idnits 2.17.00 (12 Aug 2021) /tmp/idnits4405/draft-ietf-aaa-na-reqts-07.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** Missing expiration date. The document expiration date should appear on the first and last page. ** The document seems to lack a 1id_guidelines paragraph about Internet-Drafts being working documents -- however, there's a paragraph with a matching beginning. Boilerplate error? ** The document seems to lack a 1id_guidelines paragraph about 6 months document validity -- however, there's a paragraph with a matching beginning. Boilerplate error? ** The document is more than 15 pages and seems to lack a Table of Contents. == The page length should not exceed 58 lines per page, but there was 27 longer pages, the longest (page 2) being 60 lines == It seems as if not all pages are separated by form feeds - found 0 form feeds but 28 pages Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an Abstract section. ** The document seems to lack an Introduction section. ** The document seems to lack a Security Considerations section. ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The document seems to lack an Authors' Addresses Section. ** There are 2 instances of too long lines in the document, the longest one being 3 characters in excess of 72. ** There are 19 instances of lines with control characters in the document. ** The document seems to lack a both a reference to RFC 2119 and the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. RFC 2119 keyword, line 98: '...more of the MUST or MUST NOT requireme...' RFC 2119 keyword, line 99: '...sion that satisfies all the MUST, MUST...' RFC 2119 keyword, line 100: '...NOT, SHOULD and SHOULD NOT requirement...' RFC 2119 keyword, line 101: '...e that satisfies all the MUST and MUST...' RFC 2119 keyword, line 102: '... but not all the SHOULD or SHOULD NOT ...' (44 more instances...) Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year == Line 1131 has weird spacing: '...imed to perta...' == Line 1174 has weird spacing: '...>, and expir...' -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- Couldn't find a document date in the document -- date freshness check skipped. Checking references for intended status: Informational ---------------------------------------------------------------------------- -- Missing reference section? '3' on line 794 looks like a reference -- Missing reference section? '2' on line 791 looks like a reference -- Missing reference section? '5' on line 802 looks like a reference -- Missing reference section? '4' on line 798 looks like a reference -- Missing reference section? '1' on line 788 looks like a reference -- Missing reference section? '8' on line 815 looks like a reference -- Missing reference section? '20' on line 849 looks like a reference -- Missing reference section? '14' on line 832 looks like a reference -- Missing reference section? '6' on line 807 looks like a reference -- Missing reference section? '7' on line 811 looks like a reference -- Missing reference section? '9' on line 818 looks like a reference -- Missing reference section? '10' on line 822 looks like a reference -- Missing reference section? '11' on line 824 looks like a reference -- Missing reference section? '12' on line 827 looks like a reference -- Missing reference section? '13' on line 830 looks like a reference -- Missing reference section? '15' on line 835 looks like a reference -- Missing reference section? '16' on line 838 looks like a reference -- Missing reference section? '17' on line 841 looks like a reference -- Missing reference section? '18' on line 843 looks like a reference -- Missing reference section? '19' on line 846 looks like a reference -- Missing reference section? '21' on line 757 looks like a reference -- Missing reference section? '22' on line 758 looks like a reference -- Missing reference section? '23' on line 759 looks like a reference -- Missing reference section? '24' on line 760 looks like a reference -- Missing reference section? '25' on line 761 looks like a reference -- Missing reference section? '26' on line 762 looks like a reference -- Missing reference section? '27' on line 763 looks like a reference -- Missing reference section? '28' on line 764 looks like a reference -- Missing reference section? '29' on line 765 looks like a reference -- Missing reference section? '30' on line 766 looks like a reference -- Missing reference section? '31' on line 767 looks like a reference -- Missing reference section? '32' on line 768 looks like a reference -- Missing reference section? '33' on line 769 looks like a reference -- Missing reference section? '34' on line 770 looks like a reference -- Missing reference section? '35' on line 771 looks like a reference -- Missing reference section? '36' on line 772 looks like a reference -- Missing reference section? '37' on line 773 looks like a reference -- Missing reference section? '38' on line 774 looks like a reference -- Missing reference section? '39' on line 775 looks like a reference -- Missing reference section? '40' on line 776 looks like a reference -- Missing reference section? '41' on line 777 looks like a reference -- Missing reference section? '42' on line 778 looks like a reference -- Missing reference section? '43' on line 779 looks like a reference -- Missing reference section? '44' on line 780 looks like a reference -- Missing reference section? '45' on line 781 looks like a reference -- Missing reference section? '46' on line 782 looks like a reference -- Missing reference section? '47' on line 783 looks like a reference -- Missing reference section? '48' on line 784 looks like a reference Summary: 13 errors (**), 0 flaws (~~), 5 warnings (==), 50 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 AAA Working Group Bernard Aboba, Microsoft 3 