[Docs] [txt|pdf] [Tracker] [Email] [Nits]

Versions: 00

GEOPRIV                                                       M. Thomson
Internet-Draft                                           J. Winterbottom
Intended status: Standards Track                                  Andrew
Expires: April 16, 2007                                 October 13, 2006


                  U-NAPTR Discovery for HELD Services
                draft-thomson-geopriv-held-unaptr-00.txt

Status of this Memo

   By submitting this Internet-Draft, each author represents that any
   applicable patent or other IPR claims of which he or she is aware
   have been or will be disclosed, and any of which he or she becomes
   aware will be disclosed, in accordance with Section 6 of BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt.

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.

   This Internet-Draft will expire on April 16, 2007.

Copyright Notice

   Copyright (C) The Internet Society (2006).














Thomson & Winterbottom   Expires April 16, 2007                 [Page 1]


Internet-Draft                HELD U-NAPTR                  October 2006


Abstract

   A method is described where URI-enabled NAPTR (U-NAPTR) is applied to
   the discovery of a local Location Information Server (LIS).  This
   document defines an Application Service for a LIS, with a specific
   Application Protocol for the HTTP Enabled Location Delivery (HELD)
   protocol.  This document also discusses several solutions that enable
   this method where Network Address Translation (NAT) devices are
   employed.


Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
     1.1.  Terminology  . . . . . . . . . . . . . . . . . . . . . . .  3
   2.  U-NAPTR for LIS Discovery  . . . . . . . . . . . . . . . . . .  4
   3.  Determining the Access Network Domain Name . . . . . . . . . .  5
     3.1.  DHCP Domain Name Option  . . . . . . . . . . . . . . . . .  5
     3.2.  Reverse DNS  . . . . . . . . . . . . . . . . . . . . . . .  5
       3.2.1.  Determining an External IP Address . . . . . . . . . .  6
   4.  Security Considerations  . . . . . . . . . . . . . . . . . . .  8
   5.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . .  9
     5.1.  Registration of a Location Server Application Service
           Tag  . . . . . . . . . . . . . . . . . . . . . . . . . . .  9
     5.2.  Registration of a Location Server Application Protocol
           Tag  . . . . . . . . . . . . . . . . . . . . . . . . . . .  9
   6.  References . . . . . . . . . . . . . . . . . . . . . . . . . . 10
     6.1.  Normative References . . . . . . . . . . . . . . . . . . . 10
     6.2.  Informative References . . . . . . . . . . . . . . . . . . 10
   Appendix A.  Acknowledgements  . . . . . . . . . . . . . . . . . . 12
   Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 13
   Intellectual Property and Copyright Statements . . . . . . . . . . 14



















Thomson & Winterbottom   Expires April 16, 2007                 [Page 2]


Internet-Draft                HELD U-NAPTR                  October 2006


1.  Introduction

   Discovering a Location Information Server (LIS) is an important part
   of the location acquisition process.  Discovery is used to establish
   a relationship between a LIS and its client.  This document describes
   a method where the client uses the DNS to discover a URI for a LIS.

   Unlike protocols that use TCP or UDP directly, HELD is built on a
   higher layer protocol, which means that a LIS server requires more
   specific identification that a hostname or hostname/port.  URI-
   enabled NAPTR (U-NAPTR) [I-D.daigle-unaptr] describes a
   straightforward method of applying the Dynamic Delegation Discovery
   Service (DDDS) for URI results.

   This document describes how U-NAPTR resolution can be used to
   discover the LIS URI.  For this DDDS application, an Application
   Service tag "LIS" and an Application Protocol tag "HELD" are created
   and registered with the IANA.  Taking a domain name, this U-NAPTR
   application uses the two tags to determine the LIS URI.

   Determining the domain name to be used is a critical part of the
   resolution process.  The second part of this document describes how a
   domain name can be derived.  Several methods are described that
   address different scenarios.

1.1.  Terminology

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [RFC2119].

