idnits 2.17.1 draft-ietf-mip4-aaa-nai-01.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (December 1, 2003) is 7445 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 3344 (ref. '1') (Obsoleted by RFC 5944) ** Obsolete normative reference: RFC 2486 (ref. '2') (Obsoleted by RFC 4282) ** Obsolete normative reference: RFC 2434 (ref. '5') (Obsoleted by RFC 5226) Summary: 4 errors (**), 0 flaws (~~), 2 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 Mobile IP Working Group F. Johansson 2 Internet-Draft ipUnplugged 3 Expires: May 31, 2004 T. Johansson 4 Bytemobile 5 December 1, 2003 7 Mobile IPv4 Extension for carrying Network Access Identifiers 8 10 Status of this Memo 12 This document is an Internet-Draft and is in full conformance with 13 all provisions of Section 10 of RFC2026. 15 Internet-Drafts are working documents of the Internet Engineering 16 Task Force (IETF), its areas, and its working groups. Note that other 17 groups may also distribute working documents as Internet-Drafts. 19 Internet-Drafts are draft documents valid for a maximum of six months 20 and may be updated, replaced, or obsoleted by other documents at any 21 time. It is inappropriate to use Internet-Drafts as reference 22 material or to cite them other than as "work in progress". 24 The list of current Internet-Drafts can be accessed at http:// 25 www.ietf.org/ietf/1id-abstracts.txt 27 The list of Internet-Draft Shadow Directories can be accessed at 28 http://www.ietf.org/shadow.html 30 This Internet-Draft will expire on May 31, 2004. 32 Copyright Notice 34 Copyright (C) The Internet Society (2003). All Rights Reserved. 36 Abstract 38 When a mobile node moves between two foreign networks it has to be 39 re-authenticated. If for instance the home network has multiple 40 Authentication Authorization and Accounting (AAA) servers the 41 re-authentication request may not be received by the same Home AAA 42 server as previous authentication requests. In order for the new 43 Home AAA server to be able to forward the request to the correct Home 44 Agent it has to know the identity of the Home Agent. This document 45 defines a Mobile IP extension that carries identities in the form of 46 Network Access Identifiers (NAIs), which may be used by an HA to pass 47 its identity to the mobile node which can then pass it on to the new 48 AAA server when changing point of attachment. This extension may also 49 be used in other situations requiring communication of a NAI between 50 Mobile IP nodes. 52 Table of Contents 54 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 56 2. Requirements terminology . . . . . . . . . . . . . . . . . . . 3 58 3. NAI Carrying Extension . . . . . . . . . . . . . . . . . . . . 4 59 3.1 Processing of the NAI Carrying Extension . . . . . . . . 5 61 4. HA Identity subtype . . . . . . . . . . . . . . . . . . . . . 5 63 5. AAAH Identity subtype . . . . . . . . . . . . . . . . . . . . 6 65 6. Security Considerations . . . . . . . . . . . . . . . . . . . 6 67 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 69 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 7 71 Normative References . . . . . . . . . . . . . . . . . . . . . 7 73 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 8 75 Intellectual Property and Copyright Statements . . . . . . . . 9 77 1. Introduction 79 When building networks one would like to be able to have redundancy. 80 In order to achieve this, one might place multiple AAA servers in one 81 domain. When a mobile node registers via a visited network the 82 authentication will be handled by one of the AAA servers in the home 83 domain. At a later point, when the mobile node moves to another 84 visited domain it again has to be authenticated. However, due to the 85 redundancy offered by the AAA protocol, it can not be guaranteed that 86 the authentication will be handled by the same AAAH server as the 87 previous one which can result in the new AAAH not knowing which HA 88 the session was assigned to. This document defines a Mobile IP 89 extension which can be used to distribute the information needed to 90 resolve this. 92 Furthermore, the only information that is normally available about 93 the home agent in the registration request is the IP address as 94 defined in RFC 3344 [1]. This is unfortunately not enough, since the 95 AAA infrastructure needs to know the FQDN identity of the home agent 96 to be able to correctly handle the assignment of home agent. A 97 reverse DNS lookup would only disclose the identity of the Mobile IP 98 interface for that HA IP address, which may or may not have a 99 one-to-one correspondence with the home agent FQDN identity. This is 100 the reason why the HA also includes its own identity in the 101 registration reply. It can then be included by the mobile node in the 102 coming registration requests when changing point of attachment. 104 2. Requirements terminology 106 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 107 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 108 document are to be interpreted as described in RFC 2119 [4]. 