< draft-ietf-savi-mix-09.txt   draft-ietf-savi-mix-10.txt >
SAVI J. Bi SAVI J. Bi
Internet-Draft Tsinghua Univ. Internet-Draft Tsinghua Univ.
Intended status: Standards Track G. Yao Intended status: Standards Track G. Yao
Expires: January 20, 2016 Baidu Expires: May 18, 2016 Baidu
J. Halpern J. Halpern
Newbridge Newbridge
E. Levy-Abegnoli, Ed. E. Levy-Abegnoli, Ed.
Cisco Cisco
July 19, 2015 November 15, 2015
SAVI for Mixed Address Assignment Methods Scenario SAVI for Mixed Address Assignment Methods Scenario
draft-ietf-savi-mix-09 draft-ietf-savi-mix-10
Abstract Abstract
In case that multiple IP address assignment methods are allowed in a In networks that use multiple techniques for address assignment, the
network, the corresponding SAVI methods should be enabled to prevent appropriate Source Address Validation Improvement (SAVI) methods must
spoofing in the network. This document reviews how multiple SAVI be used to prevent spoofing of addresses assigned by each such
methods can coexist in a single SAVI device and collisions are technique. This document reviews how multiple SAVI methods can
resolved when the same binding entry is discovered by two or more coexist in a single SAVI device and collisions are resolved when the
methods. same binding entry is discovered by two or more methods.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on January 20, 2016. This Internet-Draft will expire on May 18, 2016.
Copyright Notice Copyright Notice
Copyright (c) 2015 IETF Trust and the persons identified as the Copyright (c) 2015 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 16 skipping to change at page 2, line 16
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Requirements Language . . . . . . . . . . . . . . . . . . . . 3 2. Requirements Language . . . . . . . . . . . . . . . . . . . . 3
3. Problem Scope . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Problem Scope . . . . . . . . . . . . . . . . . . . . . . . . 3
4. Architecture . . . . . . . . . . . . . . . . . . . . . . . . 3 4. Architecture . . . . . . . . . . . . . . . . . . . . . . . . 4
5. Recommendations for preventing collisions . . . . . . . . . . 5 5. Recommendations for preventing collisions . . . . . . . . . . 5
6. Resolving binding collisions . . . . . . . . . . . . . . . . 5 6. Resolving binding collisions . . . . . . . . . . . . . . . . 6
6.1. Same Address on Different Binding Anchors . . . . . . . . 5 6.1. Same Address on Different Binding Anchors . . . . . . . . 6
6.1.1. Basic preference . . . . . . . . . . . . . . . . . . 6 6.1.1. Basic preference . . . . . . . . . . . . . . . . . . 6
6.1.2. Overwritten preference . . . . . . . . . . . . . . . 6 6.1.2. Overwritten preference . . . . . . . . . . . . . . . 7
6.1.3. Multiple SAVI Device Scenario . . . . . . . . . . . . 7 6.1.3. Multiple SAVI Device Scenario . . . . . . . . . . . . 8
6.2. Same Address on the Same Binding Anchor . . . . . . . . . 7 6.2. Same Address on the Same Binding Anchor . . . . . . . . . 8
7. Security Considerations . . . . . . . . . . . . . . . . . . . 7 7. Security Considerations . . . . . . . . . . . . . . . . . . . 8
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9
9. Acknowledgment . . . . . . . . . . . . . . . . . . . . . . . 8 9. Acknowledgment . . . . . . . . . . . . . . . . . . . . . . . 9
10. References . . . . . . . . . . . . . . . . . . . . . . . . . 8 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 9
10.1. Normative References . . . . . . . . . . . . . . . . . . 8 10.1. Normative References . . . . . . . . . . . . . . . . . . 9
10.2. Informative References . . . . . . . . . . . . . . . . . 9 10.2. Informative References . . . . . . . . . . . . . . . . . 10
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 9 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 10
1. Introduction 1. Introduction
There are currently several SAVI documents ([RFC6620], [RFC7513] and There are currently several Source Address Validaiton Improvement
[RFC7219]) that describe the different methods by which a switch can (SAVI) documents ([RFC6620], [RFC7513] and [RFC7219]) that describe
discover and record bindings between a node's IP address and a the different methods by which a switch can discover and record
binding anchor and use that binding to perform source address bindings between a node's IP address and a binding anchor and use
validation. Each of these documents specifies how to learn on-link that binding to perform source address validation. Each of these
addresses, based on the method used for their assignment, documents specifies how to learn on-link addresses, based on the
respectively: StateLess Autoconfiguration (SLAAC), Dynamic Host technique used for their assignment, respectively: StateLess
Control Protocol (DHCP) and Secure Neighbor Discovery (SeND). Each Autoconfiguration (SLAAC), Dynamic Host Control Protocol (DHCP) and
of these documents describes separately how one particular method Secure Neighbor Discovery (SeND). Each of these documents describes
deals with address collisions (same address, different binding separately how one particular SAVI method deals with address
anchor). collisions (same address, different binding anchor).
