idnits 2.17.1 draft-sweet-uri-zoneid-01.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The abstract seems to contain references ([LITERAL-ZONE], [RFC3986]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (November 22, 2013) is 3808 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- == Unused Reference: 'RFC3493' is defined on line 249, but no explicit reference was found in the text == Unused Reference: 'RFC4001' is defined on line 253, but no explicit reference was found in the text ** Obsolete normative reference: RFC 2616 (Obsoleted by RFC 7230, RFC 7231, RFC 7232, RFC 7233, RFC 7234, RFC 7235) ** Obsolete normative reference: RFC 2911 (Obsoleted by RFC 8011) Summary: 4 errors (**), 0 flaws (~~), 3 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Internet Engineering Task Force M. Sweet, Ed. 3 Internet-Draft Apple Inc. 4 Intended status: Informational November 22, 2013 5 Expires: May 26, 2014 7 An IPvFuture Syntax for IPv6 Link-Local Addresses 8 draft-sweet-uri-zoneid-01 10 Abstract 12 This document describes how the zone identifier of an IPv6 scoped 13 address, defined as in the IPv6 Scoped Address Architecture 14 (RFC 4007), can be represented in a literal IPv6 address and in a 15 Uniform Resource Identifier that includes such a literal address. It 16 documents a long-standing usage of the IPvFuture extension point 17 provided in the Uniform Resource Identifier (URI) syntax 18 specification [RFC3986]. 20 [ Editor's note: This draft documents the IPvFuture format originally 21 defined in [LITERAL-ZONE] and used by CUPS since 2005. A separate, 22 incompatible format was defined and published in RFC 6874. ] 24 Status of This Memo 26 This Internet-Draft is submitted in full conformance with the 27 provisions of BCP 78 and BCP 79. 29 Internet-Drafts are working documents of the Internet Engineering 30 Task Force (IETF). Note that other groups may also distribute 31 working documents as Internet-Drafts. The list of current Internet- 32 Drafts is at http://datatracker.ietf.org/drafts/current/. 34 Internet-Drafts are draft documents valid for a maximum of six months 35 and may be updated, replaced, or obsoleted by other documents at any 36 time. It is inappropriate to use Internet-Drafts as reference 37 material or to cite them other than as "work in progress." 39 This Internet-Draft will expire on May 26, 2014. 41 Copyright Notice 43 Copyright (c) 2013 IETF Trust and the persons identified as the 44 document authors. All rights reserved. 46 This document is subject to BCP 78 and the IETF Trust's Legal 47 Provisions Relating to IETF Documents 48 (http://trustee.ietf.org/license-info) in effect on the date of 49 publication of this document. Please review these documents 50 carefully, as they describe your rights and restrictions with respect 51 to this document. Code Components extracted from this document must 52 include Simplified BSD License text as described in Section 4.e of 53 the Trust Legal Provisions and are provided without warranty as 54 described in the Simplified BSD License. 56 Table of Contents 58 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 59 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 2 60 2. Specification . . . . . . . . . . . . . . . . . . . . . . . . 3 61 3. HTTP Requirements . . . . . . . . . . . . . . . . . . . . . . 4 62 4. Security Consideration . . . . . . . . . . . . . . . . . . . 5 63 5. References . . . . . . . . . . . . . . . . . . . . . . . . . 5 64 5.1. Normative References . . . . . . . . . . . . . . . . . . 5 65 5.2. Informative References . . . . . . . . . . . . . . . . . 6 66 Appendix A. Change History . . . . . . . . . . . . . . . . . . . 6 67 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 7 69 1. Introduction 71 The Uniform Resource Identifier (URI) syntax specification [RFC3986] 72 defines how a literal IPv6 address can be represented in the "host" 73 part of a URI. However, it does not define how zone identifiers (see 74 IPv6 Scoped Address Architecture specification [RFC4007]) are 75 represented, which has lead to the development and deployment of two 76 incompatible URI syntax extensions. The first syntax, "A Format for 77 IPv6 Scope Zone Identifiers in Literal URIs" [LITERAL-ZONE], was 78 originally proposed in 2005 and used the IPvFuture rule that was 79 defined for future address extensions in URIs. While this draft was 80 ultimately never published, the syntax was adopted by the CUPS [CUPS] 81 software in 2005 and is now widely deployed in clients and printers. 