idnits 2.17.1
draft-ietf-dhc-proxyserver-opt-01.txt:
Checking boilerplate required by RFC 5378 and the IETF Trust (see
https://trustee.ietf.org/license-info):
----------------------------------------------------------------------------
** Looks like you're using RFC 2026 boilerplate. This must be updated to
follow RFC 3978/3979, as updated by RFC 4748.
Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
----------------------------------------------------------------------------
== No 'Intended status' indicated for this document; assuming Proposed
Standard
== The page length should not exceed 58 lines per page, but there was 7
longer pages, the longest (page 9) being 61 lines
Checking nits according to https://www.ietf.org/id-info/checklist :
----------------------------------------------------------------------------
** There are 12 instances of too long lines in the document, the longest
one being 12 characters in excess of 72.
** There are 44 instances of lines with control characters in the document.
Miscellaneous warnings:
----------------------------------------------------------------------------
== The copyright year in the RFC 3978 Section 5.4 Copyright Line does not
match the current year
== Using lowercase 'not' together with uppercase 'MUST', 'SHALL', 'SHOULD',
or 'RECOMMENDED' is not an accepted usage according to RFC 2119. Please
use uppercase 'NOT' together with RFC 2119 keywords (if that is what you
mean).
Found 'SHOULD not' in this paragraph:
The Proxy Server Configuration entries SHOULD not repeat the same
type of proxy entries. The port MUST be a valid TCP/UDP port.
-- The document seems to lack a disclaimer for pre-RFC5378 work, but may
have content which was first submitted before 10 November 2008. If you
have contacted all the original authors and they are all willing to grant
the BCP78 rights to the IETF Trust, then this is fine, and you can ignore
this comment. If not, you may need to add the pre-RFC5378 disclaimer.
(See the Legal Provisions document at
https://trustee.ietf.org/license-info for more information.)
-- The document date (July 2004) is 7225 days in the past. Is this
intentional?
Checking references for intended status: Proposed Standard
----------------------------------------------------------------------------
(See RFCs 3967 and 4897 for information about using normative references
to lower-maturity documents in RFCs)
== Missing Reference: 'RFC 2119' is mentioned on line 118, but not defined
-- Looks like a reference, but probably isn't: '3' on line 275
== Unused Reference: 'RFC-2119' is defined on line 293, but no explicit
reference was found in the text
== Unused Reference: 'RFC-3118' is defined on line 298, but no explicit
reference was found in the text
== Unused Reference: 'RFC-2616' is defined on line 305, but no explicit
reference was found in the text
== Unused Reference: 'RFC-959' is defined on line 309, but no explicit
reference was found in the text
== Unused Reference: 'RFC-1436' is defined on line 312, but no explicit
reference was found in the text
== Unused Reference: 'RFC-977' is defined on line 317, but no explicit
reference was found in the text
== Unused Reference: 'RFC-1928' is defined on line 320, but no explicit
reference was found in the text
== Unused Reference: 'SSL2' is defined on line 323, but no explicit
reference was found in the text
== Unused Reference: 'SSL3' is defined on line 326, but no explicit
reference was found in the text
== Unused Reference: 'RFC-1625' is defined on line 329, but no explicit
reference was found in the text
-- Obsolete informational reference (is this intentional?): RFC 2616
(Obsoleted by RFC 7230, RFC 7231, RFC 7232, RFC 7233, RFC 7234, RFC 7235)
-- Obsolete informational reference (is this intentional?): RFC 977
(Obsoleted by RFC 3977)
Summary: 3 errors (**), 0 flaws (~~), 15 warnings (==), 5 comments (--).
Run idnits with the --verbose option for more detailed information about
the items above.
--------------------------------------------------------------------------------
1 Network Working Group Senthil K Balasubramanian
2 Internet-Draft Hewlett-Packard Company
3 Expires: December 2004 Michael Alexander
4 Gustaf Neumann
5 Wirtschaftsuniversitaet Wien
6 July 2004
8 DHCP Option for Proxy Server Configuration
9 draft-ietf-dhc-proxyserver-opt-01.txt
11 Status of this Memo
13 This document is an Internet-Draft and is in full conformance with
14 all provisions of Section 10 of RFC2026.
16 Internet-Drafts are working documents of the Internet Engineering
17 Task Force (IETF), its areas, and its working groups. Note that other
18 groups may also distribute working documents as Internet-Drafts.
20 Internet-Drafts are draft documents valid for a maximum of six months
21 and may be updated, replaced, or obsoleted by other documents at any
22 time. It is inappropriate to use Internet-Drafts as reference
23 material or to cite them other than as "work in progress."
