idnits 2.17.1 draft-ietf-pana-pana-08.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** It looks like you're using RFC 3978 boilerplate. You should update this to the boilerplate described in the IETF Trust License Policy document (see https://trustee.ietf.org/license-info), which is required now. -- Found old boilerplate from RFC 3978, Section 5.1 on line 22. -- Found old boilerplate from RFC 3978, Section 5.5 on line 3219. -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 3196. -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 3203. -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 3209. ** This document has an original RFC 3978 Section 5.4 Copyright Line, instead of the newer IETF Trust Copyright according to RFC 4748. ** This document has an original RFC 3978 Section 5.5 Disclaimer, instead of the newer disclaimer which includes the IETF Trust according to RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There are 48 instances of too long lines in the document, the longest one being 9 characters in excess of 72. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year == The document seems to use 'NOT RECOMMENDED' as an RFC 2119 keyword, but does not include the phrase in its RFC 2119 key words list. -- The exact meaning of the all-uppercase expression 'MAY NOT' is not defined in RFC 2119. If it is intended as a requirements expression, it should be rewritten using one of the combinations defined in RFC 2119; otherwise it should not be all-uppercase. == Using lowercase 'not' together with uppercase 'MUST', 'SHALL', 'SHOULD', or 'RECOMMENDED' is not an accepted usage according to RFC 2119. Please use uppercase 'NOT' together with RFC 2119 keywords (if that is what you mean). Found 'MUST not' in this paragraph: The network administrator MUST configure the multicast scope such that the discovery messages can reach only the designated PAA(s). In case the PAA(s) is on the same link as the PaC, the administratively scoped multicast messages MUST not be forwarded by the routers. Details of scope configuration are discussed in [RFC2365]. == Using lowercase 'not' together with uppercase 'MUST', 'SHALL', 'SHOULD', or 'RECOMMENDED' is not an accepted usage according to RFC 2119. Please use uppercase 'NOT' together with RFC 2119 keywords (if that is what you mean). Found 'SHOULD not' in this paragraph: EAP authentication can fail at a pass-through authenticator without sending an EAP Failure message [I-D.ietf-eap-statemachine]. When this occurs, the PAA SHOULD send a PANA-Error-Request message to the PaC with using PANA_UNABLE_TO_COMPLY result code. The PaC SHOULD not change its state unless the error message is secured by PANA or lower-layer. In any case, a more appropriate way is to rely on a timeout on the PaC. == The expression 'MAY NOT', while looking like RFC 2119 requirements text, is not defined in RFC 2119, and should not be used. Consider using 'MUST NOT' instead (if that is what you mean). Found 'MAY NOT' in this paragraph: The following tables lists the AVPs used in this document, and specifies in which PANA messages they MAY, or MAY NOT be present. -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (May 10, 2005) is 6925 days in the past. Is this intentional? -- Found something which looks like a code comment -- if you have code sections in the document, please surround them with '' and '' lines. Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'AVPs' is mentioned on line 3136, but not defined == Missing Reference: 'Nonce' is mentioned on line 612, but not defined == Missing Reference: 'Cookie' is mentioned on line 612, but not defined == Missing Reference: 'Session-Id' is mentioned on line 3172, but not defined == Missing Reference: 'Device-Id' is mentioned on line 846, but not defined == Missing Reference: 'Key-Id' is mentioned on line 3164, but not defined == Missing Reference: 'PPAC' is mentioned on line 846, but not defined == Missing Reference: 'MAC' is mentioned on line 3172, but not defined == Unused Reference: 'I-D.ietf-dna-link-information' is defined on line 3047, but no explicit reference was found in the text == Unused Reference: 'I-D.adrangi-eap-network-discovery' is defined on line 3052, but no explicit reference was found in the text ** Obsolete normative reference: RFC 2234 (Obsoleted by RFC 4234) ** Obsolete normative reference: RFC 2462 (Obsoleted by RFC 4862) ** Obsolete normative reference: RFC 2988 (Obsoleted by RFC 6298) ** Obsolete normative reference: RFC 3315 (Obsoleted by RFC 8415) ** Obsolete normative reference: RFC 3588 (Obsoleted by RFC 6733) == Outdated reference: A later version (-22) exists of draft-ietf-eap-keying-06 ** Obsolete normative reference: RFC 2434 (ref. 'IANA') (Obsoleted by RFC 5226) == Outdated reference: A later version (-07) exists of draft-ietf-pana-ipsec-05 == Outdated reference: A later version (-10) exists of draft-ietf-pana-framework-03 == Outdated reference: A later version (-06) exists of draft-ietf-pana-snmp-03 == Outdated reference: A later version (-06) exists of draft-ietf-dna-link-information-01 == Outdated reference: A later version (-14) exists of draft-adrangi-eap-network-discovery-12 -- Obsolete informational reference (is this intentional?): RFC 2279 (Obsoleted by RFC 3629) Summary: 10 errors (**), 0 flaws (~~), 22 warnings (==), 10 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 PANA Working Group D. Forsberg 3 Internet-Draft Nokia 4 Expires: November 11, 2005 Y. Ohba (Ed.) 5 Toshiba 6 B. Patil 7 Nokia 8 H. Tschofenig 9 Siemens 10 A. Yegin 11 Samsung 12 May 10, 2005 14 Protocol for Carrying Authentication for Network Access (PANA) 15 draft-ietf-pana-pana-08 17 Status of this Memo 19 By submitting this Internet-Draft, each author represents that any 20 applicable patent or other IPR claims of which he or she is aware 21 have been or will be disclosed, and any of which he or she becomes 22 aware will be disclosed, in accordance with Section 6 of BCP 79. 24 Internet-Drafts are working documents of the Internet Engineering 25 Task Force (IETF), its areas, and its working groups. Note that 26 other groups may also distribute working documents as Internet- 27 Drafts. 29 Internet-Drafts are draft documents valid for a maximum of six months 30 and may be updated, replaced, or obsoleted by other documents at any 31 time. It is inappropriate to use Internet-Drafts as reference 32 material or to cite them other than as "work in progress." 34 The list of current Internet-Drafts can be accessed at 35 http://www.ietf.org/ietf/1id-abstracts.txt. 37 The list of Internet-Draft Shadow Directories can be accessed at 38 http://www.ietf.org/shadow.html. 40 This Internet-Draft will expire on November 11, 2005. 42 Copyright Notice 44 Copyright (C) The Internet Society (2005). 46 Abstract 48 This document defines the Protocol for Carrying Authentication for 49 Network Access (PANA), a link-layer agnostic transport for Extensible 50 Authentication Protocol (EAP) to enable network access authentication 51 between clients and access networks. PANA can carry any 52 authentication method that can be specified as an EAP method, and it 53 can be used on any link that can carry IP. PANA protocol 54 specification covers the client-to-network access authentication part 55 of an overall secure network access framework, which additionally 56 includes other protocols and mechanisms for service provisioning, 57 access control as a result of initial authentication, and accounting. 59 Table of Contents 61 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 5 62 1.1 Specification of Requirements . . . . . . . . . . . . . . 5 63 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . 6 64 3. Protocol Overview . . . . . . . . . . . . . . . . . . . . . 9 65 4. Protocol Details . . . . . . . . . . . . . . . . . . . . . . 11 66 4.1 Payload Encoding . . . . . . . . . . . . . . . . . . . . . 11 67 4.2 Discovery and Handshake Phase . . . . . . . . . . . . . . 12 68 4.3 Authentication and Authorization Phase . . . . . . . . . . 16 69 4.4 Access Phase . . . . . . . . . . . . . . . . . . . . . . . 18 70 4.5 Re-authentication Phase . . . . . . . . . . . . . . . . . 19 71 4.6 Termination Phase . . . . . . . . . . . . . . . . . . . . 21 72 4.7 Separate NAP and ISP Authentication . . . . . . . . . . . 22 73 4.7.1 Negotiating Separate NAP and ISP Authentication . . . 22 74 4.7.2 Execution of Separate NAP and ISP Authentication . . . 23 75 4.7.3 AAA-Key Calculation . . . . . . . . . . . . . . . . . 24 76 5. Protocol Design Details and Processing Rules . . . . . . . . 25 77 5.1 Transport Layer . . . . . . . . . . . . . . . . . . . . . 25 78 5.1.1 Fragmentation . . . . . . . . . . . . . . . . . . . . 25 79 5.2 Sequence Number and Retransmission . . . . . . . . . . . . 25 80 5.3 PANA Security Association . . . . . . . . . . . . . . . . 26 81 5.4 Message Authentication Code . . . . . . . . . . . . . . . 29 82 5.5 Message Validity Check . . . . . . . . . . . . . . . . . . 29 83 5.6 Device ID Choice . . . . . . . . . . . . . . . . . . . . . 31 84 5.7 PaC Updating its IP Address . . . . . . . . . . . . . . . 32 85 5.8 Session Lifetime . . . . . . . . . . . . . . . . . . . . . 32 86 5.9 Network Selection . . . . . . . . . . . . . . . . . . . . 33 87 5.10 Error Handling . . . . . . . . . . . . . . . . . . . . . 34 88 6. PANA Headers and Formats . . . . . . . . . . . . . . . . . . 35 89 6.1 IP and UDP Headers . . . . . . . . . . . . . . . . . . . . 35 90 6.2 PANA Header . . . . . . . . . . . . . . . . . . . . . . . 35 91 6.3 AVP Header . . . . . . . . . . . . . . . . . . . . . . . . 38 92 7. PANA Messages, Message Specifications and AVPs . . . . . . . 42 93 7.1 PANA Messages . . . . . . . . . . . . . . . . . . . . . . 42 94 7.2 PANA Message ABNF Specification . . . . . . . . . . . . . 42 95 7.2.1 PANA-PAA-Discover (PDI) . . . . . . . . . . . . . . . 44 96 7.2.2 PANA-Start-Request (PSR) . . . . . . . . . . . . . . . 45 97 7.2.3 PANA-Start-Answer (PSA) . . . . . . . . . . . . . . . 45 98 7.2.4 PANA-Auth-Request (PAR) . . . . . . . . . . . . . . . 45 99 7.2.5 PANA-Auth-Answer (PAN) . . . . . . . . . . . . . . . . 46 100 7.2.6 PANA-Reauth-Request (PRAR) . . . . . . . . . . . . . . 46 101 7.2.7 PANA-Reauth-Answer (PRAA) . . . . . . . . . . . . . . 46 102 7.2.8 PANA-Bind-Request (PBR) . . . . . . . . . . . . . . . 46 103 7.2.9 PANA-Bind-Answer (PBA) . . . . . . . . . . . . . . . . 47 104 7.2.10 PANA-Ping-Request (PPR) . . . . . . . . . . . . . . 47 105 7.2.11 PANA-Ping-Answer (PPA) . . . . . . . . . . . . . . . 47 106 7.2.12 PANA-Termination-Request (PTR) . . . . . . . . . . . 48 107 7.2.13 PANA-Termination-Answer (PTA) . . . . . . . . . . . 48 108 7.2.14 PANA-Error-Request (PER) . . . . . . . . . . . . . . 48 109 7.2.15 PANA-Error-Answer (PEA) . . . . . . . . . . . . . . 49 110 7.2.16 PANA-FirstAuth-End-Request (PFER) . . . . . . . . . 49 111 7.2.17 PANA-FirstAuth-End-Answer (PFEA) . . . . . . . . . . 49 112 7.2.18 PANA-Update-Request (PUR) . . . . . . . . . . . . . 49 113 7.2.19 PANA-Update-Answer (PUA) . . . . . . . . . . . . . . 50 114 7.3 AVPs in PANA . . . . . . . . . . . . . . . . . . . . . . . 50 115 7.3.1 Cookie AVP . . . . . . . . . . . . . . . . . . . . . . 52 116 7.3.2 Device-Id AVP . . . . . . . . . . . . . . . . . . . . 52 117 7.3.3 EAP-Payload AVP . . . . . . . . . . . . . . . . . . . 53 118 7.3.4 Failed-AVP AVP . . . . . . . . . . . . . . . . . . . . 53 119 7.3.5 ISP-Information AVP . . . . . . . . . . . . . . . . . 53 120 7.3.6 Key-Id AVP . . . . . . . . . . . . . . . . . . . . . . 53 121 7.3.7 MAC AVP . . . . . . . . . . . . . . . . . . . . . . . 53 122 7.3.8 NAP-Information AVP . . . . . . . . . . . . . . . . . 54 123 7.3.9 Nonce AVP . . . . . . . . . . . . . . . . . . . . . . 54 124 7.3.10 Notification AVP . . . . . . . . . . . . . . . . . . 54 125 7.3.11 Post-PANA-Address-Configuration (PPAC) AVP . . . . . 55 126 7.3.12 Protection-Capability AVP . . . . . . . . . . . . . 56 127 7.3.13 Provider-Identifier AVP . . . . . . . . . . . . . . 56 128 7.3.14 Provider-Name AVP . . . . . . . . . . . . . . . . . 56 129 7.3.15 Result-Code AVP . . . . . . . . . . . . . . . . . . 56 130 7.3.16 Session-Id AVP . . . . . . . . . . . . . . . . . . . 61 131 7.3.17 Session-Lifetime AVP . . . . . . . . . . . . . . . . 61 132 7.3.18 Termination-Cause AVP . . . . . . . . . . . . . . . 61 133 8. Retransmission Timers . . . . . . . . . . . . . . . . . . . 62 134 8.1 Transmission and Retransmission Parameters . . . . . . . . 63 135 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . 65 136 9.1 PANA UDP Port Number . . . . . . . . . . . . . . . . . . . 65 137 9.2 PANA Multicast Address . . . . . . . . . . . . . . . . . . 65 138 9.3 PANA Header . . . . . . . . . . . . . . . . . . . . . . . 65 139 9.3.1 Message Type . . . . . . . . . . . . . . . . . . . . . 65 140 9.3.2 Flags . . . . . . . . . . . . . . . . . . . . . . . . 66 141 9.4 AVP Header . . . . . . . . . . . . . . . . . . . . . . . . 66 142 9.4.1 AVP Code . . . . . . . . . . . . . . . . . . . . . . . 66 143 9.4.2 Flags . . . . . . . . . . . . . . . . . . . . . . . . 67 144 9.5 AVP Values . . . . . . . . . . . . . . . . . . . . . . . . 67 145 9.5.1 Algorithm Values of MAC AVP . . . . . . . . . . . . . 67 146 9.5.2 Post-PANA-Address-Configuration AVP Values . . . . . . 67 147 9.5.3 Protection-Capability AVP Values . . . . . . . . . . . 67 148 9.5.4 Result-Code AVP Values . . . . . . . . . . . . . . . . 67 149 9.5.5 Termination-Cause AVP Values . . . . . . . . . . . . . 68 150 10. Security Considerations . . . . . . . . . . . . . . . . . . 69 151 10.1 General Security Measures . . . . . . . . . . . . . . . 69 152 10.2 Discovery . . . . . . . . . . . . . . . . . . . . . . . 70 153 10.3 EAP Methods . . . . . . . . . . . . . . . . . . . . . . 71 154 10.4 Separate NAP and ISP Authentication . . . . . . . . . . 71 155 10.5 Cryptographic Keys . . . . . . . . . . . . . . . . . . . 71 156 10.6 Per-packet Ciphering . . . . . . . . . . . . . . . . . . 72 157 10.7 PAA-to-EP Communication . . . . . . . . . . . . . . . . 72 158 10.8 Liveness Test . . . . . . . . . . . . . . . . . . . . . 73 159 10.9 Updating PaC's IP Address . . . . . . . . . . . . . . . 73 160 10.10 Early Termination of a Session . . . . . . . . . . . . . 73 161 11. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . 74 162 12. References . . . . . . . . . . . . . . . . . . . . . . . . . 75 163 12.1 Normative References . . . . . . . . . . . . . . . . . . 75 164 12.2 Informative References . . . . . . . . . . . . . . . . . 76 165 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . 77 166 A. Example Sequence of Separate NAP and ISP Authentication . . 79 167 Intellectual Property and Copyright Statements . . . . . . . 82 169 1. Introduction 171 Providing secure network access service requires access control based 172 on the authentication and authorization of the clients and the access 173 networks. Client-to-network authentication provides parameters that 174 are needed to police the traffic flow through the enforcement points. 175 A protocol is needed to carry authentication methods between the 176 client and the access network. 178 Currently there is no standard network-layer solution for 179 authenticating clients for network access. Appendix A of [I-D.ietf- 180 pana-requirements] describes the problem statement that led to the 181 development of PANA. 183 Scope of this work is identified as designing a link-layer agnostic 184 transport for network access authentication methods. The Extensible 185 Authentication Protocol (EAP) [RFC3748] provides such authentication 186 methods. In other words, PANA will carry EAP which can carry various 187 authentication methods. By the virtue of enabling transport of EAP 188 above IP, any authentication method that can be carried as an EAP 189 method is made available to PANA and hence to any link-layer 190 technology. There is a clear division of labor between PANA (an EAP 191 lower layer), EAP and EAP methods as described in [RFC3748]. 193 Various environments and usage models for PANA are identified in 194 Appendix A of [I-D.ietf-pana-requirements]. Potential security 195 threats for network-layer access authentication protocol are 196 discussed in [RFC4016]. These have been essential in defining the 197 requirements [I-D.ietf-pana-requirements] on the PANA protocol. Note 198 that some of these requirements are imposed by the chosen payload, 199 EAP [RFC3748]. 201 There are components that are part of a complete secure network 202 solution but are outside of the PANA protocol specification, 203 including IP address configuration, authentication method choice, 204 filter rule installation, data traffic protection and PAA-EP 205 protocol. These components are described in separate documents (see 206 [I-D.ietf-pana-framework] and [I-D.ietf-pana-snmp]). The readers are 207 recommended to go through the PANA Framework document [I-D.ietf-pana- 208 framework] prior to reading this protocol specification document. 210 1.1 Specification of Requirements 212 In this document, several words are used to signify the requirements 213 of the specification. These words are often capitalized. The key 214 words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", 215 "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document 216 are to be interpreted as described in [RFC2119]. 218 2. Terminology 220 PANA Client (PaC): 222 The client side of the protocol that resides in the access device 223 (e.g., laptop, PDA, etc.). It is responsible for providing the 224 credentials in order to prove its identity (authentication) for 225 network access authorization. The PaC and the EAP peer are co- 226 located in the same access device. 228 PANA Authentication Agent (PAA): 230 The protocol entity in the access network whose responsibility is 231 to verify the credentials provided by a PANA client (PaC) and 232 authorize network access to the device associated with the client 233 and identified by a Device Identifier (DI). The PAA and the EAP 234 authenticator (and optionally the EAP server) are co-located in 235 the same node. Note the authentication and authorization 236 procedure can, according to the EAP model, be also offloaded to 237 the backend AAA infrastructure. 