idnits 2.17.1 

draft-ietf-mobileip-aaa-nai-01.txt:

  Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

  ** Looks like you're using RFC 2026 boilerplate.  This must be updated to
     follow RFC 3978/3979, as updated by RFC 4748.


  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

  == No 'Intended status' indicated for this document; assuming Proposed
     Standard


  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

     No issues found here.

  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not
     match the current year

  -- The document seems to lack a disclaimer for pre-RFC5378 work, but may
     have content which was first submitted before 10 November 2008.  If you
     have contacted all the original authors and they are all willing to grant
     the BCP78 rights to the IETF Trust, then this is fine, and you can ignore
     this comment.  If not, you may need to add the pre-RFC5378 disclaimer. 
     (See the Legal Provisions document at
     https://trustee.ietf.org/license-info for more information.)

  -- The document date (May 17, 2002) is 8014 days in the past.  Is this
     intentional?


  Checking references for intended status: Proposed Standard
  ----------------------------------------------------------------------------

     (See RFCs 3967 and 4897 for information about using normative references
     to lower-maturity documents in RFCs)

  == Missing Reference: '1' is mentioned on line 260, but not defined

  == Missing Reference: '2' is mentioned on line 263, but not defined

  -- Obsolete informational reference (is this intentional?): RFC 2486 (ref.
     '4') (Obsoleted by RFC 4282)


     Summary: 1 error (**), 0 flaws (~~), 4 warnings (==), 3 comments (--).

     Run idnits with the --verbose option for more detailed information about
     the items above.

--------------------------------------------------------------------------------


2	Mobile IP Working Group                                     F. Johansson
3	Internet-Draft                                               ipUnplugged
4	Expires: November 15, 2002                                  T. Johansson
5	                                                                Ericsson
6	                                                            May 17, 2002

8	                   AAA NAI for Mobile IPv4 Extension
9	                     draft-ietf-mobileip-aaa-nai-01

11	Status of this Memo

13	   This document is an Internet-Draft and is in full conformance with
14	   all provisions of Section 10 of RFC2026.

16	   Internet-Drafts are working documents of the Internet Engineering
17	   Task Force (IETF), its areas, and its working groups.  Note that
18	   other groups may also distribute working documents as Internet-
19	   Drafts.

21	   Internet-Drafts are draft documents valid for a maximum of six months
22	   and may be updated, replaced, or obsoleted by other documents at any
23	   time.  It is inappropriate to use Internet-Drafts as reference
24	   material or to cite them other than as "work in progress."

26	   The list of current Internet-Drafts can be accessed at http://
27	   www.ietf.org/ietf/1id-abstracts.txt.

29	   The list of Internet-Draft Shadow Directories can be accessed at
30	   http://www.ietf.org/shadow.html.

32	   This Internet-Draft will expire on November 15, 2002.

34	Copyright Notice

36	   Copyright (C) The Internet Society (2002).  All Rights Reserved.

38	Abstract

40	   When a mobile node moves between two foreign networks it has to be
41	   reauthenticated.  If the home network has multiple AAA servers the
42	   reauthentication request may not be received by the same AAAH as
43	   previous authentication requests.

45	   In order for the new AAAH to be able to forward the request to the
46	   correct HA it has to know the identity of the HA.  This document
47	   defines an extension that enables the HA to pass its identity to the
48	   mobile node which can in turn pass it to the AAA server when changing
49	   point of attachment.  This document specifies a NAI extension that
50	   can carry these NAIs.

52	Table of Contents

54	   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3

56	   2.  Requirements terminology . . . . . . . . . . . . . . . . . . .  3

58	   3.  AAA NAI Extension  . . . . . . . . . . . . . . . . . . . . . .  4
59	   3.1 Processing of the AAA NAI Extension  . . . . . . . . . . . . .  5

61	   4.  HA Identity subtype  . . . . . . . . . . . . . . . . . . . . .  5

63	   5.  AAAH Identity subtype  . . . . . . . . . . . . . . . . . . . .  6

65	   6.  Security Considerations  . . . . . . . . . . . . . . . . . . .  6

67	   7.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . .  6

69	   8.  Acknowledgements . . . . . . . . . . . . . . . . . . . . . . .  6

71	       Noramtive References . . . . . . . . . . . . . . . . . . . . .  7

73	       Informative References . . . . . . . . . . . . . . . . . . . .  7

75	       Authors' Addresses . . . . . . . . . . . . . . . . . . . . . .  7

77	       Full Copyright Statement . . . . . . . . . . . . . . . . . . .  8

79	1. Introduction

81	   When building networks one would like to be able to have redundancy.
82	   In order to achieve this, one might place multiple AAA servers in one
83	   domain.  When a mobile node registers via a visited network the
84	   authentication will be handled by one of the AAA servers in the home
85	   domain.  At a later point, when the mobile node moves to another
86	   visited domain it again has to be authenticated.  However, due to the
87	   redundancy offered by the AAA protocol, it can not be guaranteed that
88	   the authentication will be handled by the same AAAH server as the
89	   previous one which can cause problems when trying to contact the HA
90	   assigned during this session.