INTERNET-DRAFT Pat R. Calhoun 4 Category: Informational Steven M. Glass 5 Sun Microsystems, Inc. 6 24 August 2000 Tom Hiller 7 Pete McCann 8 Hajime Shiino 9 Lucent 10 Glen Zorn 11 Gopal Dommety 12 Cisco Systems, Inc. 13 Charles Perkins 14 Basavaraj Patil 15 Nokia Telecommunications 16 Dave Mitton 17 Serge Manning 18 Nortel Networks 19 Mark Beadles, SmartPipes Inc 20 Pat Walsh, Ameritech 21 Xing Chen, Alcatel 22 Takahiro Ayaki, DDI Corporation 23 Sanjeevan Sivalingham, Ericsson Wireless Communications 24 Alan Hameed, Fujitsu 25 Mark Munson, GTE Wireless 26 Stuart Jacobs, GTE Laboratories 27 Takuo Seki, IDO Corporation 28 Byng-Keun Lim, LG Information & Communications, Ltd. 29 Brent Hirschman, Motorola 30 Ray Hsu, Qualcomm, Inc. 31 Haeng Koo, Samsung Telecommunications America, Inc. 32 Mark Lipford, Sprint PCS 33 Yingchun Xu 34 Ed Campbell 35 3Com Corporation 36 Shinichi Baba, Toshiba America Research, Inc. 37 Eric Jaques, Vodaphone Airtouch 39 Criteria for Evaluating AAA Protocols for Network Access 41 This document is an Internet-Draft and is in full conformance with all 42 provisions of Section 10 of RFC2026. 44 Internet-Drafts are working documents of the Internet Engineering Task 45 Force (IETF), its areas, and its working groups. Note that other groups 46 may also distribute working documents as Internet- Drafts. 48 Internet-Drafts are draft documents valid for a maximum of six months 49 and may be updated, replaced, or obsoleted by other documents at any 50 time. It is inappropriate to use Internet-Drafts as reference material 51 or to cite them other than as "work in 53 The list of current Internet-Drafts can be accessed at 54 http://www.ietf.org/ietf/1id-abstracts.txt 56 The list of Internet-Draft Shadow Directories can be accessed at 57 http://www.ietf.org/shadow.html. 59 11.. Copyright Notice 61 Copyright (C) The Internet Society (2000). All Rights Reserved. 63 22.. Abstract 65 This document represents a summary of AAA protocol requirements for 66 network access. In creating this documents, inputs were taken from 67 documents produced by the NASREQ, ROAMOPS, and MOBILEIP working groups, 68 as well as from TIA 45.6. This document summarizes the requirements 69 collected from those sources, separating requirements for 70 authentication, authorization and accounting. Details on the 71 requirements are available in the original documents. 73 33.. Introduction 75 This document represents a summary of AAA protocol requirements for 76 network access. In creating this documents, inputs were taken from 77 documents produced by the NASREQ [3], ROAMOPS [2], and MOBILEIP [5] 78 working groups, as well as from TIA 45.6 [4]. This document summarizes 79 the requirements collected from those sources, separating requirements 80 for authentication, authorization and accounting. Details on the 81 requirements are available in the original documents. 83 33..11.. Requirements language 85 In this document, the key words "MAY", "MUST, "MUST NOT", "optional", 86 "recommended", "SHOULD", and "SHOULD NOT", are to be interpreted as 87 described in [1]. 89 Please note that the requirements specified in this document are to be 90 used in evaluating AAA protocol submissions. As such, the requirements 91 language refers to capabilities of these protocols; the protocol 92 documents will specify whether these features are required, recommended, 93 or optional. For example, requiring that a protocol support 94 confidentiality is NOT the same thing as requiring that all protocol 95 traffic be encrypted. 97 A protocol submission is not compliant if it fails to satisfy one or 98 more of the MUST or MUST NOT requirements for the capabilities that it 99 implements. A protocol submission that satisfies all the MUST, MUST 100 NOT, SHOULD and SHOULD NOT requirements for its capabilities is said to 101 be "unconditionally compliant"; one that satisfies all the MUST and MUST 102 NOT requirements but not all the SHOULD or SHOULD NOT requirements for 103 its protocols is said to be "conditionally compliant." 105 33..22.. Terminology 107 Accounting 108 The act of collecting information on resource usage for the 109 purpose of trend analysis, auditing, billing, or cost 110 allocation. 112 Administrative Domain 113 An internet, or a collection of networks, computers, and 114 databases under a common administration. Computer entities 115 operating in a common administration may be assumed to share 116 administratively created security associations. 118 Attendant A node designed to provide the service interface between a 119 client and the local domain. 121 Authentication 122 The act of verifying a claimed identity, in the form of a pre- 123 existing label from a mutually known name space, as the 124 originator of a message (message authentication) or as the 125 end-point of a channel (entity authentication). 127 Authorization 128 The act of determining if a particular right, such as access 129 to some resource, can be granted to the presenter of a 130 particular credential. 132 Billing The act of preparing an invoice. 134 Broker A Broker is an entity that is in a different administrative 135 domain from both the home AAA server and the local ISP, and 136 which provides services, such as facilitating payments between 137 the local ISP and home administrative entities. There are two 138 different types of brokers; proxy and routing. 140 Client A node wishing to obtain service from an attendant within an 141 administrative domain. 143 End-to-End 144 End-to-End is the security model that requires that security 145 information be able to traverse, and be validated even when an 146 AAA message is processed by intermediate nodes such as 147 proxies, brokers, etc. 149 Foreign Domain 150 An administrative domain, visited by a Mobile IP client, and 151 containing the AAA infrastructure needed to carry out the 152 necessary operations enabling Mobile IP registrations. From 153 the point of view of the foreign agent, the foreign domain is 154 the local domain. 