Hi, all. I was confusing about valid lifetime.
<draft-ietf-ipv6-rfc2462bis-08.txt> says RA with the value 0 of valid lifetime is invalid, if RA isn't authenticated. 5.5.3 Router Advertisement Processing ------------------------------------------------------------------------ 1044 2. If RemainingLifetime is less than or equal to 2 hours, ignore 1045 the Prefix Information option with regards to the valid 1046 lifetime, unless the Router Advertisement from which this 1047 option was obtained has been authenticated (e.g., via Secure 1048 Neighbor Discovery [RFC3971]). If the Router Advertisement 1049 was authenticated, the valid lifetime of the corresponding 1050 address should be set to the Valid Lifetime in the received 1051 option. ------------------------------------------------------------------------ Furthermore chapter 8 also says it is invalid clearly. 8. Acknowledgements ------------------------------------------------------------------------ 1217 Erik Nordmark. Thanks also goes to John Gilmore for alerting the WG 1218 of the "0 Lifetime Prefix Advertisement" denial of service attack 1219 vulnerability; this document incorporates changes that address this 1220 vulnerability. ------------------------------------------------------------------------ But <draft-ietf-ipv6-2461bis-04.txt> says, the value 0 is just a special case. 6.3.4. Processing Received Router Advertisements ------------------------------------------------------------------------ 2945 - If the prefix is already present in the host's Prefix List as 2954 the result of a previously-received advertisement, reset its 2955 invalidation timer to the Valid Lifetime value in the Prefix 2956 Information option. If the new Lifetime value is zero, time-out 2957 the prefix immediately (see Section 6.3.5). ------------------------------------------------------------------------ Unauthenticated RA with valid Lifetime=0 is invalid packet, right? I feel putting text to 6.3.4 makes 2461bis more clear. How do you think? Thanks, ------------------------------------------------------------------------ Yukiyo Akisada <[EMAIL PROTECTED]> -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------