110 The Mobile IP related terminology described in RFC 3344 [1] is used 111 in this document. In addition, the following terms are used: 113 AAAH 114 One of possible several AAA Servers in the Home Network 116 FQDN 117 Fully Qualified Domain Name. 119 Identity 120 The identity of a node is equal to its FQDN. 122 NAI 123 Network Access Identifier [2]. 125 3. NAI Carrying Extension 127 This section defines the NAI Carrying Extension which may be used in 128 Mobile IP Registration Request and Reply messages, and also in Mobile 129 IP Agent Advertisements [1]. The extension may be used by any node 130 that wants to send identity information in the form of a NAI [3]. 131 This document also defines some subtype numbers which identify the 132 specific type of NAI carried, in Section 4 and Section 5. It is 133 expected that other types of NAI will be defined by other documents 134 in the future. 136 0 1 2 3 137 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 138 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 139 | Type | Length | Sub-Type | NAI ... 140 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 142 Type 144 (Type to be assigned by IANA) (skippable) [1] 146 Length 8-bit unsigned integer. Length of the extension, in octets, 147 excluding the extension Type and the extension Length 148 fields. This field MUST be set to 1 plus the total length 149 of the NAI field. 151 Sub-Type This field describes the particular type NAI which is 152 carried in the NAI field. 154 NAI Contains the NAI [2] in a string format. 156 3.1 Processing of the NAI Carrying Extension 158 When a mobile node or home agent adds a NAI Carrying Extension to a 159 registration message, the extension MUST appear prior to any 160 authentication extensions. 162 In the event the foreign agent adds a NAI Carrying Extension to a 163 registration message, the extension MUST appear prior to any 164 authentication extensions added by the FA. 166 If an HA has appended a NAI Carrying Extension to a Registration 167 Reply to an MN, and does not receive the NAI extension in subsequent 168 Registration Request messages from the MN, the HA can assume that the 169 MN does not understand this NAI extension. In this case, the HA 170 SHOULD NOT append this NAI extension to further Registration Reply 171 messages to the MN. 173 4. HA Identity subtype 175 The HA identity uses subtype 1 of the NAI Carrying Extension. It 176 contains the NAI of the HA in the form hostname@realm. Together the 177 hostname and realm forms the complete FQDN (hostname.realm) of the 178 HA. 180 A Home Agent using this extension MUST provide it in the first 181 Registration Reply sent to a Mobile Node which is not currently 182 registered. The extension only need to be included in subsequent 183 Registration Replies if the same extension is included in 184 Registration Requests received from the same Mobile Node. 186 A mobile node using this extension MUST, if it receives in a 187 registration reply message, provide it in every subsequent 188 registration request when re-authentication is needed. If the mobile 189 node requests a specific home agent and it has the information 190 available it MUST provide this extension in its initial registration 191 request. 193 A foreign agent which receives the Home Agent NAI by this extension 194 in a registration request SHOULD include the Home Agent NAI when 195 requesting Mobile Node authentication through the AAA infrastructure 196 if the AAA protocol used can carry the information. 198 5. AAAH Identity subtype 200 The AAAH identity uses subtype 2 of the NAI Carrying Extension. It 201 contains the NAI of the home AAA server in the form hostname@realm. 202 Together the hostname and realm forms the complete FQDN 203 (hostname.realm) of the home AAA server. 205 If there exists several AAA servers in the Home Network, a Home Agent 206 providing AAAH selection support according to this document MUST 207 provide the AAAH identity in the first Registration Reply sent to the 208 Mobile Node. The extension only need to be included in subsequent 209 Registration Replies if the same extension is included in 210 Registration Requests received from the same Mobile Node. 212 A mobile node MUST always save the latest AAAH Identity received in a 213 registration reply message and MUST provide the AAAH Identity in 214 every registration request sent when re-authenticating. 216 A foreign agent which receives the AAAH NAI by this extension in a 217 registration request SHOULD include the AAAH NAI provided when 218 requesting Mobile Node authentication through the AAA infrastructure 219 if the AAA protocol used can carry the information. 221 6. Security Considerations 223 This specification introduces new Mobile IP extensions that are used 224 to carry mobility agent and AAA server identities, in the form of 225 Network Access Identifiers. The Mobile IP messages that carry this 226 extension MUST be authenticated as described in [3], unless other 227 authentication methods have been agreed upon. Therefore, this 228 specification does not lessen the security of Mobile IP messages. 230 It should be noted that the identities sent in the extensions 231 specified herein MAY be sent in the clear over the network. However, 232 the authors do not envision that this information would create any 233 security issues. 