idnits 2.17.1 draft-ietf-hip-rfc5203-bis-01.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- -- The draft header indicates that this document obsoletes RFC5203, but the abstract doesn't seem to mention this, which it should. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (March 14, 2011) is 4792 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-20) exists of draft-ietf-hip-rfc5201-bis-05 == Outdated reference: A later version (-08) exists of draft-ietf-hip-rfc5204-bis-00 ** Obsolete normative reference: RFC 2434 (Obsoleted by RFC 5226) -- Obsolete informational reference (is this intentional?): RFC 4423 (Obsoleted by RFC 9063) Summary: 1 error (**), 0 flaws (~~), 3 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group J. Laganier 3 Internet-Draft Juniper Networks 4 Obsoletes: 5203 (if approved) T. Koponen 5 Intended status: Standards Track HIIT 6 Expires: September 15, 2011 L. Eggert 7 Nokia 8 March 14, 2011 10 Host Identity Protocol (HIP) Registration Extension 11 draft-ietf-hip-rfc5203-bis-01 13 Abstract 15 This document specifies a registration mechanism for the Host 16 Identity Protocol (HIP) that allows hosts to register with services, 17 such as HIP rendezvous servers or middleboxes. 19 Status of This Memo 21 This Internet-Draft is submitted in full conformance with the 22 provisions of BCP 78 and BCP 79. 24 Internet-Drafts are working documents of the Internet Engineering 25 Task Force (IETF). Note that other groups may also distribute 26 working documents as Internet-Drafts. The list of current Internet- 27 Drafts is at http://datatracker.ietf.org/drafts/current/. 29 Internet-Drafts are draft documents valid for a maximum of six months 30 and may be updated, replaced, or obsoleted by other documents at any 31 time. It is inappropriate to use Internet-Drafts as reference 32 material or to cite them other than as "work in progress." 34 This Internet-Draft will expire on September 15, 2011. 36 Copyright Notice 38 Copyright (c) 2011 IETF Trust and the persons identified as the 39 document authors. All rights reserved. 41 This document is subject to BCP 78 and the IETF Trust's Legal 42 Provisions Relating to IETF Documents 43 (http://trustee.ietf.org/license-info) in effect on the date of 44 publication of this document. Please review these documents 45 carefully, as they describe your rights and restrictions with respect 46 to this document. Code Components extracted from this document must 47 include Simplified BSD License text as described in Section 4.e of 48 the Trust Legal Provisions and are provided without warranty as 49 described in the Simplified BSD License. 51 Table of Contents 53 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 54 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 55 3. HIP Registration Extension Overview . . . . . . . . . . . . . 4 56 3.1. Registrar Announcing Its Ability . . . . . . . . . . . . . 4 57 3.2. Requester Requesting Registration . . . . . . . . . . . . 4 58 3.3. Registrar Granting or Refusing Service(s) Registration . . 4 59 4. Parameter Formats and Processing . . . . . . . . . . . . . . . 6 60 4.1. Encoding Registration Lifetimes with Exponents . . . . . . 6 61 4.2. REG_INFO . . . . . . . . . . . . . . . . . . . . . . . . . 6 62 4.3. REG_REQUEST . . . . . . . . . . . . . . . . . . . . . . . 7 63 4.4. REG_RESPONSE . . . . . . . . . . . . . . . . . . . . . . . 8 64 4.5. REG_FAILED . . . . . . . . . . . . . . . . . . . . . . . . 9 65 5. Establishing and Maintaining Registrations . . . . . . . . . . 10 66 6. Security Considerations . . . . . . . . . . . . . . . . . . . 10 67 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11 68 8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 12 69 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 12 70 9.1. Normative References . . . . . . . . . . . . . . . . . . . 12 71 9.2. Informative References . . . . . . . . . . . . . . . . . . 12 72 Appendix A. Changes from RFC 5203 . . . . . . . . . . . . . . . . 12 74 1. Introduction 76 This document specifies an extension to the Host Identity Protocol 77 (HIP) [I-D.ietf-hip-rfc5201-bis]. The extension provides a generic 78 means for a host to register with a service. The service may, for 79 example, be a HIP rendezvous server [I-D.ietf-hip-rfc5204-bis] or a 80 middlebox [RFC3234]. 82 This document makes no further assumptions about the exact type of 83 service. Likewise, this document does not specify any mechanisms to 84 discover the presence of specific services or means to interact with 85 them after registration. Future documents may describe those 86 operations. 88 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 89 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 90 document are to be interpreted as described in RFC 2119 [RFC2119]. 