While multiple IP assignment methods can be used in the same layer-2 While multiple IP assignment techniques can be used in the same
domain, a SAVI device might have to deal with a mix of SAVI methods. layer-2 domain, this means that a single SAVI device might have to
The purpose of this document is to provide recommendations to avoid deal with a combination or mix of SAVI methods. The purpose of this
collisions and to review collisions handling when two or more such document is to provide recommendations to avoid collisions and to
methods come up with competing bindings. review collisions handling when two or more such methods come up with
competing bindings.
2. Requirements Language 2. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119]. document are to be interpreted as described in RFC 2119 [RFC2119].
3. Problem Scope 3. Problem Scope
Three different IP address assignment methods have been analyzed for Three different IP address assignment techniques have been analyzed
SAVI: for SAVI:
1. StateLess Address AutoConfiguration (SLAAC) - analyzed in SAVI- 1. StateLess Address AutoConfiguration (SLAAC) - analyzed in SAVI-
FCFS[RFC6620] FCFS[RFC6620]
2. Dynamic Host Control Protocol address assignment (DHCP) - 2. Dynamic Host Control Protocol address assignment (DHCP) -
analyzed in SAVI-DHCP[RFC7513] analyzed in SAVI-DHCP[RFC7513]
3. Secure Neighbor Discovery (SeND) address assignment, analyzed in 3. Secure Neighbor Discovery (SeND) address assignment, analyzed in
SAVI-SEND[RFC7219] SAVI-SEND[RFC7219]
In addition, there is a fourth method for managing (i.e., creation, In addition, there is a fourth technique for managing (i.e.,
management, deletion) a binding on the switch, referred to as creation, management, deletion) a binding on the switch, referred to
"manual". It is based on manual binding configuration and is as "manual". It is based on manual binding configuration and is
analyzed in [RFC6620] and [RFC7039]. analyzed in [RFC6620] and [RFC7039].
All combinations of address assignment methods can coexist within a All combinations of address assignment techniques can coexist within
layer-2 domain. A SAVI device MUST implement the corresponding a layer-2 domain. A SAVI device MUST implement the corresponding
binding setup methods (referred to as a "SAVI method") to enable binding setup methods (referred to as a "SAVI method") for each such
Source Address Validation. If more than one SAVI method is enabled technique that is in use if it is to provide Source Address
on a SAVI device, the method is referred to as "mix address Validation. If more than one SAVI method is enabled on a SAVI
assignment method" in this document. device, the method is referred to as "mix address assignment method"
in this document.
SAVI methods are independent from each other, each one handling its SAVI methods are normally viewed as independent from each other, each
own entries. In the absence of reconciliation, each method will one handling its own entries. If multiple methods are used in the
reject packets sourced with an address it did not discovered. To same device without coordination, each method will attempt to reject
prevent addresses discovered by one method to be filtered out by packets sourced with any addresses that method did not discover. To
another, the binding table should be shared by all the solutions. prevent addresses discovered by one SAVI method from being filtered
However this could create some conflict when the same entry is out by another method, the SAVI binding table should be shared by all
discovered by two different methods. The purpose of this document is the SAVI methods in use in the device. This in turn could create
of two folds: provide recommendations and methods to avoid conflicts, some conflict when the same entry is discovered by two different
and resolve conflicts if and when they happen. Collisions happening methods. The purpose of this document is of two folds: provide
within a given method are outside the scope of this document. recommendations and methods to avoid conflicts, and to resolve
conflicts when they happen. Collisions happening within a given
method are outside the scope of this document.
