zero valid lifetime
Yukiyo Akisada <Yukiyo.Akisada@jp.yokogawa.com> Thu, 29 September 2005 01:17 UTC
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EKn2u-00020C-UG; Wed, 28 Sep 2005 21:17:12 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EKn2t-000207-Mo for ipv6@megatron.ietf.org; Wed, 28 Sep 2005 21:17:11 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA26074 for <ipv6@ietf.org>; Wed, 28 Sep 2005 21:17:10 -0400 (EDT)
Received: from ns.64translator.com ([202.214.123.16]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1EKnAS-0001ay-Cl for ipv6@ietf.org; Wed, 28 Sep 2005 21:25:01 -0400
Received: from bahamas.64translator.com ([10.21.32.3]) by ns.64translator.com (8.13.1/8.13.1) with ESMTP id j8T1Gbxu086293 for <ipv6@ietf.org>; Thu, 29 Sep 2005 10:16:37 +0900 (JST) (envelope-from Yukiyo.Akisada@jp.yokogawa.com)
Received: from localhost (dhcp163.64translator.com [10.21.32.163]) by bahamas.64translator.com (8.13.1/8.13.1) with SMTP id j8T1GU71075658 for <ipv6@ietf.org>; Thu, 29 Sep 2005 10:16:30 +0900 (JST) (envelope-from Yukiyo.Akisada@jp.yokogawa.com)
Date: Thu, 29 Sep 2005 10:16:27 +0900
From: Yukiyo Akisada <Yukiyo.Akisada@jp.yokogawa.com>
To: ipv6@ietf.org
Message-Id: <20050929101627.1f65984b.Yukiyo.Akisada@jp.yokogawa.com>
Organization: Yokogawa Electric Corporation
X-Mailer: Sylpheed version 1.0.0rc (GTK+ 1.2.10; i386-portbld-freebsd4.11)
Mime-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, score=-2.8 required=5.0 tests=ALL_TRUSTED autolearn=failed version=3.0.1
X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on bahamas.64translator.com
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 8b431ad66d60be2d47c7bfeb879db82c
Content-Transfer-Encoding: 7bit
Subject: zero valid lifetime
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "IP Version 6 Working Group \(ipv6\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
Sender: ipv6-bounces@ietf.org
Errors-To: ipv6-bounces@ietf.org
Hi, all. I was confusing about valid lifetime. <draft-ietf-ipv6-rfc2462bis-08.txt> says RA with the value 0 of valid lifetime is invalid, if RA isn't authenticated. 5.5.3 Router Advertisement Processing ------------------------------------------------------------------------ 1044 2. If RemainingLifetime is less than or equal to 2 hours, ignore 1045 the Prefix Information option with regards to the valid 1046 lifetime, unless the Router Advertisement from which this 1047 option was obtained has been authenticated (e.g., via Secure 1048 Neighbor Discovery [RFC3971]). If the Router Advertisement 1049 was authenticated, the valid lifetime of the corresponding 1050 address should be set to the Valid Lifetime in the received 1051 option. ------------------------------------------------------------------------ Furthermore chapter 8 also says it is invalid clearly. 8. Acknowledgements ------------------------------------------------------------------------ 1217 Erik Nordmark. Thanks also goes to John Gilmore for alerting the WG 1218 of the "0 Lifetime Prefix Advertisement" denial of service attack 1219 vulnerability; this document incorporates changes that address this 1220 vulnerability. ------------------------------------------------------------------------ But <draft-ietf-ipv6-2461bis-04.txt> says, the value 0 is just a special case. 6.3.4. Processing Received Router Advertisements ------------------------------------------------------------------------ 2945 - If the prefix is already present in the host's Prefix List as 2954 the result of a previously-received advertisement, reset its 2955 invalidation timer to the Valid Lifetime value in the Prefix 2956 Information option. If the new Lifetime value is zero, time-out 2957 the prefix immediately (see Section 6.3.5). ------------------------------------------------------------------------ Unauthenticated RA with valid Lifetime=0 is invalid packet, right? I feel putting text to 6.3.4 makes 2461bis more clear. How do you think? Thanks, ------------------------------------------------------------------------ Yukiyo Akisada <Yukiyo.Akisada@jp.yokogawa.com> -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
- zero valid lifetime Yukiyo Akisada
- Re: zero valid lifetime Francis Dupont
- Re: zero valid lifetime Yukiyo Akisada