25 The list of current Internet-Drafts can be accessed at http://
26 www.ietf.org/ietf/1id-abstracts.txt.
28 The list of Internet-Draft Shadow Directories can be accessed at
29 http://www.ietf.org/shadow.html.
31 This Internet-Draft will expire on December 2004.
33 Copyright Notice
35 Copyright (C) The Internet Society (2004). All Rights Reserved.
37 Abstract
39 This document defines a new Dynamic Host Configuration Protocol
40 (DHCP) option, which can be used to configure the TCP/IP host's Proxy
41 Server configuration for standard protocols like HTTP, FTP, NNTP,
42 SOCKS, Gopher, SLL and etc. Proxy Server provides controlled and
43 efficient access to the Internet by access control mechanism for
44 different types of user requests and caching frequently accessed
45 information (Web pages and possibly files that might have been
46 downloaded using FTP and other protocols).
48 1. Terminologies Used
50 DHCP Client: A DHCP [RFC-2131] client is an Internet host that
51 uses DHCP to obtain configuration information such as
52 network address.
54 DHCP Server: A DHCP server [RFC-2131] is an Internet host that
55 returns configuration parameters to DHCP clients.
57 Proxy Server: In a enterprise network that connects to Internet,
58 a proxy server is a server that acts as an intermediary
59 between a workstation user and the Internet so that the
60 enterprise can ensure security, administrative control,
61 and caching service. A Proxy server MAY be associated with
62 or part of a gateway server that separates the enterprise
63 network from the outside network (Usually Internet)
64 and a firewall server that protects the enterprise network
65 from outside intrusion.
67 RDF:A language (Resource Description Framework [RDF-SYN]) for
68 describing properties of web resources.
70 2. Introduction
72 The Dynamic Host Configuration Protocol [RFC-2131] provides a
73 framework for passing configuration information to hosts on a TCP/IP
74 network. This document describes a DHCP configuration option that
75 can be used to inform a DHCP client, the IP addresses of one or more
76 proxy services that are either available to it or that must be used
77 in order to access internet services, for example through a coporate
78 firewall.
80 The following diagram depicts the typical setup providing proxy
81 service to clients on a network that is protected by a firewall.
83 +---------------------------+ +-----------+
84 | | |Remote HTTP|
85 | | HTTP |Server |
86 | +------------+ +-------------+<--->+-----------+
87 | | Clients | |Proxy Server |
88 | | Inside the |<------>| + | FTP +-----------+
89 | | Firewall | |Firewall |<--->|Remote FTP |
90 | +------------+ +-------------+ |Server |
91 | | ^ +-----------+
92 | | |
93 | | | +-----------+
94 +---------------------------+ | NNTP |Remote NNTP|
95 +------------>|Server |
96 +-----------+
98 The primary use of proxies is to allow access to the World Wide Web
99 from within a firewall. A proxy service typically runs on firewall
100 machine. It waits for a request from inside the firewall, forwards
101 the request to the remote server outside the firewall, reads the
102 response and then sends it back to the client. Usually, all the
103 clients use the same proxy within a given network, which helps in
104 efficient caching of documents that are requested by a number of
105 clients. This behavior makes proxies attractive to clients not
106 inside a firewall.
108 A proxy server increases the network security and user productivity
109 by content filtering and controlling both internal and external
110 access to information. Also, it provides several other
111 functionalities that are not discussed here.
113 3. Requirements terminology
115 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
116 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
117 document are to be interpreted as described in [RFC 2119].
119 4. Proxy Server Configuration Option
121 This document defines a new DHCP Option called the Proxy Server
122 Configuration Option. The format of the Proxy Server configuration
123 option is:
125 Code Len Proxy Server Configuration Entry
126 +-------+------+------+------+------+------+-....-+------+
127 | TBD | N | e1 | e2 | e3 | e4 | | en |
128 +-------+------+------+------+------+------+-....-+------+
130 Code is TBD and will be assigned by IANA according to [RFC-2939].
131 The length N gives the total number of octets in the Proxy Server
132 Configuration entries.
134 The format of Proxy Server Configuration Entry can be either
135 protocol/encoding/Address/port tuple or RDF [RDF-SYN] Metadata type.
136 The minimum length is 8 octets.
138 The Proxy Server Configuration entry consists of a sequence of
139 Protocol Type (p), Encoding (e), IP address and port.
141 +--+--+--+--+--+--+--+--+
142 |p |e |IP address |port |
143 +--+--+--+--+--+--+--+--+
145 The Protocol(p) and encodig (e) are on octet each; each IP address is
146 four octets, and each port number is a two-octet integer encoded in
147 network byte order.
