| < draft-dekok-radext-datatypes-05.txt | draft-dekok-radext-datatypes-06.txt > | |||
|---|---|---|---|---|
| Network Working Group DeKok, Alan | Network Working Group DeKok, Alan | |||
| INTERNET-DRAFT FreeRADIUS | INTERNET-DRAFT FreeRADIUS | |||
| Updates: 2865,3162,6158,6572 | Updates: 2865,3162,6158,6572 | |||
| Category: Standards Track | Category: Standards Track | |||
| <draft-dekok-radext-datatypes-05.txt> | <draft-dekok-radext-datatypes-06.txt> | |||
| 15 September 2014 | 1 April 2015 | |||
| Data Types in the Remote Authentication | Data Types in the Remote Authentication | |||
| Dial-In User Service Protocol (RADIUS) | Dial-In User Service Protocol (RADIUS) | |||
| draft-dekok-radext-datatypes-05.txt | draft-dekok-radext-datatypes-06.txt | |||
| Abstract | Abstract | |||
| RADIUS specifications have used data types for two decades, without | RADIUS specifications have used data types for two decades without | |||
| defining them as managed entities. During this time, RADIUS | defining them as managed entities. During this time, RADIUS | |||
| implementations have named the data types, and have used them in | implementations have named the data types, and have used them in | |||
| attribute definitions. This document updates the specifications to | attribute definitions. This document updates the specifications to | |||
| match established practice. We do this by naming the data types | better follow established practice. We do this by naming the data | |||
| defined in RFC 6158, which have been used since at least RFC 2865. | types defined in RFC 6158, which have been used since at least RFC | |||
| We provide an IANA registry for the data types, and update the RADIUS | 2865. We provide an IANA registry for the data types, and update the | |||
| Attribute Type registry to include a "Data Type" field for each | RADIUS Attribute Type registry to include a "Data Type" field for | |||
| attribute. Finally, we recommend that authors of RADIUS | each attribute. Finally, we recommend that authors of RADIUS | |||
| specifications use these types in preference to existing practice. | specifications use these types in preference to existing practice. | |||
| Status of this Memo | Status of this Memo | |||
| This Internet-Draft is submitted to IETF in full conformance with the | This Internet-Draft is submitted to IETF in full conformance with the | |||
| provisions of BCP 78 and BCP 79. | provisions of BCP 78 and BCP 79. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF), its areas, and its working groups. Note that | Task Force (IETF), its areas, and its working groups. Note that | |||
| other groups may also distribute working documents as Internet- | other groups may also distribute working documents as Internet- | |||
| skipping to change at page 1, line 48 ¶ | skipping to change at page 1, line 48 ¶ | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| The list of current Internet-Drafts can be accessed at | The list of current Internet-Drafts can be accessed at | |||
| http://www.ietf.org/ietf/1id-abstracts.txt. | http://www.ietf.org/ietf/1id-abstracts.txt. | |||
| The list of Internet-Draft Shadow Directories can be accessed at | The list of Internet-Draft Shadow Directories can be accessed at | |||
| http://www.ietf.org/shadow.html. | http://www.ietf.org/shadow.html. | |||
| This Internet-Draft will expire on March 14, 2015. | This Internet-Draft will expire on October 1, 2015. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2014 IETF Trust and the persons identified as the | Copyright (c) 2015 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info/) in effect on the date of | (http://trustee.ietf.org/license-info/) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| carefully, as they describe your rights and restrictions with respect | carefully, as they describe your rights and restrictions with respect | |||
| to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
| include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
| the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
| skipping to change at page 3, line 16 ¶ | skipping to change at page 3, line 16 ¶ | |||
| 1. Introduction ............................................. 4 | 1. Introduction ............................................. 4 | |||
| 1.1. Specification use of Data Types ..................... 4 | 1.1. Specification use of Data Types ..................... 4 | |||
| 1.2. Implementation use of Data Types .................... 4 | 1.2. Implementation use of Data Types .................... 4 | |||
| 1.3. Requirements Language ............................... 5 | 1.3. Requirements Language ............................... 5 | |||
| 2. Data Type Definitions .................................... 6 | 2. Data Type Definitions .................................... 6 | |||