239 PANA Session: 241 A PANA session begins with the handshake between the PANA Client 242 (PaC) and the PANA Authentication Agent (PAA), and terminates as a 243 result of an authentication or liveness test failure, a message 244 delivery failure after retransmissions reach maximum values, 245 session lifetime expiration, or an explicit termination message. 246 A fixed session identifier is maintained throughout a session. A 247 session cannot be shared across multiple network interfaces. Only 248 one device identifier of the PaC is allowed to be bound to a PANA 249 session for simplicity. 251 Session Identifier: 253 This identifier is used to uniquely identify a PANA session on the 254 PAA and PaC. It includes an identifier of the PAA, therefore it 255 cannot be shared across multiple PAAs. It is included in PANA 256 messages to bind the message to a specific PANA session. This 257 bidirectional identifier is allocated by the PAA following the 258 handshake and freed when the session terminates. 260 PANA Security Association (PANA SA): 262 A PANA security association is formed between the PaC and the PAA 263 by sharing cryptographic keying material and associated context. 264 The formed duplex security association is used to protect the 265 bidirectional PANA signaling traffic between the PaC and the PAA. 267 Device Identifier (DI): 269 The identifier used by the network as a handle to control and 270 police the network access of a device. Depending on the access 271 technology, this identifier may contain an address that is carried 272 in protocol headers (e.g., IP or link-layer address), or a locally 273 significant identifier that is made available by the local 274 protocol stack (e.g., circuit id, PPP interface id) of a connected 275 device. 277 Enforcement Point (EP): 279 A node on the access network where per-packet enforcement policies 280 (i.e., filters) are applied on the inbound and outbound traffic of 281 access devices. Information such as the DI and (optionally) 282 cryptographic keys are provided by the PAA per client for 283 generating filters on the EP. The EP and PAA may be co-located. 285 Network Access Provider (NAP): 287 A service provider that provides physical and link-layer 288 connectivity to an access network it manages. 290 AAA-Key: 292 A key derived by the EAP peer and EAP server and transported to 293 the authenticator [I-D.ietf-eap-keying]. 295 For additional terminology definitions see the PANA framework 296 document [I-D.ietf-pana-framework]. 298 3. Protocol Overview 300 The PANA protocol is run between a client (PaC) and a server (PAA) in 301 order to perform authentication and authorization for the network 302 access service. 304 The protocol messaging consists of a series of request and responses, 305 some of which may be initiated by either ends. Each message can 306 carry zero or more AVPs as payload. The main payload of PANA is EAP 307 which performs authentication. PANA helps the PaC and PAA establish 308 an EAP session. 310 PANA is a UDP-based protocol. It has its own retransmission 311 mechanism to reliably deliver messages. 313 PANA messages are sent between the PaC and PAA as part of a PANA 314 session. A PANA session consists of distinct phases: 316 o Discovery and handshake phase: This is the phase that initiates a 317 new PANA session. The PaC discovers the PAA(s) by either 318 explicitly soliciting advertisements for them or receiving 319 unsolicited advertisements. The PaC's answer sent in response to 320 an advertisement starts a new session. 322 o Authentication and authorization phase: Immediately following the 323 discovery and handshake phase is the EAP execution between the PAA 324 and PaC. The EAP payload (which carry an EAP method inside) is 325 what is used for authentication. The PAA conveys the result of 326 authentication and authorization to the PaC at the end of this 327 phase. This phase may involve execution of two EAP sessions back- 328 to-back, one for the NAP and one for the ISP. 330 o Access phase: After a successful authentication and authorization 331 the host gains access to the network and can send and receive IP 332 data traffic through the EP(s). At any time during this phase, 333 the PaC and PAA may optionally ping each other to test liveness of 334 the PANA session on each end. 336 o Re-authentication phase: Following the access phase, the PAA must 337 initiate re-authentication before the PANA session lifetime 338 expires. Again EAP is carried by PANA to perform authentication. 339 This phase may be optionally triggered by both the PaC and the PAA 340 without any respect to the session lifetime. The session moves to 341 this phase from the access phase, and returns back there upon 342 successful re-authentication. 344 o Termination phase: The PaC or PAA may choose to discontinue the 345 access service at any time. An explicit disconnect message can be 346 sent by either end. If either the PaC or the PAA disconnects 347 without engaging in termination messaging, it is expected that 348 either the expiration of a finite session lifetime or failed 349 liveness tests would do the job. 351 PaC PAA Message 352 ----------------------------------------------------- 353 // Discovery and handshake phase 354 -----> PANA-PAA-Discover 355 <----- PANA-Start-Request 356 -----> PANA-Start-Answer 358 // Authentication and authorization phase 359 <----- PANA-Auth-Request /* EAP Request */ 360 -----> PANA-Auth-Answer 361 -----> PANA-Auth-Request /* EAP Response */ 362 <----- PANA-Auth-Answer 363 <----- PANA-Bind-Request /* EAP Success */ 364 -----> PANA-Bind-Answer 366 // Access phase (IP data traffic allowed) 367 <----- PANA-Ping-Request 368 -----> PANA-Ping-Answer 370 // Termination phase 371 -----> PANA-Termination-Request 372 <----- PANA-Termination-Answer 374 Figure 1: Illustration of PANA messages in a session 376 Note that depending on the environment and deployment the protocol 377 flow depicted in Figure 1 can be abbreviated. 379 Cryptographic protection of messages between the PaC and PAA is 380 possible as soon as EAP in conjunction with the EAP method exports a 381 shared key. That shared key is used to create a PANA SA. The PANA 382 SA helps generating per-message authentication codes that provide 383 integrity protection and authentication. 385 Throughout the lifetime of a session, various problems found with the 386 incoming messages can generate a PANA error message sent in response. 388 4. Protocol Details 390 The following sections explain in detail the various phases of a PANA 391 session. 393 4.1 Payload Encoding 395 The payload of any PANA message consists of zero or more AVPs 396 (Attribute Value Pairs). The subsequent sections refer to these 397 AVPs, therefore the list of AVPs are provided with a brief 398 description before more extensive descriptions are included later in 399 the document. 401 o Cookie AVP: contains a random value that is generated by the PAA 402 and used for making PAA discovery robust against blind resource 403 consumption DoS attacks. 405 o Protection-Capability AVP: contains the type of per-packet 406 protection (link-layer vs. network-layer) when a cryptographic 407 mechanism should be enabled after PANA authentication. 409 o Device-Id AVP: contains a device identifier (link-layer address or 410 an IP address) of the PaC or an EP. 412 o EAP AVP: contains an EAP PDU. 414 o MAC AVP: contains a Message Authentication Code that integrity 415 protects the PANA message. 417 o Termination-Cause AVP: contains the reason of session termination. 419 o Result-Code AVP: contains information about the protocol execution 420 results. 422 o Session-Id AVP: contains the PANA session identifier value. 424 o Session-Lifetime AVP: contains the duration of authorized access. 426 o Failed-AVP: contains an offending AVP that caused a failure. 428 o Provider-Identifier AVP: contains the identifier of a NAP or an 429 ISP. 431 o Provider-Name AVP: contains a name of a NAP or an ISP. 433 o NAP-Information AVP, ISP-Information AVP: contains the identifier 434 of a NAP and an ISP, respectively. 436 o Key-Id AVP: contains a AAA-Key identifier. 438 o PPAC AVP: Post-PANA-Address-Configuration AVP. Used to indicate 439 the available/chosen IP address configuration methods that can be 440 used by the PaC after successful PANA authentication. 442 o Nonce AVP: contains a randomly chosen value that is used in 443 cryptographic key computations. 445 o Notification AVP: contains a displayable message. 447 4.2 Discovery and Handshake Phase 449 When a PaC attaches to a network, and it does not already know the IP 450 address of the PAA, it MUST rely on dynamic discovery methods, such 451 as a multicast-based and a traffic-driven discovery. 453 The PaCs and PAAs MUST implement multicast-based discovery where the 454 PaC sends a PANA-PAA-Discover message to a well-known 455 administratively scoped multicast address (TBD) and UDP port (TBD). 457 The network administrator MUST configure the multicast scope such 458 that the discovery messages can reach only the designated PAA(s). In 459 case the PAA(s) is on the same link as the PaC, the administratively 460 scoped multicast messages MUST not be forwarded by the routers. 461 Details of scope configuration are discussed in [RFC2365]. 463 The PAA(s) that receive the discovery message MUST respond with a 464 unicast PANA-Start-Request message sent to the soliciting PaC. 466 Alternatively, the PaC MAY also choose to start sending data packets 467 before getting authenticated. The EP in an access network that 468 implements PANA SHOULD drop such unauthorized packets upon receipt. 469 Additionally, the EP MAY also take this traffic as an indication of 470 unauthorized PaC and notify the PAA. The EP-to-PAA notification 471 SHOULD be sent via [I-D.ietf-pana-snmp]. In response, the PAA SHOULD 472 send an unsolicited PANA-Start-Request message to the PaC. This is 473 called traffic-driven PAA discovery (an alternative to the PaC 474 explicitly soliciting for a PAA). Deployment of this alternate 475 scheme is optional. 477 The EP-to-PAA notification MAY also be generated in response to 478 receiving a link-up event notification on the EP [I-D.ietf-dna-link- 479 information]. 481 Alternative PAA discovery schemes may be designed (e.g., DHCP-based) 482 but they are outside the scope of this specification. 484 If the PaC knows the IP address of the PAA, it can send a unicast 485 PANA-PAA-Discover message and initiate the PANA exchange. 487 When the PaC receives a PANA-Start-Request message from a PAA, it 488 responds with a PANA-Start-Answer message if it wishes to enter the 489 authentication and authorization phase. 491 There can be multiple PAAs on the link and the PaC may receive 492 multiple PANA-Start-Request messages from those PAAs. The 493 authentication and authorization result does not depend on which PAA 494 is chosen by the PaC. By default the PaC MAY choose the PAA that 495 sent the first response. 497 A PANA-Start-Request message MAY carry a Cookie AVP that contains a 498 random value generated by the PAA. The random value is referred to 499 as a cookie. The cookie is used for preventing the PAA from resource 500 consumption DoS attacks by blind attackers which bombard the PAA with 501 PANA-PAA-Discover messages. By relying on a cookie mechanism the PAA 502 can avoid per-PaC state creation until after the PaC can produce the 503 same cookie in its PANA-Start-Answer message. In order to do that, 504 the cookie MUST be computed in such a way that it does not require 505 any per-session state maintenance on the PAA in order to verify the 506 cookie returned in the PANA-Start-Answer message. The PAA discovery 507 that takes advantage of cookies is called "stateless PAA discovery". 508 The exact algorithms and syntax used by the PAA to generate cookies 509 does not affect interoperability and hence is not specified here. An 510 example algorithm is described below. 512 Cookie = 513 | HMAC_SHA1( , ) 515 where is a randomly generated secret known only to the PAA, 516 is an index used for choosing the secret for 517 generating the cookie and '|' indicates concatenation. The secret- 518 version should be changed frequently enough to prevent replay 519 attacks. The secret key is valid for a certain time frame. The 520 device identifier of the PaC can be extracted from a link-layer or IP 521 header of PANA messages. 523 When the PaC sends a PANA-Start-Answer message in response to a PANA- 524 Start-Request containing a Cookie AVP, the answer MUST contain a 525 Cookie AVP with the cookie value copied from the request. 527 When the PAA receives the PANA-Start-Answer message from the PaC, it 528 verifies the cookie. The cookie is considered as valid if the 529 received cookie has the expected value. If the computed cookie is 530 valid, the protocol enters the authentication and authorization 531 phase. Otherwise, it MUST silently discard the received message. 533 The initial EAP Request message MAY be optionally carried by the 534 PANA-Start-Request (as opposed to by a later PANA-Auth-Request) 535 message in order to reduce the number of round-trips. This 536 optimization SHOULD NOT be used if the PAA discovery is desired to be 537 stateless since transmission of an EAP Request message creates a 538 state at EAP layer. See [I-D.ietf-eap-statemachine] for more 539 information on the EAP state machine and the allocation of state 540 information in the respective protocol steps. 542 A Protection-Capability AVP and a Post-PANA-Address-Configuration 543 (PPAC) AVP MAY be included in the PANA-Start-Request in order to 544 indicate required and available capabilities for the network access. 545 These AVPs MAY be used by the PaC for assessing the capability match 546 even before the authentication takes place. Since these AVPs are 547 provided during the insecure discovery and handshake phase, there are 548 certain security risks involved in using the provided information. 549 See Section 10 for further discussion on this. 551 If the initial EAP Request message is carried in the PANA-Start- 552 Request message, an EAP Response message MUST be carried in the PANA- 553 Start-Answer message returned to the PAA. 555 The PANA-Start-Request/Answer exchange is needed before entering the 556 authentication and authorization phase even when the PaC is pre- 557 configured with the IP address of the PAA and the PANA-PAA-Discover 558 message is unicast. 560 A Nonce AVP MUST be included in the PANA-Start-Request and PANA- 561 Start-Answer messages. The nonces are used to establish a fresh 562 PANA_MAC_KEY (see Section 5.3) which is a transient session key in 563 the EAP key hierarchy [I-D.ietf-eap-keying] and is used only in the 564 PANA protocol. A Nonce AVP MUST be included in the PANA-Start- 565 Request and PANA-Start-Answer messages. The nonces are used to 566 establish a PANA SA. 568 A PANA-Start-Request message in stateless PAA discovery MUST NOT be 569 retransmitted as this voids the statelessness on the PAA. Instead, 570 the PaC MUST retransmit the PANA-PAA-Discover message until it 571 receives a PANA-Start-Request message, and retransmit the PANA-Start- 572 Answer message until it receives a PANA-Auth-Request message. The 573 PaC can determine whether the PAA is using stateless PAA discovery by 574 the presence of Cookie AVP. The PANA-Start-Request message MUST be 575 retransmitted instead of the PANA-Start-Answer message when stateless 576 PAA discovery is not used. 578 It is possible that both the PAA and the PaC initiate the discovery 579 and handshake procedure at the same time, i.e., the PAA sends a PANA- 580 Start-Request message while the PaC sends a PANA-PAA-Discover 581 message. To resolve the race condition, the PAA SHOULD silently 582 discard the PANA-PAA-Discover message received from the PaC after it 583 has sent a PANA-Start-Request message with creating a state (i.e., no 584 Cookie AVP is included in the message) for the PaC. In this case the 585 PAA will retransmit the PANA-Start-Request message based on a timer, 586 if the PaC doesn't respond in time (the message was lost for 587 example). If the PAA had sent a PANA-Start-Request message without 588 creating a state for the PaC (i.e., a Cookie AVP was included in the 589 message), then it SHOULD answer to the PANA-PAA-Discover message. 591 Figure 2 shows an example sequence for the discovery and handshake 592 phase when a PANA-PAA-Discover message is sent by the PaC. Figure 3 593 shows an example sequence for the discovery and handshake phase with 594 traffic-driven PAA discovery. 596 PaC PAA Message(sequence number)[AVPs] 597 ------------------------------------------------------ 598 -----> PANA-PAA-Discover(0) 599 <----- PANA-Start-Request(x)[Nonce, Cookie] 600 -----> PANA-Start-Answer(x)[Nonce, Cookie] 601 (continued to the authentication and 602 authorization phase) 604 Figure 2: Example sequence for the discovery and handshake phase when 605 PANA-PAA-Discover is sent by the PaC 607 PaC EP PAA Message(sequence number)[AVPs] 608 ------------------------------------------------------ 609 ---->o (Data packet arrival or L2 trigger) 610 ------> PAA-to-EP protocol, or another mechanism 611 <------------ PANA-Start-Request(x)[Nonce, Cookie] 612 ------------> PANA-Start-Answer(x)[Nonce, Cookie] 613 (continued to the authentication and 614 authorization phase) 616 Figure 3: Example sequence for the discovery and handshake phase with 617 traffic-driven PAA discovery 619 4.3 Authentication and Authorization Phase 621 The main task of the authentication and authorization phase is to 622 carry EAP messages between the PaC and the PAA. EAP Request and 623 Response messages are carried in PANA-Auth-Request messages. PANA- 624 Auth-Answer messages are simply used to acknowledge receipt of the 625 requests. As an optimization, a PANA-Auth-Answer message MAY include 626 the EAP Response message. This optimization MAY not be used when it 627 takes time to generate the EAP Response message (due to, e.g., 628 intervention of human input), in which case returning an EAP-Auth- 629 Answer message without piggybacking an EAP Response message can avoid 630 unnecessary retransmission of the PANA-Auth-Request message. Another 631 optimization allows optionally carrying the first EAP Request/ 632 Response message in PANA-Start-Request/Answer message as described in 633 Section 4.2. 