idnits 2.17.1 draft-ietf-geopriv-dhcp-lbyr-uri-option-13.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == It seems as if not all pages are separated by form feeds - found 0 form feeds but 13 pages Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (Mar 10, 2012) is 4423 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Downref: Normative reference to an Informational RFC: RFC 5808 -- Obsolete informational reference (is this intentional?): RFC 2616 (Obsoleted by RFC 7230, RFC 7231, RFC 7232, RFC 7233, RFC 7234, RFC 7235) -- Obsolete informational reference (is this intentional?): RFC 3825 (Obsoleted by RFC 6225) Summary: 1 error (**), 0 flaws (~~), 2 warnings (==), 4 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 Network WG James Polk 2 Internet-Draft Cisco Systems 3 Intended status: Proposed Standard Mar 10, 2012 4 Expires: Sept 10, 2012 6 Dynamic Host Configuration Protocol (DHCP) IPv4 and IPv6 7 Option for a Location Uniform Resource Identifier (URI) 8 draft-ietf-geopriv-dhcp-lbyr-uri-option-13 10 Abstract 12 This document creates a Dynamic Host Configuration Protocol (DHCP) 13 Option for transmitting a client's geolocation Uniform Resource 14 Identifier (URI). This Location URI can then be dereferenced in a 15 separate transaction by the client or sent to another entity and 16 dereferenced to learn physically where the client is located. 18 Status of this Memo 20 This Internet-Draft is submitted in full conformance with the 21 provisions of BCP 78 and BCP 79. 23 Internet-Drafts are working documents of the Internet Engineering 24 Task Force (IETF). Note that other groups may also distribute 25 working documents as Internet-Drafts. The list of current Internet- 26 Drafts is at http://datatracker.ietf.org/drafts/current/. 28 Internet-Drafts are draft documents valid for a maximum of six 29 months and may be updated, replaced, or obsoleted by other documents 30 at any time. It is inappropriate to use Internet-Drafts as 31 reference material or to cite them other than as "work in progress." 33 This Internet-Draft will expire on September 10, 2012. 35 Copyright Notice 37 Copyright (c) 2011 IETF Trust and the persons identified as the 38 document authors. All rights reserved. 40 This document is subject to BCP 78 and the IETF Trust's Legal 41 Provisions Relating to IETF Documents 42 (http://trustee.ietf.org/license-info) in effect on the date of 43 publication of this document. Please review these documents 44 carefully, as they describe your rights and restrictions with 45 respect to this document. Code Components extracted from this 46 document must include Simplified BSD License text as described in 47 Section 4.e of the Trust Legal Provisions and are provided without 48 warranty as described in the Simplified BSD License. 50 Table of Contents 52 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 53 2. Format of the DHCP LocationURI Option . . . . . . . . . . . . 4 54 2.1. Overall Format of LocationURI Option in IPv4 . . . . . 4 55 2.2. Overall Format of LocationURI Option in IPv6 . . . . . 5 56 2.3. LocationURI Format for both IPv4 and IPv6 . . . . . . . 5 57 3. DHCP Option Operation . . . . . . . . . . . . . . . . . . . . 6 58 3.1 Architectural Assumptions . . . . . . . . . . . . . . . . 8 59 3.2 Harmful URIs and URLs . . . . . . . . . . . . . . . . . . 8 60 3.3 Valid Location URI Schemes or Types . . . . . . . . . . . 9 61 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 62 5. Security Considerations . . . . . . . . . . . . . . . . . . . 10 63 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 11 64 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 11 65 7.1. Normative References . . . . . . . . . . . . . . . . . . 11 66 7.2. Informative References . . . . . . . . . . . . . . . . . 12 67 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 13 69 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 70 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 71 document are to be interpreted as described in [RFC2119]. 73 1. Introduction 75 This document creates a Dynamic Host Configuration Protocol (DHCP) 76 Option for transmitting a client's geolocation Uniform Resource 77 Identifier (URI). The DHCP implementation of the client can then 78 make this location information available to upper layer protocols 79 for their usage. This location URI points a Location Server 80 [RFC5808] which has the geolocation of the client (through means 81 not defined in this document). In this scenario, the DHCP client 82 is a Geopriv Target (i.e., the entity whose geolocation is 83 associated with the location URI). 85 Applications using upper layer protocols within the Target can then 86 choose to deference this location URI and/or transmit the URI to 87 another entity as a means of conveying where the Target is located. 