| 2.1. integer ............................................. 7 | 2.1. integer ............................................. 7 | |||
| 2.2. enum ................................................ 8 | 2.2. enum ................................................ 8 | |||
| 2.3. ipv4addr ............................................ 8 | 2.3. ipv4addr ............................................ 8 | |||
| 2.4. time ................................................ 9 | 2.4. time ................................................ 9 | |||
| 2.5. text ................................................ 9 | 2.5. text ................................................ 10 | |||
| 2.6. string .............................................. 10 | 2.6. string .............................................. 10 | |||
| 2.7. ifid ................................................ 11 | 2.7. concat .............................................. 11 | |||
| 2.8. ipv6addr ............................................ 12 | 2.8. ifid ................................................ 12 | |||
| 2.9. ipv6prefix .......................................... 13 | 2.9. ipv6addr ............................................ 13 | |||
| 2.10. ipv4prefix ......................................... 14 | 2.10. ipv6prefix ......................................... 14 | |||
| 2.11. integer64 .......................................... 15 | 2.11. ipv4prefix ......................................... 15 | |||
| 2.12. tlv ................................................ 15 | 2.12. integer64 .......................................... 16 | |||
| 2.13. vsa ................................................ 17 | 2.13. tlv ................................................ 16 | |||
| 2.14. extended ........................................... 18 | 2.14. vsa ................................................ 18 | |||
| 2.15. long-extended ...................................... 19 | 2.15. extended ........................................... 19 | |||
| 2.16. evs ................................................ 21 | 2.16. long-extended ...................................... 20 | |||
| 3. Updated Registries ....................................... 23 | 2.17. evs ................................................ 22 | |||
| 3.1. Create a Data Type Registry ......................... 23 | 3. Updated Registries ....................................... 24 | |||
| 3.2. Updates to the Attribute Type Registry .............. 24 | 3.1. Create a Data Type Registry ......................... 24 | |||
| 4. Suggestions for Specifications ........................... 29 | 3.2. Updates to the Attribute Type Registry .............. 25 | |||
| 5. Security Considerations .................................. 30 | 4. Suggestions for Specifications ........................... 30 | |||
| 6. IANA Considerations ...................................... 30 | 5. Security Considerations .................................. 31 | |||
| 7. References ............................................... 30 | 6. IANA Considerations ...................................... 31 | |||
| 7.1. Normative References ................................ 30 | 7. References ............................................... 31 | |||
| 7.2. Informative References .............................. 31 | 7.1. Normative References ................................ 31 | |||
| 7.2. Informative References .............................. 32 | ||||
| 1. Introduction | 1. Introduction | |||
| RADIUS specifications have historically defined attributes in terms | RADIUS specifications have historically defined attributes in terms | |||
| of name, type value, and data type. Of these three pieces of | of name, type value, and data type. Of these three pieces of | |||
| information, only the type value is managed by IANA. There is no | information, only the type value is managed by IANA. There is no | |||
| management of, or restriction on, the attribute name, as discussed in | management of, or restriction on, the attribute name, as discussed in | |||
| [RFC6929] Section 2.7.1. There is no management of data type name or | [RFC6929] Section 2.7.1. There is no management of data type name or | |||
| definition. This document defines an IANA registry for data types, | definition. This document defines an IANA registry for data types, | |||
| and updates the RADIUS Attribute Type registry to use those newly | and updates the RADIUS Attribute Type registry to use those newly | |||
| skipping to change at page 6, line 40 ¶ | skipping to change at page 6, line 40 ¶ | |||
| Where the data types have inter-dependencies, the simplest data type | Where the data types have inter-dependencies, the simplest data type | |||
