[Docs] [txt|pdf] [Tracker] [WG] [Email] [Nits]

Versions: 00 01 02 03 04 05 RFC 5192

Internet Engineering Task Force                                 S. Kumar
Internet-Draft                         Samsung India Software Operations
Expires: April 9, 2006                                         L. Morand
                                                      France Telecom R&D
                                                                A. Yegin
                                           Samsung Advanced Institute of
                                                              Technology
                                                          S. Madanapalli
                                       Samsung India Software Operations
                                                         October 6, 2005


              DHCPv4 option for PANA Authentication Agents
                    draft-ietf-dhc-paa-option-00.txt

Status of this Memo

   By submitting this Internet-Draft, each author represents that any
   applicable patent or other IPR claims of which he or she is aware
   have been or will be disclosed, and any of which he or she becomes
   aware will be disclosed, in accordance with Section 6 of BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt.

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.

   This Internet-Draft will expire on April 9, 2006.

Copyright Notice

   Copyright (C) The Internet Society (2005).

Abstract

   This document defines a new Dynamic Host Configuration Protocol
   version 4 (DHCPv4) option that contains a list of domain names or



Kumar, et al.             Expires April 9, 2006                 [Page 1]

Internet-Draft              DHCPv4 PAA Option               October 2005


   IPv4 addresses that can be mapped to one or more of PANA
   Authentication Agents (PAA).  This is one of the many methods that a
   PANA Client (PaC) can use to locate PANA Authentication Agents (PAA).


Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
   2.  Terminology  . . . . . . . . . . . . . . . . . . . . . . . . .  4
   3.  Requirements . . . . . . . . . . . . . . . . . . . . . . . . .  5
   4.  DHCPv4 specification dependency  . . . . . . . . . . . . . . .  6
   5.  PANA Authentication Agent DHCPv4 Option  . . . . . . . . . . .  7
     5.1.  PANA Authentication Agent Domain Name List . . . . . . . .  7
     5.2.  PANA Authentication Agent IPv4 Address List  . . . . . . .  8
   6.  Client Operation . . . . . . . . . . . . . . . . . . . . . . . 10
   7.  DHCPv4 Server Operation  . . . . . . . . . . . . . . . . . . . 11
   8.  Security Considerations  . . . . . . . . . . . . . . . . . . . 12
   9.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . . 13
   10. Future Work  . . . . . . . . . . . . . . . . . . . . . . . . . 14
   11. Normative References . . . . . . . . . . . . . . . . . . . . . 14
   Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 15
   Intellectual Property and Copyright Statements . . . . . . . . . . 16





























Kumar, et al.             Expires April 9, 2006                 [Page 2]

Internet-Draft              DHCPv4 PAA Option               October 2005


1.  Introduction

   The Protocol for carrying Authentication for Network Access (PANA)
   [1] defines a new Extensible Authentication Protocol (EAP) lower
   layer that uses IP between the protocol end points.

   The PANA protocol is run between a PANA Client (PaC) and a PANA
   Authentication Agent (PAA) in order to perform authentication and
   authorization for the network access service.

   This document specifies a new DHCPv4 option [2] that allows PANA
   client (PaC) to discover PANA Authentication Agents (PAA).  This is
   one of the many methods for locating PAAs: manual configuration is an
   example of another one.





































Kumar, et al.             Expires April 9, 2006                 [Page 3]

Internet-Draft              DHCPv4 PAA Option               October 2005


2.  Terminology

   This document uses the PANA terminology defined in [1].

   This document uses the DHCP terminology defined in [2] and [3].














































Kumar, et al.             Expires April 9, 2006                 [Page 4]

Internet-Draft              DHCPv4 PAA Option               October 2005


3.  Requirements

   The keywords MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD,
   SHOULD NOT, RECOMMENDED, MAY, and OPTIONAL, when they appear in this
   document, are to be interpreted as described in [4].














































Kumar, et al.             Expires April 9, 2006                 [Page 5]

Internet-Draft              DHCPv4 PAA Option               October 2005


4.  DHCPv4 specification dependency

   This document describes a new DHCPv4 option for obtaining a list of
   domain names or IPv4 addresses to locate a PANA Authentication Agent.
   This document should be read in conjunction with the DHCPv4
   specifications [2] and [3].

   Definitions for terms and acronyms not specifically defined in this
   document are defined in [2] and [3].










































Kumar, et al.             Expires April 9, 2006                 [Page 6]

Internet-Draft              DHCPv4 PAA Option               October 2005


5.  PANA Authentication Agent DHCPv4 Option

   This document defines a DHCPv4 option that carries either a 32-bit
   (binary) IPv4 address list or, preferably, a domain name list to be
   used by the PANA client to locate a PANA authentication Agent.

