draft-ietf-geopriv-lis-discovery-06.txt   draft-ietf-geopriv-lis-discovery-07.txt 
GEOPRIV M. Thomson GEOPRIV M. Thomson
Internet-Draft J. Winterbottom Internet-Draft J. Winterbottom
Intended status: Standards Track Andrew Intended status: Standards Track Andrew
Expires: August 8, 2009 February 4, 2009 Expires: August 13, 2009 February 9, 2009
Discovering the Local Location Information Server (LIS) Discovering the Local Location Information Server (LIS)
draft-ietf-geopriv-lis-discovery-06 draft-ietf-geopriv-lis-discovery-07
Status of this Memo Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the This Internet-Draft is submitted to IETF in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet- other groups may also distribute working documents as Internet-
Drafts. Drafts.
skipping to change at page 1, line 32 skipping to change at page 1, line 32
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on August 8, 2009. This Internet-Draft will expire on August 13, 2009.
Copyright Notice Copyright Notice
Copyright (c) 2009 IETF Trust and the persons identified as the Copyright (c) 2009 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. to this document.
Abstract Abstract
A method is described for the discovery of a Location Information Discovery of the correct Location Information Server (LIS) in the
Server. The method uses a Dynamic Host Configuration Protocol (DHCP) local access network is necessary for devices that wish to acquire
option. DHCP options are defined for both IPv4 and IPv6 DHCP. A location information from the network. A method is described for the
URI-enabled NAPTR (U-NAPTR) method is described for use where the discovery of a LIS. Dynamic Host Configuration Protocol (DHCP)
DHCP option is unsuccessful. This document defines a U-NAPTR options for IP versions 4 and 6 are defined that specify a URI for a
Application Service for a LIS, with a specific Application Protocol LIS in the local access network. Additional DHCP options are
for the HTTP Enabled Location Delivery (HELD) protocol. provided that enable authentication of the indicated LIS. An
alternative method that uses URI-enabled NAPTR (U-NAPTR) is described
for use where the DHCP option is unsuccessful.
Table of Contents Table of Contents
1. Introduction and Overview . . . . . . . . . . . . . . . . . . 3 1. Introduction and Overview . . . . . . . . . . . . . . . . . . 3
1.1. DHCP Discovery . . . . . . . . . . . . . . . . . . . . . . 3 1.1. DHCP Discovery . . . . . . . . . . . . . . . . . . . . . . 3
1.2. U-NAPTR Discovery . . . . . . . . . . . . . . . . . . . . 3 1.2. U-NAPTR Discovery . . . . . . . . . . . . . . . . . . . . 3
1.3. Terminology . . . . . . . . . . . . . . . . . . . . . . . 4 1.3. Terminology . . . . . . . . . . . . . . . . . . . . . . . 4
2. LIS Discovery Using DHCP . . . . . . . . . . . . . . . . . . . 5 2. LIS Discovery Using DHCP . . . . . . . . . . . . . . . . . . . 5
2.1. DHCPv4 Option for a LIS Address . . . . . . . . . . . . . 5 2.1. DHCPv4 LIS URI Option . . . . . . . . . . . . . . . . . . 5
2.2. DHCPv6 Option for a LIS Address . . . . . . . . . . . . . 5 2.2. DHCPv6 LIS URI Option . . . . . . . . . . . . . . . . . . 5
2.3. LIS Authentication . . . . . . . . . . . . . . . . . . . . 6 2.3. LIS Authentication . . . . . . . . . . . . . . . . . . . . 6
2.3.1. DHCPv4 Option for a LIS Certificate Fingerprints . . . 7 2.3.1. DHCPv4 LIS Certificate Fingerprints Option . . . . . . 7
2.3.2. DHCPv6 Option for a LIS Certificate Fingerprints . . . 9 2.3.2. DHCPv6 LIS Certificate Fingerprints Option . . . . . . 9
3. U-NAPTR for LIS Discovery . . . . . . . . . . . . . . . . . . 10 3. U-NAPTR for LIS Discovery . . . . . . . . . . . . . . . . . . 10
3.1. Determining a Domain Name . . . . . . . . . . . . . . . . 11 3.1. Determining a Domain Name . . . . . . . . . . . . . . . . 11
4. Overall Discovery Procedure . . . . . . . . . . . . . . . . . 12 4. Overall Discovery Procedure . . . . . . . . . . . . . . . . . 12
4.1. Virtual Private Networks (VPNs) . . . . . . . . . . . . . 13 4.1. Virtual Private Networks (VPNs) . . . . . . . . . . . . . 13
5. Security Considerations . . . . . . . . . . . . . . . . . . . 14 5. Security Considerations . . . . . . . . . . . . . . . . . . . 14