| is given first, and dependent ones are given later. | is given first, and dependent ones are given later. | |||
| We do not create specific data types for the "tagged" attributes, as | We do not create specific data types for the "tagged" attributes, as | |||
| discussed in [RFC2868]. That specification defines the "tagged" | discussed in [RFC2868]. That specification defines the "tagged" | |||
| attributes as being backwards compatible with pre-existing data | attributes as being backwards compatible with pre-existing data | |||
| types. In addition, [RFC6158] Section 2.1 says that "tagged" | types. In addition, [RFC6158] Section 2.1 says that "tagged" | |||
| attributes should not be used. There is therefore no benefit to | attributes should not be used. There is therefore no benefit to | |||
| defining additional data types for these attributes. | defining additional data types for these attributes. | |||
| Similarly, we do not create data types for some attributes having | ||||
| complex structure, such as CHAP-Password, ARAP-Features, or Location- | ||||
| Capable. We need to strike a balance between correcting earlier | ||||
| mistakes, and making this document more complex. In some cases, it | ||||
| is better to treat complex attributes as being of type "string", even | ||||
| though they need to be interpreted by RADIUS implementations. | ||||
| Implementations not supporting a particular data type MUST treat | Implementations not supporting a particular data type MUST treat | |||
| attributes of that data type as being of data type "string". See | attributes of that data type as being of data type "string". See | |||
| Section 2.6, below for a definition of the "string" data type. | Section 2.6, below for a definition of the "string" data type. | |||
| The definitions below use specialized names for various fields of | The definitions below use specialized names for various fields of | |||
| attributes and data types. These names serve to address ambiguity of | attributes and data types. These names serve to address ambiguity of | |||
| the field names in previous specifications. For example, the term | the field names in previous specifications. For example, the term | |||
| "Value" is used in [RFC2865] Section 5 to define a field which | "Value" is used in [RFC2865] Section 5 to define a field which | |||
| carries the contents of attribute. It is then used in later sections | carries the contents of attribute. It is then used in later sections | |||
| as the sub-field of attribute contents. The result is that the field | as the sub-field of attribute contents. The result is that the field | |||
| skipping to change at page 11, line 35 ¶ | skipping to change at page 11, line 39 ¶ | |||
| One or more octets. | One or more octets. | |||
| Format | Format | |||
| 0 | 0 | |||
| 0 1 2 3 4 5 6 7 | 0 1 2 3 4 5 6 7 | |||
| +-+-+-+-+-+-+-+- | +-+-+-+-+-+-+-+- | |||
| | Octets ... | | Octets ... | |||
| +-+-+-+-+-+-+-+- | +-+-+-+-+-+-+-+- | |||
| 2.7. ifid | 2.7. concat | |||
| The "concat" data type permits the transport of more than 253 octets | ||||
| of data in a "standard space" [RFC6929] attribute. It is otherwise | ||||
| identical to the "string" data type. | ||||
| If multiple attributes of this data type are contained in a packet, | ||||
| all attributes of the same type code MUST be in order and they MUST | ||||
| be consecutive attributes in the packet. | ||||
| The amount of data transported in a "concat" data type can be no more | ||||
| than the RADIUS packet size. In practice, the requirement to | ||||
| transport multiple attributes means that the limit may be | ||||
| substantially smaller than one RADIUS packet. As a rough guide, is | ||||
| RECOMMENDED that this data type transport no more than 2048 octets of | ||||
| data. | ||||
| The "concat" data type MAY be used for "standard space" attributes. | ||||
| It MUST NOT be used for attributes in the "short extended space" or | ||||
| the "long extended space". It MUST NOT be used in any field or | ||||
| subfields of the following data types: "tlv", "vsa", "extended", | ||||
| "long-extended", or "evs". | ||||
| Name | ||||
| concat | ||||
| Number | ||||
| 7 | ||||
| Length | ||||
| One or more octets. | ||||
| Format | ||||
| 0 | ||||
| 0 1 2 3 4 5 6 7 | ||||
| +-+-+-+-+-+-+-+- | ||||
| | Octets ... | ||||
| +-+-+-+-+-+-+-+- | ||||
| 2.8. ifid | ||||
| The "ifid" data type encodes an Interface-Id as an 8-octet string in | The "ifid" data type encodes an Interface-Id as an 8-octet string in | |||
| network byte order. | network byte order. | |||
| Name | Name | |||
| ifid | ifid | |||
| Number | Number | |||
| 7 | 8 | |||
| Length | Length | |||
| Eight octets | Eight octets | |||
| Format | Format | |||
| 0 1 2 3 | 0 1 2 3 | |||