156 Home Domain 157 An administrative domain, containing the network whose prefix 158 matches that of a mobile node's home address, and containing 159 the AAA infrastructure needed to carry out the necessary 160 operations enabling Mobile IP registrations. From the point 161 of view of the home agent, the home domain is the local 162 domain. 164 Hop-by-hop 165 Hop-by-hop is the security model that requires that each 166 direct set of peers in a proxy network share a security 167 association, and the security information does not traverse a 168 AAA entity. 170 Inter-domain Accounting 171 Inter-domain accounting is the collection of information on 172 resource usage of an entity within an administrative domain, 173 for use within another administrative domain. In inter-domain 174 accounting, accounting packets and session records will 175 typically cross administrative boundaries. 177 Intra-domain Accounting 178 Intra-domain accounting is the collection of information on 179 resource within an administrative domain, for use within that 180 domain. In intra-domain accounting, accounting packets and 181 session records typically do not cross administrative 182 boundaries. 184 Local Domain 185 An administrative domain containing the AAA infrastructure of 186 immediate interest to a Mobile IP client when it is away from 187 home. 189 Proxy A AAA proxy is an entity that acts as both a client and a 190 server. When a request is received from a client, the proxy 191 acts as a AAA server. When the same request needs to be 192 forwarded to another AAA entity, the proxy acts as a AAA 193 client. 195 Local Proxy 196 A Local Proxy is a AAA server that satisfies the definition of 197 a Proxy, and exists within the same administrative domain as 198 the network device (e.g. NAS) that issued the AAA request. 199 Typically, a local proxy will enforce local policies prior to 200 forwarding responses to the network devices, and are generally 201 used to multiplex AAA messages from a large number of network 202 devices. 204 Network Access Identifier 205 The Network Access Identifier (NAI) is the userID submitted by 206 the client during network access authentication. In roaming, 207 the purpose of the NAI is to identify the user as well as to 208 assist in the routing of the authentication request. The NAI 209 may not necessarily be the same as the user's e-mail address 210 or the user-ID submitted in an application layer 211 authentication. 213 Routing Broker 214 A Routing Broker is a AAA entity that satisfies the definition 215 of a Broker, but is NOT in the transmission path of AAA 216 messages between the local ISP and the home domain's AAA 217 servers. When a request is received by a Routing Broker, 218 information is returned to the AAA requester that includes the 219 information necessary for it to be able to contact the Home 220 AAA server directly. Certain organizations providing Routing 221 Broker services MAY also act as a Certificate Authority, 222 allowing the Routing Broker to return the certificates 223 necessary for the local ISP and the home AAA servers to 224 communicate securely. 226 Non-Proxy Broker 227 A Routing Broker is occasionally referred to as a Non-Proxy 228 Broker. 230 Proxy Broker 231 A Proxy Broker is a AAA entity that satisfies the definition 232 of a Broker, and acts as a Transparent Proxy by acting as the 233 forwarding agent for all AAA messages between the local ISP 234 and the home domain's AAA servers. 236 Real-time Accounting 237 Real-time accounting involves the processing of information on 238 resource usage within a defined time window. Time constraints 239 are typically imposed in order to limit financial risk. 241 Roaming Capability 242 Roaming capability can be loosely defined as the ability to 243 use any one of multiple Internet service providers (ISPs), 244 while maintaining a formal, customer-vendor relationship with 245 only one. Examples of cases where roaming capability might be 246 required include ISP "confederations" and ISP- provided 247 corporate network access support. 249 Session record 250 A session record represents a summary of the resource 251 consumption of a user over the entire session. Accounting 252 gateways creating the session record may do so by processing 253 interim accounting events. 255 Transparent Proxy 256 A Transparent Proxy is a AAA server that satisfies the 257 definition of a Proxy, but does not enforce any local policies 258 (meaning that it does not add, delete or modify attributes or 259 modify information within messages it forwards). 261 44.. Requirements Summary 263 The AAA protocol evaluation criteria for network access are summarized 264 below. For details on the requirements, please consult the documents 265 referenced in the footnotes. 267 44..11.. General requirements 269 These requirements apply to all aspects of AAA and thus are considered 270 general requirements. 