--- 1/draft-ietf-ipv6-rfc2462bis-01.txt 2006-02-05 00:03:43.000000000 +0100 +++ 2/draft-ietf-ipv6-rfc2462bis-02.txt 2006-02-05 00:03:44.000000000 +0100 @@ -1,23 +1,21 @@ IETF IPv6 Working Group S. Thomson Internet-Draft Cisco -Expires: December 13, 2004 T. Narten +Expires: December 16, 2004 T. Narten IBM T. Jinmei Toshiba - H. Soliman - Flarion Technologies - June 14, 2004 + June 17, 2004 IPv6 Stateless Address Autoconfiguration - draft-ietf-ipv6-rfc2462bis-01.txt + draft-ietf-ipv6-rfc2462bis-02.txt Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. @@ -25,21 +23,21 @@ and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http:// www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. - This Internet-Draft will expire on December 13, 2004. + This Internet-Draft will expire on December 16, 2004. Copyright Notice Copyright (C) The Internet Society (2004). All Rights Reserved. Abstract This document specifies the steps a host takes in deciding how to autoconfigure its interfaces in IP version 6. The autoconfiguration process includes creating a link-local address and verifying its @@ -78,38 +76,38 @@ 5.5.4 Address Lifetime Expiry . . . . . . . . . . . . . . . . . . 20 5.6 Configuration Consistency . . . . . . . . . . . . . . . . . 21 5.7 Retaining Configured Addresses for Stability . . . . . . . . 21 6. SECURITY CONSIDERATIONS . . . . . . . . . . . . . . . . . . 21 7. IANA CONSIDERATIONS . . . . . . . . . . . . . . . . . . . . 22 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 22 Normative References . . . . . . . . . . . . . . . . . . . . 22 Informative References . . . . . . . . . . . . . . . . . . . 23 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . 23 A. LOOPBACK SUPPRESSION & DUPLICATE ADDRESS DETECTION . . . . . 24 - B. CHANGES SINCE RFC 1971 . . . . . . . . . . . . . . . . . . . 26 + B. CHANGES SINCE RFC 1971 . . . . . . . . . . . . . . . . . . . 25 C. CHANGE HISTORY . . . . . . . . . . . . . . . . . . . . . . . 26 Intellectual Property and Copyright Statements . . . . . . . 29 1. Introduction This document specifies the steps a host takes in deciding how to autoconfigure its interfaces in IP version 6. The autoconfiguration process includes creating a link-local address and verifying its uniqueness on a link, determining what information can be autoconfigured (addresses, other information, or both), and in the case of addresses, whether they can be obtained through the stateless mechanism, the stateful mechanism, or both. This document defines the process for generating a link-local address, the process for generating global addresses via stateless address autoconfiguration, and the Duplicate Address Detection procedure. The details of autoconfiguration using the stateful protocol is specified in RFC - 3315 [7] and RFC 3736 [8]. + 3315 [6] and RFC 3736 [7]. IPv6 defines both a stateful and stateless address autoconfiguration mechanism. Stateless autoconfiguration requires no manual configuration of hosts, minimal (if any) configuration of routers, and no additional servers. The stateless mechanism allows a host to generate its own addresses using a combination of locally available information and information advertised by routers. Routers advertise prefixes that identify the subnet(s) associated with a link, while hosts generate an "interface identifier" that uniquely identifies an interface on a subnet. An address is formed by combining the two. In @@ -122,21 +120,21 @@ DHCPv6 server. Servers maintain a database that keeps track of which addresses have been assigned to which hosts. The stateful autoconfiguration protocol allows hosts to obtain addresses, other configuration information or both from a server. Stateless and stateful autoconfiguration complement each other. For example, a host can use stateless autoconfiguration to configure its own addresses, but use stateful autoconfiguration to obtain other information. To obtain other configuration information without configuring addresses in the stateful autoconfiguration model, a subset of DHCPv6 - will be used [8]. While the model is called "stateful" here in order + will be used [7]. While the model is called "stateful" here in order to highlight the contrast to the stateless protocol defined in this document, the intended protocol is also defined to work in a stateless fashion. This is based on a result, through operational experiments, that all known "other" configuration information can be managed by a stateless server, that is, a server that does not maintain state of each client that the server provides with the configuration information. The stateless approach is used when a site is not particularly concerned with the exact addresses hosts use, so long as they are @@ -404,23 +402,23 @@ autoconfiguration may still be available even if no routers are present. Routers send Router Advertisements periodically, but the delay between