235 7. IANA Considerations 237 This document defines one new mobile IP extension, and one new Mobile 238 IP extension sub-type numbering space to be managed by IANA. 240 Section 3 defines a new Mobile IP extension, the Mobile IP NAI 241 Carrying Extension. The type number for this extension is [TBD, 242 assigned by IANA]. This extension introduces a new sub-type 243 numbering space where the values 1 and 2 has been assigned values in 244 this document. Approval of new Mobile IP NAI Carrying Extension 245 sub-type numbers is subject to Expert Review, and a specification is 246 required [5]. 248 The content and format for this extension is not specific to AAA 249 NAIs, so if in the future new NAIs are defined which does not 250 strictly fall within the category of AAA NAIs, they may nevertheless 251 be accommodated within the subtype numbering space defined for the 252 NAI Carrying Extension defined in this document. 254 The value assigned to the NAI Carrying Extension should be taken from 255 the IANA number space for Mobile IPv4 skippable extensions. 257 8. Acknowledgements 259 Thanks to the original authors of the GNAIE draft, Mohamed M Khalil, 260 Emad Qaddoura, Haseeb Akhtar, Pat R. Calhoun. The original draft was 261 removed from the MIP WG charter when no use was seen for the 262 extension. The original ideas has been reused in this draft. 264 Also thanks to Henrik Levkowetz and Kevin Purser for valuable 265 feedback and help when writing this draft. 267 Normative References 269 [1] Perkins, C., "IP Mobility Support for IPv4", RFC 3344, August 270 2002. 272 [2] Aboba, B. and M. Beadles, "The Network Access Identifier", RFC 273 2486, January 1999. 275 [3] Calhoun, P. and C. Perkins, "Mobile IP Network Access Identifier 276 Extension for IPv4", RFC 2794, March 2000. 278 [4] Bradner, S., "Key words for use in RFCs to Indicate Requirement 279 Levels", BCP 14, RFC 2119, March 1997. 281 [5] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA 282 Considerations Section in RFCs", BCP 26, RFC 2434, October 1998. 284 Authors' Addresses 286 Fredrik Johansson 287 ipUnplugged AB 288 Arenavagen 23 289 Stockholm S-121 28 290 SWEDEN 292 Phone: +46 8 725 5916 293 EMail: fredrik@ipunplugged.com 295 Tony Johansson 296 Bytemobile Inc 297 2029 Stierlin Court 298 Mountain View, CA 94043 299 USA 301 Phone: +1 650 862 0523 302 EMail: tony.johansson@bytemobile.com 304 Intellectual Property Statement 306 The IETF takes no position regarding the validity or scope of any 307 intellectual property or other rights that might be claimed to 308 pertain to the implementation or use of the technology described in 309 this document or the extent to which any license under such rights 310 might or might not be available; neither does it represent that it 311 has made any effort to identify any such rights. Information on the 312 IETF's procedures with respect to rights in standards-track and 313 standards-related documentation can be found in BCP-11. Copies of 314 claims of rights made available for publication and any assurances of 315 licenses to be made available, or the result of an attempt made to 316 obtain a general license or permission for the use of such 317 proprietary rights by implementors or users of this specification can 318 be obtained from the IETF Secretariat. 320 The IETF invites any interested party to bring to its attention any 321 copyrights, patents or patent applications, or other proprietary 322 rights which may cover technology that may be required to practice 323 this standard. Please address the information to the IETF Executive 324 Director. 326 Full Copyright Statement 328 Copyright (C) The Internet Society (2003). All Rights Reserved. 330 This document and translations of it may be copied and furnished to 331 others, and derivative works that comment on or otherwise explain it 332 or assist in its implementation may be prepared, copied, published 333 and distributed, in whole or in part, without restriction of any 334 kind, provided that the above copyright notice and this paragraph are 335 included on all such copies and derivative works. However, this 336 document itself may not be modified in any way, such as by removing 337 the copyright notice or references to the Internet Society or other 338 Internet organizations, except as needed for the purpose of 339 developing Internet standards in which case the procedures for 340 copyrights defined in the Internet Standards process must be 341 followed, or as required to translate it into languages other than 342 English. 344 The limited permissions granted above are perpetual and will not be 345 revoked by the Internet Society or its successors or assignees. 347 This document and the information contained herein is provided on an 348 "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING 349 TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING 350 BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION 351 HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF 352 MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 354 Acknowledgment 356 Funding for the RFC Editor function is currently provided by the 357 Internet Society.