   The option has two encodings, specified by the encoding byte ('enc')
   that follows the code byte.  If the encoding byte has the value 0, it
   is followed by a list of domain names, as described below (Section
   5.1).  If the encoding byte has the value 1, it is followed by one or
   more IPv4 addresses (Section 5.2).  All implementations MUST support
   both encodings.  The 'option-length' field indicates the total number
   of octets in the option following the 'option-length' field,
   including the encoding byte.

5.1.  PANA Authentication Agent Domain Name List

   If the 'enc' byte has a value of 0, the encoding byte is followed by
   a sequence of labels, encoded according to Section 3.1 of RFC 1035
   [5], quoted below:

      Domain names in messages are expressed in terms of a sequence of
      labels.  Each label is represented as a one octet length field
      followed by that number of octets.  Since every domain name ends
      with the null label of the root, a domain name is terminated by a
      length byte of zero.  The high order two bits of every length
      octet must be zero, and the remaining six bits of the length field
      limit the label to 63 octets or less.  To simplify
      implementations, the total length of a domain name (i.e., label
      octets and label length octets) is restricted to 255 octets or
      less.

   RFC 1035 encoding was chosen to accommodate future internationalized
   domain name mechanisms.

   The option MAY contain multiple domain names, but these SHOULD refer
   to different NAPTR records, rather than different A records.  Domain
   names MUST be listed in order of preference.

   Use of multiple domain names is not meant to replace NAPTR and SRV
   records, but rather to allow a single DHCPv4 server to indicate
   multiple PANA Authentication Agents available in the same access
   network.

   Clients MUST support compression according to the encoding in Section
   4.1.4 of [5].

   If the length of the domain list exceeds the maximum permissible



Kumar, et al.             Expires April 9, 2006                 [Page 7]

Internet-Draft              DHCPv4 PAA Option               October 2005


   within a single option (254 octets), then the domain list MUST be
   represented in the DHCP message as specified in [6].

   The DHCPv4 option for this encoding has the format shown in Fig. 1.

   0                   1                   2                   3
   0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |  option-code  | option-length |      enc      |      ...
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                   PAA Domain Name List                        |
   |                              ...                              |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
           Figure 1: DHCPv4 option for PAA Domain Name List

      option-code: OPTION_PANA_AGENT(TBD)

      option-length: Number of octets following the 'option-length'
      field, including the encoding byte, in octets; variable.

      enc: Encoding byte set to 0

      PAA Domain Name List: The domain names of the PANA Authentication
      Agents for the client to use.  The domain names are encoded
      according to Section 3.1 of RFC 1035 [5].

5.2.  PANA Authentication Agent IPv4 Address List

   If the 'enc' byte has a value of 1, the encoding byte is followed by
   a list of IPv4 addresses indicating one or more PANA Authentication
   Agents available to the PANA client.  PAAs MUST be listed in order of
   preference.

   The DHCPv4 option for this encoding has the format shown in Fig. 2.

   0                   1                   2                   3
   0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |  option-code  | option-length |      enc      |      ...
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |              PAA IP Address                   |       ...
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
           Figure 2: DHCPv4 option for PAA IPv4 Address List

      option-code: OPTION_PANA_AGENT(TBD)

      option-length: Number of octets following the 'option-length'
      field, including the encoding byte in octets; Must be a multiple



Kumar, et al.             Expires April 9, 2006                 [Page 8]

Internet-Draft              DHCPv4 PAA Option               October 2005


      of 4 plus one.

      enc: Encoding byte set to 1

      PAA IP Address: IPv4 address of a PAA for the PaC to use.  The
      PAAs are listed in the order of preference for use by the PaC.













































Kumar, et al.             Expires April 9, 2006                 [Page 9]

Internet-Draft              DHCPv4 PAA Option               October 2005


6.  Client Operation

   The client requests PAA DHCPv4 Option in a Parameter Request List as
   described in [2] and [3].

   If the PAA DHCPv4 option provided in response by the DHCPv4 server
   contains multiple domain names, the client MUST try the records in
   the order listed.  The client only resolves the subsequent domain
   names if attempts to contact the first one failed or denote a domain
   administratively prohibited by client policy.

   If the PAA DHCPv4 option provided in response by the DHCPv4 server
   contains multiple IP addresses, the client MUST try the records in
   the order listed.





































Kumar, et al.             Expires April 9, 2006                [Page 10]

Internet-Draft              DHCPv4 PAA Option               October 2005


7.  DHCPv4 Server Operation

   If a DHCPv4 server is configured with both PAA domain name list and
   PAA IP address list, the DHCPv4 server should responds to the request
   with the domain name list to be used by the PANA client.

