idnits 2.17.1 

draft-ietf-mobileip-aaa-nai-02.txt:

  Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

  ** Looks like you're using RFC 2026 boilerplate.  This must be updated to
     follow RFC 3978/3979, as updated by RFC 4748.


  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

  == No 'Intended status' indicated for this document; assuming Proposed
     Standard


  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

     No issues found here.

  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not
     match the current year

  -- The document seems to lack a disclaimer for pre-RFC5378 work, but may
     have content which was first submitted before 10 November 2008.  If you
     have contacted all the original authors and they are all willing to grant
     the BCP78 rights to the IETF Trust, then this is fine, and you can ignore
     this comment.  If not, you may need to add the pre-RFC5378 disclaimer. 
     (See the Legal Provisions document at
     https://trustee.ietf.org/license-info for more information.)

  -- The document date (May 30, 2002) is 7999 days in the past.  Is this
     intentional?


  Checking references for intended status: Proposed Standard
  ----------------------------------------------------------------------------

     (See RFCs 3967 and 4897 for information about using normative references
     to lower-maturity documents in RFCs)

  == Missing Reference: '1' is mentioned on line 262, but not defined

  == Missing Reference: '2' is mentioned on line 265, but not defined

  -- Obsolete informational reference (is this intentional?): RFC 2486 (ref.
     '4') (Obsoleted by RFC 4282)


     Summary: 1 error (**), 0 flaws (~~), 4 warnings (==), 3 comments (--).

     Run idnits with the --verbose option for more detailed information about
     the items above.

--------------------------------------------------------------------------------


2	Mobile IP Working Group                                     F. Johansson
3	Internet-Draft                                               ipUnplugged
4	Expires: November 28, 2002                                  T. Johansson
5	                                                                Ericsson
6	                                                            May 30, 2002

8	                   AAA NAI for Mobile IPv4 Extension
9	                     draft-ietf-mobileip-aaa-nai-02

11	Status of this Memo

13	   This document is an Internet-Draft and is in full conformance with
14	   all provisions of Section 10 of RFC2026.

16	   Internet-Drafts are working documents of the Internet Engineering
17	   Task Force (IETF), its areas, and its working groups.  Note that
18	   other groups may also distribute working documents as Internet-
19	   Drafts.

21	   Internet-Drafts are draft documents valid for a maximum of six months
22	   and may be updated, replaced, or obsoleted by other documents at any
23	   time.  It is inappropriate to use Internet-Drafts as reference
24	   material or to cite them other than as "work in progress."

26	   The list of current Internet-Drafts can be accessed at http://
27	   www.ietf.org/ietf/1id-abstracts.txt.

29	   The list of Internet-Draft Shadow Directories can be accessed at
30	   http://www.ietf.org/shadow.html.

32	   This Internet-Draft will expire on November 28, 2002.

34	Copyright Notice

36	   Copyright (C) The Internet Society (2002).  All Rights Reserved.

38	Abstract

40	   When a mobile node moves between two foreign networks it has to be
41	   reauthenticated.  If the home network has multiple AAA servers the
42	   reauthentication request may not be received by the same AAAH as
43	   previous authentication requests.

45	   In order for the new AAAH to be able to forward the request to the
46	   correct HA it has to know the identity of the HA.  This document
47	   defines an extension that enables the HA to pass its identity to the
48	   mobile node which can in turn pass it to the AAA server when changing
49	   point of attachment.  This document specifies a NAI extension that
50	   can carry these NAIs.

52	Table of Contents

54	   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3

56	   2.  Requirements terminology . . . . . . . . . . . . . . . . . . .  3

58	   3.  AAA NAI Extension  . . . . . . . . . . . . . . . . . . . . . .  4
59	   3.1 Processing of the AAA NAI Extension  . . . . . . . . . . . . .  5

61	   4.  HA Identity subtype  . . . . . . . . . . . . . . . . . . . . .  5

63	   5.  AAAH Identity subtype  . . . . . . . . . . . . . . . . . . . .  6

65	   6.  Security Considerations  . . . . . . . . . . . . . . . . . . .  6

67	   7.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . .  6

69	   8.  Acknowledgements . . . . . . . . . . . . . . . . . . . . . . .  6

71	       Noramtive References . . . . . . . . . . . . . . . . . . . . .  7

73	       Informative References . . . . . . . . . . . . . . . . . . . .  7

75	       Authors' Addresses . . . . . . . . . . . . . . . . . . . . . .  7

77	       Full Copyright Statement . . . . . . . . . . . . . . . . . . .  8

79	1. Introduction

81	   When building networks one would like to be able to have redundancy.
82	   In order to achieve this, one might place multiple AAA servers in one
83	   domain.  When a mobile node registers via a visited network the
84	   authentication will be handled by one of the AAA servers in the home
85	   domain.  At a later point, when the mobile node moves to another
86	   visited domain it again has to be authenticated.  However, due to the
87	   redundancy offered by the AAA protocol, it can not be guaranteed that
88	   the authentication will be handled by the same AAAH server as the
89	   previous one which can cause problems when trying to contact the HA
90	   assigned during this session.

