base.txt   issue97.txt 
skipping to change at page 1, line 15 skipping to change at page 1, line 15
Expires: January 15, 2005 DoCoMo Communications Labs USA Expires: January 15, 2005 DoCoMo Communications Labs USA
B. Sommerfeld B. Sommerfeld
Sun Microsystems Sun Microsystems
B. Zill B. Zill
Microsoft Microsoft
P. Nikander P. Nikander
Ericsson Ericsson
July 17, 2004 July 17, 2004
SEcure Neighbor Discovery (SEND) SEcure Neighbor Discovery (SEND)
draft-ietf-send-ndopt-pre06 draft-ietf-send-ndopt-06
Status of this Memo Status of this Memo
This document is an Internet-Draft and is in full conformance with This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026. all provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that other Task Force (IETF), its areas, and its working groups. Note that other
groups may also distribute working documents as Internet-Drafts. groups may also distribute working documents as Internet-Drafts.
skipping to change at page 41, line 23 skipping to change at page 41, line 23
Note that caching this information and the implied verification Note that caching this information and the implied verification
results between network attachments for use over multiple attachments results between network attachments for use over multiple attachments
to the network can help improve performance. But periodic certificate to the network can help improve performance. But periodic certificate
revocation checks are still needed even with cached results, to make revocation checks are still needed even with cached results, to make
sure that the certificates are still valid. sure that the certificates are still valid.
The host has a need to retrieve a certification path when a Router The host has a need to retrieve a certification path when a Router
Advertisement has been received with a public key that is not Advertisement has been received with a public key that is not
available from a certificate in the hosts' cache of certificates, or available from a certificate in the hosts' cache of certificates, or
there is no certification path to the one of the host's trust there is no certification path to the one of the host's trust
anchors. In these situations, the host MAY transmit up to anchors. In these situations, the host MAY send a Certification Path
MAX_CPS_MESSAGES Certification Path Solicitation messages, each Solicitation message to retrieve the path. If there is no response
separated by at least CPS_INTERVAL seconds. In addition, hosts MAY within CPS_RETRY seconds, the message should be retried. The wait
also transmit up to MAX_CPS_MESSAGES Certification Path Solicitation interval for each subsequent retransmission MUST exponentially
messages with the Component field set to a value not equal to 65,535, increase, doubling each time. If there is no response after
if they have received only a part of a certification path. CPS_RETRY_MAX seconds, the host abandons the certification path
retrieval process. If the host receives only a part of a
certification path within CPS_RETRY_FRAGMENTS seconds of receiving
the first part, it MAY in addition transmit a Certification Path
Solicitation message with the Component field set to a value not
equal to 65,535. This message can be retransmitted using the same
process as in the initial message. If there are multiple missing
certificates, additional such CPS messages can be sent after getting
a response to first one. However, the complete retrieval process may
last at most CPS_RETRY_MAX seconds.
Certification Path Solicitations SHOULD NOT be sent if the host has a Certification Path Solicitations SHOULD NOT be sent if the host has a
currently valid certification path from a reachable router to a trust currently valid certification path from a reachable router to a trust
anchor. anchor.
When soliciting certificates for a router, a host MUST send When soliciting certificates for a router, a host MUST send
Certification Path Solicitations either to the All-Routers multicast Certification Path Solicitations either to the All-Routers multicast
address, if it has not selected a default router yet, or to the address, if it has not selected a default router yet, or to the
default router's IP address, if a default router has already been default router's IP address, if a default router has already been
selected. selected.
skipping to change at page 54, line 10 skipping to change at page 54, line 10
certification paths and their verification. Hosts SHOULD also certification paths and their verification. Hosts SHOULD also
prioritize advertisements sent as a response to solicitations the prioritize advertisements sent as a response to solicitations the
hosts have sent above unsolicited advertisements. hosts have sent above unsolicited advertisements.
10. Protocol Values 10. Protocol Values
10.1 Constants 10.1 Constants
Host constants: Host constants:
MAX_CPS_MESSAGES 3 transmissions CPS_RETRY 1 second
CPS_INTERVAL 4 seconds CPS_RETRY_FRAGMENTS 2 seconds
CPS_RETRY_MAX 15 seconds
Router constants: Router constants:
MAX_CPA_RATE 10 times per second MAX_CPA_RATE 10 times per second
10.2 Variables 10.2 Variables
TIMESTAMP_DELTA 300 seconds (5 minutes) TIMESTAMP_DELTA 300 seconds (5 minutes)
TIMESTAMP_FUZZ 1 second TIMESTAMP_FUZZ 1 second
TIMESTAMP_DRIFT 1 % (0.01) TIMESTAMP_DRIFT 1 % (0.01)
 End of changes. 

This html diff was produced by rfcdiff v1.06, available from http://www.levkowetz.com/ietf/tools/rfcdiff/