idnits 2.17.1 draft-ietf-radext-delegated-prefix-05.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** It looks like you're using RFC 3978 boilerplate. You should update this to the boilerplate described in the IETF Trust License Policy document (see https://trustee.ietf.org/license-info), which is required now. -- Found old boilerplate from RFC 3978, Section 5.1 on line 15. -- Found old boilerplate from RFC 3978, Section 5.5 on line 332. -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 343. -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 350. -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 356. ** This document has an original RFC 3978 Section 5.4 Copyright Line, instead of the newer IETF Trust Copyright according to RFC 4748. ** This document has an original RFC 3978 Section 5.5 Disclaimer, instead of the newer disclaimer which includes the IETF Trust according to RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There are 5 instances of too long lines in the document, the longest one being 1 character in excess of 72. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (October 16, 2006) is 6401 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 3633 (ref. '2') (Obsoleted by RFC 8415) -- Obsolete informational reference (is this intentional?): RFC 3588 (ref. '5') (Obsoleted by RFC 6733) -- Obsolete informational reference (is this intentional?): RFC 4005 (ref. '6') (Obsoleted by RFC 7155) Summary: 5 errors (**), 0 flaws (~~), 1 warning (==), 9 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group J. Salowey 3 Internet-Draft R. Droms 4 Intended status: Standards Track Cisco Systems, Inc. 5 Expires: April 19, 2007 October 16, 2006 7 RADIUS Delegated-IPv6-Prefix Attribute 8 draft-ietf-radext-delegated-prefix-05.txt 10 Status of this Memo 12 By submitting this Internet-Draft, each author represents that any 13 applicable patent or other IPR claims of which he or she is aware 14 have been or will be disclosed, and any of which he or she becomes 15 aware will be disclosed, in accordance with Section 6 of BCP 79. 17 Internet-Drafts are working documents of the Internet Engineering 18 Task Force (IETF), its areas, and its working groups. Note that 19 other groups may also distribute working documents as Internet- 20 Drafts. 22 Internet-Drafts are draft documents valid for a maximum of six months 23 and may be updated, replaced, or obsoleted by other documents at any 24 time. It is inappropriate to use Internet-Drafts as reference 25 material or to cite them other than as "work in progress." 27 The list of current Internet-Drafts can be accessed at 28 http://www.ietf.org/ietf/1id-abstracts.txt. 30 The list of Internet-Draft Shadow Directories can be accessed at 31 http://www.ietf.org/shadow.html. 33 This Internet-Draft will expire on April 19, 2007. 35 Copyright Notice 37 Copyright (C) The Internet Society (2006). 39 Abstract 41 This document defines a RADIUS (Remote Authentication Dial In User 42 Service) attribute that carries an IPv6 prefix that is to be 43 delegated to the user. This attribute is usable within either RADIUS 44 or Diameter. 46 1. Introduction 48 This document defines the Delegated-IPv6-Prefix attribute as a RADIUS 49 [1] attribute that carries an IPv6 prefix to be delegated to the 50 user, for use in the user's network. For example, the prefix in a 51 Delegated-IPv6-Prefix attribute can be delegated to another node 52 through DHCP Prefix Delegation [2]. 54 The Delegated-IPv6-Prefix attribute can be used in DHCP Prefix 55 Delegation between the delegating router and a RADIUS server, as 56 illustrated in the following message sequence. 58 Requesting Router Delegating Router RADIUS Server 59 | | | 60 |-Solicit------------>| | 61 | |-Request------------------------>| 62 | |<--Accept(Delegated-IPv6-Prefix)-| 63 |<--Advertise(Prefix)-| | 64 |-Request(Prefix)---->| | 65 |<--Reply(Prefix)-----| | 66 | | | 67 DHCP PD RADIUS 69 The Framed-IPv6-Prefix attribute [4] is not designed to support 70 delegation of IPv6 prefixes to be used in the user's network, and 71 therefore Framed-IPv6-Prefix and Delegated-IPv6-Prefix attributes may 72 be included in the same RADIUS packet. 74 2. Terminology 76 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 77 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 78 document are to be interpreted as described in RFC 2119 [3]. 