idnits 2.17.1 

draft-ietf-radext-delegated-prefix-02.txt:

  Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

  ** It looks like you're using RFC 3978 boilerplate.  You should update this
     to the boilerplate described in the IETF Trust License Policy document
     (see https://trustee.ietf.org/license-info), which is required now.

  -- Found old boilerplate from RFC 3978, Section 5.1 on line 15.

  -- Found old boilerplate from RFC 3978, Section 5.5 on line 279.

  -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 290.

  -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 297.

  -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 303.

  ** This document has an original RFC 3978 Section 5.4 Copyright Line,
     instead of the newer IETF Trust Copyright according to RFC 4748.

  ** This document has an original RFC 3978 Section 5.5 Disclaimer, instead
     of the newer disclaimer which includes the IETF Trust according to RFC
     4748.


  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

     No issues found here.

  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

     No issues found here.

  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not
     match the current year

  -- The document seems to lack a disclaimer for pre-RFC5378 work, but may
     have content which was first submitted before 10 November 2008.  If you
     have contacted all the original authors and they are all willing to grant
     the BCP78 rights to the IETF Trust, then this is fine, and you can ignore
     this comment.  If not, you may need to add the pre-RFC5378 disclaimer. 
     (See the Legal Provisions document at
     https://trustee.ietf.org/license-info for more information.)

  -- The document date (July 10, 2006) is 6500 days in the past.  Is this
     intentional?


  Checking references for intended status: Proposed Standard
  ----------------------------------------------------------------------------

     (See RFCs 3967 and 4897 for information about using normative references
     to lower-maturity documents in RFCs)

  ** Obsolete normative reference: RFC 3633 (ref. '2') (Obsoleted by RFC 8415)

  -- Obsolete informational reference (is this intentional?): RFC 3588 (ref.
     '5') (Obsoleted by RFC 6733)

  -- Obsolete informational reference (is this intentional?): RFC 4005 (ref.
     '6') (Obsoleted by RFC 7155)


     Summary: 4 errors (**), 0 flaws (~~), 1 warning (==), 9 comments (--).

     Run idnits with the --verbose option for more detailed information about
     the items above.

--------------------------------------------------------------------------------


2	Network Working Group                                         J. Salowey
3	Internet-Draft                                                  R. Droms
4	Intended status: Standards Track                     Cisco Systems, Inc.
5	Expires: January 11, 2007                                  July 10, 2006

7	                 RADIUS Delegated-IPv6-Prefix Attribute
8	               draft-ietf-radext-delegated-prefix-02.txt

10	Status of this Memo

12	   By submitting this Internet-Draft, each author represents that any
13	   applicable patent or other IPR claims of which he or she is aware
14	   have been or will be disclosed, and any of which he or she becomes
15	   aware will be disclosed, in accordance with Section 6 of BCP 79.

17	   Internet-Drafts are working documents of the Internet Engineering
18	   Task Force (IETF), its areas, and its working groups.  Note that
19	   other groups may also distribute working documents as Internet-
20	   Drafts.

22	   Internet-Drafts are draft documents valid for a maximum of six months
23	   and may be updated, replaced, or obsoleted by other documents at any
24	   time.  It is inappropriate to use Internet-Drafts as reference
25	   material or to cite them other than as "work in progress."

27	   The list of current Internet-Drafts can be accessed at
28	   http://www.ietf.org/ietf/1id-abstracts.txt.

30	   The list of Internet-Draft Shadow Directories can be accessed at
31	   http://www.ietf.org/shadow.html.

33	   This Internet-Draft will expire on January 11, 2007.

35	Copyright Notice

37	   Copyright (C) The Internet Society (2006).

39	Abstract

41	   This document defines a RADIUS (Remote Authentication Dial In User
42	   Service) attribute that carries an IPv6 prefix that is to be
43	   delegated to the user.  This attribute is usable within either RADIUS
44	   or Diameter.

46	1.  Introduction

48	   The Delegated-IPv6-Prefix is a RADIUS attribute [1] that carries an
49	   IPv6 prefix to be delegated to the user, for use in the user's
50	   network.  For example, the prefix in a Delegated-IPv6-Prefix
51	   attribute can be delegated to another node through DHCP Prefix
52	   Delegation [2].

54	   The Framed-IPv6-Prefix attribute [4] serves a similar purpose, but
55	   may also be used for other purposes other than delegating a prefix
56	   for use in a user's network.  Definition of the Delegated-IPv6-Prefix
57	   allows the simultaneous use of the Framed-IPv6-Prefix for other
58	   purposes and the Delegated-IPv6-Prefix for prefix delegation.

60	2.  Terminology

62	   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
63	   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
64	   document are to be interpreted as described in RFC 2119 [3].

