . . . . . . 42 | 9. Security Considerations . . . . . . . . . . . . . . . . . . 43 | |||
| 9.1 Threats to the Local Link Not Covered by SEND . . . . 42 | 9.1 Threats to the Local Link Not Covered by SEND . . . . 43 | |||
| 9.2 How SEND Counters Threats to NDP . . . . . . . . . . . 42 | 9.2 How SEND Counters Threats to NDP . . . . . . . . . . . 43 | |||
| 9.2.1 Neighbor Solicitation/Advertisement Spoofing . . 43 | 9.2.1 Neighbor Solicitation/Advertisement Spoofing . . 44 | |||
| 9.2.2 Neighbor Unreachability Detection Failure . . . 43 | 9.2.2 Neighbor Unreachability Detection Failure . . . 44 | |||
| 9.2.3 Duplicate Address Detection DoS Attack . . . . . 43 | 9.2.3 Duplicate Address Detection DoS Attack . . . . . 44 | |||
| 9.2.4 Router Solicitation and Advertisement Attacks . 44 | 9.2.4 Router Solicitation and Advertisement Attacks . 45 | |||
| 9.2.5 Replay Attacks . . . . . . . . . . . . . . . . . 44 | 9.2.5 Replay Attacks . . . . . . . . . . . . . . . . . 45 | |||
| 9.2.6 Neighbor Discovery DoS Attack . . . . . . . . . 45 | 9.2.6 Neighbor Discovery DoS Attack . . . . . . . . . 46 | |||
| 9.3 Attacks against SEND Itself . . . . . . . . . . . . . 45 | 9.3 Attacks against SEND Itself . . . . . . . . . . . . . 46 | |||
| 10. Protocol Constants . . . . . . . . . . . . . . . . . . . . . 47 | 10. Protocol Constants . . . . . . . . . . . . . . . . . . . . . 48 | |||
| 11. Protocol Variables . . . . . . . . . . . . . . . . . . . . . 48 | 11. Protocol Variables . . . . . . . . . . . . . . . . . . . . . 49 | |||
| 12. IANA Considerations . . . . . . . . . . . . . . . . . . . . 49 | 12. IANA Considerations . . . . . . . . . . . . . . . . . . . . 50 | |||
| Normative References . . . . . . . . . . . . . . . . . . . . 50 | Normative References . . . . . . . . . . . . . . . . . . . . 51 | |||
| Informative References . . . . . . . . . . . . . . . . . . . 52 | Informative References . . . . . . . . . . . . . . . . . . . 53 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . 52 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . 53 | |||
| A. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 54 | A. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 55 | |||
| B. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . 55 | B. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . 56 | |||
| C. Cache Management . . . . . . . . . . . . . . . . . . . . . . 56 | C. Cache Management . . . . . . . . . . . . . . . . . . . . . . 57 | |||
| Intellectual Property and Copyright Statements . . . . . . . 57 | D. Message Size When Carrying Certificates . . . . . . . . . . 58 | |||
| Intellectual Property and Copyright Statements . . . . . . . 59 | ||||
| 1. Introduction | 1. Introduction | |||
| IPv6 defines the Neighbor Discovery Protocol (NDP) in RFCs 2461 [7] | IPv6 defines the Neighbor Discovery Protocol (NDP) in RFCs 2461 [7] | |||
| and 2462 [8]. Nodes on the same link use NDP to discover each | and 2462 [8]. Nodes on the same link use NDP to discover each | |||
| other's presence, to determine each other's link-layer addresses, to | other's presence, to determine each other's link-layer addresses, to | |||
| find routers, and to maintain reachability information about the | find routers, and to maintain reachability information about the | |||
| paths to active neighbors. NDP is used both by hosts and routers. | paths to active neighbors. NDP is used both by hosts and routers. | |||
| Its functions include Neighbor Discovery (ND), Router Discovery (RD), | Its functions include Neighbor Discovery (ND), Router Discovery (RD), | |||
| Address Autoconfiguration, Address Resolution, Neighbor | Address Autoconfiguration, Address Resolution, Neighbor | |||
| skipping to change at page 29, line 9 | skipping to change at page 29, line 9 | |||
| 6.2.1 Delegation Chain Solicitation Message Format | 6.2.1 Delegation Chain Solicitation Message Format | |||
| Hosts send Delegation Chain Solicitations in order to prompt routers | Hosts send Delegation Chain Solicitations in order to prompt routers | |||
| to generate Delegation Chain Advertisements. | to generate Delegation Chain Advertisements. | |||
| 0 1 2 3 | 0 1 2 3 | |||
| 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| | Type | Code | Checksum | | | Type | Code | Checksum | | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| | Identifier | Reserved | | | Identifier | Component | | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| | Options ... | | Options ... | |||
| +-+-+-+-+-+-+-+-+-+-+-+- | +-+-+-+-+-+-+-+-+-+-+-+- | |||
| IP Fields: | IP Fields: | |||
| Source Address | Source Address | |||
| A link-local unicast address assigned to the sending interface, | A link-local unicast address assigned to the sending interface, | |||
| or the unspecified address if no address is assigned to the | or the unspecified address if no address is assigned to the | |||
