| < draft-aboba-radius-iana-06.txt | draft-aboba-radius-iana-07.txt > | |||
|---|---|---|---|---|
| A new Request for Comments is now available in online RFC libraries. | ||||
| Network Working Group B. Aboba | RFC 3575 | |||
| INTERNET-DRAFT Microsoft | ||||
| Category: Standards Track | ||||
| <draft-aboba-radius-iana-06.txt> | ||||
| 17 April 2003 | ||||
| Updates: RFC 2865 | ||||
| IANA Considerations for RADIUS | ||||
| This document is an Internet-Draft and is in full conformance with all | ||||
| provisions of Section 10 of RFC 2026. | ||||
| Internet-Drafts are working documents of the Internet Engineering Task | ||||
| Force (IETF), its areas, and its working groups. Note that other groups | ||||
| may also distribute working documents as Internet- Drafts. | ||||
| Internet-Drafts are draft documents valid for a maximum of six months | ||||
| and may be updated, replaced, or obsoleted by other documents at any | ||||
| time. It is inappropriate to use Internet-Drafts as reference material | ||||
| or to cite them other than as "work in progress." | ||||
| The list of current Internet-Drafts can be accessed at | ||||
| http://www.ietf.org/ietf/1id-abstracts.txt | ||||
| The list of Internet-Draft Shadow Directories can be accessed at | ||||
| http://www.ietf.org/shadow.html. | ||||
| Copyright Notice | Title: IANA Considerations for RADIUS | |||
| (Remote Authentication Dial In User Service) | ||||
| Author(s): B. Aboba | ||||
| Status: Standards Track | ||||
| Date: July 2003 | ||||
| Mailbox: bernarda@microsoft.com | ||||
| Pages: 8 | ||||
| Characters: 15539 | ||||
| Updates: 2865 | ||||
| Copyright (C) The Internet Society (2003). All Rights Reserved. | I-D Tag: draft-aboba-radius-iana-07.txt | |||
| Abstract | URL: ftp://ftp.rfc-editor.org/in-notes/rfc3575.txt | |||
| This document describes the IANA considerations for the Remote | This document describes the IANA considerations for the Remote | |||
| Authentication Dial In User Service (RADIUS). | Authentication Dial In User Service (RADIUS). | |||
| This document updates RFC 2865. | This is now a Proposed Standard Protocol. | |||
| 1. Introduction | ||||
| This document provides guidance to the Internet Assigned Numbers | ||||
| Authority (IANA) regarding registration of values related to the Remote | ||||
| Authentication Dial In User Service (RADIUS), defined in [RFC2865], in | ||||
| accordance with BCP 26, [RFC2434]. It also reserves Packet Type Codes | ||||
| that are or have been in use on the Internet. | ||||
| 1.1. Specification of Requirements | ||||
| In this document, several words are used to signify the requirements of | ||||
| the specification. These words are often capitalized. The key words | ||||
| "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD | ||||
| NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be | ||||
| interpreted as described in [RFC2119]. | ||||
| 1.2. Terminology | ||||
| The following terms are used here with the meanings defined in BCP 26: | ||||
| "name space", "assigned value", "registration". | ||||
| The following policies are used here with the meanings defined in BCP | ||||
| 26: "Private Use", "First Come First Served", "Expert Review", | ||||
| "Specification Required", "IETF Consensus", "Standards Action". | ||||
| 2. IANA Considerations | ||||
| There are three name spaces in RADIUS that require registration: Packet | ||||
| Type Codes, Attribute Types, and Attribute Values (for certain | ||||
| Attributes). This draft creates no new IANA registries, since a RADIUS | ||||
| registry was created by [RFC2865]. | ||||
| RADIUS is not intended as a general-purpose protocol, and allocations | ||||
| SHOULD NOT be made for purposes unrelated to Authentication, | ||||
| Authorization or Accounting. | ||||
| 2.1. Recommended Registration Policies | ||||
| For registration requests where a Designated Expert should be consulted, | ||||
| the responsible IESG area director should appoint the Designated Expert. | ||||
| The intention is that any allocation will be accompanied by a published | ||||
| RFC. But in order to allow for the allocation of values prior to the | ||||