272 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 273 | | | | | 274 | General | NASREQ | ROAMOPS | MOBILE | 275 | Reqts. | | | IP | 276 | | | | | 277 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 278 | | | | | 279 | Scalability | M | M | M | 280 | a | 12 | 3 | 30 39 | 281 | | | | | 282 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 283 | | | | | 284 | Fail-over | M | | M | 285 | b | 12 | | 31 | 286 | | | | | 287 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 288 | | | | | 289 | Mutual auth | M | | M | 290 | AAA client/server | 16 | | 30 | 291 | c | | | | 292 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 293 | | | | | 294 | Transmission level | | M | S | 295 | security | | 6 | 31 39 | 296 | d | | | | 297 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 298 | | | | | 299 | Data object | M | M | M | 300 | Confidentiality | 26 | 6 | 40 | 301 | e | | | | 302 | | | | | 303 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 304 | | | | | 305 | Data object | M | M | M | 306 | Integrity | 16 | 6 | 31 39 | 307 | f | | | | 308 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 309 | | | | | 310 | Certificate transport | M | | S/M | 311 | g | 42 | |31,33/46 | 312 | | | | | 313 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 314 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 315 | | | | | 316 | Reliable AAA transport | M | | M | 317 | mechanism | 22 | | 31 32 | 318 | h | | | | 319 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 320 | | | | | 321 | Run Over IPv4 | M | M | M | 322 | | 11 | 1 | 33 | 323 | | | | | 324 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 325 | | | | | 326 | Run Over IPv6 | M | | S | 327 | | 11 | 1 | 47 | 328 | | | | | 329 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 330 | | | | | 331 | Support Proxy and | M | | M | 332 | Routing Brokers | 12 | | 31 39 | 333 | i | | | | 334 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 335 | | | | | 336 | Auditability | S | | | 337 | j | 25 | | | 338 | | | | | 339 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 340 | | | | | 341 | Dual App and Transport | | O | M | 342 | Security not required | | 6 | 40 | 343 | k | | | | 344 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 345 | | | | | 346 | Ability to carry | M | | S | 347 | service-specific attr. | 43 | | 31 33 | 348 | l | | | | 349 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 351 Key 352 M = MUST 353 S = SHOULD 354 O = MAY 355 N = MUST NOT 356 B = SHOULD NOT 357 Clarifications 359 [a] The AAA protocol must be capable of supporting millions of users 360 and tens of thousands of simultaneous requests. The AAA 361 architecture and protocol MUST be capable of supporting tens of 362 thousands of devices, AAA servers, proxies and brokers. 364 [b] In the event of failure to communicate with a given server, the 365 protocol must provide a mechanism to change service to another 366 backup or secondary server. 368 [c] This requirement refers to the ability to support mutual 369 authentication between the AAA client and server. 371 [d] The AAA protocol requires authentication, integrity protection and 372 confidentiality at the transmission layer. This security model is 373 also referred to as hop-by-hop security, whereas the security is 374 established between two communicating peers. All of the security is 375 removed when the AAA message is processed by a receiving AAA 376 entity. 378 [e] The AAA protocol requires confidentiality at the object level, 379 where an object consists of one or more attributes. Object level 380 confidentiality implies that only the target AAA entity for whom 381 the data is ultimately destined may decrypt the data, regardless of 382 the fact that the message may traverse one or more intermediate AAA 383 entities (e.g. proxies, brokers). 385 [f] The AAA protocol requires authentication and integrity protection 386 at the object level, which consists of one or more attributes. 387 Object level authentication must be persistent across one or more 388 intermediate AAA entity (e.g. proxy, broker, etc), meaning that any 389 AAA entity in a proxy chain may verify the authentication. This 390 implies that data that is covered by object level security CANNOT 391 be modified by intermediate servers. 393 [g] The AAA protocol MUST be capable of transporting certificates. This 394 requirement is intended as an optimization, in lieu of requiring 395 that an out-of-band protocol be used to fetch certificates. 397 [h] This requirement refers to resilience against packet loss, 398 including: 399 1. Hop-by-hop retransmission and fail-over so that reliability 400 does not solely depend on single hop transport retransmission. 401 2. Control of the retransmission mechanism by the AAA application. 402 3. Acknowledgment by the transport that a message was delivered 403 successfully, separate from message semantics or syntax evaluation. 404 5. Piggy-backing of acknowledgments in AAA messages. 406 6. Timely delivery of AAA responses. 408 [i] In the Mobile IP AAA architecture, brokers can be in the forwarding 409 path, in which case they act as transparent proxies (proxy 410 brokers). Alternatively, it is also possible to conceive of 411 brokers operating as certifying authorities outside of the 412 forwarding path (routing brokers). 414 [j] An auditable process is one in which it is possible to definitively 415 determine what actions have been performed on AAA packets as they 416 travel from the home AAA server to the network device and back. 418 [k] The AAA protocol MUST allow communication to be secured. However, 419 the AAA protocol MUST also allow an underlying security service 420 (e.g. IP Security) to be used. When the latter is used, the former 421 MUST NOT be required. 423 [l] The AAA protocol MUST be extensible by third parties (e.g. other 424 IETF Working Groups), in order to define attributes that are 425 specific to the service being defined. This requirement simply 426 means that the AAA protocol MUST allow groups other than the AAA WG 427 to define standard attributes. 