| skipping to change at page 30, line 5 | skipping to change at page 30, line 5 | |||
| Identifier | Identifier | |||
| A 16-bit unsigned integer field, acting as an identifier to | A 16-bit unsigned integer field, acting as an identifier to | |||
| help matching advertisements to solicitations. The Identifier | help matching advertisements to solicitations. The Identifier | |||
| field MUST NOT be zero, and its value SHOULD be randomly | field MUST NOT be zero, and its value SHOULD be randomly | |||
| generated. This randomness does not need to be | generated. This randomness does not need to be | |||
| cryptographically hard, since its purpose is only to avoid | cryptographically hard, since its purpose is only to avoid | |||
| collisions. | collisions. | |||
| Reserved | Component | |||
| An unused field. It MUST be initialized to zero by the sender | This 16-bit unsigned integer field is set to 65,535 if the | |||
| and MUST be ignored by the receiver. | sender desires to retrieve all certificates. Otherwise, it is | |||
| set to the component identifier corresponding to the | ||||
| certificate that the receiver wants to retrieve (see Section | ||||
| 6.2.2 and Section 6.2.6). | ||||
| Valid Options: | Valid Options: | |||
| Trust Anchor | Trust Anchor | |||
| One or more trust anchors that the client is willing to accept. | One or more trust anchors that the client is willing to accept. | |||
| The first (or only) Trust Anchor option MUST contain a DER | The first (or only) Trust Anchor option MUST contain a DER | |||
| Encoded X.501 Name; see Section 6.2.3. If there is more than | Encoded X.501 Name; see Section 6.2.3. If there is more than | |||
| one Trust Anchor option, the options past the first one may | one Trust Anchor option, the options past the first one may | |||
| contain any type of trust anchor. | contain any type of trust anchor. | |||
| skipping to change at page 30, line 37 | skipping to change at page 30, line 40 | |||
| 6.2.2 Delegation Chain Advertisement Message Format | 6.2.2 Delegation Chain Advertisement Message Format | |||
| Routers send out Delegation Chain Advertisement messages in response | Routers send out Delegation Chain Advertisement messages in response | |||
| to a Delegation Chain Solicitation. | to a Delegation Chain Solicitation. | |||
| 0 1 2 3 | 0 1 2 3 | |||
| 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| | Type | Code | Checksum | | | Type | Code | Checksum | | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| | Identifier | Component | | | Identifier | All Components | | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| | Reserved | | | Component | Reserved | | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| | Options ... | | Options ... | |||
| +-+-+-+-+-+-+-+-+-+-+-+- | +-+-+-+-+-+-+-+-+-+-+-+- | |||
| IP Fields: | IP Fields: | |||
| Source Address | Source Address | |||
| A link-local unicast address assigned to the interface from | A link-local unicast address assigned to the interface from | |||
| which this message is sent. Note that routers may use multiple | which this message is sent. Note that routers may use multiple | |||
| addresses, and therefore this address is not sufficient for the | addresses, and therefore this address is not sufficient for the | |||
| unique identification of routers. | unique identification of routers. | |||
| Destination Address | Destination Address | |||
| skipping to change at page 31, line 37 | skipping to change at page 31, line 43 | |||
| The ICMP checksum [9]. | The ICMP checksum [9]. | |||
| Identifier | Identifier | |||
| A 16-bit unsigned integer field, acting as an identifier to | A 16-bit unsigned integer field, acting as an identifier to | |||
| help matching advertisements to solicitations. The Identifier | help matching advertisements to solicitations. The Identifier | |||
| field MUST be zero for advertisements sent to the All-Nodes | field MUST be zero for advertisements sent to the All-Nodes | |||
| multicast address and MUST NOT be zero for others. | multicast address and MUST NOT be zero for others. | |||
| Component | All Components | |||
| A 16-bit unsigned integer field, used for informing the | A 16-bit unsigned integer field, used for informing the | |||
| receiver which certificate is being sent, and how many are | receiver how many certificates there are in the whole chain. | |||
| still left to be sent in the whole chain. | ||||
| A single advertisement MUST be broken into separately sent | A single advertisement MUST be broken into separately sent | |||
| components if there is more than one Certificate option, in | components if there is more than one Certificate option, in | |||
| order to avoid excessive fragmentation at the IP layer. Unlike | order to avoid excessive fragmentation at the IP layer. Unlike | |||
| the fragmentation at the IP layer, individual components of an | the fragmentation at the IP layer, individual components of an | |||