| RFC being approved for publication, the Designated Expert can approve | ||||
| allocations once it seems clear that an RFC will be published. The | ||||
| Designated expert will post a request to the AAA WG mailing list (or a | ||||
| successor designated by the Area Director) for comment and review, | ||||
| including an Internet-Draft. Before a period of 30 days has passed, The | ||||
| Designated Expert will either approve or deny the registration request | ||||
| and publish a notice of the decision to the AAA WG mailing list or its | ||||
| successor, as well as informing IANA. A denial notice must be justified | ||||
| by an explanation and, in the cases where it is possible, concrete | ||||
| suggestions on how the request can be modified so as to become | ||||
| acceptable. | ||||
| Packet Type Codes have a range from 1 to 253. RADIUS Type Codes 1-5 and | ||||
| 11-13 were allocated in [RFC2865], while Type Codes 40-45, 250-253 are | ||||
| allocated by this document. Type Codes 250-253 are allocated for | ||||
| Experimental Uses, and 254-255 are reserved. Packet Type Codes 6-10, | ||||
| 12-13, 21-34, 50-51 have no meaning defined by an IETF RFC, but are | ||||
| reserved until a specification is provided for them. This is being done | ||||
| to avoid interoperability problems with software that implements non- | ||||
| standard RADIUS extensions that are or have been in use on the Internet. | ||||
| Because a new Packet Type has considerable impact on interoperability, a | ||||
| new Packet Type Code requires Standards Action. Type Codes 52-249 | ||||
| should be allocated first; when these are exhausted, Type Codes 14-20, | ||||
| 35-39, 46-49 may be allocated. For a list of Type Codes, see Appendix | ||||
| A. | ||||
| Attribute Types have a range from 1 to 255, and are the scarcest | ||||
| resource in RADIUS, thus must be allocated with care. Attributes | ||||
| 1-53,55,60-88,90-91,94-100 have been allocated, with 17 and 21 available | ||||
| for re-use. Attributes 17, 21, 54, 56-59, 89, 101-191 may be allocated | ||||
| by IETF Consensus. It is recommended that attributes 17 and 21 be used | ||||
| only after all others are exhausted. | ||||
| Note that RADIUS defines a mechanism for Vendor-Specific extensions | ||||
| (Attribute 26) and the use of that should be encouraged instead of | ||||
| allocation of global attribute types, for functions specific only to one | ||||
| vendor's implementation of RADIUS, where no interoperability is deemed | ||||
| useful. | ||||
| As noted in [RFC2865]: | ||||
| Attribute Type Values 192-223 are reserved for experimental | ||||
| use, values 224-240 are reserved for implementation-specific use, | ||||
| and values 241-255 are reserved and should not be used. | ||||
| Therefore Attribute Type values 192-240 are considered Private Use, and | ||||
| values 241-255 require Standards Action. | ||||
| Certain attributes (for example, NAS-Port-Type) in RADIUS define a list | ||||
| of values to correspond with various meanings. There can be 4 billion | ||||
| (2^32) values for each attribute. Additional values can be allocated by | ||||
| Designated Expert. The exception to this policy is the Service-Type | ||||
| attribute (6), whose values define new modes of operation for RADIUS. | ||||
| Values 1-16 of the Service-Type attribute have been allocated. | ||||
| Allocation of new Service-Type values are by IETF Consensus. | ||||
| 3. Normative references | ||||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | ||||
| Requirement Levels", RFC 2119, March 1997. | ||||
| [RFC2434] Alvestrand, H. and T. Narten, "Guidelines for Writing an | ||||
| IANA Considerations Section in RFCs", BCP 26, RFC 2434, | ||||
| October 1998. | ||||
| [RFC2865] Rigney, C., Rubens, A., Simpson, W. and S. Willens, | ||||
| "Remote Authentication Dial In User Service (RADIUS)", | ||||
| RFC 2865, June 2000. | ||||
| 4. Informative references | ||||
| [RFC2607] Aboba, B. and J. Vollbrecht, "Proxy Chaining and Policy | ||||
| Implementation in Roaming", RFC 2607, June 1999. | ||||
| [RFC2866] Rigney, C., "RADIUS Accounting", RFC 2866, June 2000. | ||||
| [RFC2867] Zorn, G., Mitton, D. and B. Aboba, "RADIUS Accounting | ||||