92 2. Terminology 94 In addition to the terminology defined in the HIP Architecture 95 [RFC4423], the HIP specification [I-D.ietf-hip-rfc5201-bis], and the 96 HIP Rendezvous Extension [I-D.ietf-hip-rfc5204-bis], this document 97 defines and uses the following terms: 99 Requester: 100 a HIP node registering with a HIP registrar to request 101 registration for a service. 103 Registrar: 104 a HIP node offering registration for one or more services. 106 Service: 107 a facility that provides requesters with new capabilities or 108 functionalities operating at the HIP layer. Examples include 109 firewalls that support HIP traversal or HIP rendezvous servers. 111 Registration: 112 shared state stored by a requester and a registrar, allowing the 113 requester to benefit from one or more HIP services offered by the 114 registrar. Each registration has an associated finite lifetime. 115 Requesters can extend established registrations through re- 116 registration (i.e., perform a refresh). 118 Registration Type: 119 an identifier for a given service in the registration protocol. 120 For example, the rendezvous service is identified by a specific 121 registration type. 123 3. HIP Registration Extension Overview 125 This document does not specify the means by which a requester 126 discovers the availability of a service, or how a requester locates a 127 registrar. After a requester has discovered a registrar, it either 128 initiates HIP base exchange or uses an existing HIP association with 129 the registrar. In both cases, registrars use additional parameters, 130 which the remainder of this document defines, to announce their 131 quality and grant or refuse registration. Requesters use 132 corresponding parameters to register with the service. Both the 133 registrar and the requester MAY also include in the messages 134 exchanged additional HIP parameters specific to the registration type 135 implicated. Other documents will define parameters and how they 136 shall be used. The following sections describe the differences 137 between this registration handshake and the standard HIP base 138 exchange [I-D.ietf-hip-rfc5201-bis]. 140 3.1. Registrar Announcing Its Ability 142 A host that is capable and willing to act as a registrar SHOULD 143 include a REG_INFO parameter in the R1 packets it sends during all 144 base exchanges. If it is currently unable to provide services due to 145 transient conditions, it SHOULD include an empty REG_INFO, i.e., one 146 with no services listed. If services can be provided later, it 147 SHOULD send UPDATE packets indicating the current set of services 148 available in a new REG_INFO parameter to all hosts it is associated 149 with. 151 3.2. Requester Requesting Registration 153 To request registration with a service, a requester constructs and 154 includes a corresponding REG_REQUEST parameter in an I2 or UPDATE 155 packet it sends to the registrar. 157 If the requester has no HIP association established with the 158 registrar, it SHOULD send the REG_REQUEST at the earliest 159 possibility, i.e., in the I2 packet. This minimizes the number of 160 packets that need to be exchanged with the registrar. A registrar 161 MAY end a HIP association that does not carry a REG_REQUEST by 162 including a NOTIFY with the type REG_REQUIRED in the R2. In this 163 case, no HIP association is created between the hosts. The 164 REG_REQUIRED notification error type is 51. 166 3.3. Registrar Granting or Refusing Service(s) Registration 168 Once registration has been requested, the registrar is able to 169 authenticate the requester based on the host identity included in I2. 170 It then verifies that the host identity is authorized to register 171 with the requested service(s), based on local policies. The details 172 of this authorization procedure depend on the type of requested 173 service(s) and on the local policies of the registrar, and are 174 therefore not further specified in this document. 176 After authorization, the registrar includes a REG_RESPONSE parameter 177 in its response, which contains the service type(s) for which it has 178 authorized registration, and zero or more REG_FAILED parameters 179 containing the service type(s) for which it has not authorized 180 registration or registration has failed for other reasons. This 181 response can be either an R2 or an UPDATE message, respectively, 182 depending on whether the registration was requested during the base 183 exchange, or using an existing association. In particular, 184 REG_FAILED with a failure type of zero indicates the service(s) 185 type(s) that require further credentials for registration. 187 If the registrar requires further authorization and the requester has 188 additional credentials available, the requester SHOULD try to 189 register again with the service after the HIP association has been 190 established. The precise means of establishing and verifying 191 credentials are beyond the scope of this document and are expected to 192 be defined in other documents. 