429 44..22.. Authentication Requirements 431 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 432 | | | | | 433 | Authentication | NASREQ | ROAMOPS | MOBILE | 434 | Reqts. | | | IP | 435 | | | | | 436 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 437 | | | | | 438 | NAI Support | M | M | S/M | 439 | a | 9 | 2 |32,34,39/| 440 | | | | 40 | 441 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 442 | | | | | 443 | CHAP Support | M | M | | 444 | b | 10 | 3 | | 445 | | | | | 446 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 447 | | | | | 448 | EAP Support | M | S | | 449 | c | 10 | 3 | | 450 | | | | | 451 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 452 | | | | | 453 | PAP/Clear-Text Support | M | B | | 454 | d | 26 | 3 | | 455 | | | | | 456 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 457 | | | | | 458 | Re-authentication | M | | S | 459 | on demand | 17 | | 33 | 460 | e | | | | 461 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 462 | | | | | 463 | Authorization Only | M | | | 464 | without Authentication | 9 | | | 465 | f | | | | 466 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 468 Key 469 M = MUST 470 S = SHOULD 471 O = MAY 472 N = MUST NOT 473 B = SHOULD NOT 475 Clarifications 476 [a] The AAA protocol MUST allow the use of Network Access Identifiers 477 (NAI) [8] to identify users and/or devices. 479 [b] The AAA protocol MUST allow CHAP [20] authentication information to 480 be transported. This is commonly used by Network Access Servers 481 that request authentication of a PPP user. 483 [c] The AAA protocol MUST allow for Extensible Authentication Protocol 484 (EAP) [14] payload to be transported. Since some EAP authentication 485 mechanisms require more than one round trip, the AAA protocol must 486 allow for such authentication mechanisms to be used. The actual EAP 487 authentication mechanism negotiated MUST be transparent to the AAA 488 protocol. When EAP is used, authentication typically occurs between 489 the user being authenticated and his/her home AAA server. 491 [d] While PAP is deprecated, it is still in widespread use for its 492 original intended purpose, which is support of clear-text 493 passwords. As a result, a AAA protocol will need to be able to 494 securely transport clear-text passwords. This includes providing 495 for confidentiality of clear-text passwords traveling over the 496 wire, as well as protecting against disclosure of clear-text 497 passwords to proxies in the forwarding path. 499 [e] The AAA protocol MUST allow for a user to be re-authenticated on- 500 demand. The protocol MUST allow for this event to be triggered by 501 either the user, access device (AAA client), or the home or visited 502 AAA server. 504 [f] The AAA protocol MUST NOT require that credentials of the user be 505 provided during authorization. The AAA protocol supports 506 authorization by identification or assertion only. 508 44..33.. Authorization Requirements 510 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 511 | | | | | 512 | Authorization | NASREQ | ROAMOPS | MOBILE | 513 | Reqts. | | | IP | 514 | | | | | 515 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 516 | Static and Dynamic | | | | 517 | IPv4/6 Address Assign. | M | M | M | 518 | a | 11 | 5 | 32 36 | 519 | | | | | 520 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 521 | | | | | 522 | RADIUS gateway | M | M | M | 523 | capability | 44 | 3 | 45 | 524 | b | | | | 525 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 526 | | | | | 527 | Reject | M | M | M | 528 | capability | 12 | 4 | 39 | 529 | c | | | | 530 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 531 | | | | | 532 | Precludes layer 2 | N | N | | 533 | tunneling | 11 | 5 | | 534 | | | | | 535 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 536 | | | | | 537 | Re-Authorization on | M | | S | 538 | demand | 18 | | 30 33 | 539 | d | | | | 540 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 541 | | | | | 542 | Support for Access Rules,| M | | | 543 | Restrictions, Filters | 11, 19 | | | 544 | e | | | | 545 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 546 | | | | | 547 | State Reconciliation | M | | | 548 | f | 20 | | | 549 | | | | | 550 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 551 | | | | | 552 | Unsolicited Disconnect | M | | | 553 | g | 18 | | | 554 | | | | | 555 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 556 Key 557 M = MUST 558 S = SHOULD 559 O = MAY 560 N = MUST NOT 561 B = SHOULD NOT 563 Clarifications 565 [a] The AAA protocol MUST allow a server to provide a static or dynamic 566 address during the authorization phase of a user and/or device. The 567 address assigned MUST be either of type IPv4 or IPv6. If both the 568 client AND the server are aware of a pre-configured address, then 569 it is considered static. Anything else is dynamic. 571 [b] This requirement refers to the ability of a new AAA protocol be 572 sufficiently compatible with the large installed base of attributes 573 for existing approaches (RADIUS), such that a server implementation 574 could speak both protocols, or translate between them. 576 [c] This requirement refers to the ability of a proxy broker to deny 577 access without forwarding the access request to the AAA server, or 578 to deny access after receiving an access accept from the AAA 579 server. 581 [d] This requirement refers to the ability of the AAA client or server 582 to trigger re-authorization, or to the ability of the server to 583 send updated authorization information to the device, such as "stop 584 service." Authorization can allow for a time period, then 585 additional authorization can be sought to continue. A server can 586 initially authorize a user to connect and receive services, but 587 later decide the user is no longer allowed use of the service, for 588 example after N minutes. Authorizations can have a time limit. Re- 589 authorization does not necessarily imply re-authentication. 