idnits 2.17.1 draft-xia-dhc-host-gen-id-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** It looks like you're using RFC 3978 boilerplate. You should update this to the boilerplate described in the IETF Trust License Policy document (see https://trustee.ietf.org/license-info), which is required now. -- Found old boilerplate from RFC 3978, Section 5.1 on line 15. -- Found old boilerplate from RFC 3978, Section 5.5, updated by RFC 4748 on line 428. -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 439. -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 446. -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 452. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust Copyright Line does not match the current year -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (February 15, 2008) is 5886 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 3315 (Obsoleted by RFC 8415) ** Obsolete normative reference: RFC 3633 (Obsoleted by RFC 8415) ** Obsolete normative reference: RFC 4941 (Obsoleted by RFC 8981) Summary: 4 errors (**), 0 flaws (~~), 2 warnings (==), 7 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group F. Xia 3 Internet-Draft B. Sarikaya 4 Expires: August 18, 2008 Huawei USA 5 February 15, 2008 7 Usage of Host Generating Interface Identifier in DHCPv6 8 draft-xia-dhc-host-gen-id-00.txt 10 Status of this Memo 12 By submitting this Internet-Draft, each author represents that any 13 applicable patent or other IPR claims of which he or she is aware 14 have been or will be disclosed, and any of which he or she becomes 15 aware will be disclosed, in accordance with Section 6 of BCP 79. 17 Internet-Drafts are working documents of the Internet Engineering 18 Task Force (IETF), its areas, and its working groups. Note that 19 other groups may also distribute working documents as Internet- 20 Drafts. 22 Internet-Drafts are draft documents valid for a maximum of six months 23 and may be updated, replaced, or obsoleted by other documents at any 24 time. It is inappropriate to use Internet-Drafts as reference 25 material or to cite them other than as "work in progress." 27 The list of current Internet-Drafts can be accessed at 28 http://www.ietf.org/ietf/1id-abstracts.txt. 30 The list of Internet-Draft Shadow Directories can be accessed at 31 http://www.ietf.org/shadow.html. 33 This Internet-Draft will expire on August 18, 2008. 35 Copyright Notice 37 Copyright (C) The IETF Trust (2008). 39 Abstract 41 This document describes a procedure for configuring a host's IPv6 42 address which prefix is allocated from a DHCPv6 server while it's 43 interface identifier is independently generated by the host. The 44 method is applicable to Cryptographically Generated Addresses (CGA). 46 Table of Contents 48 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 49 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 50 3. Address Auto-configuration in SEND . . . . . . . . . . . . . . 4 51 4. DHCPv6 Operation . . . . . . . . . . . . . . . . . . . . . . . 5 52 5. DHCPv6 Options . . . . . . . . . . . . . . . . . . . . . . . . 6 53 5.1. Identity Association for Prefix Assignment Option . . . . 6 54 5.2. IA_PD Prefix option . . . . . . . . . . . . . . . . . . . 8 55 5.3. IA Address Validation Option . . . . . . . . . . . . . . . 8 56 6. IANA consideration . . . . . . . . . . . . . . . . . . . . . . 9 57 7. Security Considerations . . . . . . . . . . . . . . . . . . . 9 58 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 9 59 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 9 60 9.1. Normative References . . . . . . . . . . . . . . . . . . . 9 61 9.2. Informative references . . . . . . . . . . . . . . . . . . 10 62 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 11 63 Intellectual Property and Copyright Statements . . . . . . . . . . 12 65 1. Introduction 67 [RFC3315] describes the operation of address assignment by a DHCP 68 server. A client uses a Solicit message to discover DHCP servers 69 configured to assign addresses. A server sends an Advertise message 70 in response to announce the availability of the server to the client. 71 The client then uses a Request message to request addresses. The 72 server then returns addresses in a Reply message. The operation 73 assumes that the server is responsible for the assignment of an 74 integral address which include prefix and interface identifier parts 75 as described in [RFC4291]. 77 [RFC3633] defines Prefix Delegation options providing a mechanism for 78 automated delegation of IPv6 prefixes using the DHCPv6. This 79 mechanism is intended for delegating a long- lived prefix from a 80 delegating router to a requesting router. The practice of separating 81 prefix assignment from interface identifier assignment is only used 82 for routers not hosts. 84 The following are some scenarios in which separation of prefix and 85 interface identifier assignment is necessary. 