| draft-ietf-v6ops-ra-guard-04.txt | draft-ietf-v6ops-ra-guard-05.txt | |||
|---|---|---|---|---|
| v6ops Working Group E. Levy-Abegnoli | v6ops Working Group E. Levy-Abegnoli | |||
| Internet-Draft G. Van de Velde | Internet-Draft G. Van de Velde | |||
| Intended status: Informational C. Popoviciu | Intended status: Informational C. Popoviciu | |||
| Expires: June 1, 2010 Cisco Systems | Expires: December 2, 2010 Cisco Systems | |||
| J. Mohacsi | J. Mohacsi | |||
| NIIF/Hungarnet | NIIF/Hungarnet | |||
| November 28, 2009 | May 31, 2010 | |||
| IPv6 RA-Guard | IPv6 RA-Guard | |||
| <draft-ietf-v6ops-ra-guard-04.txt> | <draft-ietf-v6ops-ra-guard-05.txt> | |||
| Abstract | Abstract | |||
| It is particularly easy to experience "rogue" routers on an unsecured | It is particularly easy to experience "rogue" routers on an unsecured | |||
| link [reference4]. Devices acting as a rougue router may send | link [reference4]. Devices acting as a rougue router may send | |||
| illegitimate RAs. Section 6 of SeND [RFC3971] provides a full | illegitimate RAs. Section 6 of SeND [RFC3971] provides a full | |||
| solution to this problem, by enabling routers certification. This | solution to this problem, by enabling routers certification. This | |||
| solution does, however, require all nodes on an L2 network segment to | solution does, however, require all nodes on an L2 network segment to | |||
| support SeND, as well as it carries some deployment challenges. End- | support SeND, as well as it carries some deployment challenges. End- | |||
| nodes must be provisioned with certificate anchors. The solution | nodes must be provisioned with certificate anchors. The solution | |||
| skipping to change at page 1, line 40 | skipping to change at page 1, line 40 | |||
| rogue RAs, the L2 devices can use a spectrum of criterias, from a | rogue RAs, the L2 devices can use a spectrum of criterias, from a | |||
| static scheme that blocks RAs received on un-trusted ports, or from | static scheme that blocks RAs received on un-trusted ports, or from | |||
| un-trusted sources, to a more dynamic scheme that uses SeND to | un-trusted sources, to a more dynamic scheme that uses SeND to | |||
| challenge RA sources. | challenge RA sources. | |||
| This document reviews various techniques applicable on the L2 devices | This document reviews various techniques applicable on the L2 devices | |||
| to reduce the threat of rogue RAs. | to reduce the threat of rogue RAs. | |||
| Status of this Memo | Status of this Memo | |||
| This Internet-Draft is submitted to IETF in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
| provisions of BCP 78 and BCP 79. | provisions of BCP 78 and BCP 79. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF), its areas, and its working groups. Note that | Task Force (IETF). Note that other groups may also distribute | |||
| other groups may also distribute working documents as Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| The list of current Internet-Drafts can be accessed at | This Internet-Draft will expire on December 2, 2010. | |||
| http://www.ietf.org/ietf/1id-abstracts.txt. | ||||
| The list of Internet-Draft Shadow Directories can be accessed at | ||||
| http://www.ietf.org/shadow.html. | ||||
| This Internet-Draft will expire on June 1, 2010. | ||||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2009 IETF Trust and the persons identified as the | Copyright (c) 2010 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| carefully, as they describe your rights and restrictions with respect | carefully, as they describe your rights and restrictions with respect | |||
| to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
| include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
| the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
| described in the BSD License. | described in the Simplified BSD License. | |||
| This document may contain material from IETF Documents or IETF | This document may contain material from IETF Documents or IETF | |||
| Contributions published or made publicly available before November | Contributions published or made publicly available before November | |||
| 10, 2008. The person(s) controlling the copyright in some of this | 10, 2008. The person(s) controlling the copyright in some of this | |||
| material may not have granted the IETF Trust the right to allow | material may not have granted the IETF Trust the right to allow | |||
| modifications of such material outside the IETF Standards Process. | modifications of such material outside the IETF Standards Process. | |||
| Without obtaining an adequate license from the person(s) controlling | Without obtaining an adequate license from the person(s) controlling | |||
| the copyright in such materials, this document may not be modified | the copyright in such materials, this document may not be modified | |||
| outside the IETF Standards Process, and derivative works of it may | outside the IETF Standards Process, and derivative works of it may | |||
| not be created outside the IETF Standards Process, except to format | not be created outside the IETF Standards Process, except to format | |||
| End of changes. 8 change blocks. | ||||
| 16 lines changed or deleted | 10 lines changed or added | |||
This html diff was produced by rfcdiff 1.38. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||