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 15 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 15
6.1. Registration of DHCPv4 and DHCPv6 LIS URI Option Codes . . 15 6.1. Registration of DHCPv4 and DHCPv6 LIS URI Option Codes . . 15
6.2. Registration of DHCPv4 and DHCPv6 LIS Certificate 6.2. Registration of DHCPv4 and DHCPv6 LIS Certificate
Fingerprints Option Codes . . . . . . . . . . . . . . . . 15 Fingerprints Option Codes . . . . . . . . . . . . . . . . 15
6.3. Registration of a Location Server Application Service 6.3. Registration of a Location Server Application Service
skipping to change at page 5, line 17 skipping to change at page 5, line 17
DHCP allows the access network provider to specify the address of a DHCP allows the access network provider to specify the address of a
LIS as part of network configuration. If the device is able to LIS as part of network configuration. If the device is able to
acquire a LIS URI using DHCP then this URI is used directly; the acquire a LIS URI using DHCP then this URI is used directly; the
U-NAPTR process is not necessary if this option is provided. U-NAPTR process is not necessary if this option is provided.
This document registers DHCP options for a LIS URI for both IPv4 and This document registers DHCP options for a LIS URI for both IPv4 and
IPv6. A second option for both DHCP versions is also registered to IPv6. A second option for both DHCP versions is also registered to
convey a fingerprint of the certificate expected to be used by the convey a fingerprint of the certificate expected to be used by the
LIS. LIS.
2.1. DHCPv4 Option for a LIS Address 2.1. DHCPv4 LIS URI Option
This section defines a DHCP for IPv4 (DHCPv4) option for the address This section defines a DHCP for IPv4 (DHCPv4) option for the address
of a LIS. of a LIS.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| LIS_URI | Length | | | LIS_URI | Length | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
. . . .
. LIS URI . . LIS URI .
. . . .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 1: DHCPv4 LIS URI Option Example Figure 1: DHCPv4 LIS URI Option
LIS_URI: The IANA assigned option number (TBD). [[IANA/RFC-Editor LIS_URI: The IANA assigned option number (TBD). [[IANA/RFC-Editor
Note: Please replace TBD with the assigned DHCPv4 option code.]] Note: Please replace TBD with the assigned DHCPv4 option code.]]
Length: The length of the entire LIS URI option in octets. Length: The length of the entire LIS URI option in octets.
LIS URI: The address of the LIS. The URI MUST NOT be terminated by LIS URI: The address of the LIS. The URI MUST NOT be terminated by
a zero octet. a zero octet.
The DHCPv4 version of this URI SHOULD NOT exceed 255 octets in The DHCPv4 version of this URI SHOULD NOT exceed 255 octets in
length, but MAY be extended by concatenating multiple option length, but MAY be extended by concatenating multiple option
values, as described in [RFC3396]. values, as described in [RFC3396].
2.2. DHCPv6 Option for a LIS Address 2.2. DHCPv6 LIS URI Option
This section defines a DHCP for IPv6 (DHCPv6) option for the address This section defines a DHCP for IPv6 (DHCPv6) option for the address
of a LIS. The DHCPv6 option for this parameter is similarly of a LIS. The DHCPv6 option for this parameter is similarly
formatted to the DHCPv4 option. formatted to the DHCPv4 option.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| OPTION_LIS_URI | Length | | OPTION_LIS_URI | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
skipping to change at page 6, line 42 skipping to change at page 6, line 42
exclusively on a domain name for authentication is not appropriate exclusively on a domain name for authentication is not appropriate
for a LIS, since the domain name associated with the access network for a LIS, since the domain name associated with the access network
might not be known. Indeed, it is often inappropriate to attempt to might not be known. Indeed, it is often inappropriate to attempt to
assign any particular domain name to an access network. assign any particular domain name to an access network.