88 Dereferencing a location URI is described in [RFC6442]. Conveying 89 a location URI is also described in [RFC6442]. Session Initiation 90 Protocol (SIP) is not the only protocol that can dereference a 91 location URI; there is also HTTP-Enabled Location Delivery (HELD) 92 [ID-HELD-DEREF] and HTTP [RFC2616]. 94 Having a location URI has advantages over having a PIDF-LO, 95 especially when a target's location changes. With a location URI, 96 when a target moves, the location URI does not change (at least 97 within the same domain). It can still be given out as the reference 98 to the Target's current location. The opposite is true if the 99 location is conveyed by value in a message. Once the Target moves, 100 the previously given location is no longer valid, and if the Target 101 wants to inform another entity about its location, it has to send 102 the PIDF-LO to the location recipient (again). 104 A Location Server (LS) stores the Target's location as a presence 105 document, called a Presence Information Data Format - Location 106 Object (PIDF-LO), defined in RFC 4119 [RFC4119]. The Location Server 107 is the entity contacted during the act of dereferencing a Target's 108 location. If the dereferencing entity has permission, defined in 109 [ID-GEO-POL], the location of the target will be received. The LS 110 will grant permission to location inquires based on the rules 111 established by a Rule Holder [RFC3693]. The LS has the ability to 112 challenge any request for a target's location, thereby providing 113 additive security properties before location revelation. 115 A problem exists within existing RFCs that provide location to the 116 UA ([RFC3825] and [RFC4776]). These DHCP Options for geolocation 117 values require an update of the entire location information (LI) 118 every time a client moves. Not all clients will move frequently, 119 but some will. Refreshing location values every time a client moves 120 does not scale in certain networks/environments, such as IP-based 121 cellular networks, enterprise networks or service provider networks 122 with mobile endpoints. An 802.11 based access network is one 123 example of this. Constantly updating LCI to endpoints might not 124 scale in mobile (residential or enterprise or municipal) networks in 125 which the client is moving through more than one network attachment 126 point, perhaps as a person walks or drives with their client down a 127 neighborhood street or apartment complex or a shopping center or 128 through a municipality (that has IP connectivity as a service). 130 If the client was provided a location URI reference to retain and 131 hand out when it wants or needs to convey its location (in a 132 protocol other than DHCP), a location URI that would not change as 133 the client's location changes (within a domain), scaling issues 134 would be significantly reduced to needing an update of the location 135 URI only when a client changes administrative domains - which is 136 much less often. This delivery of an indirect location has the 137 added benefit of not using up valuable or limited bandwidth to the 138 client with the constant updates. It also relieves the client from 139 having to determine when it has moved far enough to consider asking 140 for a refresh of its location. 142 In enterprise networks, if a known location is assigned to each 143 individual Ethernet port in the network, a device that attaches to 144 the network a wall-jack (directly associated with a specific 145 Ethernet Switch port) will be associated with a known location via a 146 unique circuit-ID that's used by the RAIO Option defined in RFC 3046 147 [RFC3046]. This assumes wall-jacks have an updated wiremap 148 database. RFC 3825 and RFC 4776 would return an LCI value of 149 location. This document specifies how a location URI is returned 150 using DHCP. The location URI points to a PIDF-LO contained on an 151 LS. Performing a dereferencing transaction, that Target's PIDF-LO 152 will be returned. If local configuration has the requirement of 153 only assigning unique location URIs to each client at the same 154 attachment point to the network (i.e., same RJ-45 jack or same 155 802.11 Access Point - except when triangulation is used), then 156 unique location URIs will be given out, though they will all have 157 the same location at the record, relieving the backend Sighter or LS 158 from individually maintaining each location independently. 160 This Option can be useful in IEEE 802.16e connected endpoints or IP 161 cellular endpoints. The location URI Option can be configured on a 162 router, such as a residential home gateway, such that the router 163 receives this Location URI Option as a client with the ability to 164 communicate to downstream endpoints as a server. 