| < draft-ietf-rtgwg-rfc3682bis-01.txt | draft-ietf-rtgwg-rfc3682bis-02.txt > | |||
|---|---|---|---|---|
| INTERNET-DRAFT V. Gill | INTERNET-DRAFT V. Gill | |||
| draft-ietf-rtgwg-rfc3682bis-01.txt J. Heasley | draft-ietf-rtgwg-rfc3682bis-02.txt J. Heasley | |||
| D. Meyer | D. Meyer | |||
| Category Experimental | Category Experimental | |||
| Expires: September 2004 March 2004 | Expires: October 2004 April 2004 | |||
| The Generalized TTL Security Mechanism (GTSM) | The Generalized TTL Security Mechanism (GTSM) | |||
| <draft-ietf-rtgwg-rfc3682bis-01.txt> | <draft-ietf-rtgwg-rfc3682bis-02.txt> | |||
| Status of this Memo | Status of this Memo | |||
| This document is an Internet-Draft and is subject to all provisions | This document is an Internet-Draft and is subject to all provisions | |||
| of Section 10 of RFC2026. | of Section 10 of RFC2026. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF), its areas, and its working groups. Note that | Task Force (IETF), its areas, and its working groups. Note that | |||
| other groups may also distribute working documents as Internet- | other groups may also distribute working documents as Internet- | |||
| Drafts. | Drafts. | |||
| skipping to change at page 6, line 16 ¶ | skipping to change at page 6, line 16 ¶ | |||
| achieve some robustness to changes in topology. Any | achieve some robustness to changes in topology. Any | |||
| directly connected check MUST be disabled for such | directly connected check MUST be disabled for such | |||
| peerings. | peerings. | |||
| It is assumed that a receive path ACL is an ACL | It is assumed that a receive path ACL is an ACL | |||
| that is designed to control which packets are | that is designed to control which packets are | |||
| allowed to go to the RP. This procedure will only | allowed to go to the RP. This procedure will only | |||
| allow protocol packets from adjacent router to pass | allow protocol packets from adjacent router to pass | |||
| onto the RP. | onto the RP. | |||
| (b) If the inbound TTL is 255 (for a directly connected | (b) If the inbound TTL is less than 255 for a directly | |||
| peer), or 255-(configured-range-of-acceptable-hops) (for | connected peer, or less than | |||
| multi-hop peers), the packet is NOT processed. Rather, | 255-(configured-range-of-acceptable-hops) for a | |||
| multi-hop peer, the packet is NOT processed. Rather, | ||||
| the packet is placed into a low priority queue, and | the packet is placed into a low priority queue, and | |||
| subsequently logged and/or silently discarded. In this | subsequently logged and/or silently discarded. In | |||
| case, an ICMP message MUST NOT be generated. | this case, an ICMP message MUST NOT be generated. | |||
| (ii) If GTSM is not enabled, normal protocol behavior is followed. | (ii) If GTSM is not enabled, normal protocol behavior is followed. | |||
| 3.1. Multi-hop Scenarios | 3.1. Multi-hop Scenarios | |||
| When a multi-hop protocol session is required, we set the expected | When a multi-hop protocol session is required, we set the expected | |||
| TTL value to be 255-(configured-range-of-acceptable-hops). This | TTL value to be 255-(configured-range-of-acceptable-hops). This | |||
| approach provides a qualitatively lower degree of security for the | approach provides a qualitatively lower degree of security for the | |||
| protocol implementing GTSM (i.e., a DoS attack could theoretically be | protocol implementing GTSM (i.e., a DoS attack could theoretically be | |||
| launched by compromising some box in the path). However, GTSM will | launched by compromising some box in the path). However, GTSM will | |||
| End of changes. 6 change blocks. | ||||
| 8 lines changed or deleted | 10 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||