194 Successful processing of a REG_RESPONSE parameter creates 195 registration state at the requester. In a similar manner, successful 196 processing of a REG_REQUEST parameter creates registration state at 197 the registrar and possibly at the service. Both the requester and 198 registrar can cancel a registration before it expires, if the 199 services afforded by a registration are no longer needed by the 200 requester, or cannot be provided any longer by the registrar (for 201 instance, because its configuration has changed). 203 +-----+ I1 +-----+-----+ 204 | |--------------------->| | S1 | 205 | |<---------------------| | | 206 | | R1(REG_INFO:S1,S2) | +-----+ 207 | RQ | | R | S2 | 208 | | I2(REG_REQ:S1) | | | 209 | |--------------------->| +-----+ 210 | |<---------------------| | S3 | 211 | | R2(REG_RESP:S1) | | | 212 +-----+ +-----+-----+ 214 A requester (RQ) registers with a registrar (R) of services (S1) and 215 (S2), with which it has no current HIP association. 217 +-----+ +-----+-----+ 218 | | UPDATE(REG_INFO:S) | | | 219 | |<---------------------| | | 220 | RQ |--------------------->| R | S | 221 | | UPDATE(REG_REQ:S) | | | 222 | | UPDATE(REG_RESP:S) | | | 223 | |<---------------------| | | 224 +-----+ +-----+-----+ 226 A requester (RQ) registers with a registrar (R) of services (S), with 227 which it currently has a HIP association established. 229 4. Parameter Formats and Processing 231 This section describes the format and processing of the new 232 parameters introduced by the HIP registration extension. 234 4.1. Encoding Registration Lifetimes with Exponents 236 The HIP registration uses an exponential encoding of registration 237 lifetimes. This allows compact encoding of 255 different lifetime 238 values ranging from 4 ms to 178 days into an 8-bit integer field. 239 The lifetime exponent field used throughout this document MUST be 240 interpreted as representing the lifetime value 2^((lifetime - 64)/8) 241 seconds. 243 4.2. REG_INFO 245 0 1 2 3 246 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 247 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 248 | Type | Length | 249 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 250 | Min Lifetime | Max Lifetime | Reg Type #1 | Reg Type #2 | 251 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 252 | ... | ... | Reg Type #n | | 253 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Padding + 254 | | 255 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 257 Type 930 258 Length Length in octets, excluding Type, Length, and Padding. 259 Min Lifetime Minimum registration lifetime. 260 Max Lifetime Maximum registration lifetime. 261 Reg Type The registration types offered by the registrar. 263 Other documents will define specific values for registration types. 264 See Section 7 for more information. 266 Registrars include the parameter in R1 packets in order to announce 267 their registration capabilities. The registrar SHOULD include the 268 parameter in UPDATE packets when its service offering has changed. 269 HIP_SIGNATURE_2 protects the parameter within the R1 packets. 271 4.3. REG_REQUEST 273 0 1 2 3 274 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 275 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 276 | Type | Length | 277 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 278 | Lifetime | Reg Type #1 | Reg Type #2 | Reg Type #3 | 279 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 280 | ... | ... | Reg Type #n | | 281 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Padding + 282 | | 283 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 285 Type 932 286 Length Length in octets, excluding Type, Length, and Padding. 287 Lifetime Requested registration lifetime. 288 Reg Type The preferred registration types in order of preference. 290 Other documents will define specific values for registration types. 291 See Section 7 for more information. 293 A requester includes the REG_REQUEST parameter in I2 or UPDATE 294 packets to register with a registrar's service(s). If the 295 REG_REQUEST parameter is in an UPDATE packet, the registrar MUST NOT 296 modify the registrations of registration types that are not listed in 297 the parameter. Moreover, the requester MUST NOT include the 298 parameter unless the registrar's R1 packet or latest received UPDATE 299 packet has contained a REG_INFO parameter with the requested 300 registration types. 302 The requester MUST NOT include more than one REG_REQUEST parameter in 303 its I2 or UPDATE packets, while the registrar MUST be able to process 304 one or more REG_REQUEST parameters in received I2 or UPDATE packets. 