635 PANA allows execution of two separate authentication methods, one 636 with NAP and one with ISP under the same PANA session. This optional 637 feature may be offered by the PAA and accepted by the PaC. When 638 performed separately, the result of the first EAP authentication is 639 signaled via PANA-FirstAuth-End-Request and PANA-FirstAuth-End-Answer 640 message exchange which delineates the first method execution from the 641 next. See Section 4.7 for a detailed discussion on separate NAP and 642 ISP authentication. 644 The result of PANA authentication is carried in a PANA-Bind-Request 645 message sent from the PAA to the PaC. This message carries the final 646 EAP authentication result (whether it is the second EAP 647 authentication result of NAP and ISP separate authentication, or the 648 sole EAP authentication result) and the result of PANA 649 authentication. The PANA-Bind-Request message MUST be acknowledged 650 with a PANA-Bind-Answer (PBA) message. Figure 4 shows an example 651 sequence in the authentication and authorization phase (no separate 652 authentication). 654 PaC PAA Message(sequence number)[AVPs] 655 -------------------------------------------------------------------- 656 (continued from the discovery and handshake phase) 657 <----- PANA-Auth-Request(x+1) 658 [Session-Id, EAP{Request}] 659 -----> PANA-Auth-Answer(x+1) // No piggybacking EAP Response 660 [Session-Id] 661 -----> PANA-Auth-Request(y) 662 [Session-Id, EAP{Response}] 663 <----- PANA-Auth-Answer(y) 664 [Session-Id] 665 <----- PANA-Auth-Request(x+2) 666 [Session-Id, EAP{Request}] 667 -----> PANA-Auth-Answer(x+2) // Piggybacking EAP Response 668 [Session-Id, EAP{Response}] 669 <----- PANA-Bind-Request(x+3) 670 [Session-Id, Result-Code, EAP{Success}, Device-Id, 671 Key-Id, Lifetime, Protection-Cap., PPAC, MAC] 672 -----> PANA-Bind-Answer(x+3) 673 [Session-Id, Device-Id, Key-Id, PPAC, MAC] 675 Figure 4: Example sequence for the authentication and authorization 676 phase 678 When an EAP method that is capable of deriving keys is used during 679 the authentication and authorization phase and the keys are 680 successfully derived, the PANA message that carries the EAP Success 681 message (i.e., a PANA-FirstAuth-End-Request or a PANA-Bind-Request 682 message) and any subsequent message MUST contain a MAC AVP. 684 The PANA-Bind-Request and the PANA-Bind-Answer message exchange is 685 also used for binding device identifiers of the PaC and EP(s)to the 686 PANA SA. To achieve this, the PANA-Bind-Request message MUST contain 687 the device identifier in a Device-Id AVP for each EP if a Protection- 688 Capability AVP is included in the message. Otherwise, the message 689 SHOULD contain the device identifier in a Device-Id AVP for each EP 690 when a link-layer or IP address is used as the device identifier of 691 the PaC. The PANA-Bind-Answer message MUST contain the PaC's device 692 identifier in a Device-Id AVP when it is already presented with that 693 of EP(s) in the request with using the same type of device identifier 694 as contained in the request. If the PANA-Bind-Answer message sent 695 from the PaC does not contain a Device-Id AVP with the same device 696 identifier type contained in the request, the PAA sends a PANA-Error- 697 Request message with a PANA_MISSING_AVP result code, and wait for a 698 PANA-Error-Answer message to terminate the session. The PANA-Bind- 699 Request message with a PANA_SUCCESS result code MUST also contain a 700 Protection-Capability AVP if link-layer or network-layer ciphering is 701 enabled after the authentication and authorization phase. The PANA- 702 Bind-Request message MAY also contain a Protection-Capability AVP to 703 indicate if link-layer or network-layer ciphering should be enabled 704 after the authentication and authorization phase. No link-layer or 705 network-layer specific information is included in the Protection- 706 Capability AVP. It is assumed that the PAA is aware of the security 707 capabilities of the access network. The PANA protocol does not 708 specify how the PANA SA and the Protection-Capability AVP will be 709 used to provide per-packet protection for data traffic. 711 Additionally, the PANA-Bind-Request message with a PANA_SUCCESS 712 result code MUST include a Post-PANA-Address-Configuration (PPAC) 713 AVP, which helps the PAA to inform the PaC about whether a new IP 714 address MUST be configured and the available methods to do so. In 715 this case, the PaC MUST include a PPAC AVP in the PANA-Bind-Answer 716 message in order to indicate its choice of method when there is a 717 match between the methods offered by the PAA and the methods 718 available on the PaC. When there is no match, the PaC MUST send a 719 PANA-Error-Request message with a PANA_PPAC_CAPABILITY_UNSUPPORTED 720 result code and terminate the PANA session. 722 PANA-Bind-Request and PANA-Bind-Answer messages MUST be retransmitted 723 based on the retransmission rule described in Section 5.2. 725 EAP authentication can fail at a pass-through authenticator without 726 sending an EAP Failure message [I-D.ietf-eap-statemachine]. When 727 this occurs, the PAA SHOULD send a PANA-Error-Request message to the 728 PaC with using PANA_UNABLE_TO_COMPLY result code. The PaC SHOULD not 729 change its state unless the error message is secured by PANA or 730 lower-layer. In any case, a more appropriate way is to rely on a 731 timeout on the PaC. 733 There is a case where EAP authentication succeeds with producing an 734 EAP Success message but network access authorization fails due to, 735 e.g., authorization rejected by a AAA or authorization locally 736 rejected by the PAA. When this occurs, the PAA MUST send a PANA- 737 Bind-Request with a result code PANA_AUTHORIZATION_REJECTED. If a 738 AAA-Key is established between the PaC and the PAA by the time when 739 the EAP Success message is generated by the EAP server (this is the 740 case when the EAP method provides protected success indication), the 741 PANA-Bind-Request and PANA-Bind-Answer messages MUST be protected 742 with a MAC AVP and carry a Key-Id AVP. The AAA-Key and the PANA 743 session MUST be deleted immediately after the PANA-Bind message 744 exchange. 746 4.4 Access Phase 748 Once the authentication and authorization phase or the re- 749 authentication phase successfully completes, the PaC gains access to 750 the network and can send and receive IP data traffic through the 751 EP(s) and the PANA session enters the access phase. In this phase, 752 PANA-Ping-Request and PANA-Ping-Answer messages can be used for 753 testing the liveness of the PANA session on the PANA peer. Both the 754 PaC and the PAA are allowed to send a PANA-Ping-Request message to 755 the communicating peer whenever they need to make sure the 756 availability of the session on the peer and expect the peer to return 757 a PANA-Ping-Answer message. Both PANA-Ping-Request and PANA-Ping- 758 Answer messages MUST be protected with a MAC AVP when a PANA SA is 759 available. 761 Implementations MUST limit the rate of performing this test. The PaC 762 and the PAA can handle rate limitation on their own, they do not have 763 to perform any coordination with each other. There is no negotiation 764 of timers for this purpose. 766 Figure 5 and Figure 6 show liveness tests as they are initiated by 767 the PaC and the PAA respectively. 769 PaC PAA Message(sequence number)[AVPs] 770 ------------------------------------------------------ 771 -----> PANA-Ping-Request(q)[Session-Id, MAC] 772 <----- PANA-Ping-Answer(q)[Session-Id, MAC] 774 Figure 5: Example sequence for PaC-initiated liveness test 776 PaC PAA Message(sequence number)[AVPs] 777 ------------------------------------------------------ 778 <----- PANA-Ping-Request(p)[Session-Id, MAC] 779 -----> PANA-Ping-Answer(p)[Session-Id, MAC] 781 Figure 6: Example sequence for PAA-initiated liveness test 783 4.5 Re-authentication Phase 785 The PANA session in the access phase can enter the re-authentication 786 phase to extend the current session lifetime by re-executing EAP. 787 Once the re-authentication phase successfully completes, the session 788 re-enters the access phase. Otherwise, the session is deleted. 790 When the PaC wants to initiate re-authentication, it sends a PANA- 791 Reauth-Request message to the PAA. This message MUST contain a 792 Session-Id AVP which is used for identifying the PANA session on the 793 PAA. If the PAA already has an established PANA session for the PaC 794 with the matching session identifier, it MUST first respond with a 795 PANA-Reauth-Answer message, followed by a PANA-Auth-Request that 796 starts a new EAP authentication. If the PAA cannot identify the 797 session, it MAY respond with a PANA-Error-Request message with a 798 result code PANA_UNKNOWN_SESSION_ID. Transmission of this error 799 request is made optional in case this behavior is leveraged for a DoS 800 attack on the PAA. 802 The PaC may receive a PANA-Auth-Request before receiving the answer 803 to its outstanding PANA-Reauth-Request. This condition can arise due 804 to packet re-ordering or a race condition between the PaC and PAA 805 when they both attempt to engage in re-authentication. The PaC MUST 806 keep discarding the received PANA-Auth-Requests until it receives the 807 answer to its request. 809 When the PAA initiates re-authentication, it sends a PANA-Auth- 810 Request message containing the session identifier for the PaC to 811 enter the re-authentication phase. The PAA SHOULD initiate EAP re- 812 authentication before the current session lifetime expires. 814 Re-authentication of an on-going PANA session MUST maintain the 815 existing sequence numbers. 817 For any re-authentication, if there is an established PANA SA, PANA- 818 Auth-Request and PANA-Auth-Answer messages MUST be protected by 819 adding a MAC AVP to each message. Any subsequent EAP authentication 820 MUST be performed with the same ISP and NAP that was selected during 821 the discovery and handshake phase. An example sequence for re- 822 authentication phase initiated by the PaC is shown in Figure 7. 824 PaC PAA Message(sequence number)[AVPs] 825 ------------------------------------------------------ 826 -----> PANA-Reauth-Request(q) 827 [Session-Id, MAC] 828 <----- PANA-Reauth-Answer(q) 829 [Session-Id, MAC] 830 <----- PANA-Auth-Request(p) 831 [Session-Id, EAP{Request}, MAC] 832 -----> PANA-Auth-Answer(p) // No piggybacking EAP Response 833 [Session-Id, MAC] 834 -----> PANA-Auth-Request(q+1) 835 [Session-Id, EAP{Response}, MAC] 836 <----- PANA-Auth-Answer(q+1) // No piggybacking EAP Response 837 [Session-Id, MAC] 838 <----- PANA-Auth-Request(p+1) 839 [Session-Id, EAP{Request}, MAC] 840 -----> PANA-Auth-Answer(p+1) // Piggybacking EAP Response 841 [Session-Id, EAP{Response}, MAC] 842 <----- PANA-Bind-Request(p+2) 843 [Session-Id, Result-Code, EAP{Success}, Device-Id, Key-Id, 844 Lifetime, Protection-Cap., PPAC, MAC] 845 -----> PANA-Bind-Answer(p+2) 846 [Session-Id, Device-Id, Key-Id, PPAC, MAC] 848 Figure 7: Example sequence for the re-authentication phase initiated 849 by PaC 851 4.6 Termination Phase 853 A procedure for explicitly terminating a PANA session can be 854 initiated either from the PaC (i.e., disconnect indication) or from 855 the PAA (i.e., session revocation). The PANA-Termination-Request and 856 PANA-Termination-Answer message exchanges are used for disconnect 857 indication and session revocation procedures. 859 The reason for termination is indicated in the Termination-Cause AVP. 860 When there is an established PANA SA between the PaC and the PAA, all 861 messages exchanged during the termination phase MUST be protected 862 with a MAC AVP. When the sender of the PANA-Termination-Request 863 message receives a valid acknowledgment, all states maintained for 864 the PANA session MUST be deleted immediately. 866 PaC PAA Message(sequence number)[AVPs] 867 ------------------------------------------------------ 868 -----> PANA-Termination-Request(q)[Session-Id, MAC] 869 <----- PANA-Termination-Answer(q)[Session-Id, MAC] 871 Figure 8: Example sequence for the termination phase triggered by PaC 873 4.7 Separate NAP and ISP Authentication 875 PANA allows running at most two EAP sessions in sequence in the 876 authentication and authorization phase to support separate NAP and 877 ISP authentication as described in this section. A typical network 878 access authentication includes execution of one EAP method with the 879 ISP. This separation allows the PaC to perform an additional 880 authentication method for receiving differentiated services from the 881 NAP. 883 Currently, running multiple EAP sessions in sequence in the 884 authentication and authorization phase is designed only for separate 885 NAP and ISP authentication. It is not for running arbitrary number 886 of EAP sessions in sequence, or giving the PaC another chance to try 887 another EAP authentication method within an integrated NAP and ISP 888 authentication when an EAP authentication method fails. 890 Within separate NAP and ISP authentication, the NAP authentication 891 and the ISP authentication are considered completely independent. 892 Presence or success of one should not effect the other. Making a 893 network access authorization decision based on the success or failure 894 of each authentication is a network policy issue. 896 4.7.1 Negotiating Separate NAP and ISP Authentication 898 When the PaC and PAA negotiates in the discovery and handshake phase 899 to perform separate NAP and ISP authentication, the PaC and the PAA 900 operate in the following way in addition to the behavior defined in 901 Section 4.2 903 In the discovery and handshake phase, the PAA MAY advertise 904 availability of separate NAP and ISP authentication ([I-D.ietf-pana- 905 framework]) by setting the S-flag on the PANA header of the PANA- 906 Start-Request message. 908 If the S-flag of the received PANA-Start-Request message is set, the 909 PaC can indicate its desire to perform separate NAP and ISP 910 authentication by setting the S-flag in the PANA-Start-Answer 911 message. If the S-flag of the received PANA-Start-Request message is 912 not set, the PaC MUST NOT set the S-flag in the PANA-Start-Answer 913 message sent back to the PAA. 915 If the S-flag in the PANA-Start-Answer message is not set, only one 916 authentication is performed (ISP-only) and the processing occurs as 917 described in Section 4.2. 919 When the S-flag is set in a PANA-Start-Request message, the initial 920 EAP Request message MUST NOT be carried in the PANA-Start-Request 921 message. (If the initial EAP Request message were contained in the 922 PANA-Start-Request message during the S-flag negotiation, the PaC 923 cannot tell whether the EAP Request message is for NAP authentication 924 or ISP authentication.) 926 4.7.2 Execution of Separate NAP and ISP Authentication 928 When the PaC and PAA have negotiated in the discovery and handshake 929 phase to perform separate NAP and ISP authentication, the PaC and the 930 PAA operate in the following way in addition to the behavior defined 931 in Section 4.3 933 o The S-flag of PANA-Auth-Request and PANA-Auth-Answer messages MUST 934 be set. 936 o An EAP Success/Failure message is carried in a PANA-FirstAuth-End- 937 Request (PFER) message as well as a PANA-Bind-Request (PBR) 938 message. The PANA-FirstAuth-End-Request message MUST be used at 939 the end of the first EAP authentication and the PANA-Bind-Request 940 MUST be used for the second EAP authentication. The PANA- 941 FirstAuth-End-Request messages MUST be acknowledged with a PANA- 942 FirstAuth-End-Answer (PFEA) message. 944 o If the first EAP authentication has failed, the PAA can choose not 945 to perform the second EAP authentication by clearing the S-flag of 946 the PANA-FirstAuth-End-Request message. In this case, the S-flag 947 of the PANA-FirstAuth-End-Answer message sent by the PaC MUST be 948 cleared. If the S-flag of the PANA-FirstAuth-End-Request message 949 is set when the first EAP authentication has failed, the PaC can 950 choose not to perform the second EAP authentication by clearing 951 the S-flag of the PANA-FirstAuth-End-Answer message. If the first 952 EAP authentication failed and the S-flag is not set in the PANA- 953 FirstAuth-End-Answer message as a result of those operations, the 954 PANA session MUST be immediately deleted. Otherwise, the second 955 EAP authentication MUST be performed. 957 o The PAA determines the execution order of NAP authentication and 958 ISP authentication. In this case, the PAA can indicate which 959 authentication (NAP authentication or ISP authentication) is 960 currently occurring by using N-flag in the PANA message header. 961 When NAP authentication is being performed, the N-flag MUST be 962 set. When ISP authentication is being performed, the N-flag MUST 963 NOT be set. The N-flag MUST NOT be set when S-flag is not set. 965 When the PaC and PAA have negotiated in the discovery and handshake 966 phase to perform separate NAP and ISP authentication, and the lower- 967 layer is insecure, the two EAP authentication methods used in the 968 separate authentication MUST be capable of deriving keys (AAA-Key). 