>    If the Target Address and Destination Address fields in the ICMP
>    Redirect message are equal, then this message is used to inform hosts
>    that a destination is in fact a neighbor.  In this case the receiver
>    MUST verify that the given address falls within the range defined by
>    the router's certificate.  Redirect messages failing this check MUST
>    be silently discarded.

Note: this seems to contradict what Section 7.3 says, which allows
uncertified prefixes to be accepted.

------

James Kempf: How about if we change this to:

    If the Target Address and Destination Address fields in the ICMP
    Redirect message are equal, then this message is used to inform hosts
    that a destination is in fact a neighbor.  In this case the receiver
    MUST verify that the given address falls within the range defined by
    the router's certificate.  Redirect messages failing this check MUST
    be treated as insecure, as described in Section 7.3.

------

Thomas Narten: Fine.

------

Arkko: Editorial, Redirect how to handle prefixes. Agreed with
comment.

Action Item: Text agreed, added.

Rest are editorial.

------

------