149 The protocol type(p) specifies the type of Protocol and MUST be
150 one of the following assigned numbers.
152 +-------------------------------+
153 | protocol | Number |
154 +-------------------------------+
155 | HTTP | 80 |
156 +-------------------------------+
157 | FTP | 21 |
158 +-------------------------------+
159 | NNTP | 119 |
160 +-------------------------------+
161 | Gopher | 70 |
162 +-------------------------------+
163 | SSL | TBD |
164 +-------------------------------+
165 | SOCKS | 1080 |
166 +-------------------------------+
167 | WAIS | 210 |
168 +-------------------------------+
169 | IMAP | 220 |
170 +-------------------------------+
171 | RDF | TBD |
172 +-------------------------------+
174 The encoding field (e) is by default 0. Otherwise, it can either
175 have "-" or "#".
177 If it is "-", then the entry becomes a destination address for
178 exclusion from forwarding to the proxy. If it is "#", then the proxy
179 requires authentication.
181 In cases where it makes sense to specify more than one proxy server
182 for a given protocol, these proxy servers MUST be specifies as
183 additional IP addresses and ports within the same entry. The list is
184 ordered by precedence, with the most preferred proxy server appearing
185 first in the list, andthe least preferred proxy server appearing last
186 in the list. The DHCP client SHOULD honor this ordering.
188 More than one Proxy Server Configuration Entries MAY be specified in
189 the option. In that case, the list is ordered by precedence, with
190 the most preferred proxy server appearing first in the list, and the
191 least preferred proxy server appearing last in the list. The DHCP
192 client SHOULD honor this ordering.
194 The format of the Proxy Server Configuration using Metadata type is:
196 p Len RDF Metadata for the Proxy
197 +-------+------+----------------------------------+
198 | RDF | N | RDF |
199 +-------+------+----------------------------------+
200 The RDF payload is freeform RDF metadata for describing proxy
201 properties. The length N gives the number of octets in the RDF
202 metadata field.
204 The following entries specifies the sample format of the RDF data
205 field
207 HTTP proxy:
209
210 ]>
211
213
214 License Gate Proxy
215 John Doe
216 Duke OIT
217 Offsite Campus Resource Access Proxy
218 Service
219 Current Duke faculty, staff, and students
220 2004-06-15
221
222
224 FTP proxy:
226
227 ]>
228
230
231 License Gate FTP Proxy
232 John Doe
233 Duke OIT
234 Offsite Campus Resource Access Proxy
235 Service
236 Current Duke faculty, staff, and students
237 2004-06-15
238
239
241 As such there is no minimum length to specify a proxy using RDF
242 metadata. But the minimum sensible statement would be a literal
243 description of the proxy (License Gate Proxy)
244 giving a total of 418 characters including the overhead.
246 For example, with a description element of 60 characters, an URI of
247 80 characters plus a minimum XML/RDF syntax conformation/namespace
248 declaration of:
250 21 Octets
251 70 Octets ]>
252 64 Octets
254 109 Octets
255 81 Octets ..60 characters..
256 18 Octets
257 10 Octets
259 ,the minimum length would be 418 octes.
261 5. Option Usage
263 The Proxy Server Configuration entries SHOULD not repeat the same
264 type of proxy entries. The port MUST be a valid TCP/UDP port.
266 6. Security Considerations
268 The DHCP Options defined here allow an intruder DHCP server to
269 misdirect a client, causing it to access a nonexistent or malicious
270 proxy server. This allows for a denial of service or man-in-the-middle
271 attack. This is a well known property of the DCHP protocol; this option
272 does not create any additional risk of such attacks.
274 DHCP provides an authentication mechanism, as described in RFC 3118
275 [3], which may be used if authentication is required.
277 7. IANA Considerations
279 IANA is requested to assign an option code to the Proxy Server
280 Configuration Option and protocol numbers for the SSL and RDF
281 protocol.
283 8. Acknowledgements
285 Thanks to Srinivas Reddy and Sridhar Ramamoorthy of Satyam InfoWay
286 for their extended help in technical Queries.
