idnits 2.17.1 draft-ietf-mip4-aaa-nai-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (September 19, 2003) is 7496 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 3344 (ref. '1') (Obsoleted by RFC 5944) ** Obsolete normative reference: RFC 2486 (ref. '2') (Obsoleted by RFC 4282) ** Obsolete normative reference: RFC 2434 (ref. '5') (Obsoleted by RFC 5226) Summary: 4 errors (**), 0 flaws (~~), 2 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 Mobile IP Working Group F. Johansson 2 Internet-Draft ipUnplugged 3 Expires: March 19, 2004 T. Johansson 4 Bytemobile 5 September 19, 2003 7 Mobile IPv4 Extension for AAA Network Access Identifiers 8 draft-ietf-mip4-aaa-nai-00.txt 10 Status of this Memo 12 This document is an Internet-Draft and is in full conformance with 13 all provisions of Section 10 of RFC2026. 15 Internet-Drafts are working documents of the Internet Engineering 16 Task Force (IETF), its areas, and its working groups. Note that 17 other groups may also distribute working documents as 18 Internet-Drafts. 20 Internet-Drafts are draft documents valid for a maximum of six months 21 and may be updated, replaced, or obsoleted by other documents at any 22 time. It is inappropriate to use Internet-Drafts as reference 23 material or to cite them other than as "work in progress." 25 The list of current Internet-Drafts can be accessed at http:// 26 www.ietf.org/ietf/1id-abstracts.txt. 28 The list of Internet-Draft Shadow Directories can be accessed at 29 http://www.ietf.org/shadow.html. 31 This Internet-Draft will expire on March 19, 2004. 33 Copyright Notice 35 Copyright (C) The Internet Society (2003). All Rights Reserved. 37 Abstract 39 When a mobile node moves between two foreign networks it has to be 40 reauthenticated. If the home network has multiple Authentication 41 Authorization and Accounting (AAA) servers the reauthentication 42 request may not be received by the same Home AAA server as previous 43 authentication requests. In order for the new Home AAA server to be 44 able to forward the request to the correct Home Agent it has to know 45 the identity of the Home Agent. This document defines a Mobile IP 46 extension that enables the HA to pass its identity to the mobile node 47 which can then pass it on to the new AAA server when changing point 48 of attachment. 50 Table of Contents 52 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 54 2. Requirements terminology . . . . . . . . . . . . . . . . . . . 3 56 3. AAA NAI Extension . . . . . . . . . . . . . . . . . . . . . . 4 57 3.1 Processing of the AAA NAI Extension . . . . . . . . . . 5 59 4. HA Identity subtype . . . . . . . . . . . . . . . . . . . . . 5 61 5. AAAH Identity subtype . . . . . . . . . . . . . . . . . . . . 6 63 6. Security Considerations . . . . . . . . . . . . . . . . . . . 6 65 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 67 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 7 69 Normative References . . . . . . . . . . . . . . . . . . . . . 7 71 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 8 73 Intellectual Property and Copyright Statements . . . . . . . . 9 75 1. Introduction 77 When building networks one would like to be able to have redundancy. 78 In order to achieve this, one might place multiple AAA servers in one 79 domain. When a mobile node registers via a visited network the 80 authentication will be handled by one of the AAA servers in the home 81 domain. At a later point, when the mobile node moves to another 82 visited domain it again has to be authenticated. However, due to the 83 redundancy offered by the AAA protocol, it can not be guaranteed that 84 the authentication will be handled by the same AAAH server as the 85 previous one which can result in the new AAAH not knowing which HA 86 the session was assigned to. This document defines a Mobile IP 87 extension which can be used to distribute the information needed to 88 resolve this. 90 To solve this the home agent MUST include the NAI of the AAAH server 91 in the registration reply message, which the mobile node then MUST 92 include in every subsequent registration request sent to a foreign 93 agent when changing point of attachment. 95 Furthermore, the only information that is normally available about 96 the home agent in the registration request is the IP address as 97 defined in RFC 3344 [1]. This is unfortunately not enough, since the 98 AAA infrastructure needs to know the FQDN identity of the home agent 99 to be able to correctly handle the assignment of home agent. A 100 reverse DNS lookup would only disclose the identity of the Mobile IP 101 interface for that HA IP address, which may or may not have a 102 one-to-one correspondence with the home agent FQDN identity. This is 103 the reason why the HA also includes its own identity in the 104 registration reply. It can then be included by the mobile node in 105 the coming registration requests when changing point of attachment. 