970 4.7.3 AAA-Key Calculation 972 When the PaC and PAA have negotiated in the discovery and handshake 973 phase to perform separate NAP and ISP authentication, if the lower- 974 layer is insecure, the two EAP authentication methods used in the 975 separate authentication MUST be capable of deriving keys. In this 976 case, if the first EAP authentication is successful, the PANA- 977 FirstAuth-End-Request and PANA-FirstAuth-End-Answer messages as well 978 as PANA-Auth-Request and PANA-Auth-Answer messages in the second EAP 979 authentication MUST be protected with the key derived from the AAA- 980 Key for the first EAP authentication. The PANA-Bind-Request and 981 PANA-Bind-Answer messages and all subsequent PANA messages exchanged 982 in the access phase, re-authentication phase and termination phase 983 MUST be protected either with the AAA-Key for the first EAP 984 authentication if the first EAP authentication succeeds and the 985 second EAP authentication fails, or with the AAA-Key for the second 986 EAP authentication if the first EAP authentication fails and the 987 second EAP authentication succeeds, or with the compound AAA-Key 988 derived from the two AAA-Keys, one for the first EAP authentication 989 and the other from the second EAP authentication, if both the first 990 and second EAP authentication succeed. See Section 5.3 for how to 991 derive the AAA-Key. 993 5. Protocol Design Details and Processing Rules 995 5.1 Transport Layer 997 PANA uses UDP as its transport layer protocol. The UDP port number 998 is TBD. All messages except for PANA-PAA-Discover are always 999 unicast. The PANA-PAA-Discover message MAY be unicast when the PaC 1000 knows the IP address of the PAA. 1002 5.1.1 Fragmentation 1004 PANA does not provide fragmentation of PANA messages. Instead, it 1005 relies on fragmentation provided by EAP methods and IP layer when 1006 needed. 1008 5.2 Sequence Number and Retransmission 1010 PANA uses sequence numbers to provide ordered and reliable delivery 1011 of messages. 1013 The PaC and PAA maintain two sequence numbers: the next one to be 1014 used for a request it initiates and the next one it expects to see in 1015 a request from the other end. These sequence numbers are 32-bit 1016 unsigned numbers. They are monotonically incremented by 1 as new 1017 requests are generated and received, and wrapped to zero on the next 1018 message after 2^32-1. Answers always contain the same sequence 1019 number as the corresponding request. Retransmissions reuse the 1020 sequence number contained in the original packet. 1022 The initial sequence numbers (ISN) are randomly picked by the PaC and 1023 PAA as they send their very first request messages. PANA-PAA- 1024 Discover message carries sequence number 0. 1026 When a request message is received, it is considered valid in terms 1027 of sequence numbers if and only if its sequence number matches the 1028 expected value. This check does not apply to the PANA-PAA-Discover, 1029 PANA-Start-Request messages. 1031 When an answer message is received, it is considered valid in terms 1032 of sequence numbers if and only if its sequence number matches that 1033 of the currently outstanding request. A peer can only have one 1034 outstanding request at a time. 1036 PANA messages are retransmitted based on a timer until a response is 1037 received (in which case the retransmission timer is stopped) or the 1038 number of retransmission reaches the maximum value (in which case the 1039 PANA session MUST be deleted immediately). 1041 The initial discovery and handshake phase requires special handling. 1042 The PaC MUST retransmit the PANA-PAA-Discover message if a subsequent 1043 PANA-Start-Request message is not received in time. Even though a 1044 PANA-Start-Request message is received, the PANA-PAA-Discover message 1045 may still have to be retransmitted. This is because stateless PAA 1046 discovery requires one time transmission of a solicited PANA-Start- 1047 Request message. The PAA MUST NOT start a timer and retransmit the 1048 request in order to avoid state creation. If the received PANA- 1049 Start-Request message included a Cookie AVP (an indication of 1050 stateless PAA discovery), the PaC MUST retransmit the PANA-PAA- 1051 Discover message until the first PANA-Auth-Request message is 1052 received. Otherwise, the PaC can rely on the PAA to retransmit the 1053 PANA-Start-Request message as soon as the PaC receives the first one 1054 (i.e., the PaC can stop sending the PANA-PAA-Discover message). 1056 The retransmission timers SHOULD be calculated as described in 1057 [RFC2988] to provide congestion control. See Section 8 for default 1058 timer and maximum retransmission count parameters. 1060 The PaC and PAA MUST respond to duplicate requests. The last 1061 transmitted answer MAY be cached in case it is not received by the 1062 peer and that generates a retransmission of the last request. When 1063 available, the cached answer can be used instead of fully processing 1064 the retransmitted request and forming a new answer from scratch. 1066 PANA MUST NOT generate EAP message duplication. EAP payload of a 1067 retransmitted PANA message MUST NOT be passed to the EAP layer. 1069 5.3 PANA Security Association 1071 A PANA SA is created as an attribute of a PANA session when EAP 1072 authentication succeeds with a creation of a AAA-Key. A PANA SA is 1073 not created when the PANA authentication fails or no AAA-Key is 1074 produced by any EAP authentication method. In the case where two EAP 1075 sessions are performed in sequence in the PANA authentication and 1076 authorization phase, it is possible that two AAA-Keys are derived. 1077 If this happens, the PANA SA MUST be generated from both AAA-Keys. 1078 When a new AAA-Key is derived in the PANA re-authentication phase, 1079 any key derived from the old AAA-Key MUST be updated to a new one 1080 that is derived from the new AAA-Key. In order to distinguish the 1081 new AAA-Key from old ones, one Key-Id AVP MUST be carried in PANA- 1082 Bind-Request and PANA-Bind-Answer messages or PANA-FirstAuth-End- 1083 Request and PANA-FirstAuth-End-Answer messages at the end of the EAP 1084 authentication which resulted in deriving a new AAA-Key. The Key-Id 1085 AVP is of type Unsigned32 and MUST contain a value that uniquely 1086 identifies the AAA-Key within the PANA session. The PANA-Bind-Answer 1087 message (or the PANA-FirstAuth-End-Answer message) sent in response 1088 to a PANA-Bind-Request message (or a PANA-FirstAuth-End-Request 1089 message) with a Key-Id AVP MUST contain a Key-Id AVP with the same 1090 AAA-Key identifier carried in the request. PANA-Bind-Request, PANA- 1091 Bind-Answer, PANA-FirstAuth-End-Request and PANA-FirstAuth-End-Answer 1092 messages with a Key-Id AVP MUST also carry a MAC AVP whose value is 1093 computed by using the new PANA_MAC_KEY derived from the new AAA-Key 1094 (or the new pair of AAA-Keys when the PANA_MAC_KEY is derived from 1095 two AAA-Keys). Although the specification does not mandate a 1096 particular method for calculation of the Key-Id AVP value, a simple 1097 method is to use monotonically increasing numbers. 1099 The PANA session lifetime is bounded by the lifetime granted by the 1100 authentication server (same as the AAA-Key lifetime). The lifetime 1101 of the PANA SA (hence the PANA_MAC_KEY) is the same as the lifetime 1102 of the PANA session. The created PANA SA is deleted when the 1103 corresponding PANA session is deleted. 1105 PANA SA attributes as well as PANA session attributes are listed 1106 below: 1108 PANA Session attributes: 1110 * Session-Id 1112 * Device-Id of PaC 1114 * IP address and UDP port number of the PaC. 1116 * IP address of PAA 1118 * List of device identifiers of EPs 1120 * Sequence number of the last transmitted request 1122 * Sequence number of the last received request 1124 * Last transmitted message payload 1125 * Retransmission interval 1127 * Session lifetime 1129 * Protection-Capability 1131 * PANA SA attributes: 1133 + Nonce generated by PaC (PaC_nonce) 1135 + Nonce generated by PAA (PAA_nonce) 1137 + AAA-Key 1139 + AAA-Key Identifier 1141 + PANA_MAC_KEY 1143 The PANA_MAC_KEY is derived from the available AAA-Key(s) and it is 1144 used to integrity protect PANA messages. If there is only one AAA- 1145 Key available, e.g., due to ISP-only authentication, or with one 1146 failed and one successful separate NAP and ISP authentication (see 1147 Section 4.7), the PANA_MAC_KEY computation is based on that single 1148 key. Otherwise, two AAA-Keys available to PANA can be combined in 1149 following way ('|' indicates concatenation): 1151 AAA-Key = AAA-Key1 | AAA-Key2 1153 The PANA_MAC_KEY is computed in the following way: 1155 PANA_MAC_KEY = The first N bits of 1156 HMAC_SHA1(AAA-Key, PaC_nonce | PAA_nonce | Session-ID) 1158 where the value of N depends on the integrity protection algorithm in 1159 use, i.e., N=160 for HMAC-SHA1. The length of the AAA-Key MUST be N 1160 bits or longer. See Section Section 5.4 for the detailed usage of 1161 the PANA_MAC_KEY. 1163 5.4 Message Authentication Code 1165 A PANA message can contain a MAC (Message Authentication Code) AVP 1166 for cryptographically protecting the message. 1168 When a MAC AVP is included in a PANA message, the value field of the 1169 MAC AVP is calculated by using the PANA_MAC_KEY in the following way: 1171 MAC AVP value = PANA_MAC_PRF(PANA_MAC_KEY, PANA_PDU) 1173 where PANA_PDU is the PANA message including the PANA header, with 1174 the MAC AVP value field first initialized to 0. PANA_MAC_PRF 1175 represents the pseudo random function corresponding to the MAC 1176 algorithm specified in the MAC AVP. In this version of draft, 1177 PANA_MAC_PRF is HMAC-SHA1. The PaC and PAA MUST use the same 1178 algorithm to calculate a MAC AVP they originate and receive. The 1179 algorithm is determined by the PAA when a PANA-Bind-Request with a 1180 MAC AVP is sent. When the PaC does not support the MAC algorithm 1181 specified in the PANA-Bind-Request message, it MUST silently discard 1182 the message. The PAA MUST NOT change the MAC algorithm throughout 1183 the continuation of the PANA session. 1185 5.5 Message Validity Check 1187 When a PANA message is received, the message is considered to be 1188 invalid at least when one of the following conditions are not met: 1190 o Each field in the message header contains a valid value including 1191 sequence number, message length, message type, version number, 1192 flags, etc. 1194 o The message type is one of the expected types in the current 1195 state. Specifically the following messages are unexpected and 1196 invalid: 1198 * In the discovery and handshake phase: 1200 + PANA-Termination-Request and PANA-Ping-Request. 1202 + PANA-Bind-Request. 1204 + PANA-Update-Request. 1206 + PANA-Reauth-Request. 1208 + PANA-Error-Request. 1210 * In the authentication and authorization phase and the re- 1211 authentication phase: 1213 + PANA-PAA-Discover. 1215 + PANA-Update-Request. 1217 + PANA-Start-Request after a PaC receives the first valid 1218 PANA-Auth-Request. 1220 + PANA-Termination-Request before the PaC receives the first 1221 successful PANA-Bind-Request. 1223 * In the access phase: 1225 + PANA-Start-Request as well as a non-duplicate PANA-Bind- 1226 Request. 1228 + PANA-PAA-Discover. 1230 * In the termination phase: 1232 + PANA-PAA-Discover. 1234 + All requests but PANA-Termination-Request. 1236 o The message payload contains a valid set of AVPs allowed for the 1237 message type and there is no missing AVP that needs to be included 1238 in the payload. 1240 o Each AVP is decoded correctly. 1242 o When a MAC AVP is included, the AVP value matches the MAC value 1243 computed against the received message. 1245 o When a Device-Id AVP is included, the AVP is valid if the device 1246 identifier type contained in the AVP is supported (check performed 1247 by both the PaC and the PAA) and is the requested one (check 1248 performed by the PAA only). Note that a Device-Id AVP carries the 1249 device identifier of the PaC in messages from the PaC to the PAA 1250 and the device identifier(s) of the EP(s) in messages from the PAA 1251 to the PaC. 1253 Invalid messages MUST be discarded in order to provide robustness 1254 against DoS attacks. In addition, an error notification message MAY 1255 be returned to the sender. See Section 5.10 for details. 1257 5.6 Device ID Choice 1259 The device identifier used in the context of PANA can be an IP 1260 address, a MAC address, or an identifier that is not carried in data 1261 packets but has local significance in identifying a connected device 1262 (e.g., circuit id, PPP interface id). The last type of identifiers 1263 are commonly used in point-to-point links where MAC addresses are not 1264 available and lower-layers are already physically or 1265 cryptographically secured. 1267 It is assumed that the PAA knows the link type and the security 1268 mechanisms being provided or required on the access network (e.g., 1269 based on physical security, link-layer ciphers enabled before or 1270 after PANA, or IPsec). Based on that information, the PAA can decide 1271 what type of EP device id will be usedused when running PANA with the 1272 client. 1274 When IPsec-based security [I-D.ietf-pana-ipsec] is the choice of 1275 access control, the PAA SHOULD provide IP address(es) as EP(s)' 1276 device ID, and expect the PaC to provide its IP address in return. 1277 Similarly, IP addresses are used when the EP(s) is not on the same IP 1278 subnet as the PaC is. 1280 In other cases, MAC addresses are used as device identifiers when 1281 they are available. 1283 If non-IPsec access control is enabled, and a MAC address is not 1284 available, locally-significant identifiers (e.g., as a circuit id) 1285 MUST be used as device id. Note that these identifiers are not 1286 exchanged within PANA messages. Instead, peers rely on lower-layers 1287 to provide them along with received PANA messages. 1289 5.7 PaC Updating its IP Address 1291 A PaC's IP address can change in certain situations. For example, 1292 the PANA framework [I-D.ietf-pana-framework] describes a case in 1293 which a PaC replaces a pre-PANA address (PRPA) with a post-PANA 1294 address (POPA). In order to establish reachability, the PAA needs to 1295 be notified about the change of PaC address. 1297 After the PaC has changed its address, it MUST send a PANA-Update- 1298 Request message to the PAA. The PAA MUST update the PANA session 1299 with the new PaC address (source IP address) and return a PANA- 1300 Update-Answer message. If there is an established PANA SA, both 1301 PANA-Update-Request and PANA-Update-Answer messages MUST be protected 1302 with a MAC AVP. 1304 5.8 Session Lifetime 1306 The authentication and authorization phase determines the PANA 1307 session lifetime when the network access authorization succeeds. The 1308 Session-Lifetime AVP MAY be optionally included in the PANA-Bind- 1309 Request message to inform the PaC about the valid lifetime of the 1310 PANA session. It MUST be ignored when included in other PANA 1311 messages. 1313 The lifetime is a non-negotiable parameter that can be used by the 1314 PaC to manage PANA-related state. The PaC does not have to perform 1315 any actions when the lifetime expires, other than optionally purging 1316 local state. The PAA SHOULD initiate the PANA re-authentication 1317 phase before the current session lifetime expires. 1319 The PaC and PAA MAY optionally rely on lower-layer indications to 1320 expedite the detection of a disconnected peer. Availability and 1321 reliability of such indications depend on the specific access 1322 technologies. A PANA peer can use the PANA-Ping exchange to verify 1323 the disconnection before taking an action. 1325 The session lifetime parameter is not related to the transmission of 1326 PANA-Ping-Request messages. These messages can be used for 1327 asynchronously verifying the liveness of the peer. The decision to 1328 send a PANA-Ping-Request message is taken locally and does not 1329 require coordination between the peers. 1331 When separate ISP and NAP authentication is performed, it is possible 1332 that different authorization lifetime values are associated with the 1333 two EAP authentication sessions. In this case, the smaller 1334 authorization lifetime value MUST be used for calculating the PANA 1335 Session-Lifetime value. As a result, both NAP and ISP authentication 1336 will be performed in the re-authentication phase. 1338 5.9 Network Selection 1340 The PANA discovery and handshake phase allows the PaC to learn 1341 identity of the NAP and a list of ISPs that are available through the 1342 NAP. The PaC can not only learn the ISPs but also convey the 1343 selected ISP explicitly during the handshake phase. The PAA is 1344 assumed to be pre-configured with the information of ISPs that are 1345 served by the NAP. 1347 A PANA-Start-Request message sent from the PAA MAY contain zero or 1348 one NAP-Information AVP, and zero or more ISP-Information AVPs. The 1349 PaC MAY indicate its choice of ISP by including an ISP-Information 1350 AVP in the PANA-Start-Answer message. The PaC MAY convey its ISP 1351 even when there is no ISP-Information AVP contained in the PANA- 1352 Start-Request message. The PaC can do that when it is pre-configured 1353 with ISP information. 1355 In the absence of an ISP explicitly selected and conveyed by the PaC, 1356 ISP selection is typically performed based on the client identifier 1357 (e.g., using the realm portion of an NAI carried in EAP method). A 1358 backend AAA protocol (e.g., RADIUS) will run between the AAA client 1359 on the PAA and a AAA server in the selected ISP domain. 1361 The PANA-based ISP selection mechanism dictates the next-hop AAA 1362 proxy on the PAA. If the NAP requires all AAA traffic to go through 1363 its local AAA proxy, it may have to rely on a mechanism to relay the 1364 selected ISP information from PAA (AAA client) to the local AAA 1365 proxy. The local AAA proxy can forward the AAA traffic to the 1366 selected ISP domain upon processing. Further details, including how 1367 the AAA client relays AAA routing information to the AAA proxy, are 1368 outside the scope of PANA. 1370 An alternative ISP discovery mechanism is outlined in [I-D.adrangi- 1371 eap-network-discovery] which suggests advertising ISP information in- 1372 band with the ongoing EAP method execution. Deployments using the 1373 PANA's built-in ISP discovery mechanism need not use the other 1374 mechanism. 