591 [e] This requirement refers to the ability to of the protocol to 592 describe access operational limitations and authorization 593 restrictions to usage to the NAS which includes (but is not limited 594 to): 595 1. Session expirations and Idle Timeouts 596 2. Packet filters 597 3. Static routes 598 4. QoS parameters 600 [f] This requirement refers to the ability of the NAS to use the AAA 601 server to manage resource allocation state. This capability can 602 assist with, but it is not synonymous with, simultaneous user login 603 control, port usage limitations, or IP address pooling. 605 The design must provide for recovery from data loss due to a 606 variety of faults, including NAS and AAA server reboots, and 607 NAS/AAA server communication outages, and MUST be independent of 608 the accounting stream. The granularity of the recovery of state 609 information after an outage may be on the order of a fraction of a 610 minute. In order to provide for state recovery, explicit 611 session/resource status and update and disconnect messages will be 612 required. 614 Because of potential multi-domain issues, only systems that 615 allocate or use a resource should track its state. 617 [g] This requirement refers to the ability of the AAA server to request 618 the NAS to disconnect an active session for authorization policy 619 reasons. 621 44..44.. Accounting Requirements 623 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 624 | | | | | 625 | Accounting | NASREQ | ROAMOPS | MOBILE | 626 | Reqts. | | | IP | 627 | | | | | 628 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 629 | | | | | 630 | Real-time accounting | M | M | M | 631 | a | 14 | 7 | 31 | 632 | | | | | 633 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 634 | | | | | 635 | Mandatory Compact | | M | | 636 | Encoding | | 7 | | 637 | b | | | | 638 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 639 | | | | | 640 | Accounting Record | | M | M | 641 | Extensibility | | 7 | 33 | 642 | | | | | 643 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 644 | | | | | 645 | Batch Accounting | S | | | 646 | c | 21 | | | 647 | | | | | 648 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 649 | | | | | 650 | Guaranteed Delivery | M | | M | 651 | d | 22 | | 31 | 652 | | | | | 653 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 654 | | | | | 655 | Accounting Time Stamps | M | | M | 656 | e | 23 | | 40 | 657 | | | | | 658 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 659 | | | | | 660 | Dynamic Accounting | M | | | 661 | f | 48 | | | 662 | | | | | 663 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 665 Key 666 M = MUST 667 S = SHOULD 668 O = MAY 669 N = MUST NOT 670 B = SHOULD NOT 672 Clarifications 674 [a] This requirement may be loosely defined as reporting synchronously 675 with events. Typically the time window is on the order of seconds, 676 not milliseconds. 678 [b] The AAA protocol's Accounting data format MUST NOT be bloated, 679 imposing a large overhead for one or more accounting data elements. 681 [c] This requirement refers to the ability to buffer or store multiple 682 accounting records, and send them together at some later time. 684 [d] This is an application layer acknowledgment. This is sent when the 685 receiving server is willing to take responsibility for the message 686 data. 688 [e] This requirement refers to the ability to reflect the time of 689 occurrence of events such as log-on, logoff, authentication, 690 authorization and interim accounting. It also implies the ability 691 to provide for unambiguous time-stamps. 693 [f] This requirement refers to the ability to account for dynamic 694 authentication and authorization. To support this, there can be 695 multiple accounting records for a single session. 697 44..55.. Unique Mobile IP requirements 699 In addition to the above requirements, Mobile IP also has the following 700 additional requirements: 702 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 703 | | | | | 704 | Encoding of Mobile IP | | | M | 705 | registration messages | | | 33 | 706 | | | | | 707 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 708 | | | | | 709 | Firewall friendly | | | M | 710 | a | | | 35 | 711 | | | | | 712 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 713 | | | | | 714 | Allocation of local Home | | | S/M | 715 | agent | | | 37/41 | 716 | | | | | 717 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 719 Key 720 M = MUST 721 S = SHOULD 722 O = MAY 723 N = MUST NOT 724 B = SHOULD NOT 726 Clarifications 728 [a] A firewall friendly protocol is one which is designed to 729 accommodate a firewall acting as a proxy. For example, this would 730 permit a Home Agent AAA server situated behind a firewall to be 731 reachable from the Internet for the purposes of providing AAA 732 services to a Mobile IP Foreign Agent. 734 Footnotes 736 [1] Section 4.2.1 of [2] 737 [2] Section 4.2.2 of [2]. Also see [8]. 738 [3] Section 4.2.3 of [2]. Also see [14]. 739 [4] Section 4.2.4 of [2]. 740 [5] Section 4.2.5 of [2]. 741 [6] Section 4.2.6 of [2]. 742 [7] Section 4.3 of [2]. 743 [8] Section 6 of [3]. Also see [6]. 744 [9] Section 8.2.2.2 of [3]. Also see [14]. 746 [10] Section 8.2.2.1 of [3]. Also see [14]. 747 [11] Section 8.3.2.2 of [3]. Also see [7]. 748 [12] Section 8.1.1 of [3]. 749 [13] Section 8.1.4.4 of [3]. 750 [14] Section 8.4.1.2 of [3]. 751 [15] Section 8.4.2 of [3]. 752 [16] Section 8.1.3 of [3]. 753 [17] Section 8.2.1.2 of [3]. 754 [18] Section 8.3.1.1 of [3]. 755 [19] Section 8.3.2.1 of [3]. Also see [7]. 756 [20] Section 8.3.2.3 of [3]. Also see [6], [7]. 757 [21] Section 8.4.1.3 of [3]. 758 [22] Section 8.4.1.1 of [3]. 759 [23] Section 8.4.1.4 of [3]. 760 [24] Section 8.4.3.1 of [3]. 761 [25] Section 8.4.3.2 of [3]. 762 [26] Section 8.2.3.1 of [3]. 763 [27] Section 8.3.3.1 of [3]. 764 [28] Section 8.1.4.1 of [3]. 