| advertisement may be stored and used before all the components | advertisement may be stored and used before all the components | |||
| have arrived; this makes them slightly more reliable and less | have arrived; this makes them slightly more reliable and less | |||
| prone to Denial-of-Service attacks. | prone to Denial-of-Service attacks. | |||
| Example packet lengths of Delegation Chain Advertisement | ||||
| messages for typical certificate chains are listed in Appendix | ||||
| D. | ||||
| Component | ||||
| A 16-bit unsigned integer field, used for informing the | ||||
| receiver which certificate is being sent. | ||||
| The first message in a N-component advertisement has the | The first message in a N-component advertisement has the | |||
| Component field set to N-1, the second set to N-2, and so on. | Component field set to N-1, the second set to N-2, and so on. | |||
| Zero indicates that there are no more components coming in this | Zero indicates that there are no more components coming in this | |||
| advertisement. | advertisement. | |||
| The components MUST be ordered so that the certificate after | The components MUST be ordered so that the certificate after | |||
| the trust anchor is the one sent first. Each certificate sent | the trust anchor is the one sent first. Each certificate sent | |||
| after the first can be verified with the previously sent | after the first can be verified with the previously sent | |||
| certificates. The certificate of the sender comes last. | certificates. The certificate of the sender comes last. | |||
| skipping to change at page 36, line 8 | skipping to change at page 36, line 17 | |||
| response to the Solicited-Node multicast address corresponding to the | response to the Solicited-Node multicast address corresponding to the | |||
| source address, except when under load, as specified below. Routers | source address, except when under load, as specified below. Routers | |||
| SHOULD NOT send Delegation Chain Advertisements more than | SHOULD NOT send Delegation Chain Advertisements more than | |||
| MAX_DCA_RATE times within a second. When there are more | MAX_DCA_RATE times within a second. When there are more | |||
| solicitations, the router SHOULD send the response to the All-Nodes | solicitations, the router SHOULD send the response to the All-Nodes | |||
| multicast address regardless of the source address that appeared in | multicast address regardless of the source address that appeared in | |||
| the solicitation. | the solicitation. | |||
| In an advertisement, the router SHOULD include suitable Certificate | In an advertisement, the router SHOULD include suitable Certificate | |||
| options so that a delegation chain to the solicited trust anchor can | options so that a delegation chain to the solicited trust anchor can | |||
| be established. The anchor is identified by the Trust Anchor option. | be established (or a part of it, if the Component field in the | |||
| If the Trust Anchor option is represented as a DER Encoded X.501 | solicitation is not equal to 65,535). The anchor is identified by | |||
| Name, then the Name must be equal to the Subject field in the | the Trust Anchor option. If the Trust Anchor option is represented as | |||
| anchor's certificate. If the Trust Anchor option is represented as | a DER Encoded X.501 Name, then the Name must be equal to the Subject | |||
| an FQDN, the FQDN must be equal to an FQDN in the subjectAltName | field in the anchor's certificate. If the Trust Anchor option is | |||
| field of the anchor's certificate. The router SHOULD include the | represented as an FQDN, the FQDN must be equal to an FQDN in the | |||
| Trust Anchor option(s) in the advertisement for which the delegation | subjectAltName field of the anchor's certificate. The router SHOULD | |||
| chain was found. | include the Trust Anchor option(s) in the advertisement for which the | |||
| delegation chain was found. | ||||
| If the router is unable to find a chain to the requested anchor, it | If the router is unable to find a chain to the requested anchor, it | |||
| SHOULD send an advertisement without any certificates. In this case | SHOULD send an advertisement without any certificates. In this case | |||
| the router SHOULD include the Trust Anchor options which were | the router SHOULD include the Trust Anchor options which were | |||
| solicited. | solicited. | |||
| 6.2.6 Processing Rules for Hosts | 6.2.6 Processing Rules for Hosts | |||
| Hosts SHOULD possess the public key and trust anchor name of at least | Hosts SHOULD possess the public key and trust anchor name of at least | |||
| one certificate authority, they SHOULD possess their own key pair, | one certificate authority, they SHOULD possess their own key pair, | |||
| skipping to change at page 37, line 16 | skipping to change at page 37, line 27 | |||