1376 5.10 Error Handling 1378 A PANA-Error-Request message MAY be sent by either the PaC or the PAA 1379 when a badly formed PANA message is received or in case of other 1380 errors. The receiver of this request MUST respond with a PANA-Error- 1381 Answer message. If the cause of this error message was a request 1382 message (e.g., PANA-PAA-Discover or *-Request), then the request MAY 1383 be retransmitted immediately without waiting for its retransmission 1384 timer to go off. If the cause of the error was a response message, 1385 the receiver of the PANA-Error-Request message SHOULD NOT resend the 1386 same response until it receives the next request. 1388 Erroneous PANA messages may be exploited by adversaries to launch DoS 1389 attacks on the victims. Unless the PaC or PAA rate-limits the 1390 generated PANA-Error-Request messages it may be overburdened by 1391 having to respond to bogus messages. Limiting the number of error 1392 notifications sent to a given peer during a (configurable) period of 1393 time may be useful. 1395 When an error message is sent unprotected (i.e., no MAC AVP) and the 1396 lower-layer is insecure, the error message is treated as an 1397 informational message. The receiver of such an error message MUST 1398 NOT change its state unless the error persists and the PANA session 1399 is not making any progress. 1401 6. PANA Headers and Formats 1403 This section defines message formats for PANA protocol. 1405 6.1 IP and UDP Headers 1407 When a PANA-PAA-Discover message is multicast, IP destination address 1408 of the message is set to a well-known administratively scoped 1409 multicast address (TBD). A PANA-PAA-Discover message MAY be unicast 1410 in some cases as specified in Section 4.2. Any other PANA message is 1411 unicast between the PaC and the PAA. The source and destination 1412 addresses SHOULD be set to the addresses on the interfaces from which 1413 the message will be sent and received, respectively. 1415 When the PANA message is sent in response to a request, the UDP 1416 source and destination ports of the response message MUST be copied 1417 from the destination and source ports of the request message, 1418 respectively. 1420 The source port of an unsolicited PANA message MUST be set to a value 1421 chosen by the sender. The destination port MUST be set to the peer's 1422 port number if it has already been discovered via earlier PANA 1423 exchanges, set to the assigned PANA port (TBD) otherwise. 1425 When the PANA message is sent in response to a request, the UDP 1426 source and destination ports of the response message MUST be copied 1427 from the destination and source ports of the request message, 1428 respectively. 1430 The source port of an unsolicited PANA message MUST be set to a value 1431 chosen by the sender. The destination port MUST be set to the peer's 1432 port number if it has already been discovered via earlier PANA 1433 exchanges, set to the assigned PANA port (TBD) otherwise. 1435 The maximum PANA message size is limited by the maximum UDP payload. 1437 6.2 PANA Header 1439 A summary of the PANA header format is shown below. The fields are 1440 transmitted in network byte order. 1442 0 1 2 3 1443 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1444 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1445 | Version | Reserved | Message Length | 1446 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1447 | Flags | Message Type | 1448 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1449 | Sequence Number | 1450 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1451 | AVPs ... 1452 +-+-+-+-+-+-+-+-+-+-+-+-+- 1454 Version 1456 This Version field MUST be set to 1 to indicate PANA Version 1. 1458 Reserved 1460 This 8-bit field is reserved for future use, and MUST be set to 1461 zero, and ignored by the receiver. 1463 Message Length 1465 The Message Length field is three octets and indicates the length 1466 of the PANA message including the header fields. 1468 Flags 1470 The Flags field is two octets. The following bits are assigned: 1472 0 1 1473 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 1474 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1475 |R S N r r r r r r r r r r r r r| 1476 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1477 R(equest) 1479 If set, the message is a request. If cleared, the message is 1480 an answer. 1482 S(eparate) 1484 When the S-flag is set in a PANA-Start-Request message it 1485 indicates that PAA is willing to offer separate NAP and ISP 1486 authentication. When the S-flag is set in a PANA-Start-Answer 1487 message it indicates that the PaC accepts on performing 1488 separate NAP and ISP authentication. The PaC may also respond 1489 with the S-flag not set which implies the PaC has chosen to 1490 authenticate with the ISP only. When the S-flag is set in a 1491 PANA-Auth-Request/Answer, PANA-FirstAuth-End-Request/Answer and 1492 PANA-Bind-Request/Answer messages it indicates that separate 1493 NAP and ISP authentication is being performed in the 1494 authentication and authorization phase. For other cases, 1495 S-flag MUST NOT be set. 1497 N(AP authentication) 1499 When the N-flag is set in a PANA-Auth-Request message, it 1500 indicates that the current EAP authentication is for NAP 1501 authentication. When the N-flag is unset in a PANA-Auth- 1502 Request message, it indicates that the current EAP 1503 authentication is for ISP authentication. The PaC MUST copy 1504 the value of the flag in its requests from the last received 1505 request of the PAA. The value of the flag on an answer MUST be 1506 copied from the request. The N-flag MUST NOT be set when 1507 S-flag is not set. 1509 r(eserved) 1511 These flag bits are reserved for future use, and MUST be set to 1512 zero, and ignored by the receiver. 1514 Message Type 1516 The Message Type field is two octets, and is used in order to 1517 communicate the message type with the message. The 16-bit address 1518 space is managed by IANA [ianaweb]. PANA uses its own address 1519 space for this field. 1521 Sequence Number 1523 The Sequence Number field contains a 32 bit value. 1525 AVPs 1527 AVPs are a method of encapsulating information relevant to the 1528 PANA message. See section Section 6.3 for more information on 1529 AVPs. 1531 6.3 AVP Header 1533 Each AVP of type OctetString MUST be padded to align on a 32-bit 1534 boundary, while other AVP types align naturally. A number of zero- 1535 valued bytes are added to the end of the AVP Data field till a word 1536 boundary is reached. The length of the padding is not reflected in 1537 the AVP Length field [RFC3588]. 1539 The fields in the AVP header are sent in network byte order. The 1540 format of the header is: 1542 0 1 2 3 1543 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1544 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1545 | AVP Code | AVP Flags | 1546 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1547 | AVP Length | Reserved | 1548 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1549 | Vendor-Id (opt) | 1550 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1551 | Data ... 1552 +-+-+-+-+-+-+-+-+ 1554 AVP Code 1556 The AVP Code, combined with the Vendor-Id field, identifies the 1557 attribute uniquely. AVP numbers are allocated by IANA [ianaweb]. 1558 PANA uses its own address space for this field although some of 1559 the AVP formats are borrowed from Diameter protocol [RFC3588]. 1561 AVP Flags 1563 The AVP Flags field is two octets. The following bits are 1564 assigned: 1566 0 1 1567 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 1568 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1569 |V M r r r r r r r r r r r r r r| 1570 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1572 M(andatory) 1574 The 'M' Bit, known as the Mandatory bit, indicates whether 1575 support of the AVP is required. 1577 If an AVP with the 'M' bit set is received by the PaC or PAA 1578 and either the AVP or its value is unrecognized, the message 1579 MUST be rejected and the receiver MUST send a PANA-Error- 1580 Request message. If the AVP was unrecognized the PANA-Error- 1581 Request message result code MUST be PANA_AVP_UNSUPPORTED. If 1582 the AVP value was unrecognized the PANA-Error-Request message 1583 result code MUST be PANA_INVALID_AVP_DATA. In either case the 1584 PANA-Error-Request message MUST carry a Failed-AVP AVP 1585 containing the offending mandatory AVP. 1587 AVPs with the 'M' bit cleared are informational only and a 1588 receiver that receives a message with such an AVP that is not 1589 supported, or whose value is not supported, MAY simply ignore 1590 the AVP. 1592 V(endor) 1593 The 'V' bit, known as the Vendor-Specific bit, indicates 1594 whether the optional Vendor-Id field is present in the AVP 1595 header. When set the AVP Code belongs to the specific vendor 1596 code address space. 1598 r(eserved) 1600 These flag bits are reserved for future use, and MUST be set to 1601 zero, and ignored by the receiver. 1603 Unless otherwise noted, AVPs defined in this document will have 1604 the following default AVP Flags field settings: The 'M' bit MUST 1605 be set. The 'V' bit MUST NOT be set. 1607 AVP Length 1609 The AVP Length field is four octets, and indicates the number of 1610 octets in this AVP including the AVP Code, AVP Length, AVP Flags, 1611 and the AVP data. 1613 Reserved 1615 This two-octet field is reserved for future use, and MUST be set 1616 to zero, and ignored by the receiver. 1618 Vendor-Id 1620 The Vendor-Id field is present if the 'V' bit is set in the AVP 1621 Flags field. The optional four-octet Vendor-Id field contains the 1622 IANA assigned "SMI Network Management Private Enterprise Codes" 1623 [ianaweb] value, encoded in network byte order. Any vendor 1624 wishing to implement a vendor-specific PANA AVP MUST use their own 1625 Vendor-Id along with their privately managed AVP address space, 1626 guaranteeing that they will not collide with any other vendor's 1627 vendor-specific AVP(s), nor with future IETF applications. 1629 Data 1631 The Data field is zero or more octets and contains information 1632 specific to the Attribute. The format and length of the Data 1633 field is determined by the AVP Code and AVP Length fields. 1635 7. PANA Messages, Message Specifications and AVPs 1637 7.1 PANA Messages 1639 Each Request/Answer message pair is assigned a message ID, and the 1640 sub-type (i.e., request or answer) is identified via the 'R' bit in 1641 the Message Flags field of the PANA header. 1643 Every PANA message MUST contain a message ID in its header's 1644 Message-Id field, which is used to determine the action that is to be 1645 taken for a particular message. Figure 9 lists all PANA messages 1646 defined in this document: 1648 Message-Name Abbrev. ID PaC<->PAA Ref. 1649 ----------------------------------------------------------- 1650 PANA-PAA-Discover PDI 1 --------> 7.2.1 1651 PANA-Start-Request PSR 2 <-------- 7.2.2 1652 PANA-Start-Answer PSA 2 --------> 7.2.3 1653 PANA-Auth-Request PAR 3 <-------> 7.2.4 1654 PANA-Auth-Answer PAN 3 <-------> 7.2.5 1655 PANA-Reauth-Request PRAR 4 --------> 7.2.6 1656 PANA-Reauth-Answer PRAA 4 <-------- 7.2.7 1657 PANA-Bind-Request PBR 5 <-------- 7.2.8 1658 PANA-Bind-Answer PBA 5 --------> 7.2.9 1659 PANA-Ping-Request PPR 6 <-------> 7.2.10 1660 PANA-Ping-Answer PPA 6 <-------> 7.2.11 1661 PANA-Termination-Request PTR 7 <-------> 7.2.12 1662 PANA-Termination-Answer PTA 7 <-------> 7.2.13 1663 PANA-Error-Request PER 8 <-------> 7.2.14 1664 PANA-Error-Answer PEA 8 <-------> 7.2.15 1665 PANA-FirstAuth-End-Request PFER 9 <-------- 7.2.16 1666 PANA-FirstAuth-End-Answer PFEA 9 --------> 7.2.17 1667 PANA-Update-Request PUR 10 <-------> 7.2.18 1668 PANA-Update-Answer PUA 10 <-------> 7.2.19 1669 ----------------------------------------------------------- 1671 Figure 9: Table of PANA Messages 1673 7.2 PANA Message ABNF Specification 1675 Every PANA message defined MUST include a corresponding ABNF 1676 [RFC2234] specification, which is used to define the AVPs that MUST 1677 or MAY be present. The following format is used in the definition: 1679 message-def = Message-Name "::=" PANA-message 1681 message-name = PANA-name 1682 PANA-name = ALPHA *(ALPHA / DIGIT / "-") 1684 PANA-message = header [ *fixed] [ *required] [ *optional] 1685 [ *fixed] 1687 header = "< PANA-Header: " Message-Id 1688 [r-bit] [s-bit] [n-bit] ">" 1690 Message-Id = 1*DIGIT 1691 ; The message code assigned to the message 1693 r-bit = ", REQ" 1694 ; If present, the 'R' bit in the Message 1695 ; Flags is set, indicating that the message 1696 ; is a request, as opposed to an answer. 1698 s-bit = ", SEP" 1699 ; If present, the 'S' bit in the Message 1700 ; Flags is set, indicating support for 1701 ; separate NAP and ISP authentication. 1703 n-bit = ", NAP" 1704 ; If present, the 'N' bit in the Message 1705 ; Flags is set, indicating that current 1706 ; EAP authentication is for NAP authentication. 1708 fixed = [qual] "<" avp-spec ">" 1709 ; Defines the fixed position of an AVP 1711 required = [qual] "{" avp-spec "}" 1712 ; The AVP MUST be present and can appear 1713 ; anywhere in the message. 1715 optional = [qual] "[" avp-name "]" 1716 ; The avp-name in the 'optional' rule cannot 1717 ; evaluate to any AVP Name which is included 1718 ; in a fixed or required rule. The AVP can 1719 ; appear anywhere in the message. 1721 qual = [min] "*" [max] 1722 ; See ABNF conventions, RFC 2234 Section 6.6. 1723 ; The absence of any qualifiers depends on whether 1724 ; it precedes a fixed, required, or optional 1725 ; rule. If a fixed or required rule has no 1726 ; qualifier, then exactly one such AVP MUST 1727 ; be present. If an optional rule has no 1728 ; qualifier, then 0 or 1 such AVP may be 1729 ; present. 1731 ; 1732 ; NOTE: "[" and "]" have a different meaning 1733 ; than in ABNF (see the optional rule, above). 1734 ; These braces cannot be used to express 1735 ; optional fixed rules (such as an optional 1736 ; MAC at the end). To do this, the convention 1737 ; is '0*1fixed'. 1739 min = 1*DIGIT 1740 ; The minimum number of times the element may 1741 ; be present. The default value is zero. 1743 max = 1*DIGIT 1744 ; The maximum number of times the element may 1745 ; be present. The default value is infinity. A 1746 ; value of zero implies the AVP MUST NOT be 1747 ; present. 1749 avp-spec = PANA-name 1750 ; The avp-spec has to be an AVP Name, defined 1751 ; in the base or extended PANA protocol 1752 ; specifications. 1754 avp-name = avp-spec / "AVP" 1755 ; The string "AVP" stands for *any* arbitrary 1756 ; AVP Name, which does not conflict with the 1757 ; required or fixed position AVPs defined in 1758 ; the message definition. 1760 Example-Request ::= < "PANA-Header: 9999999, REQ > 1761 < Session-Id > 1762 { Result-Code } 1763 * [ AVP ] 1764 0*1 < MAC > 1766 7.2.1 PANA-PAA-Discover (PDI) 1768 The PANA-PAA-Discover (PDI) message is used to discover the address 1769 of PAA(s). The sequence number in this message is always set to zero 1770 (0). 1772 PANA-PAA-Discover ::= < PANA-Header: 1 > 1773 [ Notification ] 1774 * [ AVP ] 1776 7.2.2 PANA-Start-Request (PSR) 1778 The PANA-Start-Request (PSR) message is sent by the PAA to the PaC to 1779 advertise availability of the PAA and start PANA authentication. The 1780 PAA sets the sequence number to an initial random value. 1782 PANA-Start-Request ::= < PANA-Header: 2, REQ [, SEP] > 1783 { Nonce } 1784 [ Cookie ] 1785 [ EAP-Payload ] 1786 [ NAP-Information ] 1787 * [ ISP-Information ] 1788 [ Protection-Capability] 1789 [ PPAC ] 1790 [ Notification ] 1791 * [ AVP ] 1793 7.2.3 PANA-Start-Answer (PSA) 1795 The PANA-Start-Answer (PSA) message is sent by the PaC to the PAA in 1796 response to a PANA-Start-Request message. This message completes the 1797 handshake to start PANA authentication. 1799 PANA-Start-Answer ::= < PANA-Header: 2 [, SEP] > 1800 { Nonce } 1801 [ Cookie ] 1802 [ EAP-Payload ] 1803 [ ISP-Information ] 1804 [ Notification ] 1805 * [ AVP ] 1807 7.2.4 PANA-Auth-Request (PAR) 1809 The PANA-Auth-Request (PAR) message is either sent by the PAA or the 1810 PaC. Its main task is to carry an EAP-Payload AVP. 1812 PANA-Auth-Request ::= < PANA-Header: 3, REQ [, SEP] [, NAP] > 1813 < Session-Id > 1814 < EAP-Payload > 1815 [ Notification ] 1816 * [ AVP ] 1817 0*1 < MAC > 1819 7.2.5 PANA-Auth-Answer (PAN) 1821 THe PANA-Auth-Answer (PAN) message is sent by either the PaC or the 1822 PAA in response to a PANA-Auth-Request message. It MAY carry an EAP- 1823 Payload AVP. 1825 PANA-Auth-Answer ::= < PANA-Header: 3 [, SEP] [, NAP] > 1826 < Session-Id > 1827 [ EAP-Payload ] 1828 [ Notification ] 1829 * [ AVP ] 1830 0*1 < MAC > 1832 7.2.6 PANA-Reauth-Request (PRAR) 1834 The PANA-Reauth-Request (PRAR) message is sent by the PaC to the PAA 1835 to re-initiate EAP authentication. 1837 PANA-Reauth-Request ::= < PANA-Header: 4, REQ > 1838 < Session-Id > 1839 [ Notification ] 1840 * [ AVP ] 1841 0*1 < MAC > 1843 7.2.7 PANA-Reauth-Answer (PRAA) 1845 The PANA-Reauth-Answer (PRAA) message is sent by the PAA to the PaC 1846 in response to a PANA-Reauth-Request message. 1848 PANA-Reauth-Answer ::= < PANA-Header: 4 > 1849 < Session-Id > 1850 [ Notification ] 1851 * [ AVP ] 1852 0*1 < MAC > 1854 7.2.8 PANA-Bind-Request (PBR) 1856 The PANA-Bind-Request (PBR) message is sent by the PAA to the PaC to 1857 deliver the result of PANA authentication. 1859 PANA-Bind-Request ::= < PANA-Header: 5, REQ [, SEP] [, NAP] > 1860 < Session-Id > 1861 { Result-Code } 1862 { PPAC } 1863 [ EAP-Payload ] 1864 [ Session-Lifetime ] 1865 [ Protection-Capability ] 1866 [ Key-Id ] 1867 * [ Device-Id ] 1868 [ Notification ] 1869 * [ AVP ] 1870 0*1 < MAC > 1872 7.2.9 PANA-Bind-Answer (PBA) 1874 The PANA-Bind-Answer (PBA) message is sent by the PaC to the PAA in 1875 response to a PANA-Bind-Request message. 