successive advertisements will generally be longer than a host performing autoconfiguration will want to wait [5]. To obtain an advertisement quickly, a host sends one or more Router Solicitations to the all-routers multicast group. Router Advertisements contain two flags indicating what type of stateful autoconfiguration (if any) is available. A "managed address configuration (M)" flag indicates - whether hosts can use stateful autoconfiguration [7] to obtain + whether hosts can use stateful autoconfiguration [6] to obtain addresses. An "other stateful configuration (O)" flag indicates - whether hosts can use stateful autoconfiguration [8] to obtain + whether hosts can use stateful autoconfiguration [7] to obtain additional information (excluding addresses). The details of how a host may use the M flags, including any use of the "on" and "off" transitions for this flag, to control the use of the stateful protocol for address assignment will be described in a separate document. Similarly, the details of how a host may use the O flags, including any use of the "on" and "off" transitions for this flag, to control the use of the stateful protocol for getting other configuration information will be described in a separate document. @@ -590,21 +588,21 @@ Duplicate Address Detection for the link-local address and skip the test for the global address using the same interface identifier as that of the link-local address. Whereas this document does not invalidate such implementations, this kind of "optimization" is NOT RECOMMENDED, and new implementations MUST NOT do that optimization. This optimization came from the assumption that all of an interface's addresses are generated from the same identifier. However, the assumption does actually not stand; new types of addresses have been introduced where the interface identifiers are not necessarily the same for all unicast - addresses on a single interface [10] [11]. Requiring to perform + addresses on a single interface [9] [10]. Requiring to perform Duplicate Address Detection for all unicast addresses will make the algorithm robust for the current and future such special interface identifiers. The procedure for detecting duplicate addresses uses Neighbor Solicitation and Advertisement messages as described below. If a duplicate address is discovered during the procedure, the address cannot be assigned to the interface. If the address is derived from an interface identifier, a new identifier will need to be assigned to the interface, or all IP addresses for the interface will need to be @@ -681,21 +679,21 @@ message to be sent, the node SHOULD delay joining the solicited-node multicast address by a random delay between 0 and MAX_RTR_SOLICITATION_DELAY if the address being checked is configured by a router advertisement message sent to a multicast address. The delay will avoid similar congestion when multiple nodes are going to configure addresses by receiving a same single multicast router advertisement. Note that the delay for joining the multicast address implicitly means delaying transmission of the corresponding MLD report message - [12]. Since RFC 2710 [12] does not request a random delay to avoid + [11]. Since RFC 2710 [11] does not request a random delay to avoid race conditions, just delaying Neighbor Solicitation would cause congestion by the MLD report messages. The congestion would then prevent MLD-snooping switches from working correctly, and, as a result, prevent Duplicate Address Detection from working. The requirement to include the delay for the MLD report in this case avoids this scenario. In order to improve the robustness of the Duplicate Address Detection algorithm, an interface MUST receive and process datagrams sent to the all-nodes multicast address or solicited-node multicast address @@ -791,11 +789,550 @@ 5.5.1 Soliciting Router Advertisements Router Advertisements are sent periodically to the all-nodes multicast address. To obtain an advertisement quickly, a host sends out Router Solicitations as described in RFC 2461 [5]. 5.5.2 Absence of Router Advertisements Even if a link has no routers, stateful autoconfiguration to obtain addresses and other configuration information may still be available, - and hosts may want to use the mechanism. + and hosts may want to use the mechanism. From the perspective of + autoconfiguration, a link has no routers if no Router Advertisements + are received after having sent a small number of Router Solicitations + as described in RFC 2461 [5]. + + Note that it is possible that there is no router on the link in this + sense but there is a node that has the ability to forward packets. In + this case, the forwarding node's address must be manually configured + in hosts to be able to send packets off-link, since the only + mechanism to configure the default router's address automatically is + the one using router