   This document uses the terms "access network" to refer to the network
   that a host connects to for Internet access.  The "access network
   provider" is the entity that operates the access network.  The access
   network provider is responsible for allocating the host an IP address
   and for directly or indirectly providing a LIS service.















Thomson & Winterbottom   Expires April 16, 2007                 [Page 3]


Internet-Draft                HELD U-NAPTR                  October 2006


2.  U-NAPTR for LIS Discovery

   U-NAPTR resolution for a LIS takes a domain name as input and
   produces a URI that identifies the LIS.  This process also requires
   an Application Service tag and an Application Protocol tag, which
   differentiate LIS-related NAPTR records from other records for that
   domain.

   Section 5.1 defines an Application Service tag of "LIS", which is
   used to identify the location service for a particular domain.  The
   Application Protocol tag "HELD", defined in Section 5.2, is used to
   identify a LIS that understands the HELD protocol
   [I-D.winterbottom-http-location-delivery].

   The NAPTR records in the following example demonstrate the use of the
   Application Service and Protocol tags.  Iterative NAPTR resolution is
   used to delegate responsibility for the LIS service from
   "zonea.example.com" and "zoneb.example.com" to "example.com".

      zonea.example.com.
      ;;       order pref flags
      IN NAPTR 100   10   ""  "LIS:HELD" (         ; service
          ""                                       ; regex
          example.com.                             ; replacement
          )
      zoneb.example.com.
      ;;       order pref flags
      IN NAPTR 100   10   ""  "LIS:HELD" (         ; service
          ""                                       ; regex
          example.com.                             ; replacement
          )
      example.com.
      ;;       order pref flags
      IN NAPTR 100   10   "u"  "LIS:HELD" (        ; service
          "!*.!https://lis.example.com/!"          ; regex
          .                                        ; replacement
          )


   Details for the "LIS" Application Service tag and the "HELD"
   Application Protocol tag are included in Section 5.










Thomson & Winterbottom   Expires April 16, 2007                 [Page 4]


Internet-Draft                HELD U-NAPTR                  October 2006


3.  Determining the Access Network Domain Name

   The U-NAPTR discovery method described in Section 2 requires that the
   domain name applicable to the access network is known.  An
   unconfigured host might not have this information, therefore it must
   determine this value before the U-NAPTR method can be attempted.

   This section describes several methods for discovering a domain name
   for the local access network.  Each method should be attempted where
   applicable until a domain name is derived.  If a domain name is
   successfully derived but that domain name does not produce any
   U-NAPTR records, alternative methods can be attempted.  Reattempting
   with different methods is particularly applicable when NAT is used,
   as is shown in Section 3.2.1.

3.1.  DHCP Domain Name Option

   For IP version 4, Dynamic Host Configuration Protocol (DHCP) option
   15 [RFC2131] includes the domain name suffix for the host.  If DHCP
   and option 15 are available, this value should be used as input the
   U-NAPTR procedure.

   DHCP version 6 does not provide a single domain name suffix; instead
   a fully qualified domain name (FQDN) for the client is provided in
   option 39 [I-D.ietf-dhc-dhcpv6-fqdn].  The domain name used as input
   to the U-NAPTR resolution is derived from the FQDN by removing the
   first label.

   Either DHCP method SHOULD be attempted first if DHCP is available.

3.2.  Reverse DNS

   DNS "PTR" records in the "in-addr.arpa." domain can be used to
   determine the domain name of a host, and therefore, the name of the
   domain for that host.  The use of the "in-addr.arpa." domain is
   described in [RFC1034] and results in the domain name of the host.
   Likewise, IPv6 hosts use the "ip6.arpa." domain.  In the majority of
   cases, the domain part of this name (everything excluding the first
   label) is also the domain name for the access network.  Assuming that
   this is true, this domain name can be used as input to the U-NAPTR
   process.

   For example, if the for "10.1.2.3" address, if the "PTR" record at
   "3.2.1.10.in-addr.arpa." refers to "host.example.com", this results
   in a U-NAPTR search for "example.com".