| to the network can help improve performance. But periodic certificate | to the network can help improve performance. But periodic certificate | |||
| revocation checks are still needed even with cached results, to make | revocation checks are still needed even with cached results, to make | |||
| sure that the certificates are still valid. | sure that the certificates are still valid. | |||
| The host has a need to retrieve a delegation chain when a Router | The host has a need to retrieve a delegation chain when a Router | |||
| Advertisement has been received with a public key that is not stored | Advertisement has been received with a public key that is not stored | |||
| in the hosts' cache of certificates, or there is no authorization | in the hosts' cache of certificates, or there is no authorization | |||
| delegation chain to the host's trust anchor. In these situations, the | delegation chain to the host's trust anchor. In these situations, the | |||
| host MAY transmit up to MAX_DCS_MESSAGES Delegation Chain | host MAY transmit up to MAX_DCS_MESSAGES Delegation Chain | |||
| Solicitation messages, each separated by at least DCS_INTERVAL | Solicitation messages, each separated by at least DCS_INTERVAL | |||
| seconds. | seconds. In addition, hosts MAY also transmit up to MAX_DCS_MESSAGES | |||
| Delegation Chain Solicitation messages with the Component field set | ||||
| to a value not equal to 65,535, if they have received only a part of | ||||
| a certificate chain. | ||||
| Delegation Chain Solicitations SHOULD NOT be sent if the host has a | Delegation Chain Solicitations SHOULD NOT be sent if the host has a | |||
| currently valid certificate chain from a reachable router to a trust | currently valid certificate chain from a reachable router to a trust | |||
| anchor. | anchor. | |||
| When soliciting certificates for a router, a host MUST send | When soliciting certificates for a router, a host MUST send | |||
| Delegation Chain Solicitations either to the All-Routers multicast | Delegation Chain Solicitations either to the All-Routers multicast | |||
| address, if it has not selected a default router yet, or to the | address, if it has not selected a default router yet, or to the | |||
| default router's IP address, if a default router has already been | default router's IP address, if a default router has already been | |||
| selected. | selected. | |||
| skipping to change at page 57, line 4 | skipping to change at page 58, line 4 | |||
| will not fully prevent them. For example, an attacker could send a | will not fully prevent them. For example, an attacker could send a | |||
| little traffic (i.e. a ping or TCP syn) after each NS to trick the | little traffic (i.e. a ping or TCP syn) after each NS to trick the | |||
| victim into promoting its cache entry to the old cache. Hence, the | victim into promoting its cache entry to the old cache. Hence, the | |||
| node may be more intelligent in keeping its cache entries, and not | node may be more intelligent in keeping its cache entries, and not | |||
| just have a black/white old/new boundary. | just have a black/white old/new boundary. | |||
| It also looks like a good idea to consider the sec parameter when | It also looks like a good idea to consider the sec parameter when | |||
| forcing cache entries out, and let those entries with a larger sec a | forcing cache entries out, and let those entries with a larger sec a | |||
| higher chance of staying in. | higher chance of staying in. | |||
| Appendix D. Message Size When Carrying Certificates | ||||
| TBD. | ||||
| Intellectual Property Statement | Intellectual Property Statement | |||
| The IETF takes no position regarding the validity or scope of any | The IETF takes no position regarding the validity or scope of any | |||
| intellectual property or other rights that might be claimed to | intellectual property or other rights that might be claimed to | |||
| pertain to the implementation or use of the technology described in | pertain to the implementation or use of the technology described in | |||
| this document or the extent to which any license under such rights | this document or the extent to which any license under such rights | |||
| might or might not be available; neither does it represent that it | might or might not be available; neither does it represent that it | |||
| has made any effort to identify any such rights. Information on the | has made any effort to identify any such rights. Information on the | |||
| IETF's procedures with respect to rights in standards-track and | IETF's procedures with respect to rights in standards-track and | |||
| standards-related documentation can be found in BCP-11. Copies of | standards-related documentation can be found in BCP-11. Copies of | |||
| End of changes. | ||||
This html diff was produced by rfcdiff v1.06, available from http://www.levkowetz.com/ietf/tools/rfcdiff/ | ||||