| Modifications for Tunnel Protocol Support", RFC 2867, | ||||
| June 2000. | ||||
| [RFC2868] Zorn, G., Leifer, D., Rubens, A., Shriver, J., Holdrege, | ||||
| M. and I. Goyret, "RADIUS Attributes for Tunnel Protocol | ||||
| Support", RFC 2868, June 2000. | ||||
| [RFC2869] Rigney, C., Willats, W. and P. Calhoun, "RADIUS | ||||
| Extensions", RFC 2869, June 2000. | ||||
| [RFC2869bis] Aboba, B. and P. Calhoun, "RADIUS Support for Extensible | ||||
| Authentication Protocol (EAP)", draft-aboba-radius- | ||||
| rfc2869bis-18.txt, Internet draft (work in progress), | ||||
| April 2003. | ||||
| [RFC2882] Mitton, D., "Network Access Servers Requirements: | ||||
| Extended RADIUS Practices", RFC 2882, July 2000. | ||||
| [RFC3162] Aboba, B., Zorn, G. and D. Mitton, "RADIUS and IPv6", RFC | ||||
| 3162, August 2001. | ||||
| [DynAuth] Chiba, M., et al., "Dynamic Authorization Extensions to | ||||
| Remote Authentication Dial In User Service (RADIUS)", | ||||
| Internet draft (work in progress), draft-chiba-radius- | ||||
| dynamic-authorization-16.txt, April 2003. | ||||
| 5. Security Considerations | ||||
| The security considerations detailed in [RFC2434] are generally | ||||
| applicable to this document. Security considerations relating to the | ||||
| RADIUS protocol are discussed in [RFC2607], [RFC2865], [RFC3162], | ||||
| [DynAuth], and [RFC2869bis]. | ||||
| Appendix A - RADIUS Packet Types | ||||
| A list of RADIUS Packet Type Codes is given below. This document | ||||
| instructs IANA to list them in the registry of Packet Type Codes. Note | ||||
| that Type Codes 40-45, which are defined in [DynAuth] are being formally | ||||
| allocated here. Codes 40-45 were listed in [RFC2882] and have been | ||||
| implemented and used. Given their widespread current usage, these | ||||
| assignments are not reclaimable in practice. | ||||
| # Message Reference | ||||
| 1 Access-Request [RFC2865] | ||||
| 2 Access-Accept [RFC2865] | ||||
| 3 Access-Reject [RFC2865] | ||||
| 4 Accounting-Request [RFC2865] | ||||
| 5 Accounting-Response [RFC2865] | ||||
| 6 Accounting-Status [RFC2882] | ||||
| (now Interim Accounting) | ||||
| 7 Password-Request [RFC2882] | ||||
| 8 Password-Ack [RFC2882] | ||||
| 9 Password-Reject [RFC2882] | ||||
| 10 Accounting-Message [RFC2882] | ||||
| 11 Access-Challenge [RFC2865] | ||||
| 12 Status-Server (experimental) [RFC2865] | ||||
| 13 Status-Client (experimental) [RFC2865] | ||||
| 21 Resource-Free-Request [RFC2882] | ||||
| 22 Resource-Free-Response [RFC2882] | ||||
| 23 Resource-Query-Request [RFC2882] | ||||
| 24 Resource-Query-Response [RFC2882] | ||||
| 25 Alternate-Resource- | ||||
| Reclaim-Request [RFC2882] | ||||
| 26 NAS-Reboot-Request [RFC2882] | ||||
| 27 NAS-Reboot-Response [RFC2882] | ||||
| 28 Reserved | ||||
| 29 Next-Passcode [RFC2882] | ||||
| 30 New-Pin [RFC2882] | ||||
| 31 Terminate-Session [RFC2882] | ||||
| 32 Password-Expired [RFC2882] | ||||
| 33 Event-Request [RFC2882] | ||||
| 34 Event-Response [RFC2882] | ||||
| # Message Reference | ||||
| 40 Disconnect-Request [DynAuth] | ||||
| 41 Disconnect-ACK [DynAuth] | ||||
| 42 Disconnect-NAK [DynAuth] | ||||
| 43 CoA-Request [DynAuth] | ||||
| 44 CoA-ACK [DynAuth] | ||||
| 45 CoA-NAK [DynAuth] | ||||
| 50 IP-Address-Allocate [RFC2882] | ||||
| 51 IP-Address-Release [RFC2882] | ||||
| 250-253 Experimental Use | ||||
| 254 Reserved | ||||
| 255 Reserved [RFC2865] | ||||
| Acknowledgments | ||||
| Thanks to Ignacio Goyret of Lucent, Allison Mankin of Lucent Bell Labs, | ||||
| Thomas Narten of IBM, Glen Zorn and Harald Alvestrand of Cisco for | ||||
| discussions relating to this document. | ||||
| Authors' Addresses | ||||
| Bernard Aboba | ||||
| Microsoft Corporation | ||||
| One Microsoft Way | ||||
| Redmond, WA 98052 | ||||
| EMail: bernarda@microsoft.com | ||||
| Phone: +1 425 706 6605 | ||||
| Fax: +1 425 936 7329 | ||||
| Intellectual Property Statement | ||||
| The IETF takes no position regarding the validity or scope of any | This document specifies an Internet standards track protocol for | |||
| intellectual property or other rights that might be claimed to pertain | the Internet community, and requests discussion and suggestions | |||