   The DNS hierarchy does not necessarily directly map onto a network
   topology (see [RFC4367]; therefore, this method MUST only be used for



Thomson & Winterbottom   Expires April 16, 2007                 [Page 5]


Internet-Draft                HELD U-NAPTR                  October 2006


   the domain name determined by removing the first label only.  This
   method assumes that the access network provider also provides the
   reverse DNS record and they control the domain that is indicated in
   the "PTR" record.

   Furthermore, this method might not apply where a host is given a
   domain name that is different from the domain name of the access
   network.  This might occur in some hosting configurations, such as
   where a number of web server hosts, with widely varying domain names,
   are co-located.  From the above example, the access network provider
   allocated "10.1.2.3" to the host; therefore, they also need to
   control the DNS domain "example.com" and the associated NAPTR
   records.  DNS Security Extensions (DNSSEC) [RFC4033] provides a
   cryptographic means of validating this association, through data
   origin authentication.

3.2.1.  Determining an External IP Address

   Reverse DNS relies on knowing the IP address of a host within the
   access domain.  Initially, this SHOULD be attempted using the IP
   address that is assigned to a local interface on the host.  However,
   when a NAT device is used, the IP address of the NAT device is
   substituted for the source IP address.  If a NAT device exists
   between the host and the access network, the host does not have any
   direct way to determine the IP address that it is effectively using
   within the access network.  The IP address of the NAT device and the
   corresponding domain name can be used to discover the LIS.

   In order to use reverse DNS in this configuration, the hosts need to
   know the IP address that the NAT device uses.  The following sections
   describe some possible methods.

   These methods are particularly useful in residential broadband
   configurations.  A large proportion of residential broadband services
   employ a NAT device so that several hosts can share the same Internet
   access.  Since the network behind the NAT device are generally very
   small, both in numbers and geographical area, it isn't necessary for
   a LIS to operate within that network; the hosts are able to access a
   LIS in the access network outside of the NAT device.

3.2.1.1.  UPnP

   If a NAT device complies with the Universal Plug and Play (UPnP)
   specification [UPnP-IGD-WANIPConnection1], the WANIPConnection part
   can be used to query the device for its public IP address.  The
   "GetExternalIPAddress" function provides the external address for a
   particular network connection.




Thomson & Winterbottom   Expires April 16, 2007                 [Page 6]


Internet-Draft                HELD U-NAPTR                  October 2006


   UPnP defines a method for discovering UPnP-enabled hosts in a
   network; the host does not need any prior configuration.

3.2.1.2.  STUN

   A host can use the Simple Traversal of UDP NATs (STUN)
   [I-D.ietf-behave-rfc3489bis] to determine a public IP address.
   "Binding Request" message and the resulting "MAPPED-ADDRESS" that is
   returned in the response.

   Using STUN requires cooperation from a publicly accessible STUN
   server.  A domain name needs to be configured at the host for STUN
   server discovery.

3.2.1.3.  Other Options

   The source IP address in any IP packet can be used to determine the
   public IP address of a host.  While the STUN method uses a small part
   of a more sophisticated protocol, this principle can be applied using
   any other protocol.  Like STUN, this method requires prior knowledge
   of the publicly accessible server and the method that it supports.

   For instance, a publicly accessible host could be configured to
   respond to a UDP packet on a predefined port; the data of the
   response could contain the source IP address that was in the request.

   Alternatively, a HTTP server at a particular URL could be configured
   to respond to a GET request with a "text/plain" body containing the
   IP address of the requester.  Note that transparent HTTP proxies
   might affect the results of this method.





















Thomson & Winterbottom   Expires April 16, 2007                 [Page 7]


Internet-Draft                HELD U-NAPTR                  October 2006


4.  Security Considerations

   The primary attack against the methods described in this document is
   one that would lead to impersonation of a LIS.  An attacker could
   attempt to compromise the U-NAPTR resolution.  A description of the
   security considerations for U-NAPTR applications is included in
   [I-D.daigle-unaptr].