306 When the registrar receives a registration with a lifetime that is 307 either smaller or greater than the minimum or maximum lifetime, 308 respectively, then it SHOULD grant the registration for the minimum 309 or maximum lifetime, respectively. 311 HIP_SIGNATURE protects the parameter within the I2 and UPDATE 312 packets. 314 4.4. REG_RESPONSE 316 0 1 2 3 317 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 318 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 319 | Type | Length | 320 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 321 | Lifetime | Reg Type #1 | Reg Type #2 | Reg Type #3 | 322 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 323 | ... | ... | Reg Type #n | | 324 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Padding + 325 | | 326 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 328 Type 934 329 Length Length in octets, excluding Type, Length, and Padding. 330 Lifetime Granted registration lifetime. 331 Reg Type The granted registration types in order of preference. 333 Other documents will define specific values for registration types. 334 See Section 7 for more information. 336 The registrar SHOULD includes an REG_RESPONSE parameter in its R2 or 337 UPDATE packet only if a registration has successfully completed. 339 The registrar MUST NOT include more than one REG_RESPONSE parameter 340 in its R2 or UPDATE packets, while the requester MUST be able to 341 process one or more REG_RESPONSE parameters in received R2 or UPDATE 342 packets. 344 The requester MUST be prepared to receive any registration lifetime, 345 including ones beyond the minimum and maximum lifetime indicated in 346 the REG_INFO parameter. It MUST NOT expect that the returned 347 lifetime will be the requested one, even when the requested lifetime 348 falls within the announced minimum and maximum. 350 HIP_SIGNATURE protects the parameter within the R2 and UPDATE 351 packets. 353 4.5. REG_FAILED 355 0 1 2 3 356 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 357 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 358 | Type | Length | 359 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 360 | Failure Type | Reg Type #1 | Reg Type #2 | Reg Type #3 | 361 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 362 | ... | ... | Reg Type #n | | 363 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Padding + 364 | | 365 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 367 Type 936 368 Length Length in octets, excluding Type, Length, and Padding. 369 Failure Type Reason for failure. 370 Reg Type The registration types that failed with the specified 371 reason. 373 Failure Type Reason 374 ------------ -------------------------------------------- 375 0 Registration requires additional credentials 376 1 Registration type unavailable 377 2-200 Unassigned 378 201-255 Reserved by IANA for private use 380 Other documents will define specific values for registration types. 381 See Section 7 for more information. 383 A failure type of zero means a registrar requires additional 384 credentials to authorize a requester to register with the 385 registration types listed in the parameter. A failure type of one 386 means that the requested service type is unavailable at the 387 registrar. Failure types other than zero (0) and one (1) have not 388 been defined. 390 The registrar SHOULD include the REG_FAILED parameter in its R2 or 391 UPDATE packet, if registration with the registration types listed has 392 not completed successfully and a requester is asked to try again with 393 additional credentials. 395 HIP_SIGNATURE protects the parameter within the R2 and UPDATE 396 packets. 398 5. Establishing and Maintaining Registrations 400 Establishing and/or maintaining a registration may require additional 401 information not available in the transmitted REG_REQUEST or 402 REG_RESPONSE parameters. Therefore, registration type definitions 403 MAY define dependencies for HIP parameters that are not defined in 404 this document. Their semantics are subject to the specific 405 registration type specifications. 407 The minimum lifetime both registrars and requesters MUST support is 408 10 seconds, while they SHOULD support a maximum lifetime of 120 409 seconds, at least. These values define a baseline for the 410 specification of services based on the registration system. They 411 were chosen to be neither too short nor too long, and to accommodate 412 for existing timeouts of state established in middleboxes (e.g., NATs 413 and firewalls.) 