1877 PANA-Bind-Answer ::= < PANA-Header: 5 [,SEP] [, NAP] > 1878 < Session-Id > 1879 [ PPAC ] 1880 [ Device-Id ] 1881 [ Key-Id ] 1882 [ Notification ] 1883 * [ AVP ] 1884 0*1 < MAC > 1886 7.2.10 PANA-Ping-Request (PPR) 1888 The PANA-Ping-Request (PPR) message is either sent by the PaC or the 1889 PAA for performing liveness test. 1891 PANA-Ping-Request ::= < PANA-Header: 6, REQ > 1892 < Session-Id > 1893 [ Notification ] 1894 * [ AVP ] 1895 0*1 < MAC > 1897 7.2.11 PANA-Ping-Answer (PPA) 1899 The PANA-Ping-Answer (PPA) message is sent in response to a PANA- 1900 Ping-Request. 1902 PANA-Ping-Answer ::= < PANA-Header: 6 > 1903 < Session-Id > 1904 [ Notification ] 1905 * [ AVP ] 1906 0*1 < MAC > 1908 7.2.12 PANA-Termination-Request (PTR) 1910 The PANA-Termination-Request (PTR) message is sent either by the PaC 1911 or the PAA to terminate a PANA session. 1913 PANA-Termination-Request ::= < PANA-Header: 7, REQ > 1914 < Session-Id > 1915 < Termination-Cause > 1916 [ Notification ] 1917 * [ AVP ] 1918 0*1 < MAC > 1920 7.2.13 PANA-Termination-Answer (PTA) 1922 The PANA-Termination-Answer (PTA) message is sent either by the PaC 1923 or the PAA in response to PANA-Termination-Request. 1925 PANA-Termination-Answer ::= < PANA-Header: 7 > 1926 < Session-Id > 1927 [ Notification ] 1928 * [ AVP ] 1929 0*1 < MAC > 1931 7.2.14 PANA-Error-Request (PER) 1933 The PANA-Error-Request (PER) message is sent either by the PaC or the 1934 PAA to report an error with the last received PANA message. 1936 PANA-Error-Request ::= < PANA-Header: 8, REQ > 1937 < Session-Id > 1938 < Result-Code > 1939 * [ Failed-AVP ] 1940 [ Notification ] 1941 * [ AVP ] 1942 0*1 < MAC > 1944 7.2.15 PANA-Error-Answer (PEA) 1946 The PANA-Error-Answer (PEA) message is sent in response to a PANA- 1947 Error-Request. 1949 PANA-Error-Answer ::= < PANA-Header: 8 > 1950 < Session-Id > 1951 [ Notification ] 1952 * [ AVP ] 1953 0*1 < MAC > 1955 7.2.16 PANA-FirstAuth-End-Request (PFER) 1957 The PANA-FirstAuth-End-Request (PFER) message is sent by the PAA to 1958 the PaC to signal the result of the first EAP authentication method 1959 when separate NAP and ISP authentication is performed. 1961 PANA-FirstAuth-End-Request ::= < PANA-Header: 9, REQ [, SEP] [, NAP] > 1962 < Session-Id > 1963 { Result-Code } 1964 [ EAP-Payload ] 1965 [ Key-Id ] 1966 [ Notification ] 1967 * [ AVP ] 1968 0*1 < MAC > 1970 7.2.17 PANA-FirstAuth-End-Answer (PFEA) 1972 The PANA-FirstAuth-End-Answer (PFEA) message is sent by the PaC to 1973 the PAA in response to a PANA-FirstAuth-End-Request message. 1975 PANA-FirstAuth-End-Answer ::= < PANA-Header: 9, REQ [, SEP] [, NAP] > 1976 < Session-Id > 1977 [ Key-Id ] 1978 [ Notification ] 1979 * [ AVP ] 1980 0*1 < MAC > 1982 7.2.18 PANA-Update-Request (PUR) 1984 The PANA-Update-Request (PUR) message is sent either by the PaC or 1985 the PAA to deliver attribute updates and notifications. In the scope 1986 of this specification only the PaC IP address can be updated via this 1987 mechanism. 1989 PANA-Update-Request ::= < PANA-Header: 10, REQ > 1990 < Session-Id > 1991 [ Notification ] 1992 * [ AVP ] 1993 0*1 < MAC > 1995 7.2.19 PANA-Update-Answer (PUA) 1997 The PANA-Update-Answer (PUA) message is sent by the PAA to the PaC in 1998 response to a PANA-Update-Request. 2000 PANA-Update-Answer ::= < PANA-Header: 10 > 2001 < Session-Id > 2002 [ Notification ] 2003 * [ AVP ] 2004 0*1 < MAC > 2006 7.3 AVPs in PANA 2008 PANA defines several AVPs that are specific to the protocol. A 2009 number of others AVPs are reused. These are specified in other 2010 documents such as [RFC3588]. 2012 The following tables lists the AVPs used in this document, and 2013 specifies in which PANA messages they MAY, or MAY NOT be present. 2015 The table uses the following symbols: 2017 0 The AVP MUST NOT be present in the message. 2019 0+ Zero or more instances of the AVP MAY be present in the 2020 message. 2022 0-1 Zero or one instance of the AVP MAY be present in the message. 2023 It is considered an error if there are more than one instance 2024 of the AVP. 2026 1 One instance of the AVP MUST be present in the message. 2028 1+ At least one instance of the AVP MUST be present in the 2029 message. 2031 +---------------------------------------------+ 2032 | Message | 2033 | Type | 2034 +---+---+---+---+---+----+----+---+---+---+---+ 2035 Attribute Name |PDI|PSR|PSA|PAR|PAN|PRAR|PRAA|PBR|PBA|PPR|PPA| 2036 --------------------+---+---+---+---+---+----+----+---+---+---+---+ 2037 Cookie | 0 |0-1|0-1| 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 2038 Device-Id | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0+|0-1| 0 | 0 | 2039 EAP-Payload | 0 |0-1|0-1| 1 |0-1| 0 | 0 |0-1| 0 | 0 | 0 | 2040 Failed-AVP | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 2041 ISP-Information | 0 | 0+|0-1| 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 2042 Key-Id | 0 | 0 | 0 | 0 | 0 | 0 | 0 |0-1|0-1| 0 | 0 | 2043 MAC | 0 | 0 | 0 |0-1|0-1|0-1 |0-1 |0-1|0-1|0-1|0-1| 2044 NAP-Information | 0 |0-1| 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 2045 Nonce | 0 | 1 | 1 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 2046 Notification |0-1|0-1|0-1|0-1|0-1|0-1 |0-1 |0-1|0-1|0-1|0-1| 2047 PPAC | 0 |0-1| 0 | 0 | 0 | 0 | 0 | 1 |0-1| 0 | 0 | 2048 Protection-Cap. | 0 |0-1| 0 | 0 | 0 | 0 | 0 |0-1| 0 | 0 | 0 | 2049 Result-Code | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 1 | 0 | 0 | 0 | 2050 Session-Id | 0 | 0 | 0 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 2051 Session-Lifetime | 0 | 0 | 0 | 0 | 0 | 0 | 0 |0-1| 0 | 0 | 0 | 2052 Termination-Cause | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 2053 --------------------+---+---+---+---+---+----+----+---+---+---+---+ 2055 Figure 10: AVP Occurrence Table (1/2) 2056 +---------------------------------+ 2057 | Message | 2058 | Type | 2059 +---+---+---+---+----+----+---+---+ 2060 Attribute Name |PTR|PTA|PER|PEA|PFER|PFEA|PUR|PUA| 2061 --------------------+---+---+---+---+----+----+---+---+ 2062 Cookie | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 2063 Device-Id | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 2064 EAP-Payload | 0 | 0 | 0 | 0 |0-1 | 0 | 0 | 0 | 2065 Failed-AVP | 0 | 0 | 0+| 0 | 0 | 0 | 0 | 0 | 2066 ISP-Information | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 2067 Key-Id | 0 | 0 | 0 | 0 |0-1 |0-1 | 0 | 0 | 2068 MAC |0-1|0-1|0-1|0-1|0-1 |0-1 |0-1|0-1| 2069 NAP-Information | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 2070 Nonce | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 2071 Notification |0-1|0-1|0-1|0-1|0-1 |0-1 |0-1|0-1| 2072 PPAC | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 2073 Protection-Cap. | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 2074 Result-Code | 0 | 0 | 1 | 0 | 1 | 0 | 0 | 0 | 2075 Session-Id | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 2076 Session-Lifetime | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 2077 Termination-Cause | 1 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 2078 --------------------+---+---+---+---+----+----+---+---+ 2080 Figure 11: AVP Occurrence Table (2/2) 2082 7.3.1 Cookie AVP 2084 The Cookie AVP (AVP Code 1) is used for carrying a random value 2085 generated by the PAA. The AVP data is of type OctetString. The 2086 random value is referred to as a cookie and used for making PAA 2087 discovery robust against blind resource consumption DoS attacks. The 2088 exact algorithms and syntax used by the PAA to generate a cookie does 2089 not affect interoperability and not specified in this document. An 2090 example cookie generation algorithm is shown in Section 4.2. 2092 7.3.2 Device-Id AVP 2094 The Device-Id AVP (AVP Code 2) is used for carrying device 2095 identifiers of PaC and EP(s). The AVP data is of Address type 2096 [RFC3588]. IPv4 and IPv6 addresses are encoded as specified in 2097 [RFC3588]. The content and format of data (including byte and bit 2098 ordering) for link-layer addresses is expected to be specified in 2099 specific documents that describe how IP operates over different link- 2100 layers. For instance, [RFC2464]. Address families other than that 2101 are defined for link-layer or IP addresses MUST NOT be used for this 2102 AVP. 2104 7.3.3 EAP-Payload AVP 2106 The EAP-Payload AVP (AVP Code 3) is used for encapsulating the actual 2107 EAP message that is being exchanged between the EAP peer and the EAP 2108 authenticator. The AVP data is of type OctetString. 2110 7.3.4 Failed-AVP AVP 2112 The Failed-AVP AVP (AVP Code 4) provides debugging information in 2113 cases where a request is rejected or not fully processed due to 2114 erroneous information in a specific AVP. The AVP data is of type 2115 Grouped. The format of the Failed-AVP AVP is defined in [RFC3588]. 2116 In case of a failed grouped AVP, the Failed-AVP contains the whole 2117 grouped AVP. In case of a failed AVP inside a grouped AVP, the 2118 Failed-AVP contains the single offending AVP. 2120 7.3.5 ISP-Information AVP 2122 The ISP-Information AVP (AVP Code 5) contains zero or one Provider- 2123 Identifier AVP which carries the identifier of the ISP and one 2124 Provider-Name AVP which carries the name of the ISP. The AVP data is 2125 of type Grouped, and it has the following ABNF grammar: 2127 ISP-Information ::= < AVP Header: 5 > 2128 0*1 { Provider-Identifier } 2129 { Provider-Name } 2130 * [ AVP ] 2132 7.3.6 Key-Id AVP 2134 The Key-Id AVP (AVP Code 6) is of type Integer32, and contains an 2135 AAA-Key identifier. The AAA-Key identifier is assigned by PAA and 2136 MUST be unique within the PANA session. 2138 7.3.7 MAC AVP 2140 The MAC (Message Authentication Code) AVP is used to integrity 2141 protect PANA messages. The first octet of the this AVP (AVP Code 7) 2142 data contains the MAC algorithm type. Rest of the AVP data payload 2143 contains the MAC encoded in network byte order. The 8-bit Algorithm 2144 name space is managed by IANA [ianaweb]. The AVP length varies 2145 depending on the used algorithm. 2147 0 1 2 3 2148 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2149 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2150 | Algorithm | MAC... 2152 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2154 Algorithm 2156 1 HMAC-SHA1 (20 bytes) 2158 MAC 2160 The Message Authentication Code is encoded in network byte order. 2162 7.3.8 NAP-Information AVP 2164 The NAP-Information AVP (AVP Code 8) contains zero or one Provider- 2165 Identifier AVP which carries the identifier of the NAP and one 2166 Provider-Name AVP which carries the name of the NAP. The AVP data is 2167 of type Grouped, and it has the following ABNF grammar: 2169 NAP-Information ::= < AVP Header: 8 > 2170 0*1 { Provider-Identifier } 2171 { Provider-Name } 2172 * [ AVP ] 2174 7.3.9 Nonce AVP 2176 The Nonce AVP (AVP Code 9) carries a randomly chosen value that is 2177 used in cryptographic key computations. The AVP data is of type 2178 OctetString and it contains a randomly generated value in opaque 2179 format. The data length MUST be between 8 and 256 bytes inclusive. 2181 7.3.10 Notification AVP 2183 The Notification AVP (AVP Code 10) is optionally used to convey a 2184 displayable message sent by either the PaC or the PAA. It can be 2185 included in any message, whether it is a request or answer. In case 2186 a notification needs to be sent but there is no outgoing PANA message 2187 to deliver this AVP, a PANA-Update-Request that only carries a 2188 Notification AVP SHOULD be generated. 2190 Receipt this AVP does not change PANA state. 2192 AVP data is of type OctetString and it contains UTF-8 encoded ISO 2193 10646 characters [RFC2279]. The length of the displayable message is 2194 determined by the AVP Length field. The message MUST NOT be null 2195 terminated. 2197 7.3.11 Post-PANA-Address-Configuration (PPAC) AVP 2199 The PPAC AVP (AVP Code 11) is used for conveying the available types 2200 of post-PANA IP address configuration mechanisms when sent by the 2201 PAA, and the chosen one when sent by the PaC. Each possible 2202 mechanisms is represented by a flag. At least one or more of the 2203 flags MUST be set when sent by the PAA, and exactly one flag MUST be 2204 set when sent by the PaC. The AVP data is of type Unsigned32. 2206 The format of the AVP data is as follows: 2208 0 1 2 3 2209 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2210 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2211 |N|D|A|T|I| Reserved | 2212 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2214 PPAC Flags 2216 N (No configuration) 2218 The PaC does not have to (if sent by PAA) or will not (if sent 2219 by PaC) configure a new IP address after PANA. 2221 D (DHCP) 2223 The PaC can (if sent by PAA) or will (if sent by PaC) use DHCP 2224 [RFC2131] [RFC3315] to configure a new IP address after PANA. 2226 A (stateless autoconfiguration) 2228 The PaC can/will use stateless IPv6 address autoconfiguration 2229 [RFC2462] to configure a new IP address after PANA. 2231 T (DHCP with IPsec tunnel mode) 2233 The PaC can/will use [RFC3456] to configure a new IP address 2234 after PANA. 2236 I (IKEv2) 2238 The PaC can/will use [I-D.ietf-ipsec-ikev2] to configure a new 2239 IP address after PANA. 2241 Reserved 2243 These flag bits are reserved for future use, and MUST be set to 2244 zero, and ignored by the receiver. 2246 Unless the N-flag is set, the PaC MUST configure a new IP address 2247 using one of the methods indicated by the other flags. Refer to 2248 [I-D.ietf-pana-framework] for a detailed discussion on when these 2249 methods can be used. 2251 7.3.12 Protection-Capability AVP 2253 The Protection-Capability AVP (AVP Code 12) indicates the 2254 cryptographic data protection capability supported and required by 2255 the EPs. The AVP data is of type Unsigned32. Below is a list of 2256 valid data values and associated protection capabilities: 2258 0 L2_PROTECTION 2259 1 IPSEC_PROTECTION 2261 7.3.13 Provider-Identifier AVP 2263 The Provider-Identifier AVP (AVP Code 13) is of type Unsigned32, and 2264 contains an IANA assigned "SMI Network Management Private Enterprise 2265 Codes" [ianaweb] value, encoded in network byte order. 2267 7.3.14 Provider-Name AVP 2269 The Provider-Name AVP (AVP Code 14) is of type UTF8String, and 2270 contains the UTF8-encoded name of the provider. 2272 7.3.15 Result-Code AVP 2274 The Result-Code AVP (AVP Code 15) is of type Unsigned32 and indicates 2275 whether an EAP authentication was completed successfully or whether 2276 an error occurred. Here are Result-Code AVP values taken from 2277 [RFC3588] and adapted for PANA. 2279 7.3.15.1 Authentication Results Codes 2281 These result code values inform the PaC about the authentication and 2282 authorization result. The authentication result and authorization 2283 result can be different as described below, but only one result is 2284 returned to the PaC. These codes are used with PANA-Bind-Request and 2285 PANA-FirstAuth-End-Request messages. 2287 PANA_SUCCESS 2001 2289 Both authentication and authorization processes are successful. 2291 PANA_AUTHENTICATION_REJECTED 4001 2293 Authentication has failed. When this error is returned, it is 2294 assumed that authorization is automatically failed. 2296 PANA_AUTHORIZATION_REJECTED 5003 2298 The authorization process has failed. This error could occur when 2299 authorization is rejected by a AAA server or rejected locally by a 2300 PAA, even if the authentication procedure has succeeded. 2302 7.3.15.2 Protocol Error Result Codes 2304 These codes are used with PANA-Error-Request messages. Unless stated 2305 otherwise, they can be generated by both the PaC and the PAA. 2307 PANA_MESSAGE_UNSUPPORTED 3001 2309 Message type not recognized or supported. 2311 PANA_UNABLE_TO_DELIVER 3002 2312 The PAA was unable to deliver the EAP payload to the 2313 authentication server. Only the PAA can generate this code. 2315 PANA_INVALID_HDR_BITS 3008 2317 A message was received whose bits in the PANA header were either 2318 set to an invalid combination, or to a value that is inconsistent 2319 with the message type definition. 2321 PANA_INVALID_AVP_FLAGS 3009 2323 A message was received that included an AVP whose flag bits are 2324 set to an unrecognized value, or that is inconsistent with the 2325 AVP's definition. 2327 PANA_AVP_UNSUPPORTED 5001 2329 The received message contained an AVP that is not recognized or 2330 supported and was marked with the Mandatory bit. A PANA message 2331 with this error MUST contain one or more Failed-AVP AVP containing 2332 the AVPs that caused the failure. 2334 PANA_UNKNOWN_SESSION_ID 5002 2336 The message contained an unknown Session-Id. A PANA message 2337 indicating this error MUST include the unknown Session-Id AVP 2338 within a Failed-AVP AVP. 2340 PANA_INVALID_AVP_DATA 5004 2342 The message contained an AVP with an invalid value in its data 2343 portion. A PANA message indicating this error MUST include the 2344 offending AVPs within a Failed-AVP AVP. 2346 PANA_MISSING_AVP 5005 2348 The message did not contain an AVP that is required by the message 2349 type definition. If this value is sent in the Result-Code AVP, a 2350 Failed-AVP AVP SHOULD be included in the message. The Failed-AVP 2351 AVP MUST contain an example of the missing AVP complete with the 2352 Vendor-Id if applicable. The value field of the missing AVP 2353 should be of correct minimum length and contain zeroes. 2355 PANA_RESOURCES_EXCEEDED 5006 2357 A message was received that cannot be authorized because the 2358 client has already expended allowed resources. An example of this 2359 error condition is a client that is restricted to one PANA session 2360 and attempts to establish a second session. Only the PAA can 2361 generate this code. 2363 PANA_CONTRADICTING_AVPS 5007 2365 The PAA has detected AVPs in the message that contradicted each 2366 other, and is not willing to provide service to the client. One 2367 or more Failed-AVP AVPs MUST be present, containing the AVPs that 2368 contradicted each other. Only the PAA can generate this code. 2370 PANA_AVP_NOT_ALLOWED 5008 2372 A message was received with an AVP that MUST NOT be present. The 2373 Failed-AVP AVP MUST be included and contain a copy of the 2374 offending AVP. 2376 PANA_AVP_OCCURS_TOO_MANY_TIMES 5009 2378 A message was received that included an AVP that appeared more 2379 often than permitted in the message definition. The Failed-AVP 2380 AVP MUST be included and contain a copy of the first instance of 2381 the offending AVP that exceeded the maximum number of occurrences. 