RFC Errata
RFC 5677, "IEEE 802.21 Mobility Services Framework Design (MSFD)", December 2009
Source of RFC: mipshop (int)
Errata ID: 1967
Status: Held for Document Update
Type: Editorial
Publication Format(s) : TEXT
Reported By: Alfred Hoenes
Date Reported: 2009-12-21
Held for Document Update by: Brian Haberman
Section 8.1 says:
a) 1st para: [...] In such cases, the link between the DHCP client and Layer 2 termination point may be protected, but the DHCP message source and its messages cannot be authenticated or the integrity of the latter | checked unless there exits a security binding between link layer and DHCP layer. b) 2nd para: v | In the case where DNS is used for discovering MoS, fake DNS requests and responses may cause denial of service (DoS) and the inability of the MN to perform a proper handover, respectively. Where networks are exposed to such DoS, it is RECOMMENDED that DNS service providers use the Domain Name System Security Extensions (DNSSEC) as described in [RFC4033]. Readers may also refer to [RFC4641] to consider the aspects of DNSSEC operational practices.
It should say:
a) 1st para: [...] In such cases, the link between the DHCP client and Layer 2 termination point may be protected, but the DHCP message source and its messages cannot be authenticated or the integrity of the latter | checked unless there exists a security binding between link layer and DHCP layer. b) 2nd para: vvvvv | In the case where the DNS is used for discovering MoS, fake DNS requests and responses may cause denial of service (DoS) and the inability of the MN to perform a proper handover, respectively. Where networks are exposed to such DoS, it is RECOMMENDED that DNS service providers use the Domain Name System Security Extensions (DNSSEC) as described in [RFC4033]. Readers may also refer to [RFC4641] to consider the aspects of DNSSEC operational practices.
Notes:
Rationale:
a) typo
b) missing article