415 A zero lifetime is reserved for canceling purposes. Requesting a 416 zero lifetime for a registration type is equal to canceling the 417 registration of that type. A requester MAY cancel a registration 418 before it expires by sending a REG_REQ to the registrar with a zero 419 lifetime. A registrar SHOULD respond and grant a registration with a 420 zero lifetime. A registrar (and an attached service) MAY cancel a 421 registration before it expires, at its own discretion. However, if 422 it does so, it SHOULD send a REG_RESPONSE with a zero lifetime to all 423 registered requesters. 425 6. Security Considerations 427 This section discusses the threats on the HIP registration protocol, 428 and their implications on the overall security of HIP. In 429 particular, it argues that the extensions described in this document 430 do not introduce additional threats to HIP. 432 The extensions described in this document rely on the HIP base 433 exchange and do not modify its security characteristics, e.g., 434 digital signatures or HMAC. Hence, the only threat introduced by 435 these extensions is related to the creation of soft registration 436 state at the registrar. 438 Registrars act on a voluntary basis and are willing to accept being a 439 responder and then to create HIP associations with a number of 440 previously unknown hosts. Because they have to store HIP association 441 state anyway, adding a certain amount of time-limited HIP 442 registration state should not introduce any serious additional 443 threats, especially because HIP registrars may cancel registrations 444 at any time at their own discretion, e.g., because of resource 445 constraints during an attack. 447 7. IANA Considerations 449 This section is to be interpreted according to the Guidelines for 450 Writing an IANA Considerations Section in RFCs [RFC2434]. 452 This document updates the IANA Registry for HIP Parameter Types by 453 assigning new HIP Parameter Types values for the new HIP Parameters 454 defined in this document: 456 o REG_INFO (defined in Section 4.2) 458 o REG_REQUEST (defined in Section 4.3) 460 o REG_RESPONSE (defined in Section 4.4) 462 o REG_FAILED (defined in Section 4.5) 464 IANA has allocated the Notify Message Type code 51 for the 465 REG_REQUIRED notification error type in the Notify Message Type 466 registry. 468 IANA has opened a new registry for registration types. This document 469 does not define registration types but makes the following 470 reservations: 472 Reg Type Service 473 -------- ------- 474 0-200 Unassigned 475 201-255 Reserved by IANA for private use 477 Adding a new type requires new IETF specifications. 479 IANA has opened a new registry for registration failure types. This 480 document makes the following failure type definitions and 481 reservations: 483 Failure Type Reason 484 ------------ -------------------------------------------- 485 0 Registration requires additional credentials 486 1 Registration type unavailable 487 2-200 Unassigned 488 201-255 Reserved by IANA for private use 490 Adding a new type requires new IETF specifications. 492 8. Acknowledgments 494 The following people (in alphabetical order) have provided thoughtful 495 and helpful discussions and/or suggestions that have helped to 496 improve this document: Jeffrey Ahrenholz, Miriam Esteban, Mika Kousa, 497 Pekka Nikander, and Hannes Tschofenig. 499 9. References 501 9.1. Normative References 503 [I-D.ietf-hip-rfc5201-bis] Moskowitz, R., Heer, T., Jokela, P., and 504 T. Henderson, "Host Identity Protocol 505 Version 2 (HIPv2)", 506 draft-ietf-hip-rfc5201-bis-05 (work in 507 progress), March 2011. 509 [I-D.ietf-hip-rfc5204-bis] Laganier, J. and L. Eggert, "Host 510 Identity Protocol (HIP) Rendezvous 511 Extension", draft-ietf-hip-rfc5204-bis-00 512 (work in progress), August 2010. 514 [RFC2119] Bradner, S., "Key words for use in RFCs 515 to Indicate Requirement Levels", BCP 14, 516 RFC 2119, March 1997. 518 [RFC2434] Narten, T. and H. Alvestrand, "Guidelines 519 for Writing an IANA Considerations 520 Section in RFCs", BCP 26, RFC 2434, 521 October 1998. 523 9.2. Informative References 525 [RFC3234] Carpenter, B. and S. Brim, "Middleboxes: 526 Taxonomy and Issues", RFC 3234, 527 February 2002. 529 [RFC4423] Moskowitz, R. and P. Nikander, "Host 530 Identity Protocol (HIP) Architecture", 531 RFC 4423, May 2006. 533 Appendix A. Changes from RFC 5203 535 o Updated references to revised HIP specifications. 537 Authors' Addresses 539 Julien Laganier 540 Juniper Networks 541 1094 North Mathilda Avenue 542 San Diego, CA 94089 543 USA 545 Phone: +1 408 936 0385 546 EMail: julien.ietf@gmail.com 548 Teemu Koponen 549 Helsinki Institute for Information Technology 550 Advanced Research Unit (ARU) 551 P.O. Box 9800 552 Helsinki FIN-02015-HUT 553 Finland 555 Phone: +358 9 45 1 556 EMail: teemu.koponen@iki.fi 557 URI: http://www.hiit.fi/ 559 Lars Eggert 560 Nokia Research Center 561 P.O. Box 407 562 Nokia Group 00045 563 Finland 565 Phone: +358 50 48 24461 566 EMail: lars.eggert@nokia.com 567 URI: http://research.nokia.com/people/lars_eggert/