idnits 2.17.1 draft-korhonen-dime-mip6-feature-bits-01.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** The document seems to lack a License Notice according IETF Trust Provisions of 28 Dec 2009, Section 6.b.ii or Provisions of 12 Sep 2009 Section 6.b -- however, there's a paragraph with a matching beginning. Boilerplate error? (You're using the IETF Trust Provisions' Section 6.b License Notice from 12 Feb 2009 rather than one of the newer Notices. See https://trustee.ietf.org/license-info/.) Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (June 10, 2009) is 5431 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- -- Obsolete informational reference (is this intentional?): RFC 3775 (Obsoleted by RFC 6275) Summary: 1 error (**), 0 flaws (~~), 1 warning (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Diameter Maintenance and J. Korhonen 3 Extensions (DIME) Nokia Siemens Networks 4 Internet-Draft June 10, 2009 5 Intended status: Informational 6 Expires: December 12, 2009 8 Diameter MIP6 Feature Vector Additional Bit Allocations 9 draft-korhonen-dime-mip6-feature-bits-01.txt 11 Status of this Memo 13 This Internet-Draft is submitted to IETF in full conformance with the 14 provisions of BCP 78 and BCP 79. 16 Internet-Drafts are working documents of the Internet Engineering 17 Task Force (IETF), its areas, and its working groups. Note that 18 other groups may also distribute working documents as Internet- 19 Drafts. 21 Internet-Drafts are draft documents valid for a maximum of six months 22 and may be updated, replaced, or obsoleted by other documents at any 23 time. It is inappropriate to use Internet-Drafts as reference 24 material or to cite them other than as "work in progress." 26 The list of current Internet-Drafts can be accessed at 27 http://www.ietf.org/ietf/1id-abstracts.txt. 29 The list of Internet-Draft Shadow Directories can be accessed at 30 http://www.ietf.org/shadow.html. 32 This Internet-Draft will expire on December 12, 2009. 34 Copyright Notice 36 Copyright (c) 2009 IETF Trust and the persons identified as the 37 document authors. All rights reserved. 39 This document is subject to BCP 78 and the IETF Trust's Legal 40 Provisions Relating to IETF Documents in effect on the date of 41 publication of this document (http://trustee.ietf.org/license-info). 42 Please review these documents carefully, as they describe your rights 43 and restrictions with respect to this document. 45 Abstract 47 During the Mobile IPv6 Split Scenario bootstrapping the Mobile IPv6 48 Home Agent and the Authentication, Authorization, and Accounting 49 server may exchange a set of authorized mobility capabilities. This 50 document defines new mobility capability flags that are used to 51 authorize per Mobile Node route optimization, Multiple Care-of 52 Address and user plane traffic encryption support. Furthermore, this 53 document also defines a capability flag of indicating whether the 54 Home Agent is authorized to act as a stand alone Virtual Private 55 Network gateway. 57 Table of Contents 59 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 60 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . 3 61 3. Flag definitions for the MIP6-Feature-Vector AVP . . . . . . . 3 62 3.1. Route Optimization Support . . . . . . . . . . . . . . . . 3 63 3.2. Multiple Care-of Addresses Support . . . . . . . . . . . . 3 64 3.3. User Traffic Encryption Support . . . . . . . . . . . . . . 4 65 3.4. VPN Gateway Mode Support . . . . . . . . . . . . . . . . . 4 66 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 4 67 5. Security Considerations . . . . . . . . . . . . . . . . . . . . 4 68 6. References . . . . . . . . . . . . . . . . . . . . . . . . . . 5 69 6.1. Normative References . . . . . . . . . . . . . . . . . . . 5 70 6.2. Informative References . . . . . . . . . . . . . . . . . . 5 71 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 5 73 1. Introduction 75 During the Mobile IPv6 [RFC3775] Split Scenario bootstrapping 76 [RFC5026] the Mobile IPv6 Home Agent (HA) and the Authentication, 77 Authorization, and Accounting (AAA) server MAY exchange a set of 78 capabilities as defined in [I-D.ietf-dime-mip6-split]. This document 79 defines additional capability flag bits that are used to authorize 80 per Mobile Node (MN) route optimization, Multiple Care-of Address 81 (MCoA) [I-D.ietf-monami6-multiplecoa] and user plane traffic 82 encryption support. Furthermore, this document also defines a 83 capability flag bit of indicating whether the HA is authorized to act 84 as a stand alone IPsec Virtual Private Network (VPN) gateway for 85 remote VPN clients. These new capability flag bits allow Mobility 86 Service Provider (MSP) to control the supported services on the HA. 88 2. Terminology 90 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 91 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 92 document are to be interpreted as described in [RFC2119]. 