--- 1/draft-ietf-v6ops-ra-guard-07.txt	2010-09-02 13:12:43.000000000 +0200
+++ 2/draft-ietf-v6ops-ra-guard-08.txt	2010-09-02 13:12:43.000000000 +0200
@@ -1,34 +1,30 @@
 
 v6ops Working Group                                     E. Levy-Abegnoli
 Internet-Draft                                           G. Van de Velde
 Intended status: Informational                              C. Popoviciu
 Expires: March 6, 2011                                     Cisco Systems
                                                               J. Mohacsi
                                                           NIIF/Hungarnet
                                                       September 02, 2010
 
                     IPv6 Router Advertisement Guard
-                   <draft-ietf-v6ops-ra-guard-07.txt>
+                   <draft-ietf-v6ops-ra-guard-08.txt>
 
 Abstract
 
-   When using IPv6 within a single L2 network segment it is possible and
-   sometimes desirable to enable layer 2 devices to drop rogue RAs
-   before they reach end-nodes.  In order to distinguish valid from
-   rogue RAs, the L2 devices can use a spectrum of criteria, from a
-   static scheme that blocks RAs received on un-trusted ports, or from
-   un-trusted sources, to a more dynamic scheme that uses Secure
-   Neighbor Discovery (SEND) to challenge RA sources.
-
-   This document reviews various techniques applicable on the L2 devices
-   to reduce the threat of rogue RAs.
+   Routed protocols are often susceptible to spoof attacks.  The
+   canonical solution for IPv6 is Secure Neighbor Discovery (SEND), a
+   solution that is non-trivial to deploy.  This document proposes a
+   light-weight alternative and complement to SEND based on filtering in
+   the layer-2 network fabric, using a variety of filtering criteria,
+   including, for example, SEND status.
 
 Status of this Memo
 
    This Internet-Draft is submitted in full conformance with the
    provisions of BCP 78 and BCP 79.
 
    Internet-Drafts are working documents of the Internet Engineering
    Task Force (IETF).  Note that other groups may also distribute
    working documents as Internet-Drafts.  The list of current Internet-
    Drafts is at http://datatracker.ietf.org/drafts/current/.
@@ -103,23 +99,22 @@
    span the spectrum from basic (where the port of the L2 device is
    statically instructed to forward or not to forward RAs received from
    the connected device) to advanced (where a criteria is used by the L2
    device to dynamically validate or invalidate a received RA, this
    criteria can even be based on SEND mechanisms).
 
 2.  Model and Applicability
 
    RA-Guard applies to an environment where all messages between IPv6
    end-devices traverse the controlled L2 networking devices.  It does
-   not apply to a shared media such as an Ethernet hub, when devices can
-   communicate directly without going through an RA-Guard capable L2
-   networking device.
+   not apply to a shared media, when devices can communicate directly
+   without going through an RA-Guard capable L2 networking device.
 
    Figure 1 illustrates a deployment scenario for RA-Guard.
 
                      Block                Allow
       +------+       incoming +---------+ incoming     +--------+
       |Host  |       RA       |    L2   | RA           | Router |
       |      |----------------|  device |--------------|        |
       +------+                +----+----+              +--------+
                                    |
                                    |Block