| base.txt | issue93.txt | |||
|---|---|---|---|---|
| skipping to change at page 2, line 27 | skipping to change at page 2, line 27 | |||
| 5.1.3 Configuration . . . . . . . . . . . . . . . . . 14 | 5.1.3 Configuration . . . . . . . . . . . . . . . . . 14 | |||
| 5.2 Signature Option . . . . . . . . . . . . . . . . . . . 14 | 5.2 Signature Option . . . . . . . . . . . . . . . . . . . 14 | |||
| 5.2.1 Processing Rules for Senders . . . . . . . . . . 16 | 5.2.1 Processing Rules for Senders . . . . . . . . . . 16 | |||
| 5.2.2 Processing Rules for Receivers . . . . . . . . . 17 | 5.2.2 Processing Rules for Receivers . . . . . . . . . 17 | |||
| 5.2.3 Configuration . . . . . . . . . . . . . . . . . 18 | 5.2.3 Configuration . . . . . . . . . . . . . . . . . 18 | |||
| 5.2.4 Performance Considerations . . . . . . . . . . . 19 | 5.2.4 Performance Considerations . . . . . . . . . . . 19 | |||
| 5.3 Timestamp and Nonce options . . . . . . . . . . . . . 19 | 5.3 Timestamp and Nonce options . . . . . . . . . . . . . 19 | |||
| 5.3.1 Timestamp Option . . . . . . . . . . . . . . . . 19 | 5.3.1 Timestamp Option . . . . . . . . . . . . . . . . 19 | |||
| 5.3.2 Nonce Option . . . . . . . . . . . . . . . . . . 20 | 5.3.2 Nonce Option . . . . . . . . . . . . . . . . . . 20 | |||
| 5.3.3 Processing rules for senders . . . . . . . . . . 21 | 5.3.3 Processing rules for senders . . . . . . . . . . 21 | |||
| 5.3.4 Processing rules for receivers . . . . . . . . . 22 | 5.3.4 Processing rules for receivers . . . . . . . . . 21 | |||
| 6. Authorization Delegation Discovery . . . . . . . . . . . . . 25 | 6. Authorization Delegation Discovery . . . . . . . . . . . . . 25 | |||
| 6.1 Certificate Format . . . . . . . . . . . . . . . . . . 25 | 6.1 Certificate Format . . . . . . . . . . . . . . . . . . 25 | |||
| 6.1.1 Router Authorization Certificate Profile . . . . 25 | 6.1.1 Router Authorization Certificate Profile . . . . 25 | |||
| 6.2 Certificate Transport . . . . . . . . . . . . . . . . 28 | 6.2 Certificate Transport . . . . . . . . . . . . . . . . 28 | |||
| 6.2.1 Delegation Chain Solicitation Message Format . . 28 | 6.2.1 Delegation Chain Solicitation Message Format . . 28 | |||
| 6.2.2 Delegation Chain Advertisement Message Format . 30 | 6.2.2 Delegation Chain Advertisement Message Format . 30 | |||
| 6.2.3 Trust Anchor Option . . . . . . . . . . . . . . 32 | 6.2.3 Trust Anchor Option . . . . . . . . . . . . . . 32 | |||
| 6.2.4 Certificate Option . . . . . . . . . . . . . . . 34 | 6.2.4 Certificate Option . . . . . . . . . . . . . . . 34 | |||
| 6.2.5 Processing Rules for Routers . . . . . . . . . . 35 | 6.2.5 Processing Rules for Routers . . . . . . . . . . 35 | |||
| 6.2.6 Processing Rules for Hosts . . . . . . . . . . . 36 | 6.2.6 Processing Rules for Hosts . . . . . . . . . . . 36 | |||
| skipping to change at page 17, line 6 | skipping to change at page 17, line 6 | |||
| MUST contain the Signature option. | MUST contain the Signature option. | |||
| A node sending a message using the Signature option MUST construct | A node sending a message using the Signature option MUST construct | |||
| the message as follows: | the message as follows: | |||
| o The message is constructed in its entirety, without the Signature | o The message is constructed in its entirety, without the Signature | |||
| option. | option. | |||
| o The Signature option is added as the last option in the message. | o The Signature option is added as the last option in the message. | |||
| o For the purpose of constructing a signature, the following data | o The data to be signed is constructed as explained in Section 5.2, | |||
| items are concatenated: | under the description of the Digital Signature field. | |||
| * The 128-bit CGA Type Tag. | ||||
| * The source address of the message. | ||||
| * The destination address of the message. | ||||
| * The contents of the message, starting from the ICMPv6 header, | ||||
| up to but excluding the Signature option. | ||||