   In addition to considerations related to U-NAPTR, it is important to
   recognize that the output of this is entirely dependent on its input.
   An attacker who can control the domain name can also control the
   final URI.  Because a number of methods are provided for determining
   the domain name, a host implementation needs to consider attacks
   against each of the methods that are used.

   If DHCP is used, the integrity of DHCP options is limited by the
   security of the channel over which they are provided.  Physical
   security and separation of DHCP messages from other packets are
   commonplace methods that can reduce the possibility of attack within
   an access network; alternatively, DHCP authentication [RFC3118] can
   provide a degree of protection against modification.

   Reverse DNS is subject to the maintenance of the "in-addr.arpa." or
   "ip6.arpa." domain and the integrity of the results that it provides.
   DNSSEC [RFC4033] provides some measures that can improve the
   reliability of DNS results.  In particular, DNSSEC SHOULD be applied
   to ensure that the reverse DNS record and the resulting domain are
   provided by the same entity before this method is used.  Without this
   assurance, the host cannot be certain that the access network
   provider has provided the NAPTR record for the domain name that is
   provided.

   Hosts behind NAT devices are also subject to attacks when retrieving
   their public IP address.  [I-D.ietf-behave-rfc3489bis] describes some
   means of mitigating this attack for STUN.
















Thomson & Winterbottom   Expires April 16, 2007                 [Page 8]


Internet-Draft                HELD U-NAPTR                  October 2006


5.  IANA Considerations

5.1.  Registration of a Location Server Application Service Tag

   This section registers a new S-NAPTR/U-NAPTR Application Service tag
   for a LIS, as mandated by [RFC3958].

   Application Service Tag:  LIS

   Intended usage:  Identifies a service that provides a host with its
      location information.

   Defining publication:  XXXX

   Related publications:  HELD [I-D.winterbottom-http-location-delivery]

   Contact information:  The authors of this document

   Author/Change controller:  The IESG

5.2.  Registration of a Location Server Application Protocol Tag

   This section registers a new S-NAPTR/U-NAPTR Application Protocol tag
   for the HELD [I-D.winterbottom-http-location-delivery] protocol, as
   mandated by [RFC3958].

   Application Service Tag:  HELD

   Intended Usage:  Identifies the HELD protocol.

   Applicable Service Tag(s):  LIS

   Terminal NAPTR Record Type(s):  U

   Defining Publication:  XXXX

   Related Publications:  HELD [I-D.winterbottom-http-location-delivery]

   Contact Information:  The authors of this document

   Author/Change Controller:  The IESG










Thomson & Winterbottom   Expires April 16, 2007                 [Page 9]


Internet-Draft                HELD U-NAPTR                  October 2006


6.  References

6.1.  Normative References

   [RFC1034]  Mockapetris, P., "Domain names - concepts and facilities",
              STD 13, RFC 1034, November 1987.

   [RFC2131]  Droms, R., "Dynamic Host Configuration Protocol",
              RFC 2131, March 1997.

   [I-D.daigle-unaptr]
              Daigle, L., "Domain-based Application Service Location
              Using URIs and the Dynamic  Delegation Discovery Service
              (DDDS)", draft-daigle-unaptr-00 (work in progress),
              June 2006.

   [I-D.ietf-dhc-dhcpv6-fqdn]
              Volz, B., "The DHCPv6 Client FQDN Option",
              draft-ietf-dhc-dhcpv6-fqdn-05 (work in progress),
              March 2006.

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, March 1997.

6.2.  Informative References

   [RFC3118]  Droms, R. and W. Arbaugh, "Authentication for DHCP
              Messages", RFC 3118, June 2001.

   [RFC3958]  Daigle, L. and A. Newton, "Domain-Based Application
              Service Location Using SRV RRs and the Dynamic Delegation
              Discovery Service (DDDS)", RFC 3958, January 2005.