| 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| | Interface-ID ... | | Interface-ID ... | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| ... Interface-ID | | ... Interface-ID | | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| 2.8. ipv6addr | 2.9. ipv6addr | |||
| The "ipv6addr" data type encodes an IPv6 address in network byte | The "ipv6addr" data type encodes an IPv6 address in network byte | |||
| order. Where the range of address for a particular attribute is | order. Where the range of address for a particular attribute is | |||
| limited to a sub-set of possible addresses, specifications MUST | limited to a sub-set of possible addresses, specifications MUST | |||
| define the valid range(s). | define the valid range(s). | |||
| Name | Name | |||
| ipv6addr | ipv6addr | |||
| Number | Number | |||
| 8 | 9 | |||
| Length | Length | |||
| Sixteen octets | Sixteen octets | |||
| Format | Format | |||
| 0 1 2 3 | 0 1 2 3 | |||
| 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| | Address ... | | Address ... | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| ... Address ... | ... Address ... | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| ... Address ... | ... Address ... | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| ... Address | | ... Address | | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| 2.9. ipv6prefix | 2.10. ipv6prefix | |||
| The "ipv6addr" data type encodes an IPv6 prefix, using both a prefix | The "ipv6prefix" data type encodes an IPv6 prefix, using both a | |||
| length and an IPv6 address in network byte order. | prefix length and an IPv6 address in network byte order. | |||
| Name | Name | |||
| ipv6prefix | ipv6prefix | |||
| Number | Number | |||
| 9 | 10 | |||
| Length | Length | |||
| At least two, and no more than eighteen octets. | At least two, and no more than eighteen octets. | |||
| Format | Format | |||
| 0 1 2 3 | 0 1 2 3 | |||
| 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| skipping to change at page 14, line 5 ¶ | skipping to change at page 15, line 5 ¶ | |||
| Prefix-Length | Prefix-Length | |||
| The length of the prefix, in bits. At least 0 and no larger | The length of the prefix, in bits. At least 0 and no larger | |||
| than 128. | than 128. | |||
| Prefix | Prefix | |||
| The Prefix field is up to 16 octets in length. Bits outside of | The Prefix field is up to 16 octets in length. Bits outside of | |||
| the Prefix-Length, if included, must be zero. | the Prefix-Length, if included, must be zero. | |||
| 2.10. ipv4prefix | 2.11. ipv4prefix | |||
| The "ipv4addr" data type encodes an IPv4 prefix, using both a prefix | The "ipv4prefix" data type encodes an IPv4 prefix, using both a | |||
| length and an IPv4 address in network byte order. | prefix length and an IPv4 address in network byte order. | |||
| Name | Name | |||
| ipv4prefix | ipv4prefix | |||
| Number | Number | |||
| 10 | 11 | |||
| Length | Length | |||
| At least two, and no more than eighteen octets. | At least two, and no more than eighteen octets. | |||
| Format | Format | |||
| 0 1 2 3 | 0 1 2 3 | |||
| 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| skipping to change at page 14, line 47 ¶ | skipping to change at page 15, line 47 ¶ | |||
| set to zero. | set to zero. | |||
| Prefix-Length | Prefix-Length | |||
| A 6-bit unsigned integer containing the length of the prefix, | A 6-bit unsigned integer containing the length of the prefix, | |||
| in bits. The values MUST be no larger than 32. | in bits. The values MUST be no larger than 32. | |||
| Prefix | Prefix | |||
| The Prefix field is 4 octets in length. Bits outside of the | The Prefix field is 4 octets in length. Bits outside of the | |||
| Prefix-Length, must be zero. Unlike the "ipv6prefix" data | Prefix-Length must be zero. Unlike the "ipv6prefix" data type, | |||
| type, this field is fixed length. If the address is all zeros | this field is fixed length. If the address is all zeros (i.e. | |||
| (i.e. "0.0.0.0", then the Prefix-Length MUST be set to 32. | "0.0.0.0", then the Prefix-Length MUST be set to 32. | |||
| 2.11. integer64 | 2.12. integer64 | |||
| The "integer64" data type encodes a 64-bit unsigned integer in | The "integer64" data type encodes a 64-bit unsigned integer in | |||
| network byte order. Where the range of values for a particular | network byte order. Where the range of values for a particular | |||
| attribute is limited to a sub-set of the values, specifications MUST | attribute is limited to a sub-set of the values, specifications MUST | |||
| define the valid range(s). | define the valid range(s). | |||
| Name | Name | |||
| integer64 | integer64 | |||
| Number | Number | |||
| 11 | 12 | |||
| Length | Length | |||
| Eight octets | Eight octets | |||
| Format | Format | |||