4. Architecture 4. Architecture
A SAVI device may enable multiple SAVI methods. This mechanism, A SAVI device may implement ant use multiple SAVI methods. This
called SAVI-MIX, is proposed as a arbiter of the binding generation mechanism, called SAVI-MIX, is proposed as a arbiter of the binding
algorithms, generating the final binding entries as illustrated in generation algorithms from these multiple methods, generating the
Figure 1. Once a SAVI method generates a candidate binding, it will final binding entries as illustrated in Figure 1. Once a SAVI method
request SAVI-MIX to set up a corresponding entry in the binding generates a candidate binding, it will request SAVI-MIX to set up a
table. Then SAVI-MIX will check if there is any conflict in the corresponding entry in the binding table. Then SAVI-MIX will check
binding table. A new binding will be generated if there is no if there is any conflict in the binding table. A new binding will be
conflict. If there is a conflict, SAVI-MIX will determine whether to generated if there is no conflict. If there is a conflict, SAVI-MIX
replace the existing binding or reject the candidate binding based on will determine whether to replace the existing binding or reject the
the policies specified in Section 6. candidate binding based on the policies specified in Section 6.
The packet filtering will not be performed by each SAVI method As a result of this, the packet filtering in the SAVI device will not
separately. Instead, SAVI-MIX will perform filtering based on the be performed by each SAVI method separately. Instead, the table
entries in the binding table. resulting from applying SAVI-MIX will be used to perform filtering.
Thus the filtering is based on the combined results of the differents
SAVI mechanisms.
+--------------------------------------------------------+ +--------------------------------------------------------+
| | | |
| SAVI Device | | SAVI Device |
| | | |
| | | |
| +------+ +------+ +------+ | | +------+ +------+ +------+ |
| | SAVI | | SAVI | | SAVI | | | | SAVI | | SAVI | | SAVI | |
| | | | | | | | | | | | | | | |
| | FCFS | | DHCP | | SEND | | | | FCFS | | DHCP | | SEND | |
skipping to change at page 5, line 4 skipping to change at page 5, line 38
| | Table | | | | Table | |
| +--------------+ | | +--------------+ |
| | | |
+--------------------------------------------------------+ +--------------------------------------------------------+
Figure 1: SAVI-Mix Architecture Figure 1: SAVI-Mix Architecture
Each entry in the binding table will contain the following fields: Each entry in the binding table will contain the following fields:
1. IP source address 1. IP source address
2. Binding anchor 2. Binding anchor
3. Lifetime 3. Lifetime
4. Creation time 4. Creation time
5. Binding methods: the methods which request the binding setup. 5. Binding methods: the SAVI method used for this entry.
5. Recommendations for preventing collisions 5. Recommendations for preventing collisions
If each solution has a dedicated address space, collisions won't If each address assignment technique uses a separate portion of the
happen. Using non overlapping address space across SAVI solutions is IP address space, collisions won't happen. Using non overlapping
therefore recommended. To that end, one should: address space across address assignment techniques, and thus across
SAVI methods is therefore recommended. To that end, one should:
1. DHCP/SLAAC: use non-overlapping prefix for DHCP and SLAAC. Set 1. DHCP/SLAAC: use non-overlapping prefix for DHCP and SLAAC. Set
the A bit in Prefix information option of Router Advertisement the A bit in Prefix information option of Router Advertisement
for SLAAC prefix, and set the M bit in Router Advertisement for for SLAAC prefix, and set the M bit in Router Advertisement for
DHCP prefix. For detail explanations on these bits, refer to DHCP prefix. For detail explanations on these bits, refer to
[RFC4861][RFC4862]. [RFC4861][RFC4862].
2. SeND/non-SeND: avoid mixed environment (where SeND and non-SeND 2. SeND/non-SeND: avoid mixed environment (where SeND and non-SeND
nodes are deployed) or separate the prefixes announced to SeND nodes are deployed) or separate the prefixes announced to SeND
and non-SenD nodes. One way to separate the prefixes is to have and non-SenD nodes. One way to separate the prefixes is to have
the router(s) announcing different (non-overlapping) prefixes to the router(s) announcing different (non-overlapping) prefixes to
SeND and to non-SeND nodes, using unicast Router SeND and to non-SeND nodes, using unicast Router
Advertisements[RFC6085], in response to SeND/non-SeND Router Advertisements[RFC6085], in response to SeND/non-SeND Router
Solicit. Solicit.
6. Resolving binding collisions 6. Resolving binding collisions
In situations where collisions could not be avoided, two cases should In situations where collisions can not be avoided by assignment
be considered: separation, two cases should be considered:
1. The same address is bound on two different binding anchors by 1. The same address is bound on two different binding anchors by
different SAVI methods. different SAVI methods.
2. The same address is bound on the same binding anchor by different 2. The same address is bound on the same binding anchor by different
SAVI methods. SAVI methods.