92	   To solve this the home agent MUST include the AAAH NAI in the
93	   registration reply message, sent via the AAA infrastructure, which
94	   the mobile node then MUST include in every subsequent registration
95	   request sent to a foreign agent when changing point of attachment.

97	   Furthermore, the only information that is available about the home
98	   agent in the registration request is the IP address as defined in RFC
99	   3220 [1].  This is unfortunately not enough, since the AAA
100	   infrastructure needs to know the FQDN identity of the home agent to
101	   be able to correctly handle the assignment of the home agent.  A
102	   reverse DNS lookup would only disclose the identity of the Mobile IP
103	   interface for that HA IP address, which may or may not be the same as
104	   the AAA interface of the home agent.  One way of solving this problem
105	   would be for the home agent to include its identity in the
106	   registration reply so that it can be included by the mobile node in
107	   the coming registration requests when changing point of attachment.

109	2. Requirements terminology

111	   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
112	   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
113	   document are to be interpreted as described in RFC 2119 [3].

115	   The Mobile IP related terminology used in this document is described
116	   in RFC 3220 [1].

118	   The Mobile IP related terminology described in RFC 3220 [1] is used
119	   in this document.  In addition, the following terms are used:

121	   AAAH
122	      AAA Server in the Home Network

124	   AAAF
125	      AAA Server in the Foreign Network

127	   Authentication
128	      The process of verifying (using cryptographic techniques, for all
129	      applications in this specification) the identity of the originator
130	      of a message.

132	   Foreign Network
133	      Any network other than the mobile node's Home network.

135	   FQDN
136	      Fully Qualified Domain Name.

138	   Home Network
139	      A network, possible virtual, having a network prefix matching that
140	      of a mobile node's home address.  Note that standard IP routing
141	      mechanisms will deliver datagrams destined to a mobile node's Home
142	      Address to the mobile node's Home Network.

144	   Identity
145	      The identity of a node is equal to its FQDN.

147	   NAI
148	      Network Access Identifier [4].

150	   Visited Network
151	      A network other than a mobile node's Home Network, to which the
152	      mobile node is currently connected.

154	3. AAA NAI Extension

156	   This section defines an AAA NAI Extension, used by any extension that
157	   must carry data in the format of an NAI [5].  This extension may be
158	   carried by Registration Request and Reply messages.

160	     0                   1                   2                   3
161	     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
162	    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
163	    |     Type      |   Length      |   Sub-Type    |    NAI ...
164	    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

166	   Type
167	            (Type to be assigned by IANA) (skippable) [1]

169	   Length   8-bit unsigned integer.  Length of the extension, in octets,
170	            excluding the extension Type and the extension Length
171	            fields.  This field MUST be set to 1 plus the total length
172	            of the NAI field.

174	   Sub-Type This field describes the type of the entity which owns the
175	            NAI.  The following subtypes are defined:

177	            1    HA Identity NAI HA Identity (Section 4)

179	            2    AAAH Identity NAI AAAH Identity (Section 5)

181	   NAI      Contains the NAI [4] in a string format.

183	3.1 Processing of the AAA NAI Extension

185	   When a mobile node or home agent adds an AAA NAI extension to a
186	   registration message, the extension MUST appear prior to any
187	   authentication extensions.

189	   In the event the foreign agent adds an AAA NAI extension to a
190	   registration message, the extension MUST appear prior to any
191	   authentication extensions added by the FA.

193	4. HA Identity subtype

195	   The HA identity uses subtype 1 of the AAA NAI Extension.  It contains
196	   the NAI of the AAA interface of the HA in the form hostname@realm.
197	   Together the hostname and realm forms the complete FQDN
198	   (hostname.realm) of the HA's AAA interface.

200	   The home agent MUST provide this in every registration reply sent to
201	   the mobile node destined through the AAA infrastructure.

203	   A mobile node that recieves this extension in a registration reply
204	   message MUST provide it in every registration request when re-
205	   authentication is needed.  If the mobile node requests a specific
206	   home agent and it has the information available it MUST provide this
207	   extension in its initial registration request.