107 2. Requirements terminology 109 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 110 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 111 document are to be interpreted as described in RFC 2119 [4]. 113 The Mobile IP related terminology described in RFC 3344 [1] is used 114 in this document. In addition, the following terms are used: 116 AAAH 117 One of possible several AAA Servers in the Home Network 119 FQDN 120 Fully Qualified Domain Name. 122 Identity 123 The identity of a node is equal to its FQDN. 125 NAI 126 Network Access Identifier [2]. 128 3. AAA NAI Extension 130 This section defines the AAA NAI Extension which may be carried in 131 Mobile IP Registration Request and Reply messages [1]. The extension 132 may be used by any node that wants to send identity information in 133 the form of a NAI [3]. This document defines subtype numbers which 134 identify the NAI as a HA identity and a Home AAA identity, 135 respectively. 137 0 1 2 3 138 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 139 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 140 | Type | Length | Sub-Type | NAI ... 141 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 143 Type 144 (Type to be assigned by IANA) (skippable) [1] 146 Length 8-bit unsigned integer. Length of the extension, in octets, 147 excluding the extension Type and the extension Length 148 fields. This field MUST be set to 1 plus the total length 149 of the NAI field. 151 Sub-Type This field describes the type of the entity which owns the 152 NAI. The following subtypes are defined: 154 1 HA Identity NAI (Section 4) 156 2 AAAH Identity NAI (Section 5) 158 NAI Contains the NAI [2] in a string format. 160 3.1 Processing of the AAA NAI Extension 162 When a mobile node or home agent adds a AAA NAI extension to a 163 registration message, the extension MUST appear prior to any 164 authentication extensions. 166 In the event the foreign agent adds an AAA NAI extension to a 167 registration message, the extension MUST appear prior to any 168 authentication extensions added by the FA. 170 If an HA has appended an AAA NAI extension to a Registration Reply to 171 an MN, and does not receive the NAI extension in subsequent 172 Registration Request messages from the MN, the HA can assume that the 173 MN does not understand this NAI extension. In this case, the HA 174 SHOULD NOT append this NAI extension to further Registration Reply 175 messages to the MN. 177 4. HA Identity subtype 179 The HA identity uses subtype 1 of the AAA NAI Extension. It contains 180 the NAI of the HA in the form hostname@realm. Together the hostname 181 and realm forms the complete FQDN (hostname.realm) of the HA. 183 The Home Agent MUST provide this in the first Registration Reply sent 184 to the Mobile Node destined through the AAA infrastructure. The 185 extension only need to be included in subsequent Registration Replies 186 if the same extension is included in Registration Requests received 187 from the same Mobile Node. 189 A mobile node that recieves this extension in a registration reply 190 message MUST provide it in every registration request when 191 re-authentication is needed. If the mobile node requests a specific 192 home agent and it has the information available it MUST provide this 193 extension in its initial registration request. 195 A foreign agent which receives the Home Agent NAI by this extension 196 in a registration request SHOULD include the Home Agent NAI when 197 requesting Mobile Node authentication through the AAA infrastructure 198 if the AAA protocol used can carry the information. 200 5. AAAH Identity subtype 202 The AAAH identity uses subtype 2 of the AAA NAI Extension. It 203 contains the NAI of the home AAA server in the form hostname@realm. 204 Together the hostname and realm forms the complete FQDN 205 (hostname.realm) of the home AAA server. 207 If there exists several AAA servers in the Home Network, the Home 208 Agent MUST provide this in the first Registration Reply sent to the 209 Mobile Node. The extension only need to be included in subsequent 210 Registration Replies if the same extension is included in 211 Registration Requests received from the same Mobile Node. 213 A mobile node MUST always save the latest AAAH Identity received in a 214 registration reply message and MUST provide the AAAH Identity in 215 every registration request sent when re-authenticating. 217 A foreign agent which receives the AAAH NAI by this extension in a 218 registration request SHOULD include the AAAH NAI provided when 219 requesting Mobile Node authentication through the AAA infrastructure 220 if the AAA protocol used can carry the information. 222 6. Security Considerations 224 This specification introduces new Mobile IP extensions that are used 225 to carry mobility agent and AAA server identities, in the form of 226 Network Access Identifiers. It is assumed that the Mobile IP 227 messages that would carry these extensions would be authenticated in 228 the manner that is described in [4], or any follow-on authentication 229 mechanisms. Therefore, this specification does not lessen the 230 security of Mobile IP messages. 