advertisements. + +5.5.3 Router Advertisement Processing + + For each Prefix-Information option in the Router Advertisement: + + a) If the Autonomous flag is not set, silently ignore the Prefix + Information option. + + b) If the prefix is the link-local prefix, silently ignore the + Prefix Information option. + + c) If the preferred lifetime is greater than the valid lifetime, + silently ignore the Prefix Information option. A node MAY wish to + log a system management error in this case. + + d) If the prefix advertised is not equal to the prefix of an address + configured by stateless autoconfiguration already in the list of + addresses associated with the interface (where "equal" means the + two prefix lengths are the same and the first prefix-length bits + of the prefixes are identical), and the Valid Lifetime is not 0, + form an address (and add it to the list) by combining the + advertised prefix with the link's interface identifier as follows: + + | 128 - N bits | N bits | + +---------------------------------------+------------------------+ + | link prefix | interface identifier | + +----------------------------------------------------------------+ + + If the sum of the prefix length and interface identifier length + does not equal 128 bits, the Prefix Information option MUST be + ignored. An implementation MAY wish to log a system management + error in this case. The length of the interface identifier is + defined in a separate link-type specific document, which should + also be consistent with the address architecture [4] (see Section + 2). + + It is the responsibility of the system administrator to insure + that the lengths of prefixes contained in Router Advertisements + are consistent with the length of interface identifiers for that + link type. It should be noted, however, that this does not mean + the advertised prefix length is meaningless. In fact, the + advertised length has non trivial meaning for on-link + determination in RFC 2461 [5] where the sum of the prefix length + and the interface identifier length may not be equal to 128. Thus, + it should be safe to validate the advertised prefix length here, + in order to detect and avoid a configuration error specifying an + invalid prefix length in the context of address autoconfiguration. + + Note that a future revision of the address architecture [4] and a + future link-type specific document, which will still be consistent + with each other, could potentially allow for an interface + identifier of length other than the value defined in the current + documents. Thus, an implementation should not assume a particular + constant. Rather, it should expect any lengths of interface + identifiers. + + If an address is formed successfully, the host adds it to the list + of addresses assigned to the interface, initializing its preferred + and valid lifetime values from the Prefix Information option. + + e) If the advertised prefix is equal to the prefix of an address + configured by stateless autoconfiguration in the list, the + preferred lifetime of the address is reset to the Preferred + Lifetime in the received advertisement. The specific action to + perform for the valid lifetime of the address depends on the Valid + Lifetime in the received advertisement and the remaining time to + the valid lifetime expiration of the previously autoconfigured + address. We call the remaining time "RemainingLifetime" in the + following discussion: + + 1. If the received Valid Lifetime is greater than 2 hours or + greater than RemainingLifetime, set the valid lifetime of the + corresponding address to the advertised Valid Lifetime. + + 2. If RemainingLifetime is less than or equal to 2 hours, ignore + the Prefix Information option with regards to the valid + lifetime, unless the Router Advertisement from which this + option was obtained has been authenticated (e.g., via IP + security [1]). If the Router Advertisement was authenticated, + the valid lifetime of the corresponding address should be set + to the Valid Lifetime in the received option. + + 3. Otherwise, reset the valid lifetime of the corresponding + address to two hours. + + The above rules address a specific denial of service attack in + which a bogus advertisement could contain prefixes with very small + Valid Lifetimes. Without the above rules, a single unauthenticated + advertisement containing bogus Prefix Information options with + short Valid Lifetimes could cause all of a node's addresses to + expire prematurely. The above rules ensure that legitimate + advertisements (which are sent periodically) will "cancel" the + short Valid Lifetimes before they actually take effect. + + Note that the preferred lifetime of the corresponding address is + always reset to the Preferred Lifetime in the received Prefix + Information option, regardless of whether the valid lifetime is + also reset or ignored. The