2383 PANA_UNSUPPORTED_VERSION 5011 2385 This error is returned when a message was received, whose version 2386 number is unsupported. 2388 PANA_UNABLE_TO_COMPLY 5012 2390 This error is returned when a request is rejected for unspecified 2391 reasons. For example, when an EAP authentication fails at an EAP 2392 pass-through authenticator without passing an EAP Failure message 2393 to the PAA, a Result-Code AVP with this error code is carried in 2394 the PANA-Error-Request message. 2396 PANA_INVALID_AVP_LENGTH 5014 2398 The message contained an AVP with an invalid length. The PANA- 2399 Error-Request message indicating this error MUST include the 2400 offending AVPs within a Failed-AVP AVP. 2402 PANA_INVALID_MESSAGE_LENGTH 5015 2404 This error is returned when a message is received with an invalid 2405 message length. 2407 PANA_PROTECTION_CAPABILITY_UNSUPPORTED 5016 2409 This error is returned when the PaC receives a PANA-Bind-Request 2410 message with a Protection-Capability AVP and a valid MAC AVP but 2411 does not support the protection capability specified in the 2412 Protection-Capability AVP. Only the PaC can generate this code. 2414 PANA_PPAC_CAPABILITY_UNSUPPORTED 5017 2416 This error is returned when there is no match between the list of 2417 PPAC methods offered by the PAA and the ones available on the PaC. 2418 Only the PaC can generate this code. 2420 7.3.16 Session-Id AVP 2422 All messages pertaining to a specific PANA session MUST include a 2423 Session-Id AVP (AVP Code 16) which carries a PAA-assigned fixed 2424 session identifier value throughout the lifetime of a session. When 2425 present, the Session-Id AVP SHOULD appear immediately following the 2426 PANA header. 2428 The Session-Id MUST be globally and eternally unique, as it is meant 2429 to identify a PANA session without reference to any other 2430 information, and may be needed to correlate historical authentication 2431 information with accounting information. The PANA Session-Id AVP has 2432 the same format as the Diameter Session-Id AVP [RFC3588]. 2434 7.3.17 Session-Lifetime AVP 2436 The Session-Lifetime AVP (AVP Code 17) contains the number of seconds 2437 remaining before the current session is considered expired. The AVP 2438 data is of type Unsigned32. 2440 7.3.18 Termination-Cause AVP 2442 The Termination-Cause AVP (AVP Code 18) is used for indicating the 2443 reason why a session is terminated by the requester. The AVP data is 2444 of type Enumerated. The following Termination-Cause data values are 2445 used with PANA. 2447 LOGOUT 1 (PaC -> PAA) 2449 The client initiated a disconnect 2451 ADMINISTRATIVE 4 (PAA -> PaC) 2453 The client was not granted access, or was disconnected, due to 2454 administrative reasons. 2456 SESSION_TIMEOUT 8 (PAA -> PaC) 2458 The session has timed out, and service has been terminated. 2460 8. Retransmission Timers 2462 The PANA protocol provides retransmissions for the PANA-PAA-Discover 2463 message and all request messages, with the exception that the PANA- 2464 Start-Answer message is retransmitted instead of the PANA-Start- 2465 Request message in stateless PAA discovery. 2467 PANA retransmission timers are based on the model used in DHCPv6 2468 [RFC3315]. Variables used here are also borrowed from this 2469 specification. PANA is a request response like protocol. The 2470 message exchange terminates when either the request sender 2471 successfully receives the appropriate answer, or when the message 2472 exchange is considered to have failed according to the retransmission 2473 mechanism described below. 2475 The retransmission behavior is controlled and described by the 2476 following variables: 2478 RT Retransmission timeout 2480 IRT Initial retransmission time 2482 MRC Maximum retransmission count 2484 MRT Maximum retransmission time 2486 MRD Maximum retransmission duration 2488 RAND Randomization factor 2490 With each message transmission or retransmission, the sender sets RT 2491 according to the rules given below. If RT expires before the message 2492 exchange terminates, the sender recomputes RT and retransmits the 2493 message. 2495 Each of the computations of a new RT include a randomization factor 2496 (RAND), which is a random number chosen with a uniform distribution 2497 between -0.1 and +0.1. The randomization factor is included to 2498 minimize synchronization of messages. 2500 The algorithm for choosing a random number does not need to be 2501 cryptographically sound. The algorithm SHOULD produce a different 2502 sequence of random numbers from each invocation. 2504 RT for the first message transmission is based on IRT: 2506 RT = IRT + RAND*IRT 2508 RT for each subsequent message transmission is based on the previous 2509 value of RT: 2511 RT = 2*RTprev + RAND*RTprev 2513 MRT specifies an upper bound on the value of RT (disregarding the 2514 randomization added by the use of RAND). If MRT has a value of 0, 2515 there is no upper limit on the value of RT. Otherwise: 2517 if (RT > MRT) 2518 RT = MRT + RAND*MRT 2520 MRC specifies an upper bound on the number of times a sender may 2521 retransmit a message. Unless MRC is zero, the message exchange fails 2522 once the sender has transmitted the message MRC times. 2524 MRD specifies an upper bound on the length of time a sender may 2525 retransmit a message. Unless MRD is zero, the message exchange fails 2526 once MRD seconds have elapsed since the client first transmitted the 2527 message. 2529 If both MRC and MRD are non-zero, the message exchange fails whenever 2530 either of the conditions specified in the previous two paragraphs are 2531 met. 2533 If both MRC and MRD are zero, the client continues to transmit the 2534 message until it receives a response. 2536 8.1 Transmission and Retransmission Parameters 2538 This section presents a table of values used to describe the message 2539 retransmission behavior of PANA requests and answers that are 2540 retransmitted (REQ_*) and PANA-PAA-Discover message (PDI_*). The 2541 table shows default values. 2543 Parameter Default Description 2544 ------------------------------------------------ 2545 PDI_IRT 1 sec Initial PDI timeout. 2546 PDI_MRT 120 secs Max PDI timeout value. 2547 PDI_MRC 0 Configurable. 2548 PDI_MRD 0 Configurable. 2550 REQ_IRT 1 sec Initial Request timeout. 2551 REQ_MRT 30 secs Max Request timeout value. 2552 REQ_MRC 10 Max Request retry attempts. 2553 REQ_MRD 0 Configurable. 2555 So for example the first RT for the PBR message is calculated using 2556 REQ_IRT as the IRT: 2558 RT = REQ_IRT + RAND*REQ_IRT 2560 9. IANA Considerations 2562 This section provides guidance to the Internet Assigned Numbers 2563 Authority (IANA) regarding registration of values related to the PANA 2564 protocol, in accordance with BCP 26 [IANA]. The following policies 2565 are used here with the meanings defined in BCP 26: "Private Use", 2566 "First Come First Served", "Expert Review", "Specification Required", 2567 "IETF Consensus", "Standards Action". 2569 This section explains the criteria to be used by the IANA for 2570 assignment of numbers within namespaces defined within this document. 2572 For registration requests where a Designated Expert should be 2573 consulted, the responsible IESG area director should appoint the 2574 Designated Expert. For Designated Expert with Specification 2575 Required, the request is posted to the PANA WG mailing list (or, if 2576 it has been disbanded, a successor designated by the Area Director) 2577 for comment and review, and MUST include a pointer to a public 2578 specification. Before a period of 30 days has passed, the Designated 2579 Expert will either approve or deny the registration request and 2580 publish a notice of the decision to the PANA WG mailing list or its 2581 successor. A denial notice must be justified by an explanation and, 2582 in the cases where it is possible, concrete suggestions on how the 2583 request can be modified so as to become acceptable. 2585 9.1 PANA UDP Port Number 2587 PANA uses one well-known UDP port number (Section 5.1, Section 4.2 2588 and Section 6.1), which needs to be assigned by the IANA. 2590 9.2 PANA Multicast Address 2592 PANA uses one well-known administratively scoped IPv4 multicast 2593 address, and one well-known administratively scoped IPv6 multicast 2594 address (Section 4.2 and Section 6.1), which need to be assigned by 2595 the IANA. 2597 9.3 PANA Header 2599 As defined in Section 6.2, the PANA header contains two fields that 2600 requires IANA namespace management; the Message Type and Flags field. 2602 9.3.1 Message Type 2604 The Message Type namespace is used to identify PANA messages. Values 2605 0-65,533 are for permanent, standard message types, allocated by IETF 2606 Consensus [IANA]. This document defines the Message Types 1-10. See 2607 Section 7.2.1 through Section 7.2.19 for the assignment of the 2608 namespace in this specification. 2610 The values 65,534 and 65,535 (hexadecimal values 0xfffe - 0xffff) are 2611 reserved for experimental messages. As these codes are only for 2612 experimental and testing purposes, no guarantee is made for 2613 interoperability between the communicating PaC and PAA using 2614 experimental commands, as outlined in [IANA-EXP]. 2616 9.3.2 Flags 2618 There are 16 bits in the Flags field of the PANA header. This 2619 document assigns bit 0 ('R'equest), bit 1 ('S'eparate) and bit 2 2620 ('N'AP Authentication). The remaining bits MUST only be assigned via 2621 a Standards Action [IANA]. 2623 9.4 AVP Header 2625 As defined in Section 6.3, the AVP header contains three fields that 2626 requires IANA namespace management; the AVP Code, AVP Flags and 2627 Vendor-Id fields where only the AVP Code and AVP Flags create new 2628 namespaces. 2630 9.4.1 AVP Code 2632 The AVP Code namespace is used to identify attributes. There are 2633 multiple namespaces. Vendors can have their own AVP Codes namespace 2634 which will be identified by their Vendor-ID (also known as 2635 Enterprise-Number) and they control the assignments of their vendor- 2636 specific AVP codes within their own namespace. The absence of a 2637 Vendor-ID or a Vendor-ID value of zero (0) identifies the IETF IANA 2638 controlled AVP Codes namespace. The AVP Codes and sometimes also 2639 possible values in an AVP are controlled and maintained by IANA. 2641 AVP Code 0 is not used. This document defines the AVP Codes 1-18. 2642 See Section 7.3.1 through Section 7.3.18 for the assignment of the 2643 namespace in this specification. 2645 AVPs may be allocated following Designated Expert with Specification 2646 Required [IANA]. Release of blocks of AVPs (more than 3 at a time 2647 for a given purpose) should require IETF Consensus. 2649 Note that PANA defines a mechanism for Vendor-Specific AVPs, where 2650 the Vendor-Id field in the AVP header is set to a non-zero value. 2651 Vendor-Specific AVPs codes are for Private Use and should be 2652 encouraged instead of allocation of global attribute types, for 2653 functions specific only to one vendor's implementation of PANA, where 2654 no interoperability is deemed useful. Where a Vendor-Specific AVP is 2655 implemented by more than one vendor, allocation of global AVPs should 2656 be encouraged instead. 2658 9.4.2 Flags 2660 There are 16 bits in the AVP Flags field of the AVP header, defined 2661 in Section 6.3. This document assigns bit 0 ('V'endor Specific) and 2662 bit 1 ('M'andatory). The remaining bits should only be assigned via 2663 a Standards Action . 2665 9.5 AVP Values 2667 Certain AVPs in PANA define a list of values with various meanings. 2668 For attributes other than those specified in this section, adding 2669 additional values to the list can be done on a First Come, First 2670 Served basis by IANA [IANA]. 2672 9.5.1 Algorithm Values of MAC AVP 2674 As defined in Section 7.3.7, the Algorithm field of MAC AVP (AVP Code 2675 7) defines the value of 1 (one) for HMAC-SHA1. 2677 All remaining values are available for assignment via IETF Consensus 2678 [IANA]. 2680 9.5.2 Post-PANA-Address-Configuration AVP Values 2682 As defined in Section 7.3.11, the Post-PANA-Address-Configuration AVP 2683 (AVP Code 11) defines the bits 0 ('N': no configuration), 1 ('D': 2684 DHCP), 2 ('A' stateless autoconfiguration), 3 ('T': DHCP with IPsec 2685 tunnel mode) and 4 ('I': IKEv2). 2687 All remaining values are available for assignment via a Standards 2688 Action [IANA]. 2690 9.5.3 Protection-Capability AVP Values 2692 As defined in Section 7.3.12, the Protection-Capability AVP (AVP Code 2693 12) defines the values 0 and 1. 2695 All remaining values are available for assignment via a Standards 2696 Action [IANA]. 2698 9.5.4 Result-Code AVP Values 2700 As defined in Section 7.3.15.1 and Section 7.3.15.2 the Result-Code 2701 AVP (AVP Code 15) defines the values 2001, 3001-3002, 3008-3009, 2702 4001, 5001-5009 and 5011-5017. 2704 All remaining values are available for assignment via IETF Consensus 2705 [IANA]. 2707 9.5.5 Termination-Cause AVP Values 2709 As defined in Section 7.3.18, the Termination-Cause AVP (AVP Code 18) 2710 defines the values 1, 4 and 8. 2712 All remaining values are available for assignment via IETF Consensus 2713 [IANA]. 2715 10. Security Considerations 2717 The PANA protocol defines a UDP-based EAP encapsulation that runs 2718 between two IP-enabled nodes on the same IP link. Various security 2719 threats that are relevant to a protocol of this nature are outlined 2720 in [RFC4016]. Security considerations stemming from the use of EAP 2721 and EAP methods are discussed in [RFC3748]. This section provides a 2722 discussion on the security-related issues that are related to PANA 2723 framework and protocol design. 2725 An important element in assessing security of PANA design and 2726 deployment in a network is the presence of lower-layer (physical and 2727 link-layer) security. In the context of this document, lower-layers 2728 are said to be secure if they can prevent eavesdropping and spoofing 2729 of packets. Examples of such networks are physically-secured DSL 2730 networks and 3GPP2 networks with crytographically-secured cdma2000 2731 link-layer. In these examples, the lower-layer security is enabled 2732 even before running the first PANA-based authentication. In the 2733 absence of such a pre-established secure channel, one needs to be 2734 created in conjunction with PANA using a link-layer or network-layer 2735 cryptographic mechanism (e.g., IPsec). 2737 10.1 General Security Measures 2739 PANA provides multiple mechanisms to secure a PANA session. 2741 PANA messages carry sequence numbers, which are monotonically 2742 incremented by 1 with every new request message. These numbers are 2743 randomly initialized at the beginning of the session, and verified 2744 against expected numbers upon receipt. A message whose sequence 2745 number is different than the expected one is silently discarded. In 2746 addition to accomplishing orderly delivery of EAP messages and 2747 duplicate elimination, this scheme also helps prevent an adversary 2748 spoof messages to disturb ongoing PANA and EAP sessions unless it can 2749 also eavesdrop to synchronize on the expected sequence number. 2750 Furthermore, impact of replay attacks is reduced as any stale message 2751 (i.e., a request or answer with an unexpected sequence number) and 2752 any duplicate answer are immediately discarded, and a duplicate 2753 request can trigger transmission of the cached answer (i.e., no need 2754 to process the request and generate a new answer). 2756 The PANA framework defines EP which is ideally located on a network 2757 device that can filter traffic from the PaCs before the traffic 2758 enters the Internet/intranet. A set of filters can be used to 2759 discard unauthorized packets, such as a PANA-Start-Request message 2760 that is received from the segment of the access network where only 2761 the PaCs are supposed to be connected. 2763 The protocol also provides authentication and integrity protection to 2764 PANA messages when the used EAP method can generate cryptographic 2765 session keys. A PANA SA is generated based on the AAA-Key exported 2766 by the EAP method. This SA is used for generating per-packet MAC to 2767 protect the PANA header and payload (including the complete EAP 2768 message). 2770 The cryptographic protection prevents an adversary from acting as a 2771 man-in-the-middle, injecting messages, replaying messages and 2772 modifying the content of the exchanged messages. Any packet that 2773 fails to pass the MAC verification is silently discarded. The 2774 earliest this protection can be enabled is when the very first PANA- 2775 Bind-Request or PANA-FirstAuth-End-Request message that signals a 2776 successful authentication is generated. Starting with these 2777 messages, any subsequent PANA message until the session gets torn 2778 down can be cryptographically protected. 2780 The PANA SA enables authenticated and integrity protected exchange of 2781 the device ID information between the PaC and PAA. This ensures 2782 there were no man-in-the-middle during the PANA authentication. 2784 The lifetime of the PANA SA is set to PANA session lifetime which is 2785 bounded by the lifetime granted by the authentication server. An 2786 implementation MAY add a tolerance period to that value. Unless the 2787 PANA session is extended by executing another EAP authentication, the 2788 PANA SA is removed when the current session expires. 2790 The ability to use cryptographic protection within PANA is determined 2791 by the used EAP method, which is generally dictated by the deployment 2792 environment. Insecure lower-layers necessitate use of key-generating 2793 EAP methods. In networks where lower-layers are already secured, 2794 cryptographic protection of PANA messages is not necessary. 