166 How an LS responds to a dereference request can vary, and a policy 167 established by a Ruleholder [RFC3693] for a Location Target as to 168 what type of challenge(s) is to be used, how strong a challenge is 169 used or how precise the location information is given to a 170 Location Recipient (LR). This document does not provide mechanisms 171 for the LS to tell the client about policies or for the client to 172 specify a policy for the LS. While an LS should apply an appropriate 173 access-control policy, clients must assume that the LS will provide 174 location in response to any request (following the possession model 175 [RFC5808]). For further discussion of privacy, see the Security 176 Considerations. 178 This document IANA-registers the new IPv4 and IPv6 DHCP Options for 179 a location URI. 181 2. Format of the DHCP LocationURI Option 183 2.1 Overall Format of LocationURI Option in IPv4 185 The LocationURI Option format for IPv4 is as follows: 187 0 1 2 3 188 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 189 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 190 | Code XXX | Length=XX | . 191 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ . 192 . LocationURI... ... 193 . (see Section 2.3 for details) ... | 194 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 196 Figure 1. IPv4 Fields for this LocationURI Option 198 Code XXX: The code for this DHCPv4 option (IANA assigned). 200 Length=XX: The length of this option, counted in bytes - not 201 counting the Code and Length bytes. This is a variable 202 length Option, therefore the length value will change 203 based on the length of the URI within the Option. 205 LocationURI: see Section 2.3 for details 207 2.2 Overall Format of LocationURI Option in IPv6 209 The LocationURI Option format for IPv6 is as follows: 211 0 1 2 3 212 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 213 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 214 | option-code | option-len | 215 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 216 | LocationURI... . 217 . (see Section 2.3 for details) | 218 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 220 Figure 2. IPv6 fields of this LocationURI Option 222 option-code: The code for this DHCPv6 option (IANA assigned). 224 option-len: The length of this option, counted in bytes - not 225 counting the Code and Length bytes. This is a variable 226 length Option, therefore the length value will change 227 based on the length of the URI within the Option. 229 LocationURI: see below (Section 2.3 for details). 231 2.3 LocationURI Format for both IPv4 and IPv6 233 The LocationURI, in both DHCPv4 and DHCPv6, have the following 234 format: 236 0 1 2 3 237 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 238 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 239 | LuriType | LuriLength | LuriValue ... 240 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 242 Figure 3. LocationURI TLV Format for both IPv4 and IPv6 244 LuriType: A one-byte identifier of the data location value. 246 LuriLength: The length of the LuriValue, not including the 247 LuriLength field itself, up to a maximum of 255 248 units. The unit of measurement is defined by the 249 LuriType field definition. The LuriLength itself is 250 always a one-byte unsigned integer. 252 LuriValue: The LocationURI value, as described in detail below. 254 The LuriTypes this document defines for a point are: 256 LuriType=1 Location URI - This field, in bytes, is the URI 257 pointing at the location record where the PIDF-LO for 258 the Location Target resides. The LuriValue of 259 LuriType=1 is always represented in UTF-8. 261 LuriType=2 Valid-For - The time, in seconds, this URI is to be 262 considered Valid for dereferencing. The timer 263 associated with this LuriType starts upon receipt of 264 this Option by the client. The LuriValue of LuriType=2 265 is always represented as a four-byte unsigned integer. 267 The Valid-For (LuriType=2) indicates how long, in seconds, the 268 client is to consider this location URI (LuriType=1) valid. The 269 choice of the Valid-For value is a policy decision for the operator 270 of the DHCP server. Like location URIs themselves, it can be 271 statically configured on the DHCP server or provisioned dynamically 272 (via an out-of-band exchange with a Location Information Server) as 273 requests for location URIs are received. 275 The Valid-For time is used only at the application layer, as an 276 indication of when the URI can be used to access location. It is 277 independent of the DHCP list time, and in no way related to the DHCP 278 state machine. Clients MUST NOT trigger an automatic DHCP refresh 279 on expiry of the Valid-For timer; rather, they should follow normal 280 DHCP mechanics. 