| 0 1 2 3 | 0 1 2 3 | |||
| 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| | Value ... | | Value ... | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| ... Value | | ... Value | | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| 2.12. tlv | 2.13. tlv | |||
| The "tlv" data type encodes a type-length-value, as defined in | The "tlv" data type encodes a type-length-value, as defined in | |||
| [RFC6929] Section 2.3. | [RFC6929] Section 2.3. | |||
| Name | Name | |||
| tlv | tlv | |||
| Number | Number | |||
| 12 | 13 | |||
| Length | Length | |||
| Three or more octets | Three or more octets | |||
| Format | Format | |||
| 0 1 2 3 | 0 1 2 3 | |||
| 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| | TLV-Type | TLV-Length | TLV-Data ... | | TLV-Type | TLV-Length | TLV-Data ... | |||
| skipping to change at page 17, line 8 ¶ | skipping to change at page 18, line 8 ¶ | |||
| TLV-Data | TLV-Data | |||
| The TLV-Data field is one or more octets and contains | The TLV-Data field is one or more octets and contains | |||
| information specific to the Attribute. The format and length | information specific to the Attribute. The format and length | |||
| of the TLV-Data field is determined by the TLV-Type and TLV- | of the TLV-Data field is determined by the TLV-Type and TLV- | |||
| Length fields. | Length fields. | |||
| The TLV-Data field MUST contain only known RADIUS data types. | The TLV-Data field MUST contain only known RADIUS data types. | |||
| The TLV-Data field MUST NOT contain any of the following data | The TLV-Data field MUST NOT contain any of the following data | |||
| types: "vsa", "extended", "long-extended", or "evs". | types: "concat", "vsa", "extended", "long-extended", or "evs". | |||
| 2.13. vsa | 2.14. vsa | |||
| The "vsa" data type encodes Vendor-Specific data, as given in | The "vsa" data type encodes Vendor-Specific data, as given in | |||
| [RFC2865] Section 5.26. It is used only in the Attr-Data field of a | [RFC2865] Section 5.26. It is used only in the Attr-Data field of a | |||
| Vendor-Specific Attribute. It MUST NOT appear in the contents of any | Vendor-Specific Attribute. It MUST NOT appear in the contents of any | |||
| other data type. | other data type. | |||
| Name | Name | |||
| vsa | vsa | |||
| Number | Number | |||
| 13 | 14 | |||
| Length | Length | |||
| Five or more octets | Five or more octets | |||
| Format | Format | |||
| 0 1 2 3 | 0 1 2 3 | |||
| 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| skipping to change at page 18, line 17 ¶ | skipping to change at page 19, line 17 ¶ | |||
| outside the scope of this specification. | outside the scope of this specification. | |||
| It SHOULD be encoded as a sequence of "tlv" fields. The | It SHOULD be encoded as a sequence of "tlv" fields. The | |||
| interpretation of the TLV-Type and TLV-Data fields are | interpretation of the TLV-Type and TLV-Data fields are | |||
| dependent on the vendor's definition of that attribute. | dependent on the vendor's definition of that attribute. | |||
| The "vsa" data type MUST be used as contents of the Attr-Data | The "vsa" data type MUST be used as contents of the Attr-Data | |||
| field of the Vendor-Specific attribute. The "vsa" data type | field of the Vendor-Specific attribute. The "vsa" data type | |||
| MUST NOT appear in the contents of any other data type. | MUST NOT appear in the contents of any other data type. | |||
| 2.14. extended | 2.15. extended | |||
| The "extended" data type encodes the "Extended Type" format, as given | The "extended" data type encodes the "Extended Type" format, as given | |||
| in [RFC6929] Section 2.1. It is used only in the Attr-Data field of | in [RFC6929] Section 2.1. It is used only in the Attr-Data field of | |||
| an Attribute. It MUST NOT appear in the contents of any other data | an Attribute allocated from the "standard space". It MUST NOT appear | |||
| type. | in the contents of any other data type. | |||
| Name | Name | |||
| extended | extended | |||
| Number | Number | |||
| 14 | 15 | |||
| Length | Length | |||
| Two or more octets | Two or more octets | |||
| Format | Format | |||
| 0 1 2 3 | 0 1 2 3 | |||
| 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| skipping to change at page 19, line 23 ¶ | skipping to change at page 20, line 23 ¶ | |||
| A RADIUS server MAY ignore Attributes with an unknown | A RADIUS server MAY ignore Attributes with an unknown | |||
| "Type.Extended-Type". | "Type.Extended-Type". | |||
| A RADIUS client MAY ignore Attributes with an unknown | A RADIUS client MAY ignore Attributes with an unknown | |||
| "Type.Extended-Type". | "Type.Extended-Type". | |||
| Ext-Data | Ext-Data | |||
| The contents of this field MUST be a valid data type as defined | The contents of this field MUST be a valid data type as defined | |||