82 The second syntax, "Representing IPv6 Zone Identifiers in Address 83 Literals and Uniform Resource Identifiers" [RFC6874], was published 84 in February 2013 and incompatibly extends the URI syntax with a new 85 IPv6addrz rule. This document describes the first syntax and 86 provides additional implementation guidelines for its use. 88 [ Editor's note: Would it be appropriate to provide adoption numbers 89 here (hundreds of millions of devices)? ] 91 1.1. Requirements Language 93 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 94 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 95 document are to be interpreted as described in "Key words for use in 96 RFCs to Indicate Requirement Levels" [RFC2119]. 98 2. Specification 100 According to IPv6 Scoped Address syntax [RFC4007], a zone identifier 101 is attached to the textual representation of an IPv6 address by 102 concatenating "%" followed by , where is a string 103 identifying the zone of the address. However, the IPv6 Scoped 104 Address Architecture specification gives no precise definition of the 105 character set allowed in . There are no rules or de facto 106 standards for this. For example, the first Ethernet interface in a 107 host might be called %0, %1, %en1, %eth0, or whatever the implementer 108 happened to choose. 110 In a URI, a literal IPv6 address is always embedded between "[" and 111 "]". This document specifies how a can be appended to the 112 address. According to URI syntax [RFC3986], "%" is always treated as 113 an escape character in a URI, so, according to the established URI 114 syntax [RFC3986] any occurrences of literal "%" symbols in a URI MUST 115 be percent-encoded and represented in the form "%25". Thus, the 116 scoped address fe80::a%en1 would appear in a URI as http:// 117 [fe80::a%25en1]. 119 However, since parsers based on the ABNF [RFC5234] in the URI syntax 120 specification [RFC3986] will not allow a URI of that form, an 121 alternate format based on the IPvFuture rule [LITERAL-ZONE] can be 122 used where the address is prefixed with "v1." and the "+" character 123 is used as the separator between the address and . Thus, 124 the alternate form of the scoped address fe80::a%en1 would appear in 125 a URI as http://[v1.fe80::a+en1]. 127 A SHOULD contain only ASCII characters classified as 128 "unreserved" for use in URIs [RFC3986]. This excludes characters 129 such as "]" or even "%" that would complicate parsing. However, the 130 syntax described below does allow such characters to be percent- 131 encoded, for compatibility with existing devices that use them. 133 If an operating system uses any other characters in zone or interface 134 identifiers that are not in the "unreserved" character set, they MUST 135 be represented using percent encoding [RFC3986]. 137 We now present the necessary formal syntax. 139 The URI syntax specification [RFC3986] formally defined the IPv6 140 literal format in ABNF [RFC5234] by the following rule: 142 IP-literal = "[" ( IPv6address / IPvFuture ) "]" 144 To provide support for a zone identifier, the existing syntax of 145 IPv6address is retained, and a zone identifier may be added 146 optionally to any literal address. This syntax allows flexibility 147 for unknown future uses. The rule quoted above from the previous URI 148 syntax specification [RFC3986] is replaced by three rules: 150 IP-literal = "[" ( IPv6address / IPvFuture / 151 "v1." IPv6address "+" ZoneID ) "]" 153 ZoneID = 1*( unreserved / pct-encoded ) 155 This syntax fills the gap that is described at the end of 156 Section 11.7 of the IPv6 Scoped Address Architecture specification 157 [RFC4007]. 159 The established rules for textual representation of IPv6 addresses 160 [RFC5952] SHOULD be applied in producing URIs. 162 The URI syntax specification [RFC3986] states that URIs have a global 163 scope, but that in some cases their interpretation depends on the 164 end-user's context. URIs including a ZoneID are to be interpreted 165 only in the context of the host at which they originate, since the 166 ZoneID is of local significance only. 168 The IPv6 Scoped Address Architecture specification [RFC4007] offers 169 guidance on how the ZoneID affects interface/address selection inside 170 the IPv6 stack. Note that the behaviour of an IPv6 stack, if it is 171 passed a non-null zone index for an address other than link-local, is 172 undefined. 174 3. HTTP Requirements 176 The Hypertext Transfer Protocol -- HTTP/1.1 [RFC2616] requires the 177 client to supply the host and URI used to access the server. While a 178 ZoneID is only significant to the HTTP client, many HTTP server 179 solutions, including IPP [RFC2911], generate absolute URIs to server- 180 resident resources in response to a client's request. If the 181 client's ZoneID is not sent to the server, the server will not be 182 able to provide absolute URIs that can be directly used by the 183 client. However, the server cannot use the provided ZoneID for any 184 local address comparisons since the client and server likely have 185 different ZoneID's for the same IPv6 link-local address. 