| to the implementation or use of the technology described in this | for improvements. Please refer to the current edition of the | |||
| document or the extent to which any license under such rights might or | "Internet Official Protocol Standards" (STD 1) for the | |||
| might not be available; neither does it represent that it has made any | standardization state and status of this protocol. Distribution | |||
| effort to identify any such rights. Information on the IETF's | of this memo is unlimited. | |||
| procedures with respect to rights in standards-track and standards- | ||||
| related documentation can be found in BCP-11. Copies of claims of | ||||
| rights made available for publication and any assurances of licenses to | ||||
| be made available, or the result of an attempt made to obtain a general | ||||
| license or permission for the use of such proprietary rights by | ||||
| implementers or users of this specification can be obtained from the | ||||
| IETF Secretariat. | ||||
| The IETF invites any interested party to bring to its attention any | This announcement is sent to the IETF list and the RFC-DIST list. | |||
| copyrights, patents or patent applications, or other proprietary rights | Requests to be added to or deleted from the IETF distribution list | |||
| which may cover technology that may be required to practice this | should be sent to IETF-REQUEST@IETF.ORG. Requests to be | |||
| standard. Please address the information to the IETF Executive | added to or deleted from the RFC-DIST distribution list should | |||
| Director. | be sent to RFC-DIST-REQUEST@RFC-EDITOR.ORG. | |||
| Full Copyright Statement | Details on obtaining RFCs via FTP or EMAIL may be obtained by sending | |||
| an EMAIL message to rfc-info@RFC-EDITOR.ORG with the message body | ||||
| help: ways_to_get_rfcs. For example: | ||||
| Copyright (C) The Internet Society (2003). All Rights Reserved. | To: rfc-info@RFC-EDITOR.ORG | |||
| This document and translations of it may be copied and furnished to | Subject: getting rfcs | |||
| others, and derivative works that comment on or otherwise explain it or | ||||
| assist in its implementation may be prepared, copied, published and | ||||
| distributed, in whole or in part, without restriction of any kind, | ||||
| provided that the above copyright notice and this paragraph are included | ||||
| on all such copies and derivative works. However, this document itself | ||||
| may not be modified in any way, such as by removing the copyright notice | ||||
| or references to the Internet Society or other Internet organizations, | ||||
| except as needed for the purpose of developing Internet standards in | ||||
| which case the procedures for copyrights defined in the Internet | ||||
| Standards process must be followed, or as required to translate it into | ||||
| languages other than English. The limited permissions granted above are | ||||
| perpetual and will not be revoked by the Internet Society or its | ||||
| successors or assigns. This document and the information contained | ||||
| herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE | ||||
| INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR | ||||
| IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE | ||||
| INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED | ||||
| WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. | ||||
| Expiration Date | help: ways_to_get_rfcs | |||
| This memo is filed as <draft-aboba-radius-iana-06.txt>, and expires | Requests for special distribution should be addressed to either the | |||
| November 19, 2003. | author of the RFC in question, or to RFC-Manager@RFC-EDITOR.ORG. Unless | |||
| specifically noted otherwise on the RFC itself, all RFCs are for | ||||
| unlimited distribution.echo | ||||
| Submissions for Requests for Comments should be sent to | ||||
| RFC-EDITOR@RFC-EDITOR.ORG. Please consult RFC 2223, Instructions to RFC | ||||
| Authors, for further information. | ||||
| End of changes. 12 change blocks. | ||||
| 294 lines changed or deleted | 31 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||