idnits 2.17.1 draft-kkbg-mpvd-id-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 113 has weird spacing: '...ication in oc...' == The document doesn't use any RFC 2119 keywords, yet seems to have RFC 2119 boilerplate text. -- The document date (February 14, 2014) is 3717 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'RFC4193' is mentioned on line 147, but not defined == Outdated reference: A later version (-11) exists of draft-ietf-mif-mpvd-arch-00 ** Downref: Normative reference to an Informational draft: draft-ietf-mif-mpvd-arch (ref. 'I-D.ietf-mif-mpvd-arch') -- Possible downref: Non-RFC (?) normative reference: ref. 'OID' ** Obsolete normative reference: RFC 3315 (Obsoleted by RFC 8415) ** Obsolete normative reference: RFC 4282 (Obsoleted by RFC 7542) Summary: 3 errors (**), 0 flaws (~~), 5 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 mif Working Group S. Krishnan 3 Internet-Draft Ericsson 4 Intended status: Standards Track J. Korhonen 5 Expires: August 18, 2014 Broadcom 6 S. Bhandari 7 Cisco Systems 8 S. Gundavelli 9 Cisco 10 February 14, 2014 12 Identification of provisioning domains 13 draft-kkbg-mpvd-id-00 15 Abstract 17 The MIF working group is producing a solution to solve the issues 18 that are associated with nodes that can be attached to multiple 19 networks. This document describes several methods of generating 20 identification information for provisioning them and a format for 21 carrying such identification in configuration protocols. 23 Status of this Memo 25 This Internet-Draft is submitted in full conformance with the 26 provisions of BCP 78 and BCP 79. 28 Internet-Drafts are working documents of the Internet Engineering 29 Task Force (IETF). Note that other groups may also distribute 30 working documents as Internet-Drafts. The list of current Internet- 31 Drafts is at http://datatracker.ietf.org/drafts/current/. 33 Internet-Drafts are draft documents valid for a maximum of six months 34 and may be updated, replaced, or obsoleted by other documents at any 35 time. It is inappropriate to use Internet-Drafts as reference 36 material or to cite them other than as "work in progress." 38 This Internet-Draft will expire on August 18, 2014. 40 Copyright Notice 42 Copyright (c) 2014 IETF Trust and the persons identified as the 43 document authors. All rights reserved. 45 This document is subject to BCP 78 and the IETF Trust's Legal 46 Provisions Relating to IETF Documents 47 (http://trustee.ietf.org/license-info) in effect on the date of 48 publication of this document. Please review these documents 49 carefully, as they describe your rights and restrictions with respect 50 to this document. Code Components extracted from this document must 51 include Simplified BSD License text as described in Section 4.e of 52 the Trust Legal Provisions and are provided without warranty as 53 described in the Simplified BSD License. 55 Table of Contents 57 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 58 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . 3 59 3. Provisioning domain identity format . . . . . . . . . . . . . . 3 60 4. Security Considerations . . . . . . . . . . . . . . . . . . . . 4 61 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 4 62 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 5 63 7. Normative References . . . . . . . . . . . . . . . . . . . . . 5 64 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 5 66 1. Introduction 68 The MIF working group is producing a solution to solve the issues 69 that are associated with nodes that can be attached to multiple 70 networks based on the Multiple Provisioning Domains (MPVD) 71 architecture work [I-D.ietf-mif-mpvd-arch]. This document describes 72 a format for carrying identification information along with a few 73 alternatives for reasonable sources for PVD identification. Since 74 the PVD IDs are expected to be unique, the identification sources 75 provide some level of uniqueness using either a hierarchical 76 structure (e.g. FQDNs and OIDs) or some form of randomness (e.g. 77 UUID and ULAs). Any source that does not provide either guaranteed 78 or probabilistic uniqueness is probably not a good candidate for 79 identifying provisioning domains. 