This specification defines an alternative means of establishing an This specification defines an alternative means of establishing an
expected identity for the server that uses a certificate fingerprint. expected identity for the server that uses a certificate fingerprint.
One or more fingerprints for the server certificate used by the LIS One or more fingerprints for the server certificate used by the LIS
is included in a second DHCP option. The client uses the fingerprint is included in a second DHCP option. The client uses the fingerprint
information provided by the DHCP server to authenticate the LIS when information provided by the DHCP server to authenticate the LIS when
it establishes a TLS session. it establishes a TLS session. The domain name MUST NOT be used to
authenticate the LIS if fingerprint information is provided.
A fingerprint is generated by applying a cryptographic hash function The LIS certificate fingerprints option uses a format of "sub-
to the DER-encoded certificate. The hash algorithm used for options", that allows for the inclusion of multiple fingerprint
generating the fingerprint is identified by a textual name taken from values. Each "sub-option" includes a fingerprint generated by a
the IANA registry "Hash Function Textual Names" established in different cryptographic hash algorithm. The "sub-option" code
[RFC4572]. Implementations MUST support the SHA-1 algorithm, using indicates the hash algorithm used for generating the fingerprint.
the label "sha-1". Each hash algorithm is identified by the assigned code from the IANA
registry "TLS HashAlgorithm Registry" established in [RFC5246].
The output of multiple hash functions MAY be included. This provides The use of sub-options provides a means to upgrade hash functions
a means to upgrade hash functions without affecting backward without affecting backward compatibility. New hash algorithms can be
compatibility. If a hash algorithm is indicated, but not supported used without affecting devices that do not yet support the algorithm.
by a device, it MUST use the first fingerprint that is produced by an A device MUST use the first fingerprint that it supports. If any
algorithm that the device supports. Other fingerprint values MAY be supported fingerprint does not match, the LIS MUST be considered
checked. If any supported fingerprint does not match, the LIS MUST unauthenticated. If none of the specified hash algorithms are
be considered unauthenticated. If none of the specified hash supported by the device, it MUST consider the LIS to be
algorithms are supported by the device, it MUST consider the LIS to unauthenticated.
be unauthenticated.
A client SHOULD request the LIS certificate fingerprint option at the A fingerprint is generated or checked by applying a cryptographic
same time as the LIS URI option. Without the LIS certificate hash function to the DER-encoded certificate. Implementations MUST
fingerprint option a client cannot authenticate the LIS. support the SHA-1 algorithm, using a sub-option code of 2.
The certificate fingerprint can be ignored if the LIS URI doesn't A client SHOULD request the LIS certificate fingerprints option at
indicate a protocol that supports exchange of certificates (such as the same time as the LIS URI option. Without the LIS certificate
http:). Unless the information used in the certificate fingerprint fingerprints option a client cannot authenticate the LIS; absence of
option is used, the LIS MUST be considered unauthenticated. this option prevents authentication.
An access network operator is able to nominate authentication based
on a domain name by omitting fingerprints. If a hash algorithm of
"none" is indicated (value of 0) is indicated, the device MUST
authenticate the server using the method described in Section 3.1 of
RFC 2818 [RFC2818]. The LIS certificate fingerprints option MUST NOT
include any other fingerprint information if a hash algorithm of
"none" is indicated.
The certificate fingerprint can be ignored if the LIS URI indicates a
protocol that does not support exchange of certificates (such as
http:). Such a LIS cannot be authenticated using this option. The
LIS certificate fingerprints option SHOULD indicate a hash algorithm
of "none" if no means of achieving authentication is available.
Note: Whether the device goes on to use the information provided by Note: Whether the device goes on to use the information provided by
an unauthenticated LIS depends on device policy. A device might an unauthenticated LIS depends on device policy. A device might
choose to continue with alternative methods of discovery before choose to continue with discovery using different network
falling back to an unauthenticated LIS. interfaces or methods before falling back to an unauthenticated
LIS.