| o The message, in the form defined above, is signed using the | o The message, in the form defined above, is signed using the | |||
| configured private key, and the resulting PKCS#1 signature is put | configured private key, and the resulting PKCS#1 signature is put | |||
| to the Digital Signature field. | to the Digital Signature field. | |||
| 5.2.2 Processing Rules for Receivers | 5.2.2 Processing Rules for Receivers | |||
| Neighbor Solicitation, Neighbor Advertisement, Router Advertisement, | Neighbor Solicitation, Neighbor Advertisement, Router Advertisement, | |||
| and Redirect messages without the Signature option MUST be treated as | and Redirect messages without the Signature option MUST be treated as | |||
| insecure, i.e., processed in the same way as NDP messages sent by a | insecure, i.e., processed in the same way as NDP messages sent by a | |||
| non-SEND node. See Section 8. | non-SEND node. See Section 8. | |||
| Router Solicitation messages without the Signature option MUST be | Router Solicitation messages without the Signature option MUST be | |||
| also treated as insecure, unless the source address of the message is | also treated as insecure, unless the source address of the message is | |||
| the unspecified address. | the unspecified address. | |||
| A message containing a Signature option MUST be checked as follows: | A message containing a Signature option MUST be checked as follows: | |||
| o The receiver MUST ignore any options the come after the first | o The receiver MUST ignore any options the come after the first | |||
| Signature option. | Signature option. (The options are ignored for both signature | |||
| verification and NDP processing purposes.) | ||||
| o The Key Hash field MUST indicate the use of a known public key, | o The Key Hash field MUST indicate the use of a known public key, | |||
| either one learned from a preceding CGA option in the same | either one learned from a preceding CGA option in the same | |||
| message, or one known by other means. | message, or one known by other means. | |||
| o The Digital Signature field MUST have correct encoding, and not | o The Digital Signature field MUST have correct encoding, and not | |||
| exceed the length of the Signature option minus the Padding. | exceed the length of the Signature option minus the Padding. | |||
| o The Digital Signature verification MUST show that the signature | o The Digital Signature verification MUST show that the signature | |||
| has been calculated as specified in the previous section. | has been calculated as specified in the previous section. | |||
| skipping to change at page 48, line 6 | skipping to change at page 48, line 6 | |||
| MAX_DCS_MESSAGES 3 transmissions | MAX_DCS_MESSAGES 3 transmissions | |||
| DCS_INTERVAL 4 seconds | DCS_INTERVAL 4 seconds | |||
| Router constants: | Router constants: | |||
| MAX_DCA_RATE 10 times per second | MAX_DCA_RATE 10 times per second | |||
| 11. Protocol Variables | 11. Protocol Variables | |||
| TIMESTAMP_DELTA 3,600 seconds (1 hour) | TIMESTAMP_DELTA 300 seconds (5 minutes) | |||
| TIMESTAMP_FUZZ 1 second | TIMESTAMP_FUZZ 1 second | |||
| TIMESTAMP_DRIFT 1 % (0.01) | TIMESTAMP_DRIFT 1 % (0.01) | |||
| 12. IANA Considerations | 12. IANA Considerations | |||
| This document defines two new ICMP message types, used in | This document defines two new ICMP message types, used in | |||
| Authorization Delegation Discovery. These messages must be assigned | Authorization Delegation Discovery. These messages must be assigned | |||
| ICMPv6 type numbers from the informational message range: | ICMPv6 type numbers from the informational message range: | |||
| o The Delegation Chain Solicitation message, described in Section | o The Delegation Chain Solicitation message, described in Section | |||
| End of changes. | ||||
This html diff was produced by rfcdiff v1.06, available from http://www.levkowetz.com/ietf/tools/rfcdiff/ | ||||