87 o A DHCP server is incapable of generating an interface identifier 88 for a host. [RFC3972] describes a method for binding a public 89 signature key to an IPv6 address in the Secure Neighbor Discovery 90 (SEND) protocol [RFC3971]. The basic idea is to generate the 91 interface identifier (i.e., the rightmost 64 bits) of the IPv6 92 address by computing a cryptographic hash of the public key. That 93 is, the host decides it's interface identifier. 95 o A prefix is sufficient to identify a host. [RFC4968] provides 96 different IPv6 link models that are suitable for 802.16 based 97 networks and a point-to- point link model is recommended. Also, 98 3GPP and 3GPP2 have earlier adopted the point-to-point link model 99 based on the recommendations in [RFC3314]. In this model, one 100 prefix can only be assigned to one interface of a host (mobile 101 station) and different hosts (mobile stations) can't share a 102 prefix. The unique prefix can be used to identify the host. It 103 is not necessary for a DHCP server to generate an interface 104 identifier for the host. 106 A usage of DHCPv6 is proposed in the document to facilitate 107 separation of prefix and interface identifier assignment. A host's 108 IPv6 address prefix is allocated from a DHCPv6 server while interface 109 identifier is independently generated by the host. 111 2. Terminology 113 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 114 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 115 document are to be interpreted as described in [RFC2119]. 117 The terminology in this document is based on the definitions in 118 [RFC3315], in addition to the ones specified in this section 120 Derivative Prefix: A prefix is derived from another prefix. For 121 example, a /64 prefix is derived from a /48 prefix, that is, the 122 /64 prefix has the same leftmost 48 bits with the /48 prefix. 124 Authorized Prefix: A specific router is given a specific set of 125 subnet prefixes to advertise; other routers have an authorization 126 to advertise other subnet prefixes. In [RFC3971],Certification 127 Path Advertisement message is used to convey authorized prefixes. 129 3. Address Auto-configuration in SEND 131 Router Advertisements in [RFC4861] allow routers to inform hosts how 132 to perform Address Auto-configuration. For example, routers can 133 specify whether hosts should use DHCPv6 and/or stateless address 134 configuration. In Router Advertisement message, M and O bits are 135 used for indication of address auto-configuration mode. 137 Whatever address auto-configuration mode a host uses, the following 138 two parts are necessary for the host to formulate it's IPv6 address. 139 o A prefix part. In [RFC3971], Certification Path Solicitation and 140 Certification Path Advertisement messages are designed for 141 verifying routers being authorized to act as routers. 142 Certification Path Advertisement message can also be used to 143 verify that routers are authorized to advertise a certain set of 144 subnet prefixes. In stateless auto-configuration mode, the 145 prefixes in Router Advertisement message should be a subset of 146 authorized prefixes, or derivative prefixes from authorized 147 prefixes. In the stateful auto-configuration mode, Section 4 148 illustrates a procedure for prefix allocation from a DHCPv6 149 server. 150 o An interface identifier. The basic idea of [RFC3972] is to 151 generate the interface identifier (i.e., the rightmost 64 bits) of 152 the IPv6 address by computing a cryptographic hash of a public key 153 of a host. The host is responsible for interface identifier 154 generation. 156 4. DHCPv6 Operation 158 Figure 1 shows the operation of separating prefix assignment and 159 interface identifier generation using DHCPv6. 161 +------------+ +-----------+ 162 |Host(Client)| |DHCP Server| 163 +------------+ +-----------+ 164 | | 165 | | 166 | | 167 | 1 Solicit | 168 |---------------------> | 169 | | 170 | 2 Advertise | 171 |<--------------------- | 172 | | 173 | | 174 3 Combination of Prefix | 175 and Interface Identifier | 176 | | 177 | | 178 | 4 Request | 179 |---------------------> | 180 | | 181 | 5 Reply | 182 |<--------------------- | 183 | | 184 | | 186 Figure 1: DHCPv6 Operation 188 1. A host uses a Solicit message to discover DHCP servers configured 189 to assign prefixes for the host. Identity Association for Prefix 190 Delegation Option (IA_PD) is defined in [RFC3633] for prefix 191 delegation between a requesting router and delegating router. 192 Referring to the definition, we design Identity Association for 193 Prefix Assignment Option (IA-PA) in Section 5.1 for prefix 194 assignment from a DHCPv6 server to a host. The host uses hints 195 for prefix assignment preference. In CGA scenario, the hints are 196 authorized prefixes advertised by an authorized router through 197 Certification Path Advertisement defined in [RFC3971]. 