difference comes from the fact that the + possible attack for the preferred lifetime is relatively minor. + Additionally, it is even undesirable to ignore the preferred + lifetime when a valid administrator wants to deprecate a + particular address by sending a short preferred lifetime (and the + valid lifetime is ignored by accident). + +5.5.4 Address Lifetime Expiry + + A preferred address becomes deprecated when its preferred lifetime + expires. A deprecated address SHOULD continue to be used as a source + address in existing communications, but SHOULD NOT be used to + initiate new communications if an alternate (non-deprecated) address + of sufficient scope can easily be used instead. + + Note that the feasibility of initiating new communication using a + non-deprecated address may be an application-specific decision, as + only the application may have knowledge about whether the (now) + deprecated address was (or still is) in use by the application. For + example, if an application explicitly specifies the protocol stack to + use a deprecated address as a source address, the protocol stack must + accept that; the application might request it because that IP address + is used for in higher-level communication and there might be a + requirement that the multiple connections in such a grouping use the + same pair of IP addresses. + + IP and higher layers (e.g., TCP, UDP) MUST continue to accept and + process datagrams destined to a deprecated address as normal since a + deprecated address is still a valid address for the interface. In the + case of TCP, this means TCP SYN segments sent to a deprecated address + are responded to using the deprecated address as a source address in + the corresponding SYN-ACK (if the connection would otherwise be + allowed). + + An implementation MAY prevent any new communication from using a + deprecated address, but system management MUST have the ability to + disable such a facility, and the facility MUST be disabled by + default. + + Other subtle cases should also be noted about source address + selection. For example, the above description does not clarify which + address should be used between a deprecated, smaller-scope address + and a non-deprecated, enough scope address. The details of the + address selection including this case are described in RFC 3484 [8] + and beyond the scope of this document. + + An address (and its association with an interface) becomes invalid + when its valid lifetime expires. An invalid address MUST NOT be used + as a source address in outgoing communications and MUST NOT be + recognized as a destination on a receiving interface. + +5.6 Configuration Consistency + + It is possible for hosts to obtain address information using both + stateless and stateful protocols since both may be enabled at the + same time. It is also possible that the values of other + configuration parameters such as MTU size and hop limit will be + learned from both Router Advertisements and the stateful + autoconfiguration protocol. If the same configuration information is + provided by multiple sources, the value of this information should be + consistent. However, it is not considered a fatal error if + information received from multiple sources is inconsistent. Hosts + accept the union of all information received via the stateless and + stateful protocols. If inconsistent information is learned different + sources, the most recently obtained values always have precedence + over information learned earlier. + +5.7 Retaining Configured Addresses for Stability + + An implementation that has stable storage may want to retain + addresses in the storage when the addresses were acquired using + stateless address autoconfiguration. Assuming the lifetimes used are + reasonable, this technique implies that a temporary outage (less than + the valid lifetime) of a router will never result in the node losing + its global address even if the node were to reboot. When this + technique is used, it should also be noted that the expiration times + of the preferred and valid lifetimes must be retained, in order to + prevent the use of an address after it has become deprecated or + invalid. + + Further details on this kind of extension are beyond the scope of + this document. + +6. SECURITY CONSIDERATIONS + + Stateless address autoconfiguration allows a host to connect to a + network, configure an address and start communicating with other + nodes without ever registering or authenticating itself with the + local site. Although this allows unauthorized users to connect to + and use a network, the threat is inherently present in the Internet + architecture. Any node with a physical attachment to a network can + generate an address (using a variety of ad hoc techniques) that + provides connectivity. + + The use of stateless address autoconfiguration and Duplicate Address + Detection opens up the