232 It should be noted that the identities sent in the extensions 233 specified herein MAY be sent in the clear over the network. However, 234 the authors do not envision that this information would create any 235 security issues. 237 7. IANA Considerations 239 This document defines one new mobile IP extension, and one new Mobile 240 IP extension sub-type numbering space to be managed by IANA. 242 Section 3 defines a new Mobile IP extension, the Mobile IP AAA NAI 243 Extension. The type number for this extension is [TBD, assigned by 244 IANA]. This extension introduces a new sub-type numbering space 245 where the values 1 and 2 has been assigned values in this document. 246 Approval of new Mobile IP AAA NAI Extension sub-type numbers is 247 subject to Expert Review, and a specification is required [5]. 249 The value assigned to the AAA NAI Extension should be taken from the 250 IANA number space for Mobile IPv4 skippable extensions. 252 8. Acknowledgements 254 Thanks to the original authors of the GNAIE draft, Mohamed M Khalil, 255 Emad Qaddoura, Haseeb Akhtar, Pat R. Calhoun. The original draft 256 was removed from the MIP WG charter when no use was seen for the 257 extension. The original ideas has been reused in this draft. 259 Also thanks to Henrik Levkowetz and Kevin Purser for valuable 260 feedback and help when writing this draft. 262 Normative References 264 [1] Perkins, C., "IP Mobility Support for IPv4", RFC 3344, August 265 2002. 267 [2] Aboba, B. and M. Beadles, "The Network Access Identifier", RFC 268 2486, January 1999. 270 [3] Calhoun, P. and C. Perkins, "Mobile IP Network Access Identifier 271 Extension for IPv4", RFC 2794, March 2000. 273 [4] Bradner, S., "Key words for use in RFCs to Indicate Requirement 274 Levels", BCP 14, RFC 2119, March 1997. 276 [5] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA 277 Considerations Section in RFCs", BCP 26, RFC 2434, October 1998. 279 Authors' Addresses 281 Fredrik Johansson 282 ipUnplugged AB 283 Arenavagen 23 284 Stockholm S-121 28 285 SWEDEN 287 Phone: +46 8 725 5916 288 EMail: fredrik@ipunplugged.com 290 Tony Johansson 291 Bytemobile Inc 292 2029 Stierlin Court 293 Mountain View, CA 94043 294 USA 296 Phone: +1 650 862 0523 297 EMail: tony.johansson@bytemobile.com 299 Intellectual Property Statement 301 The IETF takes no position regarding the validity or scope of any 302 intellectual property or other rights that might be claimed to 303 pertain to the implementation or use of the technology described in 304 this document or the extent to which any license under such rights 305 might or might not be available; neither does it represent that it 306 has made any effort to identify any such rights. Information on the 307 IETF's procedures with respect to rights in standards-track and 308 standards-related documentation can be found in BCP-11. Copies of 309 claims of rights made available for publication and any assurances of 310 licenses to be made available, or the result of an attempt made to 311 obtain a general license or permission for the use of such 312 proprietary rights by implementors or users of this specification can 313 be obtained from the IETF Secretariat. 315 The IETF invites any interested party to bring to its attention any 316 copyrights, patents or patent applications, or other proprietary 317 rights which may cover technology that may be required to practice 318 this standard. Please address the information to the IETF Executive 319 Director. 321 Full Copyright Statement 323 Copyright (C) The Internet Society (2003). All Rights Reserved. 325 This document and translations of it may be copied and furnished to 326 others, and derivative works that comment on or otherwise explain it 327 or assist in its implementation may be prepared, copied, published 328 and distributed, in whole or in part, without restriction of any 329 kind, provided that the above copyright notice and this paragraph are 330 included on all such copies and derivative works. However, this 331 document itself may not be modified in any way, such as by removing 332 the copyright notice or references to the Internet Society or other 333 Internet organizations, except as needed for the purpose of 334 developing Internet standards in which case the procedures for 335 copyrights defined in the Internet Standards process must be 336 followed, or as required to translate it into languages other than 337 English. 339 The limited permissions granted above are perpetual and will not be 340 revoked by the Internet Society or its successors or assignees. 342 This document and the information contained herein is provided on an 343 "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING 344 TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING 345 BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION 346 HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF 347 MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 349 Acknowledgement 351 Funding for the RFC Editor function is currently provided by the 352 Internet Society.