80 3. Attribute format 82 The format of the Delegated-IPv6-Prefix is: 84 0 1 2 3 85 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 86 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 87 | Type | Length | Reserved | Prefix-Length | 88 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 89 Prefix 90 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 91 Prefix 92 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 93 Prefix 94 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 95 Prefix | 96 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 98 Type 100 TBD for Delegated-IPv6-Prefix 102 Length 104 The length of the entire attribute, in bytes. At least 4 105 (to hold Type/Length/Reserved/Prefix-Length for a 0-bit 106 prefix), and no larger than 20 (to hold Type/Length/ 107 Reserved/Prefix-Length for a 128-bit prefix) 109 Reserved 111 Always set to zero by sender; ignored by receiver 113 Prefix-Length 115 The length of the prefix being delegated, in bits. At least 116 0 and no larger than 128 bits (identifying a single IPv6 117 address) 119 Note that the prefix field is only required to be long enough to hold 120 the prefix bits and can be shorter than 16 bytes. Any bits in the 121 prefix field that are not part of the prefix MUST be zero. 123 The Delegated-IPv6-Prefix MAY appear in an Access-Accept packet, and 124 can appear multiple times. It MAY appear in an Access-Request packet 125 as a hint by the NAS to the server that it would prefer these 126 prefix(es), but the server is not required to honor the hint. 128 The Delegated-IPv6-Prefix attribute MAY appear in an Accounting- 129 Request packet. 131 The Delegated-IPv6-Prefix MUST NOT appear in any other RADIUS 132 packets. 134 4. Table of Attributes 136 The following table provides a guide to which attributes may be found 137 in which kinds of packets, and in what quantity. 139 +-----------------------------------------------------------------------+ 140 | Request Accept Reject Challenge Accounting # Attribute | 141 | Request | 142 | 0+ 0+ 0 0 0+ TBD Delegated-IPv6-Prefix | 143 +-----------------------------------------------------------------------+ 145 The meaning of the above table entries is as follows: 146 0 This attribute MUST NOT be present. 147 0+ Zero or more instances of this attribute MAY be present. 148 0-1 Zero or one instance of this attribute MAY be present. 149 1 Exactly one instance of this attribute MUST be present. 150 1+ One or more of these attributes MUST be present. 152 5. Diameter Considerations 154 When used in Diameter, the attribute defined in this specification 155 can be used as a Diameter AVP from the Code space 1-255, i.e., RADIUS 156 attribute compatibility space. No additional Diameter Code values 157 are therefore allocated. The data types of the attributes are as 158 follows: 160 Delegated-IPv6-Prefix OctetString 162 The attribute in this specification has no special translation 163 requirements for Diameter to RADIUS or RADIUS to Diameter gateways, 164 i.e., the attribute is copied as is, except for changes relating to 165 headers, alignment, and padding. See also RFC 3588 [5], Section 4.1, 166 and RFC 4005 [6], Section 9. 168 The text in this specification describing the applicability of the 169 Delegated-IPv6-Prefix attribute for RADIUS Access-Request applies in 170 Diameter to AA-Request [6] or Diameter-EAP-Request [7]. 172 The text in this specification describing the applicability of the 173 Delegated-IPv6-Prefix attribute for RADIUS Access-Accept applies in 174 Diameter to AA-Answer or Diameter-EAP-Answer that indicates success. 176 The text in this specification describing the applicability of the 177 Delegated-IPv6-Prefix attribute for RADIUS Accounting-Request applies 178 to Diameter Accounting-Request [6] as well. 180 The AVP flag rules [5] for the Delegated-IPv6-Prefix attribute are: 182 +---------------------+ 183 | AVP Flag rules | 184 |----+-----+----+-----|----+ 185 AVP | | |SHLD| MUST| | 186 Attribute Name Code Value Type |MUST| MAY | NOT| NOT|Encr| 187 ---------------------------------|----+-----+----+-----|----| 188 Delegated-IPv6- TBD OctetString| M | P | | V | Y | 189 Prefix | | | | | | 190 ---------------------------------|----+-----+----+-----|----| 192 6. IANA Considerations 194 IANA is requested to assign a Type value, TBD, for this attribute 195 from the RADIUS Attribute Types registry. 197 7. Security Considerations 199 Known security vulnerabilities of the RADIUS protocol are discussed 200 in RFC 2607 [8], RFC 2865 [1] and RFC 2869 [9]. Use of IPsec [10] 201 for providing security when RADIUS is carried in IPv6 is discussed in 202 RFC 3162. 204 Security considerations for the Diameter protocol are discussed in 205 RFC 3588 [5]. 207 8. Change Log 209 This section to be removed before publication as an RFC. 211 The following changes were made in revision -01 of this document: 212 o Added additional details to Abstract; defined that this attribute 213 can be used in both RADIUS and Diameter. (Issue 188) 214 o Moved and clarified text describing which packets this attribute 215 can appear in adjacent to table in section 3. (Issue 188) 216 o Fixed RFC 2119 boilerplate in section 2. (Issue 185) 217 o Fixed table in section 3 to clarify which packets this attribute 218 cannot appear in. (Issue 188) 219 o Added section 4, Diameter Considerations. (Issue 188) 220 o Made some references in section 6, Security Considerations, 221 Informative rather than Normative. (Issue 188) 222 o Updated reference to RFC 2401 [9] to RFC 4301. (Issue 188) 223 o Changed "IP SEC" to "IPsec" in section 6. (Issues 185 and 188) 225 The following changes were made in revision -02 of this document: 226 o Added a second paragraph to the Introduction, referencing the 227 Framed-IPv6-Prefix attribute 228 o Improved description of attribute fields in section 3 229 o Added border to table in section 3 230 o Updated Section 4, Diameter Considerations, to describe how this 231 attribute would be used in Diameter. 