>>>>> On Thu, 05 Feb 2004 11:35:53 +0900,
>>>>> "S. Daniel Park" <[EMAIL PROTECTED]> said:
>> The KAME/BSD implementation behaves as option 1. However, it seems to
>> me that option 2 makes much more sense because a rejected valid
>> lifetime indicates a possibility of attack and the other parts of
>> the information may then be bogus as well. And, in fact, item 2 of
>> 5.5.3 e) says:
>>
>> 2) If the StoredLifetime is less than or equal to 2
>> hours and the
>> received Lifetime is less than or equal to StoredLifetime,
>> ignore the prefix,...
>>
>> that is, it specifies ignoring "the prefix", not just "the valid
>> lifetime".
>>
>> What do others think? As I already indicated, I'd propose to revise
>> the text clearly with option 2 above.
> To reduce logically redundancy, KAME just omitted "two-hour" rule IMHO.
What do you mean by "omitted 'two-hour' rule"? KAME implements the
two-hour rule just as specified in RFC2462 with one exception:
omitting the following part of 5.5.3 e)
2) If ...(snip) and the
received Lifetime is less than or equal to StoredLifetime,
since this condition is "logically redundant" as already discussed in
the wg.
(but the details of the KAME behavior about the two-hour rule itself
is not directly related to the main point in this thread. So let's
stop discussing this particular point in this thread)
JINMEI, Tatuya
Communication Platform Lab.
Corporate R&D Center, Toshiba Corp.
[EMAIL PROTECTED]
--------------------------------------------------------------------
IETF IPv6 working group mailing list
[EMAIL PROTECTED]
Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