| in the RADIUS Data Type registry. The Ext-Data field MUST NOT | in the RADIUS Data Type registry. The Ext-Data field MUST NOT | |||
| contain any of the following data types: "vsa", "extended", | contain any of the following data types: "concat", "vsa", | |||
| "long-extended", or "evs". | "extended", "long-extended", or "evs". | |||
| The Ext-Data field is one or more octets. | The Ext-Data field is one or more octets. | |||
| Implementations supporting this specification MUST use the | Implementations supporting this specification MUST use the | |||
| Identifier of "Type.Extended-Type" to determine the | Identifier of "Type.Extended-Type" to determine the | |||
| interpretation of the Ext-Data field. | interpretation of the Ext-Data field. | |||
| 2.15. long-extended | 2.16. long-extended | |||
| The "long-extended" data type encodes the "Long Extended Type" | The "long-extended" data type encodes the "Long Extended Type" | |||
| format, as given in [RFC6929] Section 2.2. It is used only in the | format, as given in [RFC6929] Section 2.2. It is used only in the | |||
| Attr-Data field of an Attribute. It MUST NOT appear in the contents | Attr-Data field of an Attribute. It MUST NOT appear in the contents | |||
| of any other data type. | of any other data type. | |||
| Name | Name | |||
| long-extended | long-extended | |||
| Number | Number | |||
| 15 | 16 | |||
| Length | Length | |||
| Three or more octets | Three or more octets | |||
| Format | Format | |||
| 0 1 2 3 | 0 1 2 3 | |||
| 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| skipping to change at page 21, line 15 ¶ | skipping to change at page 22, line 15 ¶ | |||
| ignored on reception. | ignored on reception. | |||
| Future specifications may define additional meaning for this | Future specifications may define additional meaning for this | |||
| field. Implementations therefore MUST NOT treat this field as | field. Implementations therefore MUST NOT treat this field as | |||
| invalid if it is non-zero. | invalid if it is non-zero. | |||
| Ext-Data | Ext-Data | |||
| The contents of this field MUST be a valid data type as defined | The contents of this field MUST be a valid data type as defined | |||
| in the RADIUS Data Type registry. The Ext-Data field MUST NOT | in the RADIUS Data Type registry. The Ext-Data field MUST NOT | |||
| contain any of the following data types: "vsa", "extended", | contain any of the following data types: "concat", "vsa", | |||
| "long-extended", or "evs". | "extended", "long-extended", or "evs". | |||
| The Ext-Data field is one or more octets. | The Ext-Data field is one or more octets. | |||
| Implementations supporting this specification MUST use the | Implementations supporting this specification MUST use the | |||
| Identifier of "Type.Extended-Type" to determine the | Identifier of "Type.Extended-Type" to determine the | |||
| interpretation of the Ext-Data field. | interpretation of the Ext-Data field. | |||
| The length of the data MUST be taken as the sum of the lengths | The length of the data MUST be taken as the sum of the lengths | |||
| of the fragments (i.e. Ext-Data fields) from which it is | of the fragments (i.e. Ext-Data fields) from which it is | |||
| constructed. Any interpretation of the resulting data MUST | constructed. Any interpretation of the resulting data MUST | |||
| occur after the fragments have been reassembled. If the | occur after the fragments have been reassembled. If the | |||
| reassembled data does not match the expected format, each | reassembled data does not match the expected format, each | |||
| fragment MUST be treated as an "invalid attribute", and the | fragment MUST be treated as an "invalid attribute", and the | |||
| reassembled data MUST be discarded. | reassembled data MUST be discarded. | |||
| We note that the maximum size of a fragmented attribute is | We note that the maximum size of a fragmented attribute is | |||
| limited only by the RADIUS packet length limitation. | limited only by the RADIUS packet length limitation. | |||
| Implementations MUST be able to handle the case where one | Implementations MUST be able to handle the case where one | |||
| fragmented attribute completely fills the packet. | fragmented attribute completely fills the packet. | |||
| 2.16. evs | 2.17. evs | |||
| The "evs" data type encodes an "Extended Vendor-Specific" attribute, | The "evs" data type encodes an "Extended Vendor-Specific" attribute, | |||
| as given in [RFC6929] Section 2.4. The "evs" data type is used | as given in [RFC6929] Section 2.4. The "evs" data type is used | |||
| solely to extend the Vendor Specific space. It MAY appear inside of | solely to extend the Vendor Specific space. It MAY appear inside of | |||