232 o Added reference to RFC 3588 in Section 6, Security Considerations. 234 The following changes, based on Issues 201 and 204 on the RADEXT WG 235 Issues list: http://www.drizzle.com/~aboba/RADEXT/, were made in 236 revision -03 of this document: 237 o Updated Section 5, Diameter Considerations, to describe the AVP 238 flag rules for this attribute. 239 o Edited Section 1, to clarify the relationship between the 240 Delegated-IPv6-Prefix and Framed-IPv6-Prefix attributes. 241 o Edited table of attributes and moved to a separate section. 243 Revision -04 includes the following changes: 244 o Editorial changes in the AVP flag rules table 245 o Editorial changes in the description of the relationship between 246 the Delegated-IPv6-Prefix and Framed-IPv6-Prefix attributes (last 247 paragraph of section 1) 248 o Editorial changes in the first paragraph of section 1 to clarify 249 that this document defines a new attribute not already defined in 250 RFC 2865 251 o Added a text and a diagram to section 1 to illustrate the use of 252 the Delegated-IPv6-Prefix attribute 254 Revision -05 includes the following changes: 255 o Corrected the spelling of "Reqesting" to "Requesting" in section 256 1, Introduction 257 o Corrected the spelling of "Delegate-IPv6-Prefix" to "Delegated- 258 IPv6-Prefix" in section 5, Diameter Consideration 260 9. References 262 9.1. Normative References 264 [1] Rigney, C., Willens, S., Rubens, A., and W. Simpson, "Remote 265 Authentication Dial In User Service (RADIUS)", RFC 2865, 266 June 2000. 268 [2] Troan, O. and R. Droms, "IPv6 Prefix Options for Dynamic Host 269 Configuration Protocol (DHCP) version 6", RFC 3633, 270 December 2003. 272 [3] Bradner, S., "Key words for use in RFCs to Indicate Requirement 273 Levels", BCP 14, RFC 2119, March 1997. 275 9.2. Non-normative References 277 [4] Aboba, B., Zorn, G., and D. Mitton, "RADIUS and IPv6", 278 RFC 3162, August 2001. 280 [5] Calhoun, P., Loughney, J., Guttman, E., Zorn, G., and J. Arkko, 281 "Diameter Base Protocol", RFC 3588, September 2003. 283 [6] Calhoun, P., Zorn, G., Spence, D., and D. Mitton, "Diameter 284 Network Access Server Application", RFC 4005, August 2005. 286 [7] Eronen, P., Hiller, T., and G. Zorn, "Diameter Extensible 287 Authentication Protocol (EAP) Application", RFC 4072, 288 August 2005. 290 [8] Aboba, B. and J. Vollbrecht, "Proxy Chaining and Policy 291 Implementation in Roaming", RFC 2607, June 1999. 293 [9] Rigney, C., Willats, W., and P. Calhoun, "RADIUS Extensions", 294 RFC 2869, June 2000. 296 [10] Kent, S. and K. Seo, "Security Architecture for the Internet 297 Protocol", RFC 4301, December 2005. 299 Authors' Addresses 301 Joe Salowey 302 Cisco Systems, Inc. 303 2901 Third Avenue 304 Seattle, WA 98121 305 USA 307 Phone: +1 206.310.0596 308 Email: jsalowey@cisco.com 309 Ralph Droms 310 Cisco Systems, Inc. 311 1414 Massachusetts Avenue 312 Boxborough, MA 01719 313 USA 315 Phone: +1 978.936.1674 316 Email: rdroms@cisco.com 318 Full Copyright Statement 320 Copyright (C) The Internet Society (2006). 322 This document is subject to the rights, licenses and restrictions 323 contained in BCP 78, and except as set forth therein, the authors 324 retain all their rights. 326 This document and the information contained herein are provided on an 327 "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS 328 OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET 329 ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, 330 INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE 331 INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED 332 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 334 Intellectual Property 336 The IETF takes no position regarding the validity or scope of any 337 Intellectual Property Rights or other rights that might be claimed to 338 pertain to the implementation or use of the technology described in 339 this document or the extent to which any license under such rights 340 might or might not be available; nor does it represent that it has 341 made any independent effort to identify any such rights. Information 342 on the procedures with respect to rights in RFC documents can be 343 found in BCP 78 and BCP 79. 345 Copies of IPR disclosures made to the IETF Secretariat and any 346 assurances of licenses to be made available, or the result of an 347 attempt made to obtain a general license or permission for the use of 348 such proprietary rights by implementers or users of this 349 specification can be obtained from the IETF on-line IPR repository at 350 http://www.ietf.org/ipr. 352 The IETF invites any interested party to bring to its attention any 353 copyrights, patents or patent applications, or other proprietary 354 rights that may cover technology that may be required to implement 355 this standard. Please address the information to the IETF at 356 ietf-ipr@ietf.org. 358 Acknowledgment 360 Funding for the RFC Editor function is provided by the IETF 361 Administrative Support Activity (IASA).