2796 10.2 Discovery 2798 The discovery and handshake phase is vulnerable to spoofing attacks 2799 as these messages are not authenticated and integrity protected. In 2800 order to prevent very basic denial-of service attacks an adversary 2801 should not be able to cause state creation by sending discovery 2802 messages to the PAA. This protection is achieved by using a cookie- 2803 based scheme (similar to [RFC2522] which allows the responder (PAA) 2804 to be stateless in the first round of message exchange. A return- 2805 routability test does not provide additional protection as PANA 2806 traffic is not routed but simply forwarded on-link. It is difficult 2807 to prevent this threat entirely. 2809 In networks where lower-layers are not secured prior to running PANA, 2810 the capability discovery enabled through inclusion of Protection- 2811 Capability and Post-PANA-Address-Configuration AVPs in a PANA-Start- 2812 Request message is susceptible to spoofing leading to denial-of 2813 service attacks. Therefore, usage of these AVPs during the discovery 2814 and handshake phase in such insecure networks is NOT RECOMMENDED. 2815 The same AVPs are delivered via an integrity-protected PANA-Bind- 2816 Request upon successful authentication. 2818 10.3 EAP Methods 2820 Eavesdropping EAP messages might cause problems when the EAP method 2821 is weak and enables dictionary or replay attacks or even allows an 2822 adversary to learn the long-term password directly. Furthermore, if 2823 the optional EAP Response/Identity payload is used then it allows the 2824 adversary to learn the identity of the PaC. In such a case a privacy 2825 problem is prevalent. 2827 To prevent these threats, [I-D.ietf-pana-framework] suggests using 2828 proper EAP methods for particular environments. Depending on the 2829 deployment environment an EAP authentication method which supports 2830 user identity confidentiality, protection against dictionary attacks 2831 and session key establishment must be used. It is therefore the 2832 responsibility of the network operators and users to choose a proper 2833 EAP method. 2835 10.4 Separate NAP and ISP Authentication 2837 The PANA design allows running two separate EAP sessions for the same 2838 PaC in the authentication and authorization phase: one with the NAP, 2839 and one with the ISP. The process of arriving at the resultant 2840 authorization, which is a combination of the individual 2841 authorizations obtained from respective service providers, is outside 2842 the scope of this protocol. In the absence of lower-layer security, 2843 both authentications MUST be able to generate a AAA-Key, leading to 2844 generation of a PANA SA. The resultant PANA SA cryptographically 2845 binds the two AAA-Keys together, hence it prevents man-in-the-middle 2846 attacks. 2848 10.5 Cryptographic Keys 2850 When the EAP method exports a AAA-Key, this key is used to produce a 2851 PANA SA with PANA_MAC_KEY with a distinct key ID. The PANA_MAC_KEY 2852 is unique to the PANA session, and takes PANA-based nonce values into 2853 computation to cryptographically separate itself from the AAA-Key. 2855 The PANA_MAC_KEY is solely used for authentication and integrity 2856 protection of the PANA messages within the designated session. 2858 Two AAA-Keys may be generated as a result of separate NAP and ISP 2859 authentication. In that case, the AAA-Key used with the PANA SA is 2860 the combination of both keys. 2862 The PANA SA lifetime is bounded by the AAA-Key lifetime. Another 2863 execution of EAP method yields in a new AAA-Key, and updates the PANA 2864 SA, PANA_MAC_KEY and key ID. 2866 When link-layer or network-layer ciphering [I-D.ietf-pana-ipsec] is 2867 enabled as a result of successful PANA authentication, a separate 2868 PaC-EP master key is generated based on the AAA-Key, session 2869 identifier, key identifier, and EP device identifier. 2871 The lifetime of PaC-EP master key is bounded by the lifetime of the 2872 PANA SA. This key may be used with a secure association protocol 2873 [I-D.ietf-ipsec-ikev2] to produce further cipher-specific and 2874 transient keys. 2876 10.6 Per-packet Ciphering 2878 Networks that are not secured at the lower-layers prior to running 2879 PANA can rely on enabling per-packet data traffic ciphering upon 2880 successful PANA session establishment. The PANA framework allows 2881 generation of a PaC-EP master key from AAA-Key for using with a per- 2882 packet protection mechanism, such as link-layer or IPsec-based 2883 ciphering [I-D.ietf-pana-ipsec]. In case the master key is not 2884 readily useful to the ciphering mechanism, an additional secure 2885 association protocol [I-D.ietf-ipsec-ikev2] may be needed to produce 2886 the required keying material. These mechanisms ultimately establish 2887 a cryptographic binding between the data traffic generated by and for 2888 a client and the authenticated identity of the client. Data traffic 2889 must be minimally data origin authenticated, replay and integrity 2890 protected, and optionally encrypted. 2892 10.7 PAA-to-EP Communication 2894 The PANA framework allows separation of PAA from EP(s). SNMPv3 2895 [I-D.ietf-pana-snmp] is used between the PAA and EP for provisioning 2896 authorized PaC information on the EP. This exchange MUST be always 2897 physically or cryptographically protected for authentication, 2898 integrity and replay protection. It MUST also be privacy-protected 2899 when PaC-EP master key for per-packet ciphering is transmitted to the 2900 EP. 2902 The PaC-EP master key MUST be unique to the PaC and EP pair. The 2903 session identifier and the device identifier of the EP are taken into 2904 computation for achieving this effect [I-D.ietf-pana-ipsec]. 2905 Compromise of an EP does not automatically lead to compromise of 2906 another EP or the PAA. 2908 10.8 Liveness Test 2910 A PANA session is associated with a session lifetime. The session is 2911 terminated unless it is refreshed by a new round of EAP 2912 authentication before it expires. Therefore, at the latest a 2913 disconnected client can be detected when its session expires. A 2914 disconnect may also be detected earlier by using PANA ping messages. 2915 A request message can be generated by either PaC or PAA at any time 2916 and the peer must respond with an answer message. A successful 2917 round-trip of this exchange is a simple verification that the peer is 2918 alive. 2920 This test can be engaged when there is a possibility that the peer 2921 might have disconnected (e.g., after the discontinuation of data 2922 traffic for an extended period of time). Periodic use of this 2923 exchange as a keep-alive requires additional care as it might result 2924 in congestion and hence false alarms. 2926 This exchange is cryptographically protected when a PANA SA is 2927 available in order to prevent threats associated with the abuse of 2928 this functionality. 2930 Any valid PANA answer message received in response to a recently sent 2931 request message can be taken as an indication of peer's liveness. 2932 The PaC or PAA MAY forgo sending an explicit PANA-Ping-Request if a 2933 recent exchange has already confirmed that the peer is alive. 2935 10.9 Updating PaC's IP Address 2937 There is no way to prove the ownership of the IP address presented by 2938 the PaC. Hence an authorized PaC can launch a redirect attack by 2939 spoofing a victim's IP address. 2941 10.10 Early Termination of a Session 2943 The PANA protocol supports the ability for both the PaC and the PAA 2944 to transmit a tear-down message before the session lifetime expires. 2945 This message causes state removal, a stop of the accounting procedure 2946 and removes the installed per-PaC state on the EP(s). This message 2947 is cryptographically protected when PANA SA is present. 2949 11. Acknowledgments 2951 We would like to thank Jari Arkko, Mohan Parthasarathy, Julien 2952 Bournelle, Rafael Marin Lopez, Pasi Eronen, Randy Turner, Erik 2953 Nordmark, Lionel Morand, Avi Lior, Susan Thomson, Giaretta Gerardo 2954 and all members of the PANA working group for their valuable comments 2955 to this document. 2957 12. References 2959 12.1 Normative References 2961 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 2962 Requirement Levels", BCP 14, RFC 2119, March 1997. 2964 [RFC2131] Droms, R., "Dynamic Host Configuration Protocol", 2965 RFC 2131, March 1997. 2967 [RFC2234] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax 2968 Specifications: ABNF", RFC 2234, November 1997. 2970 [RFC2365] Meyer, D., "Administratively Scoped IP Multicast", BCP 23, 2971 RFC 2365, July 1998. 2973 [RFC2462] Thomson, S. and T. Narten, "IPv6 Stateless Address 2974 Autoconfiguration", RFC 2462, December 1998. 2976 [RFC2464] Crawford, M., "Transmission of IPv6 Packets over Ethernet 2977 Networks", RFC 2464, December 1998. 2979 [RFC2988] Paxson, V. and M. Allman, "Computing TCP's Retransmission 2980 Timer", RFC 2988, November 2000. 2982 [RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., 2983 and M. Carney, "Dynamic Host Configuration Protocol for 2984 IPv6 (DHCPv6)", RFC 3315, July 2003. 2986 [RFC3456] Patel, B., Aboba, B., Kelly, S., and V. Gupta, "Dynamic 2987 Host Configuration Protocol (DHCPv4) Configuration of 2988 IPsec Tunnel Mode", RFC 3456, January 2003. 2990 [RFC3588] Calhoun, P., Loughney, J., Guttman, E., Zorn, G., and J. 2991 Arkko, "Diameter Base Protocol", RFC 3588, September 2003. 2993 [RFC3748] Aboba, B., Blunk, L., Vollbrecht, J., Carlson, J., and H. 2994 Levkowetz, "Extensible Authentication Protocol (EAP)", 2995 RFC 3748, June 2004. 2997 [I-D.ietf-eap-keying] 2998 Aboba, B., "Extensible Authentication Protocol (EAP) Key 2999 Management Framework", draft-ietf-eap-keying-06 (work in 3000 progress), April 2005. 3002 [IANA] Narten, T. and H. Alvestrand, "Guidelines for Writing an 3003 IANA Considerations Section in RFCs", BCP 26, RFC 2434, 3004 October 1998. 3006 12.2 Informative References 3008 [RFC2522] Karn, P. and W. Simpson, "Photuris: Session-Key Management 3009 Protocol", RFC 2522, March 1999. 3011 [RFC4016] Parthasarathy, M., "Protocol for Carrying Authentication 3012 and Network Access (PANA) Threat Analysis and Security 3013 Requirements", RFC 4016, March 2005. 3015 [I-D.ietf-pana-requirements] 3016 Yegin, A. and Y. Ohba, "Protocol for Carrying 3017 Authentication for Network Access (PANA)Requirements", 3018 draft-ietf-pana-requirements-09 (work in progress), 3019 August 2004. 3021 [I-D.ietf-pana-ipsec] 3022 Parthasarathy, M., "PANA enabling IPsec based Access 3023 Control", draft-ietf-pana-ipsec-05 (work in progress), 3024 December 2004. 3026 [I-D.ietf-pana-framework] 3027 Jayaraman, P., "PANA Framework", 3028 draft-ietf-pana-framework-03 (work in progress), 3029 December 2004. 3031 [I-D.ietf-pana-snmp] 3032 Mghazli, Y., "SNMP usage for PAA-EP interface", 3033 draft-ietf-pana-snmp-03 (work in progress), February 2005. 3035 [I-D.ietf-eap-statemachine] 3036 Vollbrecht, J., Eronen, P., Petroni, N., and Y. Ohba, 3037 "State Machines for Extensible Authentication Protocol 3038 (EAP) Peer and Authenticator", 3039 draft-ietf-eap-statemachine-06 (work in progress), 3040 December 2004. 3042 [I-D.ietf-ipsec-ikev2] 3043 Kaufman, C., "Internet Key Exchange (IKEv2) Protocol", 3044 draft-ietf-ipsec-ikev2-17 (work in progress), 3045 October 2004. 3047 [I-D.ietf-dna-link-information] 3048 Yegin, A., "Link-layer Event Notifications for Detecting 3049 Network Attachments", draft-ietf-dna-link-information-01 3050 (work in progress), February 2005. 3052 [I-D.adrangi-eap-network-discovery] 3053 Adrangi, F., "Identity selection hints for Extensible 3054 Authentication Protocol (EAP)", 3055 draft-adrangi-eap-network-discovery-12 (work in progress), 3056 April 2005. 3058 [ianaweb] IANA, "Number assignment", http://www.iana.org. 3060 [IANA-EXP] 3061 Narten, T., "Assigning Experimental and Testing Numbers 3062 Considered Useful", BCP 82, RFC 3692, January 2004. 3064 [RFC2279] Yergeau, F., "UTF-8, a transformation format of ISO 3065 10646", RFC 2279, January 1998. 3067 Authors' Addresses 3069 Dan Forsberg 3070 Nokia Research Center 3071 P.O. Box 407 3072 FIN-00045 NOKIA GROUP 3073 Finland 3075 Phone: +358 50 4839470 3076 Email: dan.forsberg@nokia.com 3078 Yoshihiro Ohba 3079 Toshiba America Research, Inc. 3080 1 Telcordia Drive 3081 Piscataway, NJ 08854 3082 USA 3084 Phone: +1 732 699 5305 3085 Email: yohba@tari.toshiba.com 3087 Basavaraj Patil 3088 Nokia 3089 6000 Connection Dr. 3090 Irving, TX 75039 3091 USA 3093 Phone: +1 972-894-6709 3094 Email: Basavaraj.Patil@nokia.com 3095 Hannes Tschofenig 3096 Siemens Corporate Technology 3097 Otto-Hahn-Ring 6 3098 81739 Munich 3099 Germany 3101 Email: Hannes.Tschofenig@siemens.com 3103 Alper E. Yegin 3104 Samsung Advanced Institute of Technology 3105 75 West Plumeria Drive 3106 San Jose, CA 95134 3107 USA 3109 Phone: +1 408 544 5656 3110 Email: alper.yegin@samsung.com 3112 Appendix A. Example Sequence of Separate NAP and ISP Authentication 3114 A PANA message sequence with separate NAP and ISP authentication is 3115 illustrated in Figure 12. The example assumes the following 3116 scenario: 3118 o The PaC initiates the discovery and handshake phase. 3120 o The PAA offers separate NAP and ISP authentication, as well as a 3121 choice of ISP from "ISP1" and "ISP2". The PaC accepts the offer 3122 from PAA, with choosing "ISP1" as the ISP. 3124 o NAP authentication and ISP authentication is performed in this 3125 order in the authentication and authorization phase. 3127 o An EAP authentication method with a single round trip is used in 3128 each EAP sequence. 3130 o After a PANA SA is established, all messages are integrity and 3131 replay protected with MAC AVPs. 3133 o The access, re-authentication and termination phases are not 3134 shown. 3136 PaC PAA Message(sequence number)[AVPs] 3137 ----------------------------------------------------- 3138 // Discovery and handshake phase 3139 -----> PANA-PAA-Discover(0) 3140 <----- PANA-Start-Request(x) // S-flag set 3141 [Nonce, Cookie, 3142 ISP-Information("ISP1"), 3143 ISP-Information("ISP2"), 3144 NAP-Information("MyNAP")] 3145 -----> PANA-Start-Answer(x) // S-flag set 3146 [Nonce, Cookie, // PaC chooses "ISP1" 3147 ISP-Information("ISP1")] 3149 // Authentication and authorization phase 3150 <----- PANA-Auth-Request(x+1) // NAP authentication 3151 [Session-Id, EAP{Request}] // S- and N-flags set 3152 -----> PANA-Auth-Answer(x+1) // S- and N-flags set 3153 [Session-Id] // No piggybacking 3154 -----> PANA-Auth-Request(y) // S- and N-flags set 3155 [Session-Id, EAP{Response}] 3156 <----- PANA-Auth-Answer(y)[Session-Id] // S- and N-flags set 3157 <----- PANA-Auth-Request(x+2) // S- and N-flags set 3158 [Session-Id, EAP{Request}] 3159 -----> PANA-Auth-Answer(x+2) // S- and N-flags set 3160 [Session-Id, EAP{Response}] // Piggybacking 3161 <----- PANA-FirstAuth-End-Request(x+3) // S- and N-flags set 3162 [Session-Id, EAP{Success}, Key-Id, MAC] 3163 -----> PANA-FirstAuth-End-Answer(x+3) // S- and N-flags set 3164 [Session-Id, Key-Id, MAC] 3165 <----- PANA-Auth-Request(x+4) // ISP authentication 3166 [Session-Id, EAP{Request}, MAC] // S-flag set 3167 -----> PANA-Auth-Answer(x+4) // S-flag set 3168 [Session-Id, MAC] // No piggybacking 3169 -----> PANA-Auth-Request(y+1) // S-flag set 3170 [Session-Id, EAP{Response}, MAC] 3171 <----- PANA-Auth-Answer(y+1) // S-flag set 3172 [Session-Id, MAC] 3173 <----- PANA-Auth-Request(x+5) // S-flag set 3174 [Session-Id, EAP{Request}, MAC] 3175 -----> PANA-Auth-Answer(x+5) // S-flag set 3176 [Session-Id, EAP{Response}, MAC] // Piggybacking 3177 <----- PANA-Bind-Request(x+6) // S-flag set 3178 [Session-Id, Result-Code, EAP{Success}, Device-Id, 3179 Key-Id, Lifetime, Protection-Cap., PPAC, MAC] 3180 -----> PANA-Bind-Answer(x+6) // S-flag set 3181 [Session-Id, Device-Id, Key-Id, 3182 PPAC, MAC] 3184 Figure 12: A Complete Message Sequence for Separate NAP and ISP 3185 Authentication 3187 Intellectual Property Statement 3189 The IETF takes no position regarding the validity or scope of any 3190 Intellectual Property Rights or other rights that might be claimed to 3191 pertain to the implementation or use of the technology described in 3192 this document or the extent to which any license under such rights 3193 might or might not be available; nor does it represent that it has 3194 made any independent effort to identify any such rights. Information 3195 on the procedures with respect to rights in RFC documents can be 3196 found in BCP 78 and BCP 79. 3198 Copies of IPR disclosures made to the IETF Secretariat and any 3199 assurances of licenses to be made available, or the result of an 3200 attempt made to obtain a general license or permission for the use of 3201 such proprietary rights by implementers or users of this 3202 specification can be obtained from the IETF on-line IPR repository at 3203 http://www.ietf.org/ipr. 3205 The IETF invites any interested party to bring to its attention any 3206 copyrights, patents or patent applications, or other proprietary 3207 rights that may cover technology that may be required to implement 3208 this standard. Please address the information to the IETF at 3209 ietf-ipr@ietf.org. 3211 Disclaimer of Validity 3213 This document and the information contained herein are provided on an 3214 "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS 3215 OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET 3216 ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, 3217 INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE 3218 INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED 3219 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 3221 Copyright Statement 3223 Copyright (C) The Internet Society (2005). This document is subject 3224 to the rights, licenses and restrictions contained in BCP 78, and 3225 except as set forth therein, the authors retain all their rights. 3227 Acknowledgment 3229 Funding for the RFC Editor function is currently provided by the 3230 Internet Society.