765 [29] Refer [15] 766 [30] Section 3 of [5] 767 [31] Section 3.1 of [5] 768 [32] Section 4 of [5] 769 [33] Section 5 of [5] 770 [34] Section 5.1 of [5] 771 [35] Section 5.2 of [5] 772 [36] Section 5.3 of [5] 773 [37] Section 5.4 of [5] 774 [38] Section 5.5 of [5] 775 [39] Section 6 of [5] 776 [40] Section 5.1 of [4] 777 [41] Section 5.2.2 of [4] 778 [42] Section 8.2.2.2 of [3] 779 [43] Section 8.1.2.3 of [3] 780 [44] Section 8.1.2.2 of [3] 781 [45] Section 5.4 of [4] 782 [46] Section 7 of [4] 783 [47] Section 8 of [5] 784 [48] Section 8.4.1.5 of [3] 786 55.. References 788 [1] Bradner, S., "Key words for use in RFCs to Indicate Requirement 789 Levels", BCP 14, RFC 2119, March 1997. 791 [2] Aboba, B., Zorn, G., "Criteria for Evaluating Roaming Protocols", 792 RFC 2477, January 1999. 794 [3] Beadles, M., Mitton, D. "Criteria for Evaluating Network Access 795 Server Protocols", Internet draft (work in progress), draft-ietf- 796 nasreq-criteria-05.txt, June 2000. 798 [4] Hiller, T., et al., "Cdma2000 Wireless Data Requirements for AAA", 799 Internet draft (work in progress), draft-hiller- 800 cdma2000-aaa-01.txt, June 2000. 802 [5] Glass, S., Hiller, T., Jacobs, S., Perkins, C., "Mobile IP 803 Authentication, Authorization, and Accounting Requirements", 804 Internet draft (work in progress), draft-ietf-mobileip-aaa- 805 reqs-04.txt, June 2000. 807 [6] Mitton, D., Beadles, M., "Network Access Server Requirements Next 808 Generation (NASREQNG) NAS Model", Internet draft (work in 809 progress), draft-ietf-nasreq-nasmodel-02.txt, May 2000. 811 [7] Mitton, D., "Network Access Server Requirements: Extended RADIUS 812 Practices", Internet draft (work in progress), draft-ietf-nasreq- 813 ext-radiuspract-03.txt, May 2000. 815 [8] Aboba, B., Beadles, M., "The Network Access Identifier", RFC 816 2486, January 1999. 818 [9] Rigney, C., Willens, S., Rubens, A., Simpson, W., "Remote 819 Authentication Dial In User Service (RADIUS)", RFC 2865, June 820 2000. 822 [10] Rigney, C., "RADIUS Accounting", RFC 2866, June 2000. 824 [11] Simpson, W., Editor, "The Point-to-Point Protocol (PPP)", STD 51, 825 RFC 1661, July 1994. 827 [12] Sklower, K., Lloyd, B., McGregor, G., Carr, D., and T. Coradetti, 828 "The PPP Multilink Protocol (MP)", RFC 1990, August 1996. 830 [13] Simpson, W., Editor, "PPP LCP Extensions", RFC 1570, January 1994. 832 [14] Blunk, L., Vollbrecht, J., "PPP Extensible Authentication Protocol 833 (EAP)", RFC 2284, March 1998. 835 [15] Solomon, J., Glass, S., "Mobile-IPv4 Configuration Option for PPP 836 IPCP" RFC 2290, Feb 1998 838 [16] Calhoun, P., Perkins, C. "Mobile IP Network Access Identifier 839 Extension for IPv4", RFC 2794, March 2000. 841 [17] Perkins, C., "IP Mobility Support", RFC 2002, Oct 1996. 843 [18] Johnson, D., Perkins, C., "Mobility Support in IPv6", draft-ietf- 844 mobileip-ipv6-11.txt, March 2000. 846 [19] Aboba, B., Vollbrecht, J., "Proxy Chaining and Policy 847 Implementation in Roaming", RFC 2607, June 1999. 849 [20] Simpson, W., "PPP Challenge Handshake Authentication Protocol 850 (CHAP)", RFC 1994, August 1996. 852 66.. Security Considerations 854 This document, being a requirements document, does not have any security 855 concerns. The security requirements on protocols to be evaluated using 856 this document are described in the referenced documents. 858 77.. IANA Considerations 860 This draft does not create any new number spaces for IANA 861 administration. 863 88.. Acknowledgments 865 Thanks to the members of the Mobile IP, AAA, and NASREQ working groups 866 who have discussed and commented on these requirements. We would also 867 like to thank the members of the AAA evaluation team, Mike St. Johns, 868 Barney Wolf, Mark Stevens, David Nelson, Dave Mitton, Basavaraj Patil 869 and Stuart Barkley for their thorough review of this document. 871 99.. Authors' Addresses 873 Bernard Aboba 874 Microsoft Corporation 875 One Microsoft Way 876 Redmond, WA 98052 878 Phone: +1 (425) 936-6605 879 Fax: +1 (425) 936-7329 880 Email: bernarda@microsoft.com 882 Pat R. Calhoun 883 Network and Security Research Center, Sun Labs 884 Sun Microsystems, Inc. 885 15 Network Circle 886 Menlo Park, CA 94025 888 Phone: +1 (650) 786-7733 889 Email: pcalhoun@eng.sun.com 891 Steven M. Glass 892 Sun Microsystems 893 1 Network Drive 894 Burlington, MA. 01845 896 Phone: +1 (781) 442-0504 897 Fax: +1 (781) 442-1677 898 Email: steven.glass@sun.com 900 Tom Hiller 901 Wireless Data Standards & Architectures 902 Lucent Technologies 903 263 Shuman Drive 904 Room 1HP2F-218 905 Naperville, IL 60563 907 Phone: +1 (630) 976-7673 908 Email: tom.hiller@lucent.com 910 Peter J. McCann 911 Lucent Technologies 912 Rm 2Z-305 913 263 Shuman Blvd 914 Naperville, IL 60566 916 Phone: +1 (630) 713 9359 917 Email: mccap@lucent.com 919 Hajime Shiino 920 Lucent Technologies Japan Ltd. 921 25 Mori Bldg. 1-4-30 Roppongi, 922 Minato-ku Tokyo 924 Phone:+81-3-5561-3695 925 Email: hshiino@lucent.com 927 Glen Zorn 928 Cisco Systems, Inc. 929 500 108th Avenue N.E., Suite 500 930 Bellevue, WA 98004 931 USA 933 Phone: +1 425 468 0955 934 Email: gwz@cisco.com 936 Gopal Dommety 937 IOS Network Protocols 938 Cisco Systems, Inc. 939 170 West Tasman Drive 940 San Jose, CA 95134-1706 942 Phone: +1 (408) 525-1404 943 Fax: +1 (408) 526-4952 944 Email: gdommety@cisco.com 946 Charles E. Perkins 947 Communications Systems Lab 948 Nokia Research Center 949 313 Fairchild Drive 950 Mountain View, California 952 Phone: +1 (650) 625-2986 953 Fax: +1 (650) 691-2170 954 Email: charliep@iprg.nokia.com 956 Basavaraj Patil 957 Nokia Networks 958 6000 Connection Dr. 959 Irving, Texas 75039 961 Phone: +1 972-894-6709 962 Fax: +1 972-894-5349 963 Email: Basavaraj.Patil@nokia.com 965 David Mitton 966 Nortel Networks 967 8 Federal St 968 Billerica, MA 01821 970 Phone: 978-288-4570 971 Fax: 978-288-3030 972 Email: dmitton@nortelnetworks.com 974 Serge Manning 975 Nortel Networks 976 2201 Lakeside Blvd 977 Richardson, TX 75082-4399 979 Phone: +1 (972) 684-7277 