66	3.  Attribute format

68	   The format of the Delegated-IPv6-Prefix is:

70	       0                   1                   2                   3
71	       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
72	      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
73	      |     Type      |    Length     |  Reserved     | Prefix-Length |
74	      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
75	                                   Prefix
76	      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
77	                                   Prefix
78	      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
79	                                   Prefix
80	      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
81	                                   Prefix                             |
82	      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

84	       Type

86	            TBD for Delegated-IPv6-Prefix

88	       Length

90	            The length of the entire attribute, in bytes.  At least 4
91	            (to hold Type/Length/Reserved/Prefix-Length for a 0-bit
92	            prefix), and no larger than 20 (to hold Type/Length/
93	            Reserved/Prefix-Length for a 128-bit prefix)

95	       Reserved

97	            Always set to zero by sender; ignored by receiver

99	       Prefix-Length

101	            The length of the prefix being delegated, in bits.  At least
102	            0 and no larger than 128 bits (identifying a single IPv6
103	            address)

105	   Note that the prefix field is only required to be long enough to hold
106	   the prefix bits and can be shorter than 16 bytes.  Any bits in the
107	   prefix field that are not part of the prefix MUST be zero.

109	   The definition of the Delegated-IPv6-Prefix Attribute is based on the
110	   Framed-IPv6-Prefix attribute [4].

112	   The Delegated-IPv6-Prefix MAY appear in an Access-Accept packet, and
113	   can appear multiple times.  It MAY appear in an Access-Request packet
114	   as a hint by the NAS to the server that it would prefer these
115	   prefix(es), but the server is not required to honor the hint.

117	   The Delegated-IPv6-Prefix attribute MAY appear in an Accounting-
118	   Request packet.

120	   The Delegated-IPv6-Prefix MUST NOT appear in any other RADIUS
121	   packets.

123	   The following table describes which messages the Delegated-IPv6-
124	   Prefix attribute can appear in and in what quantity.

126	   +------------------------------------------------------+
127	   | Request Accept Accounting  #   Attribute             |
128	   |                Request                               |
129	   | 0+      0+     0+          TBD Delegated-IPv6-Prefix |
130	   +------------------------------------------------------+

132	   In this table 0+ means that zero or more instances of this attribute
133	   MAY be present in packet.  This attribute MUST NOT appear in any
134	   packet not listed in the table.

136	4.  Diameter Considerations

138	   When used in Diameter, the attribute defined in this specification
139	   can be used as a Diameter AVP from the Code space 1-255, i.e., RADIUS
140	   attribute compatibility space.  No additional Diameter Code values
141	   are therefore allocated.  The data types of the attributes are as
142	   follows:

144	        Delegated-IPv6-Prefix             OctetString

146	   The attribute in this specification has no special translation
147	   requirements for Diameter to RADIUS or RADIUS to Diameter gateways,
148	   i.e., the attribute is copied as is, except for changes relating to
149	   headers, alignment, and padding.  See also RFC 3588 [5], Section 4.1,
150	   and RFC 4005 [6], Section 9.

152	   The text in this specification describing the applicability of the
153	   Delegated-IPv6-Prefix attribute for RADIUS Access-Request applies in
154	   Diameter to AA-Request [6] or Diameter-EAP-Request [7].

156	   The text in this specification describing the applicability of the
157	   Delegated-IPv6-Prefix attribute for RADIUS Access-Accept applies in
158	   Diameter to AA-Answer or Diameter-EAP-Answer that indicates success.

160	   The text in this specification describing the applicability of the
161	   Delegated-IPv6-Prefix attribute for RADIUS Accounting-Request applies
162	   to Diameter Accounting-Request [6] as well.

164	5.  IANA Considerations

166	   IANA is requested to assign a Type value, TBD, for this attribute
167	   from the RADIUS Attribute Types registry.

169	6.  Security Considerations

171	   Known security vulnerabilities of the RADIUS protocol are discussed
172	   in RFC 2607 [8], RFC 2865 [1] and RFC 2869 [9].  Use of IPsec [10]
173	   for providing security when RADIUS is carried in IPv6 is discussed in
174	   RFC 3162.