6.1. Same Address on Different Binding Anchors 6.1. Same Address on Different Binding Anchors
This would typically occur in case assignment address spaces could This would typically occur in case assignment address spaces could
not be separated. For instance, an address is assigned by SLAAC on not be separated. For instance, an address is assigned by SLAAC on
node X, installed in the binding table using SAVI-FCFS, anchored to node X, installed in the binding table using SAVI-FCFS, anchored to
"anchor-X". Later, the same address is assigned by DHCP to node Y, "anchor-X". Later, the same address is assigned by DHCP to node Y,
and SAVI-DHCP will generate a candidate binding entry, anchored to and SAVI-DHCP will generate a candidate binding entry, anchored to
"anchor-Y". "anchor-Y".
6.1.1. Basic preference 6.1.1. Basic preference
The SAVI device must decide whom the address should be bound with The SAVI device must decide to whom the address should be bound
(anchor-X or anchor-Y in this example). Current standard documents (anchor-X or anchor-Y in this example). Current standard documents
of address assignment methods have implied the prioritization of address assignment methods have implied the prioritization
relationship, i.e., first-come. relationship based on order in time, i.e., first-come first-served.
1. SLAAC: s5.4.5 of [RFC4862] 1. SLAAC: s5.4.5 of [RFC4862]
2. DHCPv4: s3.1-p5 of [RFC2131] 2. DHCPv4: s3.1-p5 of [RFC2131]
3. DHCPv6: s18.1.8 of [RFC3315] 3. DHCPv6: s18.1.8 of [RFC3315]
4. SeND: s8 of [RFC3971] 4. SeND: s8 of [RFC3971]
In the absence of any configuration or protocol hint (see In the absence of any configuration or protocol hint (see
Section 6.1.2) the SAVI device should choose the first-come binding Section 6.1.2) the SAVI device should choose the first-come binding
anchor, whether it was learnt from SLAAC, SeND or DHCP. anchor, whether it was learnt from SLAAC, SeND or DHCP.
6.1.2. Overwritten preference 6.1.2. Overwritten preference
skipping to change at page 6, line 43 skipping to change at page 7, line 31
should be given to the anchor that carries the CGA credentials once should be given to the anchor that carries the CGA credentials once
they are verified, in particular the CGA parameters and the RSA they are verified, in particular the CGA parameters and the RSA
options. Note that if an attacker was trying to replay CGA options. Note that if an attacker was trying to replay CGA
credentials, he would then compete on the base of "First-Come, First- credentials, he would then compete on the base of "First-Come, First-
Served" (FCFS) principle. Served" (FCFS) principle.
6.1.2.2. configuration preference 6.1.2.2. configuration preference
For configuration driven exceptions, the SAVI device may allow the For configuration driven exceptions, the SAVI device may allow the
configuration of a triplet ("prefix", "anchor", "method") or configuration of a triplet ("prefix", "anchor", "method") or
("address", "anchor", "method"), where at least one of ("anchor", ("address", "anchor", "method"). The "prefix" or "address"
"method") should be specified. Later, if a DAD message is received represents the address or address prefix to which this preference
with the following conditions verified: entry applies. The "anchor" is the value of a know binding anchor
that this device expects to see using this address or addresses from
this prefix. The "method" is the SAVI method that this device
expects to use in validating address binding entries from the address
or prefix. At least one of "anchor" and "method" MUST be specified.
Later, if a DAD message is received with the following conditions
verified:
1. The target in the DAD message does not exist in the binding table 1. The target in the DAD message does not exist in the binding table
2. The target is within configured "prefix" (or equal to "address") 2. The target is within configured "prefix" (or equal to "address")
3. The anchor bound to target is different from the configured 3. The anchor bound to target is different from the configured
anchor, when specified anchor, when specified
4. The configured method, if any, is different from SAVI-FCFS 4. The configured method, if any, is different from SAVI-FCFS
the switch should defend the address by responding to the DAD The switch should defend the address by responding to the DAD
message, with a NA message or an ARP response, on behalf of the message, with a NA message, on behalf of the target node. SeND nodes
target node. Plain NA will be replied to SeND DAD. SeND accepts in the network MUST disable the option to ignore unsecured
plain NA for the first time (see s8 of [RFC3971]). The probability advertisements (see s8 of [RFC3971]). If the option is enabled, the
for a SeND node to generate a colliding address more than one time is case is outside the scope of this document.
trivial in practice, thus the response can effectively protect an
existing binding.
