Re: [2462bis] preferred lifetime and the 'two-hour' rule

2004-02-05 Thread Erik Nordmark
1) update the preferred lifetime regardless of whether the valid lifetime is accepted or not wrt the two-hour rule 2) update the preferred lifetime only when the valid lifetime is accepted 3) leave this as implementation dependent The KAME/BSD implementation behaves as option 1.

Re: [2462bis] preferred lifetime and the 'two-hour' rule

2004-02-05 Thread Erik Nordmark
So my first point is that we should clearly specify how the preferred lifetime is updated in 5.5.3 e) of rfc2462bis, mainly for normal cases. My second point is what we should do about the preferred lifetime when the valid lifetime is ignored due to the two-hour rule. My suggestion to the

Re: [2462bis] preferred lifetime and the 'two-hour' rule

2004-02-04 Thread Jari Arkko
JINMEI Tatuya wrote: While working on the rfc2462bis (stateless address autoconf) work, I've found a new issue, and would like to hear opinions. The current RFC2462 describes in Section 5.5.3 e) how the valid lifetime of an autoconfigured address is updated, considering the avoidance of DoS attack

Re: [2462bis] preferred lifetime and the 'two-hour' rule

2004-02-04 Thread Francis Dupont
In your previous mail you wrote: The current RFC2462 describes in Section 5.5.3 e) how the valid lifetime of an autoconfigured address is updated, considering the avoidance of DoS attack with too short lifetimes. = the DoS attack is about valid lifetime only because when a valid

RE: [2462bis] preferred lifetime and the 'two-hour' rule

2004-02-04 Thread S. Daniel Park
If so, it should make sense to recover this part in rfc2462bis. Possible options include: 1) update the preferred lifetime regardless of whether the valid lifetime is accepted or not wrt the two-hour rule 2) update the preferred lifetime only when the valid lifetime is accepted 3)

Re: [2462bis] preferred lifetime and the 'two-hour' rule

2004-02-04 Thread JINMEI Tatuya / 神明達哉
On Thu, 05 Feb 2004 11:35:53 +0900, S. Daniel Park [EMAIL PROTECTED] said: The KAME/BSD implementation behaves as option 1. However, it seems to me that option 2 makes much more sense because a rejected valid lifetime indicates a possibility of attack and the other parts of the

Re: [2462bis] preferred lifetime and the 'two-hour' rule

2004-02-04 Thread JINMEI Tatuya / 神明達哉
On Wed, 04 Feb 2004 10:17:44 +0100, Francis Dupont [EMAIL PROTECTED] said: The current RFC2462 describes in Section 5.5.3 e) how the valid lifetime of an autoconfigured address is updated, considering the avoidance of DoS attack with too short lifetimes. = the DoS attack is about

RE: [2462bis] preferred lifetime and the 'two-hour' rule

2004-02-04 Thread S. Daniel Park
What do you mean by omitted 'two-hour' rule? KAME implements the two-hour rule just as specified in RFC2462 with one exception: omitting the following part of 5.5.3 e) 2) If ...(snip) and the received Lifetime is less than or equal to StoredLifetime, since this