idnits 2.17.00 (12 Aug 2021) /tmp/idnits30559/draft-suraj-dhcpv4-paa-option-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** It looks like you're using RFC 3978 boilerplate. You should update this to the boilerplate described in the IETF Trust License Policy document (see https://trustee.ietf.org/license-info), which is required now. -- Found old boilerplate from RFC 3978, Section 5.1 on line 21. -- Found old boilerplate from RFC 3978, Section 5.5 on line 348. -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 325. -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 332. -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 338. ** This document has an original RFC 3978 Section 5.4 Copyright Line, instead of the newer IETF Trust Copyright according to RFC 4748. ** This document has an original RFC 3978 Section 5.5 Disclaimer, instead of the newer disclaimer which includes the IETF Trust according to RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year == The document seems to lack the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. (The document does seem to have the reference to RFC 2119 which the ID-Checklist requires). -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (May 17, 2005) is 6213 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: draft-ietf-pana-pana has been published as RFC 5191 ** Obsolete normative reference: RFC 3315 (ref. '7') (Obsoleted by RFC 8415) Summary: 4 errors (**), 0 flaws (~~), 4 warnings (==), 7 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Internet Engineering Task Force S. Kumar 3 Internet-Draft Samsung India Software Operations 4 Expires: November 18, 2005 L. Morand 5 France Telecom R&D 6 A. Yegin 7 Samsung Advanced Institute of 8 Technology 9 S. Madanapalli 10 Samsung India Software Operations 11 May 17, 2005 13 DHCPv4 option for PANA Authentication Agents 14 draft-suraj-dhcpv4-paa-option-00.txt 16 Status of this Memo 18 By submitting this Internet-Draft, each author represents that any 19 applicable patent or other IPR claims of which he or she is aware 20 have been or will be disclosed, and any of which he or she becomes 21 aware will be disclosed, in accordance with Section 6 of BCP 79. 23 Internet-Drafts are working documents of the Internet Engineering 24 Task Force (IETF), its areas, and its working groups. Note that 25 other groups may also distribute working documents as Internet- 26 Drafts. 28 Internet-Drafts are draft documents valid for a maximum of six months 29 and may be updated, replaced, or obsoleted by other documents at any 30 time. It is inappropriate to use Internet-Drafts as reference 31 material or to cite them other than as "work in progress." 33 The list of current Internet-Drafts can be accessed at 34 http://www.ietf.org/ietf/1id-abstracts.txt. 36 The list of Internet-Draft Shadow Directories can be accessed at 37 http://www.ietf.org/shadow.html. 39 This Internet-Draft will expire on November 18, 2005. 41 Copyright Notice 43 Copyright (C) The Internet Society (2005). 45 Abstract 47 This document defines a new Dynamic Host Configuration Protocol 48 version 4 (DHCPv4) option that contains a list of domain names or 49 IPv4 addresses that can be mapped to one or more of PANA 50 Authentication Agents (PAA). This is one of the many methods that a 51 PANA Client (PaC) can use to locate PANA Authentication Agents (PAA). 53 Table of Contents 55 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 56 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 57 3. Requirements . . . . . . . . . . . . . . . . . . . . . . . . . 5 58 4. DHCPv4 specification dependency . . . . . . . . . . . . . . . 6 59 5. PANA Authentication Agent DHCPv4 Option . . . . . . . . . . . 7 60 5.1 PANA Authentication Agent Domain Name List . . . . . . . . 7 61 5.2 PANA Authentication Agent IPv4 Address List . . . . . . . 8 62 6. Client Operation . . . . . . . . . . . . . . . . . . . . . . . 10 63 7. DHCPv4 Server Operation . . . . . . . . . . . . . . . . . . . 11 64 8. Security Considerations . . . . . . . . . . . . . . . . . . . 12 65 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13 66 10. Future Work . . . . . . . . . . . . . . . . . . . . . . . . 14 67 11. Normative References . . . . . . . . . . . . . . . . . . . . 14 68 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 14 69 Intellectual Property and Copyright Statements . . . . . . . . 16 71 1. Introduction 73 The Protocol for carrying Authentication for Network Access (PANA) 74 [1] defines a new Extensible Authentication Protocol (EAP) lower 75 layer that uses IP between the protocol end points. 77 The PANA protocol is run between a PANA Client (PaC) and a PANA 78 Authentication Agent (PAA) in order to perform authentication and 79 authorization for the network access service. 81 This document specifies a new DHCPv4 option [2] that allows PANA 82 client (PaC) to discover PANA Authentication Agents (PAA). This is 83 one of the many methods for locating PAAs: manual configuration is an 84 example of another one. 86 2. Terminology 88 This document uses the PANA terminology defined in [1]. 90 This document uses the DHCP terminology defined in [2] and [3]. 