94 3. Flag definitions for the MIP6-Feature-Vector AVP 96 The MIP6-Feature-Vector AVP is defined in [RFC5447]. The new 97 capability bits defined in this document are intended to be used 98 between the HA and the AAA server during the Mobile IPv6 Split 99 Scenario bootstrapping Diameter interactions 100 [I-D.ietf-dime-mip6-split]. However, the defined flag bits MAY also 101 be used in other scenarios and deployments outside the Mobile IPv6 102 Split Scenario. 104 3.1. Route Optimization Support 106 Route optimization support is indicated by using the RO_SUPPORTED 107 (value 0x0000000200000000) capability flag bit. When the HA sets 108 this bit, it indicates support for the route optimization. If this 109 bit is unset in the returned MIP6-Feature-Vector AVP, the AAA server 110 does not authorize route optimization for the MN. 112 3.2. Multiple Care-of Addresses Support 114 Multiple Care-of Addresses (MCoA) [I-D.ietf-monami6-multiplecoa] 115 support is indicated by using the MCOA_SUPPORTED (value 116 0x0000001000000000) capability flag bit. When the HA sets this bit, 117 it indicates support for the MCoA. If this bit is unset in the 118 returned MIP6-Feature-Vector AVP, the AAA server does not authorize 119 the use of MCoA for the MN. 121 3.3. User Traffic Encryption Support 123 User plane traffic encryption support is indicated by using the 124 USER_TRAFFIC_ENCRYPTION (value 0x0000000400000000) capability flag 125 bit. When the HA sets this bit, it indicates support for the user 126 plane traffic encryption between the MN and the HA. If this bit is 127 unset in the returned MIP6-Feature-Vector AVP, the AAA server does 128 not authorize user plane traffic encryption because of subscription 129 or operator policy. 131 3.4. VPN Gateway Mode Support 133 The HA MAY act as a IPsec VPN gateway for the user and the support is 134 indicated by the VPN_GW_MODE (value 0x0000000800000000) capability 135 flag bit. When the HA sets this bit, it indicates support for acting 136 as a standalone IPsec VPN gateway. If this bit is unset in the 137 returned MIP6-Feature-Vector AVP, the AAA server does not authorize 138 the HA to act as a standalone IPsec VPN gateway for the MN because of 139 subscription or operator policy. 141 4. IANA Considerations 143 This document defines new values to the "Mobility Capability" 144 registry (see [RFC5447]) for use with the MIP6-Feature-Vector AVP: 146 Token | Value | Description 147 ---------------------------------+----------------------+------------ 148 RO_SUPPORTED | 0x0000000200000000 | RFC TBD 149 USER_TRAFFIC_ENCRYPTION | 0x0000000400000000 | RFC TBD 150 VPN_GW_MODE | 0x0000000800000000 | RFC TBD 151 MCOA_SUPPORTED | 0x0000001000000000 | RFC TBD 153 5. Security Considerations 155 This document has no additional security consideration to those 156 already described for the Mobile IPv6 Integrated Scenario Diameter 157 interactions [RFC5447] and Mobile IPv6 Split Scenario Diameter 158 interactions [I-D.ietf-dime-mip6-split]. 160 6. References 161 6.1. Normative References 163 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 164 Requirement Levels", BCP 14, RFC 2119, March 1997. 166 [RFC5447] Korhonen, J., Bournelle, J., Tschofenig, H., Perkins, C., 167 and K. Chowdhury, "Diameter Mobile IPv6: Support for 168 Network Access Server to Diameter Server Interaction", 169 RFC 5447, February 2009. 171 6.2. Informative References 173 [I-D.ietf-dime-mip6-split] 174 Korhonen, J., Tschofenig, H., Bournelle, J., Giaretta, G., 175 and M. Nakhjiri, "Diameter Mobile IPv6: Support for Home 176 Agent to Diameter Server Interaction", 177 draft-ietf-dime-mip6-split-17 (work in progress), 178 April 2009. 180 [I-D.ietf-monami6-multiplecoa] 181 Wakikawa, R., Devarapalli, V., Tsirtsis, G., Ernst, T., 182 and K. Nagami, "Multiple Care-of Addresses Registration", 183 draft-ietf-monami6-multiplecoa-14 (work in progress), 184 May 2009. 186 [RFC3775] Johnson, D., Perkins, C., and J. Arkko, "Mobility Support 187 in IPv6", RFC 3775, June 2004. 189 [RFC5026] Giaretta, G., Kempf, J., and V. Devarapalli, "Mobile IPv6 190 Bootstrapping in Split Scenario", RFC 5026, October 2007. 192 Author's Address 194 Jouni Korhonen 195 Nokia Siemens Networks 196 Linnoitustie 6 197 Espoo FIN-02600 198 Finland 200 Email: jouni.nospam@gmail.com