possibility of several denial of service + attacks. For example, any node can respond to Neighbor Solicitations + for a tentative address, causing the other node to reject the address + as a duplicate. A separate document [12] discusses details about + these attacks. These attacks can be addressed by requiring that + Neighbor Discovery packets be authenticated [1]. However, it should + be noted that [12] points out the use of IP security is not always + feasible depending on network environments. + +7. IANA CONSIDERATIONS + + This document has no actions for IANA. + +8. Acknowledgements + + The authors would like to thank the members of both the IPNG (which + is now IPV6) and ADDRCONF working groups for their input. In + particular, thanks to Jim Bound, Steve Deering, Richard Draves, and + Erik Nordmark. Thanks also goes to John Gilmore for alerting the WG + of the "0 Lifetime Prefix Advertisement" denial of service attack + vulnerability; this document incorporates changes that address this + vulnerability. + + A number of people have contributed to identifying issues on a + previous version of this document and to proposing resolutions to the + issues, on which this version is based. In addition to those listed + above, the contributors include Jari Arkko, Brian E Carpenter, + Gregory Daley, Ralph Droms, Christian Huitema, Soohong Daniel Park, + Markku Savela, and Pekka Savola. + +Normative References + + [1] Kent, S. and R. Atkinson, "IP Authentication Header", RFC 2402, + November 1998. + + [2] Crawford, M., "A Method for the Transmission of IPv6 Packets + over Ethernet Networks", RFC 2464, December 1998. + + [3] Bradner, S., "Key words for use in RFCs to Indicate Requirement + Levels", RFC 2119, March 1997. + + [4] Hinden, R. and S. Deering, "Internet Protocol Version 6 (IPv6) + Addressing Architecture", RFC 3513, April 2003. + + [5] Narten, T., Nordmark, E. and W. Simpson, "Neighbor Discovery for + IP Version 6 (IPv6)", RFC 2461, December 1998. + +Informative References + + [6] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C. and M. + Carney, "Dynamic Host Configuration Protocol for IPv6 + (DHCPv6)", RFC 3315, July 2003. + + [7] Droms, R., "Stateless Dynamic Host Configuration Protocol + (DHCP) Service for IPv6", RFC 3736, April 2004. + + [8] Draves, R., "Default Address Selection for Internet Protocol + version 6 (IPv6)", RFC 3484, February 2003. + + [9] Narten, T. and R. Draves, "Privacy Extensions for Stateless + Address Autoconfiguration in IPv6", RFC 3041, January 2001. + + [10] Aura, T., "Cryptographically Generated Addresses (CGA)", + draft-ietf-send-cga-06.txt (work in progress), April 2004. + + [11] Deering, S., Fenner, W. and B. Haberman, "Multicast Listener + Discovery (MLD) for IPv6", RFC 2710, October 1999. + + [12] Nikander, P., Kempf, J. and E. Nordmark, "IPv6 Neighbor + Discovery (ND) Trust Models and Threats", RFC 3756, May 2004. + + [13] Deering, S., "Host Extensions for IP Multicasting", RFC 1112, + August 1989. + + [14] IEEE, "Wireless LAN Medium Access Control (MAC) and Physical + Layer (PHY) Specifications", ANSI/IEEE STd 802.11, August 1999. + +Authors' Addresses + + Susan Thomson + Cisco Systems + + EMail: sethomso@cisco.com + Thomas Narten + IBM Corporation + P.O. Box 12195 + Research Triangle Park, NC 27709-2195 + USA + + Phone: +1 919-254-7798 + EMail: narten@us.ibm.com + + Tatuya Jinmei + Corporate Research & Development Center, Toshiba Corporation + 1 Komukai Toshiba-cho, Saiwai-ku + Kawasaki-shi, Kanagawa 212-8582 + Japan + + Phone: +81 44-549-2230 + EMail: jinmei@isl.rdc.toshiba.co.jp + +Appendix A. LOOPBACK SUPPRESSION & DUPLICATE ADDRESS DETECTION + + Determining whether a received multicast solicitation was looped back + to the sender or actually came from another node is implementation- + dependent. A problematic case occurs when two interfaces attached to + the same link happen to have the same identifier and link-layer + address, and they both send out packets with identical contents at + roughly the same time (e.g., Neighbor Solicitations for a tentative + address as part of Duplicate Address Detection messages). Although a + receiver will receive both packets, it cannot determine which packet + was looped back and which packet came from the other node by simply + comparing packet contents (i.e., the contents are identical). In this + particular case, it is not necessary to know precisely which packet + was looped back and which was sent by another node; if one receives + more solicitations than were sent, the tentative address is a + duplicate. However, the situation may not always be this + straightforward. + + The IPv4 multicast specification [13] recommends that the service + interface provide a way for an upper-layer protocol to inhibit local + delivery of packets sent to a multicast group that the sending host + is a member of. Some applications know that