92 3. Requirements 94 The keywords MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD, 95 SHOULD NOT, RECOMMENDED, MAY, and OPTIONAL, when they appear in this 96 document, are to be interpreted as described in [4]. 98 4. DHCPv4 specification dependency 100 This document describes a new DHCPv4 option for obtaining a list of 101 domain names or IPv4 addresses to locate a PANA Authentication Agent. 102 This document should be read in conjunction with the DHCPv4 103 specifications [2] and [3]. 105 Definitions for terms and acronyms not specifically defined in this 106 document are defined in [2] and [3]. 108 5. PANA Authentication Agent DHCPv4 Option 110 This document defines a DHCPv4 option that carries either a 32-bit 111 (binary) IPv4 address list or, preferably, a domain name list to be 112 used by the PANA client to locate a PANA authentication Agent. 114 The option has two encodings, specified by the encoding byte ('enc') 115 that follows the code byte. If the encoding byte has the value 0, it 116 is followed by a list of domain names, as described below (Section 117 5.1). If the encoding byte has the value 1, it is followed by one or 118 more IPv4 addresses (Section 5.2). All implementations MUST support 119 both encodings. The 'option-length' field indicates the total number 120 of octets in the option following the 'option-length' field, 121 including the encoding byte. 123 5.1 PANA Authentication Agent Domain Name List 125 If the 'enc' byte has a value of 0, the encoding byte is followed by 126 a sequence of labels, encoded according to Section 3.1 of RFC 1035 127 [5], quoted below: 129 Domain names in messages are expressed in terms of a sequence of 130 labels. Each label is represented as a one octet length field 131 followed by that number of octets. Since every domain name ends 132 with the null label of the root, a domain name is terminated by a 133 length byte of zero. The high order two bits of every length 134 octet must be zero, and the remaining six bits of the length field 135 limit the label to 63 octets or less. To simplify 136 implementations, the total length of a domain name (i.e., label 137 octets and label length octets) is restricted to 255 octets or 138 less. 140 RFC 1035 encoding was chosen to accommodate future internationalized 141 domain name mechanisms. 143 The option MAY contain multiple domain names, but these SHOULD refer 144 to different NAPTR records, rather than different A records. Domain 145 names MUST be listed in order of preference. 147 Use of multiple domain names is not meant to replace NAPTR and SRV 148 records, but rather to allow a single DHCPv4 server to indicate 149 multiple PANA Authentication Agents available in the same access 150 network. 152 Clients MUST support compression according to the encoding in Section 153 4.1.4 of [5]. 155 If the length of the domain list exceeds the maximum permissible 156 within a single option (254 octets), then the domain list MUST be 157 represented in the DHCP message as specified in [6]. 159 The DHCPv4 option for this encoding has the format shown in Fig. 1. 161 0 1 2 3 162 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 163 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 164 | option-code | option-length | enc | ... 165 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 166 | PAA Domain Name List | 167 | ... | 168 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 169 Figure 1: DHCPv4 option for PAA Domain Name List 171 option-code: OPTION_PANA_AGENT(TBD) 173 option-length: Number of octets following the 'option-length' 174 field, including the encoding byte, in octets; variable. 176 enc: Encoding byte set to 0 178 PAA Domain Name List: The domain names of the PANA Authentication 179 Agents for the client to use. The domain names are encoded 180 according to Section 3.1 of RFC 1035 [5]. 182 5.2 PANA Authentication Agent IPv4 Address List 184 If the 'enc' byte has a value of 1, the encoding byte is followed by 185 a list of IPv4 addresses indicating one or more PANA Authentication 186 Agents available to the PANA client. PAAs MUST be listed in order of 187 preference. 189 The DHCPv4 option for this encoding has the format shown in Fig. 2. 191 0 1 2 3 192 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 193 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 194 | option-code | option-length | enc | ... 195 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 196 | PAA IP Address | ... 197 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 198 Figure 2: DHCPv4 option for PAA IPv4 Address List 200 option-code: OPTION_PANA_AGENT(TBD) 201 option-length: Number of octets following the 'option-length' 202 field, including the encoding byte in octets; Must be a multiple 203 of 4 plus one. 205 enc: Encoding byte set to 1 207 PAA IP Address: IPv4 address of a PAA for the PaC to use. The 208 PAAs are listed in the order of preference for use by the PaC. 210 6. Client Operation 212 The client requests PAA DHCPv4 Option in a Parameter Request List as 213 described in [2] and [3]. 