It should not at this point install the entry into the binding table. It should not install the entry into the binding table. It will
It will simply prevent the node to assign the address, and will de- simply prevent the node to assign the address, and will de-facto
facto prioritize the configured anchor. This is especially useful to prioritize the configured anchor. This is especially useful to
protect well known bindings such as a static address of a server over protect well known bindings such as a static address of a server over
anybody, even when the server is down. It is also a way to give anybody, even when the server is down. It is also a way to give
priority to a binding learnt from SAVI-DHCP over a binding for the priority to a binding learnt from SAVI-DHCP over a binding for the
same address, learnt from SAVI-FCFS. same address, learnt from SAVI-FCFS.
6.1.3. Multiple SAVI Device Scenario 6.1.3. Multiple SAVI Device Scenario
A single SAVI device doesn't have the information of all bound A single SAVI device doesn't have the information of all bound
addresses on the perimeter. Therefore it is not enough to lookup addresses on the perimeter. Therefore it is not enough to lookup
local bindings to identify a collision. However, assuming DAD is local bindings to identify a collision. However, assuming DAD is
skipping to change at page 8, line 6 skipping to change at page 8, line 48
7. Security Considerations 7. Security Considerations
SAVI MIX does not eliminate the security problems of each SAVI SAVI MIX does not eliminate the security problems of each SAVI
method. Thus, the potential attacks, e.g., the DoS attack against method. Thus, the potential attacks, e.g., the DoS attack against
the SAVI device resource, can still happen. In deployment, the the SAVI device resource, can still happen. In deployment, the
security threats from each enabled SAVI methods should be prevented security threats from each enabled SAVI methods should be prevented
by the corresponding proposed solutions in each document. by the corresponding proposed solutions in each document.
SAVI MIX is only a binding setup/removal arbitration mechanism. It SAVI MIX is only a binding setup/removal arbitration mechanism. It
does not introduce additional security threats only if the principle does not introduce additional security threats if the principle of
of decision is reasonable. However, there is a slight problem. SAVI decision is reasonable. However, there is a slight problem. SAVI
MIX is more tolerant about binding establish than each SAVI method MIX is more tolerant about binding establishment than each SAVI
alone. As long as one of the enabled SAVI method generates a method alone. As long as one of the enabled SAVI methods generates a
binding, the binding will be applied. As a result, the allowed binding, the binding will be applied. As a result, the allowed
binding number limitation or allowed binding setup rate limitation number of SAVI bindings or allowed SAVI binding setup rate will be
will be the sum of all the enabled SAVI methods. In deployment, the sum of that of all the enabled SAVI methods. In deployment,
whether a SAVI device is capable to support that resource requirement whether a SAVI device is capable of supporting the resulting resource
should be evaluated. requirements should be evaluated.
8. IANA Considerations 8. IANA Considerations
This memo asks the IANA for no new parameters. This memo asks the IANA for no new parameters.
9. Acknowledgment 9. Acknowledgment
Thanks to Christian Vogt, Eric Nordmark, Marcelo Bagnulo Braun and Thanks to Christian Vogt, Eric Nordmark, Marcelo Bagnulo Braun and
Jari Arkko for their valuable contributions. Jari Arkko for their valuable contributions.
10. References 10. References
10.1. Normative References 10.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<http://www.rfc-editor.org/info/rfc2119>.
[RFC2131] Droms, R., "Dynamic Host Configuration Protocol", [RFC2131] Droms, R., "Dynamic Host Configuration Protocol",
RFC 2131, DOI 10.17487/RFC2131, March 1997, RFC 2131, DOI 10.17487/RFC2131, March 1997,
<http://www.rfc-editor.org/info/rfc2131>. <http://www.rfc-editor.org/info/rfc2131>.
[RFC3315] Droms, R., Ed., Bound, J., Volz, B., Lemon, T., Perkins, [RFC3315] Droms, R., Ed., Bound, J., Volz, B., Lemon, T., Perkins,
C., and M. Carney, "Dynamic Host Configuration Protocol C., and M. Carney, "Dynamic Host Configuration Protocol
for IPv6 (DHCPv6)", RFC 3315, DOI 10.17487/RFC3315, July for IPv6 (DHCPv6)", RFC 3315, DOI 10.17487/RFC3315, July
2003, <http://www.rfc-editor.org/info/rfc3315>. 2003, <http://www.rfc-editor.org/info/rfc3315>.
 End of changes. 29 change blocks. 
104 lines changed or deleted 117 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/