there will be no other + group members on the same host, and suppressing loopback prevents + them from having to receive (and discard) the packets they themselves + send out. A straightforward way to implement this facility is to + disable loopback at the hardware level (if supported by the + hardware), with packets looped back (if requested) by software. On + interfaces in which the hardware itself suppresses loopbacks, a node + running Duplicate Address Detection simply counts the number of + Neighbor Solicitations received for a tentative address and compares + them with the number expected. If there is a mismatch, the tentative + address is a duplicate. + + In those cases where the hardware cannot suppress loopbacks, however, + one possible software heuristic to filter out unwanted loopbacks is + to discard any received packet whose link-layer source address is the + same as the receiving interface's. There is even a link-layer + specification that requires to discard any such packets [14]. + Unfortunately, use of that criteria also results in the discarding of + all packets sent by another node using the same link-layer address. + Duplicate Address Detection will fail on interfaces that filter + received packets in this manner: + + o If a node performing Duplicate Address Detection discards received + packets having the same source link-layer address as the receiving + interface, it will also discard packets from other nodes also + using the same link-layer address, including Neighbor + Advertisement and Neighbor Solicitation messages required to make + Duplicate Address Detection work correctly. This particular + problem can be avoided by temporarily disabling the software + suppression of loopbacks while a node performs Duplicate Address + Detection, if it is possible to disable the suppression. + + o If a node that is already using a particular IP address discards + received packets having the same link-layer source address as the + interface, it will also discard Duplicate Address + Detection-related Neighbor Solicitation messages sent by another + node also using the same link-layer address. Consequently, + Duplicate Address Detection will fail, and the other node will + configure a non-unique address. Since it is generally impossible + to know when another node is performing Duplicate Address + Detection, this scenario can be avoided only if software + suppression of loopback is permanently disabled. + + Thus, to perform Duplicate Address Detection correctly in the case + where two interfaces are using the same link-layer address, an + implementation must have a good understanding of the interface's + multicast loopback semantics, and the interface cannot discard + received packets simply because the source link-layer address is the + same as the interfaces. It should also be noted that a link-layer + specification can conflict with the condition necessary to make + Duplicate Address Detection work. + +Appendix B. CHANGES SINCE RFC 1971 + + o Changed document to use term "interface identifier" rather than + "interface token" for consistency with other IPv6 documents. + + o Clarified definition of deprecated address to make clear it is OK + to continue sending to or from deprecated addresses. + + o Added rules to Section 5.5.3 Router Advertisement processing to + address potential denial-of-service attack when prefixes are + advertised with very short Lifetimes. + + o Clarified wording in Section 5.5.4 to make clear that all upper + layer protocols must process (i.e., send and receive) packets sent + to deprecated addresses. + +Appendix C. CHANGE HISTORY + + Changes since RFC 2462 are: + + o Fixed a typo in Section 2. + + o Updated references and categorized them into normative and + informative ones. + + o Removed redundant code in denial of service protection in Section + 5.5.3. + + o Clarified that a unicasted NS or NA should be discarded while + performing Duplicate Address Detection. + + o Replaced the word "StoredLifetime" with "RemainingLifetime" with a + precise definition to avoid confusion. + + o Removed references to site-local and revise wording around the + keyword. + + o Added a note about source address selection with regards to + deprecated vs insufficient-scope addresses, etc. Added a reference + to RFC 3484 for further details. + + o Clarified what "new communication" means in Section 5.5.4. + + o Added a new subsection (5.7) to mention the possibility to use + stable storage to retain configured addresses for stability. + + o Revised the Security Considerations section with a reference to + RFC 3756 and a note that the use of IP security is not always + feasible. + + o Added a note with a reference in Appendix A about the case where a + link-layer filtering conflicts with a condition to make DAD work + correctly. + + o Specified that a node performing Duplicate Address Detection delay + joining the solicited-node multicast group, not just delay sending + Neighbor Solicitations, explaining the detailed reason. + + o Clarified the reason why the interface should be disabled after an + address duplicate is detected. Also clarified that the interface + may continue to be used if the interface identifier is not based + on the hardware address. + + o Clarified that the preferred lifetime for an existing configured + address is always reset to the advertised value by Router + Advertisement. + + o Updated the description of interface identifier considering the + latest format. + + Changes since draft-ietf-ipv6-rfc2462bis-00.txt are: + + o Clarified how the length of interface identifiers should be + determined, described the relationship with the prefix length + advertised in Router Advertisements, and avoided using a + particular length hard-coded in this document. + + o Added a note when an implementation uses stable storage for + autoconfigured addresses. + + o Resolved conflict with the Multicast Listener Discovery + specification about random delay for the first packet from the + host. + + o Clarified the semantics of the M and O flags based on the latest + standard and operational status. In particular, clarified that + these flags show the availability of the stateful protocol instead + of a trigger to invoke the stateful protocol. ManagedFlag and + OtherConfigFlag, which were implementation-internal variables, + were removed accordingly. + + o Recommended to perform Duplicate Address Detection for all unicast + addresses more strongly, considering a variety of different + interface identifiers, while keeping care of existing + implementations. + + o Added a requirement for a random delay befor sending Neighbor + Solicitations for Duplicate Address Detection if the address being + checked is configured by a multicasted Router Advertisements. + + o Clarified that the prefix comparison in Section 5.5.3 is based on + exact match. Also clarified the comparison described in this + document concentrates on addresses configured by the stateless + mechanism. + + o Revisited the author list. + + o Added IANA Considerations Section. + +Intellectual Property Statement + + The IETF takes no position regarding the validity or scope of any + intellectual property or other rights that might be claimed to + pertain to the implementation or use of the technology described in + this document or the extent to which any license under such rights + might or might not be available; neither does it represent that it + has made any effort to identify any such rights. Information on the + IETF's procedures with respect to rights in standards-track and + standards-related documentation can be found in BCP-11. Copies of + claims of rights made available for publication and any assurances of + licenses to be made available, or the result of an attempt made to + obtain a general license or permission for the use of such + proprietary rights by implementors or users of this specification can + be obtained from the IETF Secretariat. + + The IETF invites any interested party to bring to its attention any + copyrights, patents or patent applications, or other proprietary + rights which may cover technology that may be required to practice + this standard. Please address the information to the IETF Executive + Director. + +Full Copyright Statement + + Copyright (C) The Internet Society (2004). All Rights Reserved. + + This document and translations of it may be copied and furnished to + others, and derivative works that comment on or otherwise explain it + or assist in its implementation may be prepared, copied, published + and distributed, in whole or in part, without restriction of any + kind, provided that the above copyright notice and this paragraph are + included on all such copies and derivative works. However, this + document itself may not be modified in any way, such as by removing + the copyright notice or references to the Internet Society or other + Internet organizations, except as needed for the purpose of + developing Internet standards in which case the procedures for + copyrights defined in the Internet Standards process must be + followed, or as required to translate it into languages other than + English. + + The limited permissions granted above are perpetual and will not be + revoked by the Internet Society or its successors or assignees. + + This document and the information contained herein is provided on an + "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING + TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING + BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION + HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF + MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. + +Acknowledgement + + Funding for the RFC Editor function is currently provided by the + Internet Society.