176	   Security considerations for the Diameter protocol are discussed in
177	   RFC 3588 [5].

179	7.  Change Log

181	   This section to be removed before publication as an RFC.

183	   The following changes were made in revision -01 of this document:
184	   o  Added additional details to Abstract; defined that this attribute
185	      can be used in both RADIUS and Diameter.  (Issue 188)
186	   o  Moved and clarified text describing which packets this attribute
187	      can appear in adjacent to table in section 3.  (Issue 188)
188	   o  Fixed RFC 2119 boilerplate in section 2.  (Issue 185)
189	   o  Fixed table in section 3 to clarify which packets this attribute
190	      cannot appear in.  (Issue 188)
191	   o  Added section 4, Diameter Considerations.  (Issue 188)
192	   o  Made some references in section 6, Security Considerations,
193	      Informative rather than Normative.  (Issue 188)
194	   o  Updated reference to RFC 2401 [9] to RFC 4301.  (Issue 188)
195	   o  Changed "IP SEC" to "IPsec" in section 6.  (Issues 185 and 188)

197	   The following changes were made in revision -02 of this document:
198	   o  Added a second paragraph to the Introduction, referencing the
199	      Framed-IPv6-Prefix attribute
200	   o  Improved description of attribute fields in section 3
201	   o  Added border to table in section 3
202	   o  Updated Section 4, Diameter Considerations, to describe how this
203	      attribute would be used in Diameter.
204	   o  Added reference to RFC 3588 in Section 6, Security Considerations.

206	8.  References

208	8.1.  Normative References

210	   [1]  Rigney, C., Willens, S., Rubens, A., and W. Simpson, "Remote
211	        Authentication Dial In User Service (RADIUS)", RFC 2865,
212	        June 2000.

214	   [2]  Troan, O. and R. Droms, "IPv6 Prefix Options for Dynamic Host
215	        Configuration Protocol (DHCP) version 6", RFC 3633,
216	        December 2003.

218	   [3]  Bradner, S., "Key words for use in RFCs to Indicate Requirement
219	        Levels", BCP 14, RFC 2119, March 1997.

221	8.2.  Non-normative References

223	   [4]   Aboba, B., Zorn, G., and D. Mitton, "RADIUS and IPv6",
224	         RFC 3162, August 2001.

226	   [5]   Calhoun, P., Loughney, J., Guttman, E., Zorn, G., and J. Arkko,
227	         "Diameter Base Protocol", RFC 3588, September 2003.

229	   [6]   Calhoun, P., Zorn, G., Spence, D., and D. Mitton, "Diameter
230	         Network Access Server Application", RFC 4005, August 2005.

232	   [7]   Eronen, P., Hiller, T., and G. Zorn, "Diameter Extensible
233	         Authentication Protocol (EAP) Application", RFC 4072,
234	         August 2005.

236	   [8]   Aboba, B. and J. Vollbrecht, "Proxy Chaining and Policy
237	         Implementation in Roaming", RFC 2607, June 1999.

239	   [9]   Rigney, C., Willats, W., and P. Calhoun, "RADIUS Extensions",
240	         RFC 2869, June 2000.

242	   [10]  Kent, S. and K. Seo, "Security Architecture for the Internet
243	         Protocol", RFC 4301, December 2005.

245	Authors' Addresses

247	   Joe Salowey
248	   Cisco Systems, Inc.
249	   2901 Third Avenue
250	   Seattle, WA  98121
251	   USA

253	   Phone: +1 206.310.0596
254	   Email: jsalowey@cisco.com

256	   Ralph Droms
257	   Cisco Systems, Inc.
258	   1414 Massachusetts Avenue
259	   Boxborough, MA  01719
260	   USA

262	   Phone: +1 978.936.1674
263	   Email: rdroms@cisco.com

265	Full Copyright Statement

267	   Copyright (C) The Internet Society (2006).

269	   This document is subject to the rights, licenses and restrictions
270	   contained in BCP 78, and except as set forth therein, the authors
271	   retain all their rights.

273	   This document and the information contained herein are provided on an
274	   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
275	   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
276	   ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
277	   INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
278	   INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
279	   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

281	Intellectual Property

283	   The IETF takes no position regarding the validity or scope of any
284	   Intellectual Property Rights or other rights that might be claimed to
285	   pertain to the implementation or use of the technology described in
286	   this document or the extent to which any license under such rights
287	   might or might not be available; nor does it represent that it has
288	   made any independent effort to identify any such rights.  Information
289	   on the procedures with respect to rights in RFC documents can be
290	   found in BCP 78 and BCP 79.

292	   Copies of IPR disclosures made to the IETF Secretariat and any
293	   assurances of licenses to be made available, or the result of an
294	   attempt made to obtain a general license or permission for the use of
295	   such proprietary rights by implementers or users of this
296	   specification can be obtained from the IETF on-line IPR repository at
297	   http://www.ietf.org/ipr.

299	   The IETF invites any interested party to bring to its attention any
300	   copyrights, patents or patent applications, or other proprietary
301	   rights that may cover technology that may be required to implement
302	   this standard.  Please address the information to the IETF at
303	   ietf-ipr@ietf.org.

305	Acknowledgment

307	   Funding for the RFC Editor function is provided by the IETF
308	   Administrative Support Activity (IASA).