draft-ietf-rtgwg-rfc3682bis-01.txt   draft-ietf-rtgwg-rfc3682bis-02.txt 
INTERNET-DRAFT V. Gill INTERNET-DRAFT V. Gill
draft-ietf-rtgwg-rfc3682bis-01.txt J. Heasley draft-ietf-rtgwg-rfc3682bis-02.txt J. Heasley
D. Meyer D. Meyer
Category Experimental Category Experimental
Expires: September 2004 March 2004 Expires: October 2004 April 2004
The Generalized TTL Security Mechanism (GTSM) The Generalized TTL Security Mechanism (GTSM)
<draft-ietf-rtgwg-rfc3682bis-01.txt> <draft-ietf-rtgwg-rfc3682bis-02.txt>
Status of this Memo Status of this Memo
This document is an Internet-Draft and is subject to all provisions This document is an Internet-Draft and is subject to all provisions
of Section 10 of RFC2026. of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet- other groups may also distribute working documents as Internet-
Drafts. Drafts.
skipping to change at page 6, line 16 skipping to change at page 6, line 16
achieve some robustness to changes in topology. Any achieve some robustness to changes in topology. Any
directly connected check MUST be disabled for such directly connected check MUST be disabled for such
peerings. peerings.
It is assumed that a receive path ACL is an ACL It is assumed that a receive path ACL is an ACL
that is designed to control which packets are that is designed to control which packets are
allowed to go to the RP. This procedure will only allowed to go to the RP. This procedure will only
allow protocol packets from adjacent router to pass allow protocol packets from adjacent router to pass
onto the RP. onto the RP.
(b) If the inbound TTL is 255 (for a directly connected (b) If the inbound TTL is less than 255 for a directly
peer), or 255-(configured-range-of-acceptable-hops) (for connected peer, or less than
multi-hop peers), the packet is NOT processed. Rather, 255-(configured-range-of-acceptable-hops) for a
multi-hop peer, the packet is NOT processed. Rather,
the packet is placed into a low priority queue, and the packet is placed into a low priority queue, and
subsequently logged and/or silently discarded. In this subsequently logged and/or silently discarded. In
case, an ICMP message MUST NOT be generated. this case, an ICMP message MUST NOT be generated.
(ii) If GTSM is not enabled, normal protocol behavior is followed. (ii) If GTSM is not enabled, normal protocol behavior is followed.
3.1. Multi-hop Scenarios 3.1. Multi-hop Scenarios
When a multi-hop protocol session is required, we set the expected When a multi-hop protocol session is required, we set the expected
TTL value to be 255-(configured-range-of-acceptable-hops). This TTL value to be 255-(configured-range-of-acceptable-hops). This
approach provides a qualitatively lower degree of security for the approach provides a qualitatively lower degree of security for the
protocol implementing GTSM (i.e., a DoS attack could theoretically be protocol implementing GTSM (i.e., a DoS attack could theoretically be
launched by compromising some box in the path). However, GTSM will launched by compromising some box in the path). However, GTSM will
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/