187 HTTP clients SHOULD include the client-specific ZoneID in the HTTP 188 Host: header and (if applicable) the HTTP Request-URI. 190 HTTP servers MUST support Host: and Request-URI values containing 191 client-specific ZoneID's, MUST use the full address (including 192 ZoneID) when generating absolute URIs for a response to the client, 193 and MUST NOT use the ZoneID in any local (server) address 194 comparisons. 196 4. Security Consideration 198 The security considerations from the URI syntax specification 199 [RFC3986] and the IPv6 Scoped Address Architecture specification 200 [RFC4007] apply. In particular, this URI format creates a specific 201 pathway by which a deceitful zone index might be communicated, as 202 mentioned in the final security consideration of the Scoped Address 203 Architecture specification. It is emphasised that the format is 204 intended only for local access purposes, but of course this intention 205 does not prevent misuse. 207 To limit this risk, implementations MUST NOT allow use of this format 208 except for well-defined usages, such as sending to link-local 209 addresses under prefix fe80::/10. At the time of writing, this is 210 the only well-defined usage known. 212 5. References 214 5.1. Normative References 216 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 217 Requirement Levels", BCP 14, RFC 2119, March 1997. 219 [RFC2616] Fielding, R., Gettys, J., Mogul, J., Frystyk, H., 220 Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext 221 Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999. 223 [RFC2911] Hastings, T., Herriot, R., deBry, R., Isaacson, S., and P. 224 Powell, "Internet Printing Protocol/1.1: Model and 225 Semantics", RFC 2911, September 2000. 227 [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform 228 Resource Identifier (URI): Generic Syntax", STD 66, RFC 229 3986, January 2005. 231 [RFC4007] Deering, S., Haberman, B., Jinmei, T., Nordmark, E., and 232 B. Zill, "IPv6 Scoped Address Architecture", RFC 4007, 233 March 2005. 235 [RFC5234] Crocker, D. and P. Overell, "Augmented BNF for Syntax 236 Specifications: ABNF", STD 68, RFC 5234, January 2008. 238 [RFC5952] Kawamura, S. and M. Kawashima, "A Recommendation for IPv6 239 Address Text Representation", RFC 5952, August 2010. 241 5.2. Informative References 243 [CUPS] Sweet, M., "CUPS software", October 2005. 245 [LITERAL-ZONE] 246 Fenner, B. and M. Duerst, "A Format for IPv6 Scope Zone 247 Identifiers in Literal URIs", October 2005. 249 [RFC3493] Gilligan, R., Thomson, S., Bound, J., McCann, J., and W. 250 Stevens, "Basic Socket Interface Extensions for IPv6", RFC 251 3493, February 2003. 253 [RFC4001] Daniele, M., Haberman, B., Routhier, S., and J. 254 Schoenwaelder, "Textual Conventions for Internet Network 255 Addresses", RFC 4001, February 2005. 257 [RFC6874] Carpenter, B., Cheshire, S., and R. Hinden, "Representing 258 IPv6 Zone Identifiers in Address Literals and Uniform 259 Resource Identifiers", RFC 6874, February 2013. 261 Appendix A. Change History 263 [ RFC Editor: This section to be deleted before RFC publication ] 265 November 22, 2013 - draft-sweet-uri-zoneid-01 267 o Changed to informative draft to document what CUPS has been using 268 since 2005. 270 o Section 1: Rewritten to document the two incompatible syntaxes. 272 o Section 2: Dropped 6874 syntax and added the v1. syntax to the 273 main address rule. 275 o Section 3: Changed to HTTP Requirements, explained why this is 276 necessary, provided conformance requirements. 278 o Section 4: Cleaned up now that we are no longer obsoleting 6874. 280 o Deleted unused sections/appendices 282 August 27, 2013 - draft-sweet-uri-zoneid-00 284 [ Changes are from published RFC 6874 text ] 285 o Abstract: Added editor's note explaining why we need to update RFC 286 6874 288 o Section 1: Update to talk about having two formats. 290 o Section 2: Provide example and define IPvFuture format as an 291 alternate, RFC 3986-compatible encoding. 293 o Section 3: Reword to encourage browsers to retain the ZoneID as an 294 aid for getting usable server-generated URIs. 296 o Section 4: Change conformance to MUST NOT remove ZoneID. 298 o Section 6.2: Add reference to CUPS. 300 o Appendix A: Put the IPvFuture example at the end, make it match 301 the correct IPvFuture format, and note it at the alternate syntax. 303 Author's Address 305 Michael Sweet (editor) 306 Apple Inc. 307 1 Infinite Loop 308 Cupertino, California 95014 309 United States 311 Email: msweet@apple.com