282 The Valid-For (LuriType=2) offers no meaningful information without 283 an accompanying Location URI (LuriType=1), therefore a Valid-For 284 (LuriType=2) MUST NOT be sent without a Location URI (LuriType=1). 286 The Valid-For (LuriType=2) is not mandated for use by this document. 287 However, its presence MUST NOT cause any error in handling the 288 location URI (i.e., if not understood, it MUST be ignored). 290 This Option format is highly extensible. Additional LuriType types 291 created MUST be done so through IANA registration with a standards 292 track RFC. 294 3. DHCP Option Operation 296 The [RFC3046] RAIO can be utilized to provide the appropriate 297 indication to the DHCP Server where this DISCOVER or REQUEST message 298 came from, in order to supply the correct response. 300 Caution SHOULD always be used involving the creation of large 301 Options, meaning that this Option MAY need to be in its own INFORM, 302 OPTION or ACK message. 304 It is RECOMMENDED to avoid building URIs, with any parameters, 305 larger than what a single DHCP response can be. However, if a 306 message is larger than 255 bytes, concatenation is allowed, per RFC 307 3396 [RFC3396]. 309 Per [RFC2131], subsequent LocationURI Options, which are 310 non-concatenated, overwrite the previous value. 312 Location URIs MUST NOT reveal identity information of the user of 313 the device, since DHCP is a cleartext delivery protocol. For 314 example, creating a location URI such as 316 sips:34LKJH534663J54@example.com 318 is better than a location URI such as 320 sips:aliceisat123mainstalantageorgiaus@example.com 322 The username portion of the first example URI provides no direct 323 identity information (in which 34LKJH534663J54 is considered to be a 324 random number in this example). 326 In the element of a PIDF-LO document, there is an 327 'entity' attribute that identities what entity *this* document 328 (including the associated location) refers to. It is up to the 329 PIDF-LO generator, either Location Server or an application in the 330 endpoint, to insert the identity in the 'entity' attribute. This 331 can be seen in [RFC4119]. The considerations for populating the 332 entity attribute value in a PIDF-LO document are independent from 333 the considerations for avoiding exposing identification information 334 in the username part of a location URI. 336 This Option is used only for communications between a DHCP client 337 and a DHCP server. It can be solicited (requested) by the client, 338 or it can be pushed by the server without a request for it. DHCP 339 Options not understood MUST be ignored [RFC2131]. A DHCP server 340 supporting this Option might or might not have the location of a 341 client. If a server does not have a client's location, but needs to 342 provide this Location URI Option to a client (for whatever reason), 343 an LS is contacted. This server-to-LS transaction is not DHCP, 344 therefore it is out of scope of this document. Note that this 345 server-to-LS transaction could delay the DHCP messaging to the 346 client. If the server fails to have location before it transmits its 347 message to the client, location will not be part of that DHCP 348 message. Any timers involved here are a matter of local 349 configuration. 351 The deference of a target's location URI would not involve DHCP, but 352 an application layer protocol, such as SIP or HTTP, therefore 353 dereferencing is out of scope of this document. 355 In the case of residential gateways being DHCP servers, they usually 356 perform as DHCP clients in a hierarchical fashion up into a service 357 provider's network DHCP server(s), or learn what information to 358 provide via DHCP to residential clients through a protocol, such as 359 PPP. In these cases, the location URI would likely indicate the 360 residence's civic address to all wired or wireless clients within 361 that residence. 363 3.1 Architectural Assumptions 365 The following assumptions have been made for use of this LocationURI 366 Option for a client to learn its location URI (in no particular 367 order): 369 o Any user control (what [RFC3693] calls a 'Ruleholder') for access 370 to the dereferencing step is assumed to be out of scope of this 371 document. An example authorization policy is in [ID-GEO-POL]. 373 o The authorization vs. possession security model can be found in 374 [RFC5808], describing what is expected in each model of 375 operation. It should be assumed that a location URI attained 376 using DHCP will operate under an possession model by default. 377 An authorization model can be instituted as a matter of local 378 policy. An authorization model means possessing the location URI 379 does not give that entity the right to view the PIDF-LO of the 380 target whose location is indicated in a presence document. The 381 dereference transaction will be challenged by the Location Server 382 only in an authorization model. The nature of this challenge is 383 out of scope of this document. 