288 9. Normative References
290 [RFC-2131] Droms, R., "Dynamic Host Configuration Protocol", RFC 2131,
291 March 1997.
293 [RFC-2119] Bradner, S., "Key words for use in RFCs to Indicate
294 Requirement Levels", BCP 14, RFC 2119, March 1997.
296 10. Informative References
298 [RFC-3118] Droms, R. and W. Arbaugh, "Authentication for DHCP
299 Messages", RFC 3118, June 2001.
301 [RFC-2939] Droms, R., "Procedures and IANA Guidelines for Definition
302 of New DHCP Options and Message Types", BCP 43, RFC 2939,
303 September 2000.
305 [RFC-2616] Fielding, R., Gettys, J., Mogul, J., Frystyk, H.,
306 Masinter, L., Leach, P. and T. Berners-Lee, "Hypertext
307 Transfer Protocol -- HTTP/1.1" RFC 2616, June 1999.
309 [RFC-959] Postel, J. and J. Reynolds, "File Transfer Protocol
310 (FTP)", STD 9, RFC 959, October 1985.
312 [RFC-1436] F. Anklesaria, M. McCahill, P. Lindner, D. Johnson,
313 D. Torrey and B. Albert, "The Internet Gopher Protocol
314 (a distributed document search and retrieval protocol)",
315 RFC 1436, March 1993.
317 [RFC-977] Kantor, B and P. Lapsley, "Network News Transfer
318 Protocol", RFC 977, February 1986.
320 [RFC-1928] Leech, M., Ganis, M., Lee, Y., Kuris, R., Koblas, D., and
321 L. Jones, "SOCKS Protocol V5", RFC 1928, April 1996.
323 [SSL2] Hickman, Kipp, "The SSL Protocol", Netscape Communications
324 Corp., Feb 9, 1995.
326 [SSL3] A. Frier, P. Karlton, and P. Kocher, "The SSL 3.0
327 Protocol", Netscape Communications Corp., Nov 18, 1996.
329 [RFC-1625] M. St. Pierre, J. Fullton, K. Gamiel, J. Goldman, B. Kahle,
330 J. Kunze, H. Morris, F. Schiettecatte, "WAIS over Z39.50-1988",
331 RFC 1625, June 1994.
332 [RDF-SYN] Becket, D. and B. McBride, Ed., "RDF/XML Syntax Specification",
333 W3C REC-rdf-syntax, February 2004,
334 .
336 Author's Address
338 Senthil K Balasubramanian
339 Hewlett Packard
340 29 Cunnigham Road,
341 Bangalore
342 India 560 052
344 Phone: +91 80 2205 3103
345 EMail: ksenthil@india.hp.com
346 Michael Alexander
347 Wirtschaftsuniversitaet Wien
348 Augasse 2-6
349 A-1090 Vienna, Austria
351 Phone: +43 31336 4467
352 Email: malexand@wu-wien.ac.at
354 Gustaf Neumann
355 Wirtschaftsuniversitaet Wien
356 Augasse 2-6
357 A-1090 Vienna, Austria
359 Phone: +43 31336 4671
360 Email: neumann@wu-wien.ac.at
362 Intellectual Property Statement
364 The IETF takes no position regarding the validity or scope of any
365 intellectual property or other rights that might be claimed to
366 pertain to the implementation or use of the technology described in
367 this document or the extent to which any license under such rights
368 might or might not be available; neither does it represent that it
369 has made any effort to identify any such rights. Information on the
370 IETF's procedures with respect to rights in standards-track and
371 standards-related documentation can be found in BCP-11. Copies of
372 claims of rights made available for publication and any assurances of
373 licenses to be made available, or the result of an attempt made to
374 obtain a general license or permission for the use of such
375 proprietary rights by implementors or users of this specification can
376 be obtained from the IETF Secretariat.
378 The IETF invites any interested party to bring to its attention any
379 copyrights, patents or patent applications, or other proprietary
380 rights which may cover technology that may be required to practice
381 this standard. Please address the information to the IETF Executive
382 Director.
384 Full Copyright Statement
386 Copyright (C) The Internet Society (2004). All Rights Reserved.
388 This document and translations of it may be copied and furnished to
389 others, and derivative works that comment on or otherwise explain it
390 or assist in its implementation may be prepared, copied, published
391 and distributed, in whole or in part, without restriction of any
392 kind, provided that the above copyright notice and this paragraph are
393 included on all such copies and derivative works. However, this
394 document itself may not be modified in any way, such as by removing
395 the copyright notice or references to the Internet Society or other
396 Internet organizations, except as needed for the purpose of
397 developing Internet standards in which case the procedures for
398 copyrights defined in the Internet Standards process must be
399 followed, or as required to translate it into languages other than
400 English.
402 The limited permissions granted above are perpetual and will not be
403 revoked by the Internet Society or its successors or assignees.
405 This document and the information contained herein is provided on an
406 "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
407 TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
408 BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
409 HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
410 MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
412 Acknowledgment
414 Funding for the RFC Editor function is currently provided by the
415 Internet Society.