idnits 2.17.1 draft-ietf-radext-delegated-prefix-01.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** It looks like you're using RFC 3978 boilerplate. You should update this to the boilerplate described in the IETF Trust License Policy document (see https://trustee.ietf.org/license-info), which is required now. -- Found old boilerplate from RFC 3978, Section 5.1 on line 15. -- Found old boilerplate from RFC 3978, Section 5.5 on line 231. -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 242. -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 249. -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 255. ** This document has an original RFC 3978 Section 5.4 Copyright Line, instead of the newer IETF Trust Copyright according to RFC 4748. ** This document has an original RFC 3978 Section 5.5 Disclaimer, instead of the newer disclaimer which includes the IETF Trust according to RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (May 23, 2006) is 6541 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 3633 (ref. '2') (Obsoleted by RFC 8415) -- Obsolete informational reference (is this intentional?): RFC 3588 (ref. '4') (Obsoleted by RFC 6733) -- Obsolete informational reference (is this intentional?): RFC 4005 (ref. '5') (Obsoleted by RFC 7155) Summary: 4 errors (**), 0 flaws (~~), 1 warning (==), 9 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group J. Salowey 3 Internet-Draft R. Droms 4 Intended status: Standards Track Cisco Systems, Inc. 5 Expires: November 24, 2006 May 23, 2006 7 RADIUS Delegated-IPv6-Prefix Attribute 8 draft-ietf-radext-delegated-prefix-01.txt 10 Status of this Memo 12 By submitting this Internet-Draft, each author represents that any 13 applicable patent or other IPR claims of which he or she is aware 14 have been or will be disclosed, and any of which he or she becomes 15 aware will be disclosed, in accordance with Section 6 of BCP 79. 17 Internet-Drafts are working documents of the Internet Engineering 18 Task Force (IETF), its areas, and its working groups. Note that 19 other groups may also distribute working documents as Internet- 20 Drafts. 22 Internet-Drafts are draft documents valid for a maximum of six months 23 and may be updated, replaced, or obsoleted by other documents at any 24 time. It is inappropriate to use Internet-Drafts as reference 25 material or to cite them other than as "work in progress." 27 The list of current Internet-Drafts can be accessed at 28 http://www.ietf.org/ietf/1id-abstracts.txt. 30 The list of Internet-Draft Shadow Directories can be accessed at 31 http://www.ietf.org/shadow.html. 33 This Internet-Draft will expire on November 24, 2006. 35 Copyright Notice 37 Copyright (C) The Internet Society (2006). 39 Abstract 41 This document defines a RADIUS (Remote Authentication Dial In User 42 Service) attribute that carries an IPv6 prefix that is to be 43 delegated to the user. This attribute is usable within either RADIUS 44 or Diameter. 46 1. Introduction 48 The Delegated-IPv6-Prefix is a RADIUS attribute [1] that carries an 49 IPv6 prefix to be delegated to the user. For example, the prefix in 50 a Delegated-IPv6-Prefix attribute can be delegated to another node 51 through DHCP Prefix Delegation [2]. 53 2. Terminology 55 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 56 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 57 document are to be interpreted as described in RFC 2119 [3]. 59 3. Attribute format 61 The format of the Delegated-IPv6-Prefix is: 63 0 1 2 3 64 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 65 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 66 | Type | Length | Reserved | Prefix-Length | 67 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 68 Prefix 69 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 70 Prefix 71 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 72 Prefix 73 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 74 Prefix | 75 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 77 Type 79 TBD for Delegated-IPv6-Prefix 81 Length 83 At least 4 and no larger than 20 85 Reserved 87 Always set to zero 89 Prefix-Length 91 The length of the prefix, in bits. At least 0 and no larger 92 than 128 94 Note that the prefix field is only required to be long enough to hold 95 the prefix bits and can be shorter than 16 bytes. Any bits in the 96 prefix field that are not part of the prefix MUST be zero. 98 The definition of the Delegated-IPv6-Prefix Attribute is based on the 99 Framed-IPv6-Prefix attribute. 101 The Delegated-IPv6-Prefix MAY appear in an Access-Accept packet, and 102 can appear multiple times. It MAY appear in an Access-Request packet 103 as a hint by the NAS to the server that it would prefer these 104 prefix(es), but the server is not required to honor the hint. 106 The Delegated-IPv6-Prefix attribute MAY appear in an Accounting- 107 Request packet. 109 The Delegated-IPv6-Prefix MUST NOT appear in any other RADIUS 110 packets. 112 The following table describes which messages the Delegated-IPv6- 113 Prefix attribute can appear in and in what quantity. 115 Request Accept Accounting # Attribute 116 Request 117 0+ 0+ 0+ TBD Delegated-IPv6-Prefix 119 In this table 0+ means that zero or more instances of this attribute 120 MAY be present in packet. This attribute MUST NOT appear in any 121 packet not listed in the table. 