   A DHCP server MUST NOT mix the two list types (domain names and IPv4
   address) in the same DHCPv4 message, even if it sends two different
   instances of the same option.










































Kumar, et al.             Expires April 9, 2006                [Page 11]

Internet-Draft              DHCPv4 PAA Option               October 2005


8.  Security Considerations

   The security considerations in [1] and [2] apply.  If an adversary
   manages to modify the response from a DHCP server or insert its own
   response, a PANA Client could be led to contact a rogue PANA Agent,
   possibly one that then intercepts call requests or denies service.













































Kumar, et al.             Expires April 9, 2006                [Page 12]

Internet-Draft              DHCPv4 PAA Option               October 2005


9.  IANA Considerations

   IANA assignment for the following DHCPv4 option code is needed.

   Option  Name                 Value
   ----------------------------------
   OPTION_PAA_AGENT              TBD












































Kumar, et al.             Expires April 9, 2006                [Page 13]

Internet-Draft              DHCPv4 PAA Option               October 2005


10.  Future Work

      Defining similar options for DHCPv6 [7].


11.  Normative References

   [1]  Forsberg, D., Ohba, Y., Patil, B., Tschofenig, H., and A. Yegin,
        "Protocol for Carrying Authentication for Network Access (PANA),
        draft-ietf-pana-pana-08 (work in progress)", Novemeber 2005.

   [2]  Droms, R., "Dynamic Host Configuration Protocol", RFC 2131,
        March 1997.

   [3]  Alexander, S. and R. Droms, "DHCP Options and BOOTP Vendor
        Extensions", RFC 2132, March 1997.

   [4]  Bradner, S., "Key words for use in RFCs to Indicate Requirement
        Levels", BCP 14, RFC 2119, March 1997.

   [5]  Mockapetris, P., "Domain names - implementation and
        specification", STD 13, RFC 1035, November 1987.

   [6]  Lemon, T. and S. Cheshire, "Encoding Long Options in the Dynamic
        Host Configuration Protocol (DHCPv4)", RFC 3396, November 2002.

   [7]  Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., and M.
        Carney, "Dynamic Host Configuration Protocol for IPv6 (DHCPv6)",
        RFC 3315, July 2003.






















Kumar, et al.             Expires April 9, 2006                [Page 14]

Internet-Draft              DHCPv4 PAA Option               October 2005


Authors' Addresses

   Suraj Kumar
   Samsung India Software Operations
   No. 3/1 Millers Road
   Bangalore
   India

   Phone: +91 80 51197777
   Email: suraj.kumar@samsung.com


   Lionel Morand
   France Telecom R&D
   38-40 rue du general Leclerc
   Issy-les-Moulineaux, F-92130
   France

   Phone: +33 1 4529 6257
   Email: lionel.morand@francetelecom.com


   Alper E. Yegin
   Samsung Advanced Institute of Technology
   75 West Plumeria Drive
   San Jose, CA  95134
   USA

   Phone: +1 408 544 5656
   Email: alper.yegin@samsung.com


   Syam Madanapalli
   Samsung India Software Operations
   No. 3/1 Millers Road
   Bangalore
   India

   Phone: +91 80 51197777
   Email: syam@samsung.com











Kumar, et al.             Expires April 9, 2006                [Page 15]

Internet-Draft              DHCPv4 PAA Option               October 2005


Intellectual Property Statement

   The IETF takes no position regarding the validity or scope of any
   Intellectual Property Rights or other rights that might be claimed to
   pertain to the implementation or use of the technology described in
   this document or the extent to which any license under such rights
   might or might not be available; nor does it represent that it has
   made any independent effort to identify any such rights.  Information
   on the procedures with respect to rights in RFC documents can be
   found in BCP 78 and BCP 79.

   Copies of IPR disclosures made to the IETF Secretariat and any
   assurances of licenses to be made available, or the result of an
   attempt made to obtain a general license or permission for the use of
   such proprietary rights by implementers or users of this
   specification can be obtained from the IETF on-line IPR repository at
   http://www.ietf.org/ipr.

   The IETF invites any interested party to bring to its attention any
   copyrights, patents or patent applications, or other proprietary
   rights that may cover technology that may be required to implement
   this standard.  Please address the information to the IETF at
   ietf-ipr@ietf.org.


Disclaimer of Validity

   This document and the information contained herein are provided on an
   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
   ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
   INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
   INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.


Copyright Statement

   Copyright (C) The Internet Society (2005).  This document is subject
   to the rights, licenses and restrictions contained in BCP 78, and
   except as set forth therein, the authors retain all their rights.


Acknowledgment

   Funding for the RFC Editor function is currently provided by the
   Internet Society.




Kumar, et al.             Expires April 9, 2006                [Page 16]


Html markup produced by rfcmarkup 1.108, available from http://tools.ietf.org/tools/rfcmarkup/