92	   To solve this the home agent MUST include the AAAH NAI in the
93	   registration reply message, sent via the AAA infrastructure, which
94	   the mobile node then MUST include in every subsequent registration
95	   request sent to a foreign agent when changing point of attachment.

97	   Furthermore, the only information that is available about the home
98	   agent in the registration request is the IP address as defined in RFC
99	   3220 [1].  This is unfortunately not enough, since the AAA
100	   infrastructure needs to know the FQDN identity of the home agent to
101	   be able to correctly handle the assignment of the home agent.  A
102	   reverse DNS lookup would only disclose the identity of the Mobile IP
103	   interface for that HA IP address, which may or may not be the same as
104	   the AAA interface of the home agent.  One way of solving this problem
105	   would be for the home agent to include its identity in the
106	   registration reply so that it can be included by the mobile node in
107	   the coming registration requests when changing point of attachment.

109	2. Requirements terminology

111	   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
112	   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
113	   document are to be interpreted as described in RFC 2119 [3].

115	   The Mobile IP related terminology used in this document is described
116	   in RFC 3220 [1].

118	   The Mobile IP related terminology described in RFC 3220 [1] is used
119	   in this document.  In addition, the following terms are used:

121	   AAAH
122	      AAA Server in the Home Network

124	   AAAF
125	      AAA Server in the Foreign Network

127	   Authentication
128	      The process of verifying (using cryptographic techniques, for all
129	      applications in this specification) the identity of the originator
130	      of a message.

132	   Foreign Network
133	      Any network other than the mobile node's Home network.

135	   FQDN
136	      Fully Qualified Domain Name.

138	   Home Network
139	      A network, possible virtual, having a network prefix matching that
140	      of a mobile node's home address.  Note that standard IP routing
141	      mechanisms will deliver datagrams destined to a mobile node's Home
142	      Address to the mobile node's Home Network.

144	   Identity
145	      The identity of a node is equal to its FQDN.

147	   NAI
148	      Network Access Identifier [4].

150	   Visited Network
151	      A network other than a mobile node's Home Network, to which the
152	      mobile node is currently connected.

154	3. AAA NAI Extension

156	   This section defines an AAA NAI Extension, used by any extension that
157	   must carry data in the format of an NAI [5].  This extension may be
158	   carried by Registration Request and Reply messages.

160	     0                   1                   2                   3
161	     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
162	    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
163	    |     Type      |   Length      |   Sub-Type    |    NAI ...
164	    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

166	   Type
167	            (Type to be assigned by IANA) (skippable) [1]

169	   Length   8-bit unsigned integer.  Length of the extension, in octets,
170	            excluding the extension Type and the extension Length
171	            fields.  This field MUST be set to 1 plus the total length
172	            of the NAI field.

174	   Sub-Type This field describes the type of the entity which owns the
175	            NAI.  The following subtypes are defined:

177	            1    HA Identity NAI HA Identity (Section 4)

179	            2    AAAH Identity NAI AAAH Identity (Section 5)

181	   NAI      Contains the NAI [4] in a string format.

183	3.1 Processing of the AAA NAI Extension

185	   When a mobile node or home agent adds an AAA NAI extension to a
186	   registration message, the extension MUST appear prior to any
187	   authentication extensions.

189	   In the event the foreign agent adds an AAA NAI extension to a
190	   registration message, the extension MUST appear prior to any
191	   authentication extensions added by the FA.

193	4. HA Identity subtype

195	   The HA identity uses subtype 1 of the AAA NAI Extension.  It contains
196	   the NAI of the AAA interface of the HA in the form hostname@realm.
197	   Together the hostname and realm forms the complete FQDN
198	   (hostname.realm) of the HA's AAA interface.

200	   The home agent MUST provide this in every registration reply sent to
201	   the mobile node destined through the AAA infrastructure.

203	   A mobile node MUST provide this in every registration request sent
204	   when re-authenticating, or when requesting a specific IP address at
205	   initial authentication.