81 2. Terminology 83 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 84 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 85 document are to be interpreted as described in [RFC2119]. 87 3. Provisioning domain identity format 89 The identity of the PVD is independent of the configuration protocol 90 used to communicate it and is formatted as follows. 92 0 1 2 3 93 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 94 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 95 | id-type | id-length | | 96 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + 97 + PVD identity information + 98 . (variable length) . 99 +---------------------------------------------------------------+ 101 Figure 1: PVD ID Option 103 o id-type: Describes the type of identification information. 104 This document defines six types of PVD identity information 105 0x01: UUID [RFC4122] 106 0x02: UTF-8 string 107 0x03: OID [OID] 108 0x04: NAI Realm [RFC4282] 109 0x05: FQDN 110 0x06: ULA Prefix [RFC4193] 111 Further types can be added by IANA action. 113 o id-length: Length of the PVD identification in octets 114 not including the id-type and id-length fields. 116 o PVD identity information: The PVD identification that is 117 based on the id-type. 119 4. Security Considerations 121 An attacker may attempt to modify the PVD identity provided in a 122 configuration protocol. These attacks can be prevented by using the 123 configuration protocol mechanisms such as SEND [RFC3971] and DHCPv6 124 AUTH option [RFC3315] that detect any form of tampering with the 125 configuration. 127 A compromised configuration source, on the other hand, cannot easily 128 be detected by a configuration client. The only real way to avoid 129 this is that the PvD identification is directly associable to some 130 form of authentication and authorization information from the owner 131 of the PvD (e.g. an FQDN can be associated with a DANE cert). Then, 132 this attack can be detected by the client by verifying the 133 authentication and authorization information provided inside the PVD 134 container option after verifying its trust towards the PvD owner 135 (e.g. a certificate with a well-known/common trust anchor that). 137 5. IANA Considerations 139 This document creates a new registry for PVD id types. The initial 140 values are listed below 142 0x01: UUID [RFC4122] 143 0x02: UTF-8 string 144 0x03: OID [OID] 145 0x04: NAI Realm [RFC4282] 146 0x05: FQDN 147 0x06: ULA Prefix [RFC4193] 149 6. Acknowledgements 151 The authors would like to thank the members of the MIF architecture 152 design team, Ted Lemon, Brian Carpenter, Bernie Volz and Alper Yegin 153 for their contributions to this draft. 155 7. Normative References 157 [I-D.ietf-mif-mpvd-arch] 158 Anipko, D., "Multiple Provisioning Domain Architecture", 159 draft-ietf-mif-mpvd-arch-00 (work in progress), 160 February 2014. 162 [OID] IANA, "PRIVATE ENTERPRISE NUMBERS", SMI Network Management 163 Private Enterprise Codes, http://www.iana.org/ 164 assignments/enterprise-numbers/enterprise-numbers. 166 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 167 Requirement Levels", BCP 14, RFC 2119, March 1997. 169 [RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., 170 and M. Carney, "Dynamic Host Configuration Protocol for 171 IPv6 (DHCPv6)", RFC 3315, July 2003. 173 [RFC3971] Arkko, J., Kempf, J., Zill, B., and P. Nikander, "SEcure 174 Neighbor Discovery (SEND)", RFC 3971, March 2005. 176 [RFC4122] Leach, P., Mealling, M., and R. Salz, "A Universally 177 Unique IDentifier (UUID) URN Namespace", RFC 4122, 178 July 2005. 180 [RFC4282] Aboba, B., Beadles, M., Arkko, J., and P. Eronen, "The 181 Network Access Identifier", RFC 4282, December 2005. 183 Authors' Addresses 185 Suresh Krishnan 186 Ericsson 187 8400 Decarie Blvd. 188 Town of Mount Royal, QC 189 Canada 191 Phone: +1 514 345 7900 x42871 192 Email: suresh.krishnan@ericsson.com 193 Jouni Korhonen 194 Broadcom Communications 195 Porkkalankatu 24 196 FIN-00180 Helsinki 197 Finland 199 Email: jouni.nospam@gmail.com 201 Shwetha Bhandari 202 Cisco Systems 203 Cessna Business Park, Sarjapura Marathalli Outer Ring Road 204 Bangalore, KARNATAKA 560 087 205 India 207 Phone: +91 80 4426 0474 208 Email: shwethab@cisco.com 210 Sri Gundavelli 211 Cisco 212 170 West Tasman Drive 213 San Jose, CA 95134 214 USA 216 Email: sgundave@cisco.com