198 2. Based on the hints, the DHCP server assigns one or more prefixes 199 to the host. In CGA scenario, the assigned prefixes SHOULD be a 200 subset of the authorized prefixes or derivative prefixes of the 201 authorized prefixes. Identity Association for Prefix Assignment 202 Option in Section 5.1 is used for conveying the assigned 203 prefixes. If there is not a proper prefix available, a status- 204 code is returned to the host and the procedure is terminated. 205 3. The host generates an interface identifier and formulates a 206 combined IPv6 address by concatenating the assigned prefix and 207 the self-generated interface identifier. There are many ways to 208 generate interface identifier. [RFC3972] defines a method to 209 generate the interface identifier by computing a cryptographic 210 hash of a public key of the host. [RFC4941] describes another 211 way in which interface identifier is derived from IEEE 802 212 addresses. An interface identifier could even be generated via 213 random number generation. 214 4. The host sends a Request message for confirming usage of the 215 combined address. An IA Address Validation option defined in 216 Section 5.3 SHOULD be included to convey the combined address. 217 5. The DHCP server SHOULD verify the uniqueness of the combined IP 218 address, and send Reply with IA Address Validation option to 219 grant the usage of the combined address. Otherwise, a status 220 code is included in the replied IA Address Validation option to 221 deny the usage of the combined address. 223 5. DHCPv6 Options 225 In this section, two new options are defined, Identity Association 226 for Prefix Assignment Option and IA Address Validation Option. At 227 the same time, we extend the usage of an existing option, IA_PD 228 Prefix option. 230 5.1. Identity Association for Prefix Assignment Option 232 The IA_PA option is used to carry a prefix assignment identity 233 association, the parameters associated with the IA_PA and the 234 prefixes associated with it. 236 The format of the IA_PA option is: 238 0 1 2 3 239 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 240 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 241 | OPTION_IA_PA | option-length | 242 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 243 | IAID (4 octets) | 244 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 245 | T1 | 246 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 247 | T2 | 248 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 249 . . 250 . IA_PA-options . 251 . . 252 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 253 option-code: OPTION_IA_PA (TDB by IANA) 255 option-length: 12 + length of IA_PA-options field. 257 IAID: The unique identifier for this IA_PA; the IAID must 258 be unique among the identifiers for all of this 259 host's IA_PAs. 261 T1: The time at which the host should 262 contact the DHCPv6 server from which the 263 prefixes in the IA_PA were obtained to extend the 264 lifetimes of the prefixes assigned to the IA_PA; 265 T1 is a time duration relative to the current time 266 expressed in units of seconds. 268 T2: The time at which the host should 269 contact any available DHCPv6 server to extend 270 the lifetimes of the prefixes assigned to the 271 IA_PA; T2 is a time duration relative to the 272 current time expressed in units of seconds. 274 IA_PA-options: Options associated with this IA_PA. 276 The details of the fields are similar to the IA_PD option description 277 in [RFC3633]. The difference is here a DHCP server and a host 278 involved, while a delegating router and requesting router involved in 279 [RFC3633]. 281 5.2. IA_PD Prefix option 283 IA_PD Prefix option in [RFC3633] is reused here. Originally the 284 option is used for conveying prefix information between a delegating 285 router and a requesting router. Here the IA_PD Prefix option is used 286 to specify IPv6 address prefixes associated with an IA_PA in 287 Section 5.1. The IA_PD Prefix option must be encapsulated in the 288 IA_PA-options field of an IA_PA option. 290 5.3. IA Address Validation Option 292 The IA Address Validation option must be encapsulated in the Options 293 field of an IA_NA or IA_TA option. IA_NA and IA_TA are described in 294 [RFC3315]. A host sends this option to a DHCP server for validating 295 the usage of an address in the option. 297 0 1 2 3 298 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 299 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 300 | OPTION_IAADDR_VAL | option-len | 301 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 302 | | 303 | IPv6 address | 304 | | 305 | | 306 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 307 | preferred-lifetime | 308 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 309 | valid-lifetime | 310 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 311 . . 312 . IAaddr-options . 313 . . 314 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 316 option-code OPTION_IAADDR_VAL(TDB by IANA) 318 option-len 24 + length of IAaddr-options field. 