209	   The foreign agent MUST provide it to the AAA server by means
210	   described in [2].

212	5. AAAH Identity subtype

214	   The AAAH identity uses subtype 2 of the AAA NAI Extension.  It
215	   contains the NAI of the home AAA server in the form hostname@realm.
216	   Together the hostname and realm forms the complete FQDN
217	   (hostname.realm) of the home AAA servers interface.

219	   The home agent MUST provide this in every registration reply sent to
220	   the mobile node destined through the AAA infrastructure.

222	   A mobile node MUST always save the latest AAAH Identity received in
223	   the registration reply message and MUST provide the AAAH Identity in
224	   every registration request sent when re-authenticating.

226	   If the AAAH identity is present, the foreign agent MUST include this
227	   identity when requesting the Mobile Node authentication through the
228	   AAA infrastructure as described in [2].

230	6. Security Considerations

232	   This specification introduces new Mobile IP extensions that are used
233	   to carry mobility agent and AAA server identities, in the form of
234	   Network Access Identifiers.  It is assumed that the Mobile IP
235	   messages that would carry these extensions would be authenticated in
236	   the manner that is described in [4], or any follow-on authentication
237	   mechanisms.  Therefore, this specification does not lessen the
238	   security of Mobile IP messages.

240	   It should be noted, that the identities sent in the extensions
241	   specified herein MAY be sent in the clear over the network.  However,
242	   the authors do not envision that this information would create any
243	   security issues.

245	7. IANA Considerations

247	   The value assigned to the AAA NAI Extension MUST be a unique value
248	   from the IANA number space for Mobile IPv4 skippable extensions.

250	8. Acknowledgements

252	   Thanks to the original authors of the GNAIE draft, Mohamed M Khalil,
253	   Emad Qaddoura, Haseeb Akhtar, Pat R.  Calhoun.  The original draft
254	   was removed from the MIP WG charter when no use was seen for the
255	   extension.  The original ideas has been reused in this draft.

257	   Also thanks to Henrik Levkowetz and Kevin Purser for valuable
258	   feedback and help when writing this draft.

260	Noramtive References

262	   [1]  Perkins, C., "IP Mobility Support for IPv4", RFC 3220, January
263	        2002.

265	   [2]  Perkins, C., Calhoun, P. and T. Johansson, "Diameter Mobile IPv4
266	        Application", draft-ietf-aaa-diameter-mobileip-10 (work in
267	        progress), April 2002.

269	Informative References

271	   [3]  Bradner, S., "Key words for use in RFCs to Indicate Requirement
272	        Levels", BCP 14, RFC 2119, March 1997.

274	   [4]  Aboba, B. and M. Beadles, "The Network Access Identifier", RFC
275	        2486, January 1999.

277	   [5]  Calhoun, P. and C. Perkins, "Mobile IP Network Access Identifier
278	        Extension for IPv4", RFC 2794, March 2000.

280	Authors' Addresses

282	   Fredrik Johansson
283	   ipUnplugged AB
284	   Arenavagen 33
285	   Stockholm  S-121 28
286	   SWEDEN

288	   Phone: +46 8 725 5916
289	   EMail: fredrik@ipunplugged.com

291	   Tony Johansson
292	   Ericsson Inc
293	   2100 Shattuck Ave.
294	   Berkeley, CA  94704
295	   USA

297	   Phone: +1 510 541 8783
298	   EMail: tony.johansson@ericsson.com

300	Full Copyright Statement

302	   Copyright (C) The Internet Society (2002).  All Rights Reserved.

304	   This document and translations of it may be copied and furnished to
305	   others, and derivative works that comment on or otherwise explain it
306	   or assist in its implementation may be prepared, copied, published
307	   and distributed, in whole or in part, without restriction of any
308	   kind, provided that the above copyright notice and this paragraph are
309	   included on all such copies and derivative works.  However, this
310	   document itself may not be modified in any way, such as by removing
311	   the copyright notice or references to the Internet Society or other
312	   Internet organizations, except as needed for the purpose of
313	   developing Internet standards in which case the procedures for
314	   copyrights defined in the Internet Standards process must be
315	   followed, or as required to translate it into languages other than
316	   English.

318	   The limited permissions granted above are perpetual and will not be
319	   revoked by the Internet Society or its successors or assigns.

321	   This document and the information contained herein is provided on an
322	   "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
323	   TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
324	   BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
325	   HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
326	   MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

328	Acknowledgement

330	   Funding for the RFC Editor function is currently provided by the
331	   Internet Society.