215 If the PAA DHCPv4 option provided in response by the DHCPv4 server 216 contains multiple domain names, the client MUST try the records in 217 the order listed. The client only resolves the subsequent domain 218 names if attempts to contact the first one failed or denote a domain 219 administratively prohibited by client policy. 221 If the PAA DHCPv4 option provided in response by the DHCPv4 server 222 contains multiple IP addresses, the client MUST try the records in 223 the order listed. 225 7. DHCPv4 Server Operation 227 If a DHCPv4 server is configured with both PAA domain name list and 228 PAA IP address list, the DHCPv4 server should responds to the request 229 with the domain name list to be used by the PANA client. 231 A DHCP server MUST NOT mix the two list types (domain names and IPv4 232 address) in the same DHCPv4 message, even if it sends two different 233 instances of the same option. 235 8. Security Considerations 237 The security considerations in [1] and [2] apply. If an adversary 238 manages to modify the response from a DHCP server or insert its own 239 response, a PANA Client could be led to contact a rogue PANA Agent, 240 possibly one that then intercepts call requests or denies service. 242 9. IANA Considerations 244 IANA assignment for the following DHCPv4 option code is needed. 246 Option Name Value 247 ---------------------------------- 248 OPTION_PAA_AGENT TBD 250 10. Future Work 252 Defining similar options for DHCPv6 [7]. 254 11. Normative References 256 [1] Forsberg, D., Ohba, Y., Patil, B., Tschofenig, H., and A. Yegin, 257 "Protocol for Carrying Authentication for Network Access (PANA), 258 draft-ietf-pana-pana-08 (work in progress)", Novemeber 2005. 260 [2] Droms, R., "Dynamic Host Configuration Protocol", RFC 2131, 261 March 1997. 263 [3] Alexander, S. and R. Droms, "DHCP Options and BOOTP Vendor 264 Extensions", RFC 2132, March 1997. 266 [4] Bradner, S., "Key words for use in RFCs to Indicate Requirement 267 Levels", BCP 14, RFC 2119, March 1997. 269 [5] Mockapetris, P., "Domain names - implementation and 270 specification", STD 13, RFC 1035, November 1987. 272 [6] Lemon, T. and S. Cheshire, "Encoding Long Options in the Dynamic 273 Host Configuration Protocol (DHCPv4)", RFC 3396, November 2002. 275 [7] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., and M. 276 Carney, "Dynamic Host Configuration Protocol for IPv6 (DHCPv6)", 277 RFC 3315, July 2003. 279 Authors' Addresses 281 Suraj Kumar 282 Samsung India Software Operations 283 No. 3/1 Millers Road 284 Bangalore 285 India 287 Phone: +91 80 51197777 288 Email: suraj.kumar@samsung.com 289 Lionel Morand 290 France Telecom R&D 291 38-40 rue du general Leclerc 292 Issy-les-Moulineaux, F-92130 293 France 295 Phone: +33 1 4529 6257 296 Email: lionel.morand@francetelecom.com 298 Alper E. Yegin 299 Samsung Advanced Institute of Technology 300 75 West Plumeria Drive 301 San Jose, CA 95134 302 USA 304 Phone: +1 408 544 5656 305 Email: alper.yegin@samsung.com 307 Syam Madanapalli 308 Samsung India Software Operations 309 No. 3/1 Millers Road 310 Bangalore 311 India 313 Phone: +91 80 51197777 314 Email: syam@samsung.com 316 Intellectual Property Statement 318 The IETF takes no position regarding the validity or scope of any 319 Intellectual Property Rights or other rights that might be claimed to 320 pertain to the implementation or use of the technology described in 321 this document or the extent to which any license under such rights 322 might or might not be available; nor does it represent that it has 323 made any independent effort to identify any such rights. Information 324 on the procedures with respect to rights in RFC documents can be 325 found in BCP 78 and BCP 79. 327 Copies of IPR disclosures made to the IETF Secretariat and any 328 assurances of licenses to be made available, or the result of an 329 attempt made to obtain a general license or permission for the use of 330 such proprietary rights by implementers or users of this 331 specification can be obtained from the IETF on-line IPR repository at 332 http://www.ietf.org/ipr. 334 The IETF invites any interested party to bring to its attention any 335 copyrights, patents or patent applications, or other proprietary 336 rights that may cover technology that may be required to implement 337 this standard. Please address the information to the IETF at 338 ietf-ipr@ietf.org. 340 Disclaimer of Validity 342 This document and the information contained herein are provided on an 343 "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS 344 OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET 345 ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, 346 INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE 347 INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED 348 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 350 Copyright Statement 352 Copyright (C) The Internet Society (2005). This document is subject 353 to the rights, licenses and restrictions contained in BCP 78, and 354 except as set forth therein, the authors retain all their rights. 356 Acknowledgment 358 Funding for the RFC Editor function is currently provided by the 359 Internet Society.