| rfc9478v2.txt | rfc9478.txt | |||
|---|---|---|---|---|
| skipping to change at line 109 ¶ | skipping to change at line 109 ¶ | |||
| 1.1. Requirements Language | 1.1. Requirements Language | |||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and | "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and | |||
| "OPTIONAL" in this document are to be interpreted as described in BCP | "OPTIONAL" in this document are to be interpreted as described in BCP | |||
| 14 [RFC2119] [RFC8174] when, and only when, they appear in all | 14 [RFC2119] [RFC8174] when, and only when, they appear in all | |||
| capitals, as shown here. | capitals, as shown here. | |||
| 1.2. Traffic Selector Clarification | 1.2. Traffic Selector Clarification | |||
| The negotiation of traffic selectors is specified in Section 2.9 of | The negotiation of Traffic Selectors is specified in Section 2.9 of | |||
| [RFC7296], where it defines two TS Types (TS_IPV4_ADDR_RANGE and | [RFC7296], where it defines two TS Types (TS_IPV4_ADDR_RANGE and | |||
| TS_IPV6_ADDR_RANGE). The TS payload format is specified in | TS_IPV6_ADDR_RANGE). The TS payload format is specified in | |||
| Section 3.13 of [RFC7296]. However, the term "Traffic Selector" is | Section 3.13 of [RFC7296]. However, the term "Traffic Selector" is | |||
| used to denote the TS payloads and individual Traffic Selectors of | used to denote the TS payloads and individual Traffic Selectors of | |||
| that payload. Sometimes, the exact meaning can only be learned from | that payload. Sometimes, the exact meaning can only be learned from | |||
| context or if the item is written in plural ("Traffic Selectors" or | context or if the item is written in plural ("Traffic Selectors" or | |||
| "TSes"). This section clarifies these terms as follows: | "TSes"). This section clarifies these terms as follows: | |||
| A Traffic Selector (capitalized, no acronym) is one selector for | A Traffic Selector (capitalized, no acronym) is one selector for | |||
| traffic of a specific Traffic Selector Type (TS Type). For example, | traffic of a specific Traffic Selector Type (TS Type). For example, | |||
| skipping to change at line 132 ¶ | skipping to change at line 132 ¶ | |||
| denoted as (17, 0, 198.51.100.0-198.51.100.255). | denoted as (17, 0, 198.51.100.0-198.51.100.255). | |||
| A TS payload is a set of one or more Traffic Selectors of the same or | A TS payload is a set of one or more Traffic Selectors of the same or | |||
| different TS Types. It typically contains one or more of the TS Type | different TS Types. It typically contains one or more of the TS Type | |||
| of TS_IPV4_ADDR_RANGE and/or TS_IPV6_ADDR_RANGE. For example, the | of TS_IPV4_ADDR_RANGE and/or TS_IPV6_ADDR_RANGE. For example, the | |||
| above Traffic Selector by itself in a TS payload is denoted as | above Traffic Selector by itself in a TS payload is denoted as | |||
| TS((17, 0, 198.51.100.0-198.51.100.255)) | TS((17, 0, 198.51.100.0-198.51.100.255)) | |||
| 1.3. Security Label Traffic Selector Negotiation | 1.3. Security Label Traffic Selector Negotiation | |||
| The negotiation of traffic selectors is specified in Section 2.9 of | The negotiation of Traffic Selectors is specified in Section 2.9 of | |||
| [RFC7296] and states that the TSi/TSr payloads MUST contain at least | [RFC7296] and states that the TSi/TSr payloads MUST contain at least | |||
| one TS Type. This document adds a new TS Type of TS_SECLABEL that is | one TS Type. This document adds a new TS Type of TS_SECLABEL that is | |||
| valid only with at least one other TS Type. That is, it cannot be | valid only with at least one other TS Type. That is, it cannot be | |||
| the only TS Type present in a TSi or TSr payload. It MUST be used | the only TS Type present in a TSi or TSr payload. It MUST be used | |||
| along with an IP address selector type, such as TS_IPV4_ADDR_RANGE | along with an IP address selector type, such as TS_IPV4_ADDR_RANGE | |||
| and/or TS_IPV6_ADDR_RANGE. | and/or TS_IPV6_ADDR_RANGE. | |||
| 2. TS_SECLABEL Traffic Selector Type | 2. TS_SECLABEL Traffic Selector Type | |||
| This document defines a new TS Type, TS_SECLABEL, that contains a | This document defines a new TS Type, TS_SECLABEL, that contains a | |||
| skipping to change at line 196 ¶ | skipping to change at line 196 ¶ | |||
| A zero-length Security Label MUST NOT be used. If a received TS | A zero-length Security Label MUST NOT be used. If a received TS | |||
| payload contains a TS Type of TS_SECLABEL with a zero-length Security | payload contains a TS Type of TS_SECLABEL with a zero-length Security | |||
| Label, that specific TS payload MUST be ignored. If no other TS | Label, that specific TS payload MUST be ignored. If no other TS | |||
| payload contains an acceptable TS_SECLABEL TS Type, the exchange MUST | payload contains an acceptable TS_SECLABEL TS Type, the exchange MUST | |||
| be aborted with a TS_UNACCEPTABLE Error Notify message. A zero- | be aborted with a TS_UNACCEPTABLE Error Notify message. A zero- | |||
| length Security Label MUST NOT be interpreted as a wildcard security | length Security Label MUST NOT be interpreted as a wildcard security | |||
| label. | label. | |||
| If multiple Security Labels are allowed for a Traffic Selector's IP | If multiple Security Labels are allowed for a Traffic Selector's IP | |||
| address range, protocol and port range, the initiator includes all of | address range, protocol, and port range, the initiator includes all | |||
| these acceptable Security Labels. The responder MUST select exactly | of these acceptable Security Labels. The responder MUST select | |||
| one of the Security Labels. | exactly one of the Security Labels. | |||
| A responder that selected a TS with TS_SECLABEL MUST use the Security | A responder that selected a TS with TS_SECLABEL MUST use the Security | |||
| Label for all selector operations on the resulting TS. It MUST NOT | Label for all selector operations on the resulting TS. It MUST NOT | |||
| select a TS_SECLABEL without using the specified Security Label, even | select a TS_SECLABEL without using the specified Security Label, even | |||
| if it deems the Security Label optional, as the initiator has | if it deems the Security Label optional, as the initiator has | |||
| indicated (and expects) that the Security Label will be set for all | indicated (and expects) that the Security Label will be set for all | |||
| traffic matching the negotiated TS. | traffic matching the negotiated TS. | |||
| 3. Traffic Selector Negotiation | 3. Traffic Selector Negotiation | |||
| End of changes. 3 change blocks. | ||||
| 5 lines changed or deleted | 5 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. | ||||