123 4. Diameter Considerations 125 A definition is needed for an identical attribute with the same Type 126 value for Diameter [4]. The attribute should be available as part of 127 the NASREQ application [5], as well as the Diameter EAP application 128 [6]. 130 5. IANA Considerations 132 IANA is requested to assign a Type value, TBD, for this attribute 133 from the RADIUS Types registry. 135 6. Security Considerations 137 Known security vulnerabilities of the RADIUS protocol are discussed 138 in RFC 2607 [7], RFC 2865 [1] and RFC 2869 [8]. Use of IPsec [9] for 139 providing security when RADIUS is carried in IPv6 is discussed in RFC 140 3162 [10]. 142 7. Change Log 144 The following changes were made in revision -01 of this document: 145 o Added additional details to Abstract; defined that this attribute 146 can be used in both RADIUS and Diameter. (Issue 188) 147 o Moved and clarified text describing which packets this attribute 148 can appear in adjacent to table in section 3. (Issue 188) 149 o Fixed RFC 2119 boilerplate in section 2. (Issue 185) 150 o Fixed table in section 3 to clarify which packets this attribute 151 cannot appear in. (Issue 188) 152 o Added section 4, Diameter Considerations. (Issue 188) 153 o Made some references in section 6, Security Considerations, 154 Informative rather than Normative. (Issue 188) 155 o Updated reference to RFC 2401 [9] to RFC 4301. (Issue 188) 156 o Changed "IP SEC" to "IPsec" in section 6. (Issues 185 and 188) 158 8. References 160 8.1. Normative References 162 [1] Rigney, C., Willens, S., Rubens, A., and W. Simpson, "Remote 163 Authentication Dial In User Service (RADIUS)", RFC 2865, 164 June 2000. 166 [2] Troan, O. and R. Droms, "IPv6 Prefix Options for Dynamic Host 167 Configuration Protocol (DHCP) version 6", RFC 3633, 168 December 2003. 170 [3] Bradner, S., "Key words for use in RFCs to Indicate Requirement 171 Levels", BCP 14, RFC 2119, March 1997. 173 8.2. Non-normative References 175 [4] Calhoun, P., Loughney, J., Guttman, E., Zorn, G., and J. Arkko, 176 "Diameter Base Protocol", RFC 3588, September 2003. 178 [5] Calhoun, P., Zorn, G., Spence, D., and D. Mitton, "Diameter 179 Network Access Server Application", RFC 4005, August 2005. 181 [6] Eronen, P., Hiller, T., and G. Zorn, "Diameter Extensible 182 Authentication Protocol (EAP) Application", RFC 4072, 183 August 2005. 185 [7] Aboba, B. and J. Vollbrecht, "Proxy Chaining and Policy 186 Implementation in Roaming", RFC 2607, June 1999. 188 [8] Rigney, C., Willats, W., and P. Calhoun, "RADIUS Extensions", 189 RFC 2869, June 2000. 191 [9] Kent, S. and K. Seo, "Security Architecture for the Internet 192 Protocol", RFC 4301, December 2005. 194 [10] Aboba, B., Zorn, G., and D. Mitton, "RADIUS and IPv6", 195 RFC 3162, August 2001. 197 Authors' Addresses 199 Joe Salowey 200 Cisco Systems, Inc. 201 2901 Third Avenue 202 Seattle, WA 98121 203 USA 205 Phone: +1 206.310.0596 206 Email: jsalowey@cisco.com 208 Ralph Droms 209 Cisco Systems, Inc. 210 1414 Massachusetts Avenue 211 Boxborough, MA 01719 212 USA 214 Phone: +1 978.936.1674 215 Email: rdroms@cisco.com 217 Full Copyright Statement 219 Copyright (C) The Internet Society (2006). 221 This document is subject to the rights, licenses and restrictions 222 contained in BCP 78, and except as set forth therein, the authors 223 retain all their rights. 225 This document and the information contained herein are provided on an 226 "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS 227 OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET 228 ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, 229 INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE 230 INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED 231 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 233 Intellectual Property 235 The IETF takes no position regarding the validity or scope of any 236 Intellectual Property Rights or other rights that might be claimed to 237 pertain to the implementation or use of the technology described in 238 this document or the extent to which any license under such rights 239 might or might not be available; nor does it represent that it has 240 made any independent effort to identify any such rights. Information 241 on the procedures with respect to rights in RFC documents can be 242 found in BCP 78 and BCP 79. 244 Copies of IPR disclosures made to the IETF Secretariat and any 245 assurances of licenses to be made available, or the result of an 246 attempt made to obtain a general license or permission for the use of 247 such proprietary rights by implementers or users of this 248 specification can be obtained from the IETF on-line IPR repository at 249 http://www.ietf.org/ipr. 251 The IETF invites any interested party to bring to its attention any 252 copyrights, patents or patent applications, or other proprietary 253 rights that may cover technology that may be required to implement 254 this standard. Please address the information to the IETF at 255 ietf-ipr@ietf.org. 257 Acknowledgment 259 Funding for the RFC Editor function is provided by the IETF 260 Administrative Support Activity (IASA).