385 o This document does not prevent some environments from operating 386 in an authorization model, for example - in less tightly 387 controlled networks. The costs associated with authorization vs. 388 possession models are discussed in Section 3.3.2 of [RFC5606]. 390 3.2 Harmful URIs and URLs 392 There are, in fact, some types of URIs that are not good to receive, 393 due to security concerns. For example, any URLs that can have 394 scripts, such as "data:" URLs, and some "HTTP:" URLs that go to web 395 pages that have scripts. Therefore, 397 o URIs received via this Option MUST NOT be automatically sent to a 398 general-browser to connect to a web page, because they could have 399 harmful scripts. 401 o This Option MUST NOT contain "data:" URLs, because they could 402 contain harmful scripts. 404 Instead of listing all the types of URIs and URLs that can be 405 misused or potentially have harmful affects, Section 3.3 IANA 406 registers acceptable location URI schemes (or types). 408 3.3 Valid Location URI Schemes or Types 410 This section specifies which URI types are acceptable as a location 411 URI scheme (or type) for this DHCP Option: 413 1. sip: 414 2. sips: 415 3. pres: 416 4. http: 417 5. https: 419 URIs using the "pres" scheme are dereferenced using the presence 420 event package for SIP [RFC3856], so they will reference a PIDF-LO 421 document when location is available. Responses to requests for URIs 422 with other schemes ("sip", "sips", "http", and "https") MUST have 423 MIME type 'application/pidf+xml'. Alternatively, HTTP and HTTPS 424 URIs MAY refer to information with MIME type 'application/held+xml', 425 in order to support HELD dereferencing [ID-HELD-DEREF]. Clients can 426 indicate which MIME types they support using the "Accept" header 427 field in SIP [RFC3261] or HTTP [RFC2616]. 429 See RFC 3922 [RFC3922] for using the pres: URI with XMPP. 431 It is RECOMMENDED that implementers follow Section 4.6 of RFC 6442 432 [RFC6442] as guidance regarding which Location URI schemes to 433 provide in DHCP. That document discusses what a receiving entity 434 does when receiving a URI scheme that is not understood. Awareness 435 to the two URI types there is important for conveying location, if 436 SIP is used to convey a Location URI provided by DHCP. 438 4. IANA Considerations 440 4.1 The IPv4 Option number for this Option 442 This document IANA registers this IPv4 Option number XXX (to be 443 assigned by IANA once this document becomes an RFC). 445 4.2 The IPv6 Option-Code for this Option 447 This document IANA registers this IPv6 Option-Code XXX (to be 448 assigned by IANA once this document becomes an RFC). 450 4.3 IANA Considerations for LuriTypes 452 IANA is requested to create a new registry for acceptable location 453 types defined in Section 3.2 of this document, arranged similar to 454 this: 456 +------------+----------------------------------------+-----------+ 457 | LuriType | Name | Reference | 458 +------------+----------------------------------------+-----------+ 459 | 1 | Location URI | RFC XXXX* | 460 | 2 | Valid-For | RFC XXXX* | 461 +------------+----------------------------------------+-----------+ 463 * RFC XXXX is to be replaced with this document's RFC-Editor RFC 464 number. 466 Additions to this registry require a standards track RFC. 468 5. Security Considerations 470 Where critical decisions might be based on the value of this 471 location URI option, DHCP authentication in [RFC3118] SHOULD be used 472 to protect the integrity of the DHCP options. 474 A real concern with RFC 3118 it is that not widely deployed because 475 it requires pre-shared keys to successfully work (i.e., in the 476 client and in the server). Most implementations do not 477 accommodate this. 479 DHCP, initially, is a broadcast request (a client looking for a 480 server), and a unicast response (answer from a server) type of 481 protocol. It does not provide security at the network layer. 482 Instead, it relies on lower-layer security mechanisms. 484 Once a client has a URI, it needs information on how the location 485 server will control access to dereference requests. A client might 486 treat a tightly access-controlled URI differently from one that can 487 be dereferenced by anyone on the Internet (i.e., one following the 488 "possession model"). With the LuriTypes defined in this document, 489 the DHCP option for delivering location URIs can only tell the user 490 how long the URI will be valid. Since the client does not know what 491 policy will be applied during this validity interval, clients MUST 492 handle location URIs as if they could be dereferenced by anybody 493 until they expire. For example, such open location URIs should only 494 be transmitted in encrypted channels. Nonetheless, location servers 495 SHOULD apply appropriate access control policies, for example by 496 limiting the number of queries that any given client can make, or 497 limiting access to users within an enterprise. 