207	   The foreign agent MUST provide it to the AAA server by means
208	   described in [2].

210	5. AAAH Identity subtype

212	   The AAAH identity uses subtype 2 of the AAA NAI Extension.  It
213	   contains the NAI of the home AAA server in the form hostname@realm.
214	   Together the hostname and realm forms the complete FQDN
215	   (hostname.realm) of the home AAA servers interface.

217	   The home agent MUST provide this in every registration reply sent to
218	   the mobile node destined through the AAA infrastructure.

220	   A mobile node MUST always save the latest AAAH Identity received in
221	   the registration reply message and MUST provide the AAAH Identity in
222	   every registration request sent when re-authenticating.

224	   If the AAAH identity is present, the foreign agent MUST include this
225	   identity when requesting the Mobile Node authentication through the
226	   AAA infrastructure as described in [2].

228	6. Security Considerations

230	   This specification introduces new Mobile IP extensions that are used
231	   to carry mobility agent and AAA server identities, in the form of
232	   Network Access Identifiers.  It is assumed that the Mobile IP
233	   messages that would carry these extensions would be authenticated in
234	   the manner that is described in [4], or any follow-on authentication
235	   mechanisms.  Therefore, this specification does not lessen the
236	   security of Mobile IP messages.

238	   It should be noted, that the identities sent in the extensions
239	   specified herein MAY be sent in the clear over the network.  However,
240	   the authors do not envision that this information would create any
241	   security issues.

243	7. IANA Considerations

245	   The value assigned to the AAA NAI Extension MUST be a unique value
246	   from the IANA number space for Mobile IPv4 skippable extensions.

248	8. Acknowledgements

250	   Thanks to the original authors of the GNAIE draft, Mohamed M Khalil,
251	   Emad Qaddoura, Haseeb Akhtar, Pat R.  Calhoun.  The original draft
252	   was removed from the MIP WG charter when no use was seen for the
253	   extension.  The original ideas has been reused in this draft.

255	   Also thanks to Henrik Levkowetz and Kevin Purser for valuable
256	   feedback and help when writing this draft.

258	Noramtive References

260	   [1]  Perkins, C., "IP Mobility Support for IPv4", RFC 3220, January
261	        2002.

263	   [2]  Perkins, C., Calhoun, P. and T. Johansson, "Diameter Mobile IPv4
264	        Application", draft-ietf-aaa-diameter-mobileip-10 (work in
265	        progress), April 2002.

267	Informative References

269	   [3]  Bradner, S., "Key words for use in RFCs to Indicate Requirement
270	        Levels", BCP 14, RFC 2119, March 1997.

272	   [4]  Aboba, B. and M. Beadles, "The Network Access Identifier", RFC
273	        2486, January 1999.

275	   [5]  Calhoun, P. and C. Perkins, "Mobile IP Network Access Identifier
276	        Extension for IPv4", RFC 2794, March 2000.

278	Authors' Addresses

280	   Fredrik Johansson
281	   ipUnplugged AB
282	   Arenavagen 33
283	   Stockholm  S-121 28
284	   SWEDEN

286	   Phone: +46 8 725 5916
287	   EMail: fredrik@ipunplugged.com

289	   Tony Johansson
290	   Ericsson Inc
291	   2100 Shattuck Ave.
292	   Berkeley, CA  94704
293	   USA

295	   Phone: +1 510 541 8783
296	   EMail: tony.johansson@ericsson.com

298	Full Copyright Statement

300	   Copyright (C) The Internet Society (2002).  All Rights Reserved.

302	   This document and translations of it may be copied and furnished to
303	   others, and derivative works that comment on or otherwise explain it
304	   or assist in its implementation may be prepared, copied, published
305	   and distributed, in whole or in part, without restriction of any
306	   kind, provided that the above copyright notice and this paragraph are
307	   included on all such copies and derivative works.  However, this
308	   document itself may not be modified in any way, such as by removing
309	   the copyright notice or references to the Internet Society or other
310	   Internet organizations, except as needed for the purpose of
311	   developing Internet standards in which case the procedures for
312	   copyrights defined in the Internet Standards process must be
313	   followed, or as required to translate it into languages other than
314	   English.

316	   The limited permissions granted above are perpetual and will not be
317	   revoked by the Internet Society or its successors or assigns.

319	   This document and the information contained herein is provided on an
320	   "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
321	   TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
322	   BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
323	   HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
324	   MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

326	Acknowledgement

328	   Funding for the RFC Editor function is currently provided by the
329	   Internet Society.