980 Email: smanning@nortelnetworks.com 982 Mark Anthony Beadles 983 SmartPipes, Inc. 984 545 Metro Place South 985 Suite 100 986 Dublin, OH 43017 988 Phone: 614-327-8046 989 Email: mbeadles@smartpipes.com 991 Pat Walsh 992 Ameritech 993 2000 W. Ameritech Ctr. Dr. 994 Hoffman Estates, IL 60195 996 Phone: +1 (847) 765-5845 997 Email: pwalsh@ameritechcell.com 999 Xing Chen 1000 Alcatel USA 1001 1000 Coit Road 1002 Plano, TX 75075, USA 1004 Phone: +1 (972) 519-4142 1005 Fax: +1 (972) 519-4843 1006 Email: xing.chen@usa.alcatel.com 1008 Takahiro Ayaki 1009 DDI corporation 1010 Ichibancho FS Bldg. 1011 8, Ichibancho, Chiyoda-ku Tokyo 1013 Phone: +81-3-3221-9682 1014 Email: ayaki@ddi.co.jp 1016 Sanjeevan Sivalingham 1017 Ericsson Wireless Communications Inc., 1018 Rm Q-356C 1019 6455 Lusk Blvd 1020 San Diego, CA 92126 1022 Phone: +1 (858) 332-5670 1023 Email: s.sivalingham@ericsson.com 1025 Alan Hameed 1026 Fujitsu 1027 2801 Telecom Parkway 1028 Richardson, Texas 75082 1030 Phone: +1 (972) 479-2089 1032 Mark Munson 1033 GTE Wireless 1034 One GTE Place 1035 Alpharetta, GA 30004 1037 Phone: +1 (678) 339-4439 1038 Email: mmunson@mobilnet.gte.com 1040 Stuart Jacobs 1041 Secure Systems Department 1042 GTE Laboratories 1043 40 Sylvan Road, 1044 Waltham, MA 02451-1128 1046 Phone: +1 (781) 466-3076 1047 Fax: +1 (781)466-2838 1048 Email: sjacobs@gte.com 1050 Takuo Seki 1051 IDO Corporation 1052 Gobancho YS Bldg. 1053 12-3, Gobancho, Chiyoda-ku Tokyo 1055 Phone: +81-3-3263-9660 1056 Email: t-seli@ido.co.jp 1058 Byng-Keun Lim 1059 LG Information & Communications, Ltd. 1060 533, Hogye-dong, Dongan-ku, Anyang-shi, 1061 Kyungki-do,431-080, Korea 1063 Phone: +82-343-450-7199 1064 Fax: +82-343-450-7050 1065 Email: bklim@lgic.co.kr 1067 Brent Hirschman 1068 1501 Shure Dr. 1069 Arlington Hieghts, IL 60006 1071 Phone: +1 (847) 632-1563 1072 Email: qa4053@email.mot.com 1074 Raymond T. Hsu 1075 Qualcomm Inc. 1076 6455 Lusk Blvd. 1077 San Diego, CA 92121 1079 Phone: +1 (619) 651-3623 1080 Email: rhsu@qualcomm.com 1081 Haeng Koo 1082 Samsung Telecommunications America, Inc. 1083 1130 E. Arapaho Road 1084 Richardson, TX, USA 75025 1086 Phone: +1 (972) 761-7735 1087 Email: hkoo@telecom.sna.samsung.com 1089 Mark A. Lipford 1090 Sprint PCS 1091 8001 College Blvd.; Suite 210 1092 Overland Park, KS 66210 1094 Phone: +1 (913) 664-8335 1095 Email: mlipfo01@sprintspectrum.com 1097 Ed Campbell 1098 3Com Corporation 1099 1800 W. Central Rd. 1100 Mount Prospect, IL 60056 1102 Phone: +1 (847) 342-6769 1103 Email: ed_campbell@3com.com 1105 Yingchun Xu 1106 3Com Corporation 1107 1800 W. Central Rd. 1108 Mount Prospect, IL 60056 1110 Phone: +1 (847) 342-6814 1111 Email: Yingchun_Xu@3com.com 1113 Shinichi Baba 1114 Toshiba America Research, Inc. 1115 PO Box 136, 1116 Convent Station, NJ 07961-0136 1118 Phone: +1 (973) 829-4795 1119 Email: sbaba@tari.toshiba.com 1121 Eric Jaques 1122 Vodafone AirTouch 1123 2999 Oak Road, MS-750 1124 Walnut Creek, CA 94596 1126 Phone: +1 (925) 279-6142 1127 Email: ejaques@akamail.com 1128 1100.. Intellectual Property Statement 1130 The IETF takes no position regarding the validity or scope of any 1131 intellectual property or other rights that might be claimed to pertain 1132 to the implementation or use of the technology described in this 1133 document or the extent to which any license under such rights might or 1134 might not be available; neither does it represent that it has made any 1135 effort to identify any such rights. Information on the IETF's 1136 procedures with respect to rights in standards-track and standards- 1137 related documentation can be found in BCP-11. Copies of claims of 1138 rights made available for publication and any assurances of licenses to 1139 be made available, or the result of an attempt made to obtain a general 1140 license or permission for the use of such proprietary rights by 1141 implementors or users of this specification can be obtained from the 1142 IETF Secretariat. 1144 The IETF invites any interested party to bring to its attention any 1145 copyrights, patents or patent applications, or other proprietary rights 1146 which may cover technology that may be required to practice this 1147 standard. Please address the information to the IETF Executive 1148 Director. 1150 1111.. Full Copyright Statement 1152 Copyright (C) The Internet Society (2000). All Rights Reserved. 1153 This document and translations of it may be copied and furnished to 1154 others, and derivative works that comment on or otherwise explain it or 1155 assist in its implementation may be prepared, copied, published and 1156 distributed, in whole or in part, without restriction of any kind, 1157 provided that the above copyright notice and this paragraph are included 1158 on all such copies and derivative works. However, this document itself 1159 may not be modified in any way, such as by removing the copyright notice 1160 or references to the Internet Society or other Internet organizations, 1161 except as needed for the purpose of developing Internet standards in 1162 which case the procedures for copyrights defined in the Internet 1163 Standards process must be followed, or as required to translate it into 1164 languages other than English. The limited permissions granted above are 1165 perpetual and will not be revoked by the Internet Society or its 1166 successors or assigns. This document and the information contained 1167 herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE 1168 INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR 1169 IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE 1170 INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED 1171 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE." 1172 1122.. Expiration Date 1174 This memo is filed as , and expires 1175 March 1, 2001.