   [RFC4033]  Arends, R., Austein, R., Larson, M., Massey, D., and S.
              Rose, "DNS Security Introduction and Requirements",
              RFC 4033, March 2005.

   [RFC4367]  Rosenberg, J. and IAB, "What's in a Name: False
              Assumptions about DNS Names", RFC 4367, February 2006.

   [I-D.ietf-behave-rfc3489bis]
              Rosenberg, J., "Simple Traversal Underneath Network
              Address Translators (NAT) (STUN)",
              draft-ietf-behave-rfc3489bis-04 (work in progress),
              July 2006.

   [I-D.winterbottom-http-location-delivery]
              Winterbottom, J., "HTTP Enabled Location Delivery (HELD)",



Thomson & Winterbottom   Expires April 16, 2007                [Page 10]


Internet-Draft                HELD U-NAPTR                  October 2006


              draft-winterbottom-http-location-delivery-03 (work in
              progress), May 2006.

   [UPnP-IGD-WANIPConnection1]
              UPnP Forum, "Internet Gateway Device (IGD) Standardized
              Device Control Protocol V 1.0: WANIPConnection:1 Service
              Template Version 1.01 For UPnP Version 1.0", DCP 05-001,
              Nov 2001.











































Thomson & Winterbottom   Expires April 16, 2007                [Page 11]


Internet-Draft                HELD U-NAPTR                  October 2006


Appendix A.  Acknowledgements

   The authors would like to thank Leslie Daigle for her work on
   U-NAPTR; Peter Koch for his feedback on the DNS aspects of this
   document; and ...














































Thomson & Winterbottom   Expires April 16, 2007                [Page 12]


Internet-Draft                HELD U-NAPTR                  October 2006


Authors' Addresses

   Martin Thomson
   Andrew
   PO Box U40
   Wollongong University Campus, NSW  2500
   AU

   Phone: +61 2 4221 2915
   Email: martin.thomson@andrew.com
   URI:   http://www.andrew.com/


   James Winterbottom
   Andrew
   PO Box U40
   Wollongong University Campus, NSW  2500
   AU

   Phone: +61 2 4221 2938
   Email: james.winterbottom@andrew.com
   URI:   http://www.andrew.com/





























Thomson & Winterbottom   Expires April 16, 2007                [Page 13]


Internet-Draft                HELD U-NAPTR                  October 2006


Full Copyright Statement

   Copyright (C) The Internet Society (2006).

   This document is subject to the rights, licenses and restrictions
   contained in BCP 78, and except as set forth therein, the authors
   retain all their rights.

   This document and the information contained herein are provided on an
   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
   ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
   INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
   INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.


Intellectual Property

   The IETF takes no position regarding the validity or scope of any
   Intellectual Property Rights or other rights that might be claimed to
   pertain to the implementation or use of the technology described in
   this document or the extent to which any license under such rights
   might or might not be available; nor does it represent that it has
   made any independent effort to identify any such rights.  Information
   on the procedures with respect to rights in RFC documents can be
   found in BCP 78 and BCP 79.

   Copies of IPR disclosures made to the IETF Secretariat and any
   assurances of licenses to be made available, or the result of an
   attempt made to obtain a general license or permission for the use of
   such proprietary rights by implementers or users of this
   specification can be obtained from the IETF on-line IPR repository at
   http://www.ietf.org/ipr.

   The IETF invites any interested party to bring to its attention any
   copyrights, patents or patent applications, or other proprietary
   rights that may cover technology that may be required to implement
   this standard.  Please address the information to the IETF at
   ietf-ipr@ietf.org.


Acknowledgment

   Funding for the RFC Editor function is provided by the IETF
   Administrative Support Activity (IASA).





Thomson & Winterbottom   Expires April 16, 2007                [Page 14]


Html markup produced by rfcmarkup 1.122, available from https://tools.ietf.org/tools/rfcmarkup/