| an "extended" or a "long-extended" data type. It MUST NOT appear in | an "extended" or a "long-extended" data type. It MUST NOT appear in | |||
| the contents of any other data type. | the contents of any other data type. | |||
| Name | Name | |||
| evs | evs | |||
| Number | Number | |||
| 16 | 17 | |||
| Length | Length | |||
| Six or more octets | Six or more octets | |||
| Format | Format | |||
| 0 1 2 3 | 0 1 2 3 | |||
| 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| skipping to change at page 23, line 42 ¶ | skipping to change at page 24, line 42 ¶ | |||
| The initial contents of the registry are as follows. | The initial contents of the registry are as follows. | |||
| Value Description Reference | Value Description Reference | |||
| ----- ----------- ---------------- | ----- ----------- ---------------- | |||
| 1 integer [RFC2865], TBD | 1 integer [RFC2865], TBD | |||
| 2 enum [RFC2865], TBD | 2 enum [RFC2865], TBD | |||
| 3 ipv4addr [RFC2865], TBD | 3 ipv4addr [RFC2865], TBD | |||
| 4 time [RFC2865], TBD | 4 time [RFC2865], TBD | |||
| 5 text [RFC2865], TBD | 5 text [RFC2865], TBD | |||
| 6 string [RFC2865], TBD | 6 string [RFC2865], TBD | |||
| 7 ifid [RFC3162], TBD | 7 concat TBD | |||
| 8 ipv6addr [RFC3162], TBD | 8 ifid [RFC3162], TBD | |||
| 9 ipv6prefix [RFC3162], TBD | 9 ipv6addr [RFC3162], TBD | |||
| 10 integer64 [RFC6929], TBD | 10 ipv6prefix [RFC3162], TBD | |||
| 11 tlv [RFC6929], TBD | 11 ipv4prefix [RFC6572], TBD | |||
| 12 evs [RFC6929], TBD | 12 integer64 [RFC6929], TBD | |||
| 13 extended [RFC6929], TBD | 13 tlv [RFC6929], TBD | |||
| 14 long-extended [RFC6929], TBD | 14 evs [RFC6929], TBD | |||
| 15 extended [RFC6929], TBD | ||||
| 16 long-extended [RFC6929], TBD | ||||
| 3.2. Updates to the Attribute Type Registry | 3.2. Updates to the Attribute Type Registry | |||
| This section updates the RADIUS Attribute Type Registry to have a new | This section updates the RADIUS Attribute Type Registry to have a new | |||
| column, which is inserted in between the existing "Description" and | column, which is inserted in between the existing "Description" and | |||
| "Reference" columns. The new column is named "Data Type". The | "Reference" columns. The new column is named "Data Type". The | |||
| contents of that column are the name of a data type, corresponding to | contents of that column are the name of a data type, corresponding to | |||
| the attribute in that row, or blank if the attribute type is | the attribute in that row, or blank if the attribute type is | |||
| unassigned. The name of the data type is taken from the RADIUS Data | unassigned. The name of the data type is taken from the RADIUS Data | |||
| Type registry, defined above. | Type registry, defined above. | |||
| The updated registry follows, in CSV format. | The updated registry follows in CSV format. | |||
| Value,Description,Data Type,Reference | Value,Description,Data Type,Reference | |||
| 1,User-Name,string,[RFC2865] | 1,User-Name,string,[RFC2865] | |||
| 2,User-Password,string,[RFC2865] | 2,User-Password,string,[RFC2865] | |||
| 3,CHAP-Password,string,[RFC2865] | 3,CHAP-Password,string,[RFC2865] | |||
| 4,NAS-IP-Address,ipv4addr,[RFC2865] | 4,NAS-IP-Address,ipv4addr,[RFC2865] | |||
| 5,NAS-Port,integer,[RFC2865] | 5,NAS-Port,integer,[RFC2865] | |||
| 6,Service-Type,enum,[RFC2865] | 6,Service-Type,enum,[RFC2865] | |||
| 7,Framed-Protocol,enum,[RFC2865] | 7,Framed-Protocol,enum,[RFC2865] | |||
| 8,Framed-IP-Address,ipv4addr,[RFC2865] | 8,Framed-IP-Address,ipv4addr,[RFC2865] | |||
| skipping to change at page 25, line 47 ¶ | skipping to change at page 26, line 47 ¶ | |||
| 69,Tunnel-Password,text,[RFC2868] | 69,Tunnel-Password,text,[RFC2868] | |||
| 70,ARAP-Password,string,[RFC2869] | 70,ARAP-Password,string,[RFC2869] | |||
| 71,ARAP-Features,string,[RFC2869] | 71,ARAP-Features,string,[RFC2869] | |||
| 72,ARAP-Zone-Access,enum,[RFC2869] | 72,ARAP-Zone-Access,enum,[RFC2869] | |||
| 73,ARAP-Security,integer,[RFC2869] | 73,ARAP-Security,integer,[RFC2869] | |||
| 74,ARAP-Security-Data,text,[RFC2869] | 74,ARAP-Security-Data,text,[RFC2869] | |||
| 75,Password-Retry,integer,[RFC2869] | 75,Password-Retry,integer,[RFC2869] | |||
| 76,Prompt,enum,[RFC2869] | 76,Prompt,enum,[RFC2869] | |||
| 77,Connect-Info,text,[RFC2869] | 77,Connect-Info,text,[RFC2869] | |||
| 78,Configuration-Token,text,[RFC2869] | 78,Configuration-Token,text,[RFC2869] | |||
| 79,EAP-Message,string,[RFC2869] | 79,EAP-Message,concat,[RFC2869] | |||
| 80,Message-Authenticator,string,[RFC2869] | 80,Message-Authenticator,string,[RFC2869] | |||
| 81,Tunnel-Private-Group-ID,text,[RFC2868] | 81,Tunnel-Private-Group-ID,text,[RFC2868] | |||
| 82,Tunnel-Assignment-ID,text,[RFC2868] | 82,Tunnel-Assignment-ID,text,[RFC2868] | |||