499 Extensions to this option, such as [ID-POLICY-URI] can provide 500 mechanisms for accessing and provisioning policy. Giving users 501 access to policy information will allow them to make more informed 502 decisions about how to use their location URIs. Allowing users to 503 provide policy information to the LS will enable them to tailor 504 access control policies to their needs (within the bounds of policy 505 that the LS will accept). 507 As to the concerns about the location URI itself, as stated in the 508 document (see Section 3), it MUST NOT have any user identifying 509 information in the URI user-part/string itself. The location URI 510 also needs to be hard to guess that it belongs to a specific user. 512 When implementing a DHCP server that will serve clients across an 513 uncontrolled network, one should consider the potential security 514 risks therein. 516 6. Acknowledgements 518 Thanks to James Winterbottom, Marc Linsner, Roger Marshall and 519 Robert Sparks for their useful comments. And to Lisa Dusseault for 520 her concerns about the types of URIs that can cause harm. To 521 Richard Barnes for inspiring a more robust Security Considerations 522 section, and for offering the text to incorporate HTTP URIs. To 523 Hannes Tschofenig and Ted Hardie for riding me to comply with their 524 concerns, including a good scrubbing of the nearly final doc. 526 7. References 528 7.1. Normative References 530 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 531 Requirement Levels", BCP 14, RFC 2119, March 1997. 533 [RFC2131] Droms, R., "Dynamic Host Configuration Protocol", RFC 2131, 534 March 1997. 536 [RFC3046] Patrick, M., "DHCP Relay Agent Information Option", RFC 537 3046, January 2001. 539 [RFC3118] Droms, R. and W. Arbaugh, "Authentication for DHCP 540 Messages", RFC 3118, June 2001. 542 [RFC3261] J. Rosenberg, H. Schulzrinne, G. Camarillo, A. Johnston, J. 543 Peterson, R. Sparks, M. Handley, and E. Schooler, "SIP: 544 Session Initiation Protocol", RFC 3261, May 2002. 546 [RFC3396] T. Lemon, S. Cheshire, "Encoding Long Options in the Dynamic 547 Host Configuration Protocol (DHCPv4)", RFC 3396, November 548 2002 550 [RFC3856] J. Rosenberg, "A Presence Event Package for the Session 551 Initiation Protocol (SIP)", RFC 3856, August 2004 553 [RFC3922] P. Saint-Andre, " Mapping the Extensible Messaging and 554 Presence Protocol (XMPP) to Common Presence and Instant 555 Messaging (CPIM)", RFC 3922, October 2004 557 [RFC4119] J. Peterson, "A Presence-based GEOPRIV Location Object 558 Format", RFC 4119, December 2005 560 [RFC5808] R. Marshall, Ed., "Requirements for a Location-by-Reference 561 Mechanism", RFC 5808, May 2010 563 [RFC6442] Polk, J., Rosen, B., and J. Peterson, "Location Conveyance 564 for the Session Initiation Protocol", RFC 6442, December 565 2011. 567 7.2. Informative References 569 [RFC2616] R. Fielding, J. Gettys, J., Mogul, H. Frystyk, L., 570 Masinter, P. Leach, T. Berners-Lee, "Hypertext Transfer 571 Protocol - HTTP/1.1", RFC 2616, June 1999 573 [RFC3693] J. Cuellar, J. Morris, D. Mulligan, J. Peterson. J. Polk, 574 "Geopriv Requirements", RFC 3693, February 2004 576 [RFC3825] J. Polk, J. Schnizlein, M. Linsner, "Dynamic Host 577 Configuration Protocol Option for Coordinate-based Location 578 Configuration Information", RFC 3825, July 2004 580 [RFC4776] H. Schulzrinne, "Dynamic Host Configuration Protocol 581 (DHCPv4 and DHCPv6) Option for Civic Addresses Configuration 582 Information ", RFC 4776, November 2006 584 [RFC5606] J. Peterson, T. Hardie, J. Morris, " Implications of 585 'retransmission-allowed' for SIP Location Conveyance", 586 August 2009 588 [RFC5808] R. Marshall, "Requirements for a Location-by-Reference 589 Mechanism", RFC 5808, May 2010 591 [ID-HELD-DEREF] J. Winterbottom, H. Tschofenig, H. Schulzrinne, M. 592 Thomson, M. Dawson, "A Location Dereferencing Protocol Using 593 HELD", "work in progress", October 2011 595 [ID-GEO-POL] H. Schulzrinne, H. Tschofenig, J. Morris, J. Cuellar, J. 596 Polk, "Geolocation Policy: A Document Format for Expressing 597 Privacy Preferences for Location Information", "work in 598 progress", October 2011 600 [ID-POLICY-URI] R. Barnes, M. Thomson, J. Winterbottom, "Location 601 Configuration Extensions for Policy Management", "work in 602 progress", November 2011 604 Authors' Address 606 James Polk 607 3913 Treemont Circle 608 Colleyville, Texas 76034 609 USA 611 Email: jmpolk@cisco.com