320 IPv6 address An IPv6 address. 322 preferred-lifetime The preferred lifetime for the IPv6 address in 323 the option, expressed in units of seconds. 325 valid-lifetime The valid lifetime for the IPv6 address in the 326 option, expressed in units of seconds. 328 IAaddr-options Options associated with this address. 330 The status of any operations involving this IA Address Validation is 331 indicated in a Status Code option in the IAaddr-options field. The 332 details of the fields are the same as the description in [RFC3315]. 334 6. IANA consideration 336 The value of OPTION_IA_PA and OPTION_IAADDR_VAL should assigned by 337 IANA. 339 A status code needs to be assgined by IANA: 341 ValdidationFailure: a DHCPv6 server can't grant the usage of an 342 address in IA Address Validation Option 344 7. Security Considerations 346 Security considerations in DHCPv6 are described in [RFC3315]. 348 To guard against attacks through prefix assignment and address 349 confirmation, a host and a DHCPv6 server SHOULD use DHCP 350 authentication as described in section "Authentication of DHCP 351 messages" of [RFC3315]. 353 8. Acknowledgements 355 9. References 357 9.1. Normative References 359 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 360 Requirement Levels", BCP 14, RFC 2119, March 1997. 362 [RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman, 363 "Neighbor Discovery for IP version 6 (IPv6)", RFC 4861, 364 September 2007. 366 [RFC3971] Arkko, J., Kempf, J., Zill, B., and P. Nikander, "SEcure 367 Neighbor Discovery (SEND)", RFC 3971, March 2005. 369 [RFC3972] Aura, T., "Cryptographically Generated Addresses (CGA)", 370 RFC 3972, March 2005. 372 [RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., 373 and M. Carney, "Dynamic Host Configuration Protocol for 374 IPv6 (DHCPv6)", RFC 3315, July 2003. 376 [RFC3633] Troan, O. and R. Droms, "IPv6 Prefix Options for Dynamic 377 Host Configuration Protocol (DHCP) version 6", RFC 3633, 378 December 2003. 380 [RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing 381 Architecture", RFC 4291, February 2006. 383 [RFC4941] Narten, T., Draves, R., and S. Krishnan, "Privacy 384 Extensions for Stateless Address Autoconfiguration in 385 IPv6", RFC 4941, September 2007. 387 9.2. Informative references 389 [RFC4968] Madanapalli, S., "Analysis of IPv6 Link Models for 802.16 390 Based Networks", RFC 4968, August 2007. 392 [RFC3314] Wasserman, M., "Recommendations for IPv6 in Third 393 Generation Partnership Project (3GPP) Standards", 394 RFC 3314, September 2002. 396 Authors' Addresses 398 Frank Xia 399 Huawei USA 400 1700 Alma Dr. Suite 500 401 Plano, TX 75075 403 Phone: +1 972-509-5599 404 Email: xiayangsong@huawei.com 406 Behcet Sarikaya 407 Huawei USA 408 1700 Alma Dr. Suite 500 409 Plano, TX 75075 411 Phone: +1 972-509-5599 412 Email: sarikaya@ieee.org 414 Full Copyright Statement 416 Copyright (C) The IETF Trust (2008). 418 This document is subject to the rights, licenses and restrictions 419 contained in BCP 78, and except as set forth therein, the authors 420 retain all their rights. 422 This document and the information contained herein are provided on an 423 "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS 424 OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND 425 THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS 426 OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF 427 THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED 428 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 430 Intellectual Property 432 The IETF takes no position regarding the validity or scope of any 433 Intellectual Property Rights or other rights that might be claimed to 434 pertain to the implementation or use of the technology described in 435 this document or the extent to which any license under such rights 436 might or might not be available; nor does it represent that it has 437 made any independent effort to identify any such rights. Information 438 on the procedures with respect to rights in RFC documents can be 439 found in BCP 78 and BCP 79. 441 Copies of IPR disclosures made to the IETF Secretariat and any 442 assurances of licenses to be made available, or the result of an 443 attempt made to obtain a general license or permission for the use of 444 such proprietary rights by implementers or users of this 445 specification can be obtained from the IETF on-line IPR repository at 446 http://www.ietf.org/ipr. 448 The IETF invites any interested party to bring to its attention any 449 copyrights, patents or patent applications, or other proprietary 450 rights that may cover technology that may be required to implement 451 this standard. Please address the information to the IETF at 452 ietf-ipr@ietf.org. 454 Acknowledgment 456 Funding for the RFC Editor function is provided by the IETF 457 Administrative Support Activity (IASA).