> 1) update the preferred lifetime regardless of whether the valid > lifetime is accepted or not wrt the "two-hour" rule > 2) update the preferred lifetime only when the valid lifetime is > accepted > 3) leave this as implementation dependent
> The KAME/BSD implementation behaves as option 1. However, it seems to > me that option 2 makes much more sense because a rejected valid > lifetime indicates a possibility of attack and the other parts of > the information may then be bogus as well. And, in fact, item 2 of I'm trying to understand the utility/danger scale here. An operational possibility is that somebody accidentally configures an incorrect prefix in a router and advertises that with the default lifetimes (which are greater than 2 hours). When that is detected a minute later the operator can - drop the valid lifetime on the hosts down to 2 hours (by starting to advertise the prefix with a 2 hour valid lifetime which decrements over time) If we take alt #1 then the preferred lifetime can be immediately dropped to zero, which will stop the incorrect prefix from being used as a source address for new communication (which is good). Does alt #2 mean that the preferred lifetime would be 2 hours? Or that the preferred lifetime could be announced as zero as long as the valid lifetime is annouced with an acceptable value? I think you are suggesting the second one. And on the danger scale, with alt. #2 an on-link attacker can cause immediate deprecation by advertising the prefix with a valid lifetime = 3 hours and a preferred lifetime = 0, so I don't think it makes a difference whether we choose #1 or #2. I must be missing something. Erik -------------------------------------------------------------------- IETF IPv6 working group mailing list [EMAIL PROTECTED] Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