| 83,Tunnel-Preference,integer,[RFC2868] | 83,Tunnel-Preference,integer,[RFC2868] | |||
| 84,ARAP-Challenge-Response,string,[RFC2869] | 84,ARAP-Challenge-Response,string,[RFC2869] | |||
| 85,Acct-Interim-Interval,integer,[RFC2869] | 85,Acct-Interim-Interval,integer,[RFC2869] | |||
| 86,Acct-Tunnel-Packets-Lost,integer,[RFC2867] | 86,Acct-Tunnel-Packets-Lost,integer,[RFC2867] | |||
| 87,NAS-Port-Id,text,[RFC2869] | 87,NAS-Port-Id,text,[RFC2869] | |||
| 88,Framed-Pool,text,[RFC2869] | 88,Framed-Pool,text,[RFC2869] | |||
| 89,CUI,string,[RFC4372] | 89,CUI,string,[RFC4372] | |||
| skipping to change at page 27, line 9 ¶ | skipping to change at page 28, line 9 ¶ | |||
| 127,Location-Information,string,[RFC5580] | 127,Location-Information,string,[RFC5580] | |||
| 128,Location-Data,string,[RFC5580] | 128,Location-Data,string,[RFC5580] | |||
| 129,Basic-Location-Policy-Rules,string,[RFC5580] | 129,Basic-Location-Policy-Rules,string,[RFC5580] | |||
| 130,Extended-Location-Policy-Rules,string,[RFC5580] | 130,Extended-Location-Policy-Rules,string,[RFC5580] | |||
| 131,Location-Capable,enum,[RFC5580] | 131,Location-Capable,enum,[RFC5580] | |||
| 132,Requested-Location-Info,enum,[RFC5580] | 132,Requested-Location-Info,enum,[RFC5580] | |||
| 133,Framed-Management-Protocol,enum,[RFC5607] | 133,Framed-Management-Protocol,enum,[RFC5607] | |||
| 134,Management-Transport-Protection,enum,[RFC5607] | 134,Management-Transport-Protection,enum,[RFC5607] | |||
| 135,Management-Policy-Id,text,[RFC5607] | 135,Management-Policy-Id,text,[RFC5607] | |||
| 136,Management-Privilege-Level,integer,[RFC5607] | 136,Management-Privilege-Level,integer,[RFC5607] | |||
| 137,PKM-SS-Cert,string,[RFC5904] | 137,PKM-SS-Cert,concat,[RFC5904] | |||
| 138,PKM-CA-Cert,string,[RFC5904] | 138,PKM-CA-Cert,concat,[RFC5904] | |||
| 139,PKM-Config-Settings,string,[RFC5904] | 139,PKM-Config-Settings,string,[RFC5904] | |||
| 140,PKM-Cryptosuite-List,string,[RFC5904] | 140,PKM-Cryptosuite-List,string,[RFC5904] | |||
| 141,PKM-SAID,text,[RFC5904] | 141,PKM-SAID,text,[RFC5904] | |||
| 142,PKM-SA-Descriptor,string,[RFC5904] | 142,PKM-SA-Descriptor,string,[RFC5904] | |||
| 143,PKM-Auth-Key,string,[RFC5904] | 143,PKM-Auth-Key,string,[RFC5904] | |||
| 144,DS-Lite-Tunnel-Name,text,[RFC6519] | 144,DS-Lite-Tunnel-Name,text,[RFC6519] | |||
| 145,Mobile-Node-Identifier,string,[RFC6572] | 145,Mobile-Node-Identifier,string,[RFC6572] | |||
| 146,Service-Selection,text,[RFC6572] | 146,Service-Selection,text,[RFC6572] | |||
| 147,PMIP6-Home-LMA-IPv6-Address,ipv6addr,[RFC6572] | 147,PMIP6-Home-LMA-IPv6-Address,ipv6addr,[RFC6572] | |||
| 148,PMIP6-Visited-LMA-IPv6-Address,ipv6addr,[RFC6572] | 148,PMIP6-Visited-LMA-IPv6-Address,ipv6addr,[RFC6572] | |||
| skipping to change at page 28, line 4 ¶ | skipping to change at page 29, line 4 ¶ | |||
| 170,Route-IPv6-Information,ipv6prefix,[RFC6911] | 170,Route-IPv6-Information,ipv6prefix,[RFC6911] | |||
| 171,Delegated-IPv6-Prefix-Pool,text,[RFC6911] | 171,Delegated-IPv6-Prefix-Pool,text,[RFC6911] | |||
| 172,Stateful-IPv6-Address-Pool,text,[RFC6911] | 172,Stateful-IPv6-Address-Pool,text,[RFC6911] | |||
| 173,IPv6-6rd-Configuration,tlv,[RFC6930] | 173,IPv6-6rd-Configuration,tlv,[RFC6930] | |||
| 174,Allowed-Called-Station-Id,text,[RFC7268] | 174,Allowed-Called-Station-Id,text,[RFC7268] | |||
| 175,EAP-Peer-Id,string,[RFC7268] | 175,EAP-Peer-Id,string,[RFC7268] | |||
| 176,EAP-Server-Id,string,[RFC7268] | 176,EAP-Server-Id,string,[RFC7268] | |||
| 177,Mobility-Domain-Id,integer,[RFC7268] | 177,Mobility-Domain-Id,integer,[RFC7268] | |||
| 178,Preauth-Timeout,integer,[RFC7268] | 178,Preauth-Timeout,integer,[RFC7268] | |||
| 179,Network-Id-Name,string,[RFC7268] | 179,Network-Id-Name,string,[RFC7268] | |||
| 180,EAPoL-Announcement,string,[RFC7268] | 180,EAPoL-Announcement,concat,[RFC7268] | |||
| 181,WLAN-HESSID,text,[RFC7268] | 181,WLAN-HESSID,text,[RFC7268] | |||
| 182,WLAN-Venue-Info,integer,[RFC7268] | 182,WLAN-Venue-Info,integer,[RFC7268] | |||
| 183,WLAN-Venue-Language,string,[RFC7268] | 183,WLAN-Venue-Language,string,[RFC7268] | |||
| 184,WLAN-Venue-Name,text,[RFC7268] | 184,WLAN-Venue-Name,text,[RFC7268] | |||
| 185,WLAN-Reason-Code,integer,[RFC7268] | 185,WLAN-Reason-Code,integer,[RFC7268] | |||
| 186,WLAN-Pairwise-Cipher,integer,[RFC7268] | 186,WLAN-Pairwise-Cipher,integer,[RFC7268] | |||
| 187,WLAN-Group-Cipher,integer,[RFC7268] | 187,WLAN-Group-Cipher,integer,[RFC7268] | |||
| 188,WLAN-AKM-Suite,integer,[RFC7268] | 188,WLAN-AKM-Suite,integer,[RFC7268] | |||
| 189,WLAN-Group-Mgmt-Cipher,integer,[RFC7268] | 189,WLAN-Group-Mgmt-Cipher,integer,[RFC7268] | |||
| 190,WLAN-RF-Band,integer,[RFC7268] | 190,WLAN-RF-Band,integer,[RFC7268] | |||
| End of changes. 41 change blocks. | ||||
| 78 lines changed or deleted | 131 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||