An access network operator is able to nominate authentication based
on a domain name by omitting fingerprints. If a zero-length
fingerprint option is provided, the device MUST authenticate the
server using the method described in Section 3.1 of RFC 2818
[RFC2818]. If a fingerprint exists, the domain name method MUST NOT
be used.
2.3.1. DHCPv4 Option for a LIS Certificate Fingerprints 2.3.1. DHCPv4 LIS Certificate Fingerprints Option
This section defines a DHCP for IPv4 (DHCPv4) option for LIS This section defines a DHCP for IPv4 (DHCPv4) option for LIS
certificate fingerprints. certificate fingerprints.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| LIS_CERT_FP | Length | Hash-Type-Len | | | LIS_CERT_FP | Length | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
. Hash-Type . . Fingerprint-Sub-Options .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| F'print-Len | |
+-+-+-+-+-+-+-+-+ |
. .
. Fingerprint-Value .
. . . .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
. (Hash-Type-Len through Fingerprint-Value Repeated) .
. . . . .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 3: DHCPv4 LIS Certificate Fingerprints Option Example Figure 3: DHCPv4 LIS Certificate Fingerprints Option
LIS_CERT_FP: The IANA assigned option number (TBD). [[IANA/ LIS_CERT_FP: The IANA assigned option number (TBD). [[IANA/
RFC-Editor Note: Please replace TBD with the assigned DHCPv4 RFC-Editor Note: Please replace TBD with the assigned DHCPv4
option code.]] option code.]]
Length: The length of the entire LIS certificate fingerprints option Length: The length of the entire LIS certificate fingerprints option
in octets. This option MAY be zero length, indicating the absence in octets.
of fingerprint information.
Hash-Type-Len: The length, in octets, of the "Hash-Type" field. Fingerprint-Sub-Options: A series of one or more sub-options, as
shown in Figure 4.
Hash-Type: A text tag that identifies the hash algorithm used to 0 1 2 3
generate the fingerprint. The set of values are defined in the 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
"Hash Function Textual Names" IANA registry [RFC4572]. +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| HashAlgorithm | Length | Fingerprint-Value ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
F'print-Len: The length, in octets of the "Fingerprint-Value" field. Figure 4: DHCPv4 LIS Certificate Fingerprints Sub-Option
HashAlgorithm: A code that identifies the hash algorithm used to
generate the fingerprint. The set of codes are defined in the
"TLS HashAlgorithm Registry" IANA registry [RFC5246].
Length: The length, in octets of the "Fingerprint-Value" sub-option.
Fingerprint-Value: The octet values of the certificate fingerprint. Fingerprint-Value: The octet values of the certificate fingerprint.
An invalid fingerprint is not equivalent to no fingerprint. If An invalid fingerprint is not equivalent to no fingerprint. If
this value is not the expected length of the hash function output, the length of this field does not match the expected length of the
the fingerprint MUST be considered invalid. hash function output, the fingerprint MUST be considered invalid.
The four fields, "Hash-Type-Len", "Hash-Type", "F'print-Len" and DHCPv4 option concatenation [RFC3396] SHOULD be avoided, but is
"Fingerprint-Value" MAY be repeated. Each repetition includes a permitted if long values are required. Similarly, sub-options MAY be
different hash type, except for hashes that produce values longer concatenated to allow for hash algorithm that produce output longer
than 2040 bits (255 octets), for which the "Fingerprint-Value" is than 2040 bits (255 octets).
concatenated to derive the value.
2.3.2. DHCPv6 Option for a LIS Certificate Fingerprints 2.3.2. DHCPv6 LIS Certificate Fingerprints Option
This section defines a DHCP for IPv6 (DHCPv6) option for LIS This section defines a DHCP for IPv6 (DHCPv6) option for LIS
certificate fingerprints. The DHCPv6 option for this parameter is certificate fingerprints. The DHCPv6 option for this parameter is
similarly formatted to the DHCPv4 option. similarly formatted to the DHCPv4 option.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| OPTION_LIS_CERT_FP | Length | | OPTION_LIS_CERT_FP | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Hash-Type-Len | | . Fingerprint-Sub-Options .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
. Hash-Type .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| F'print-Len | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
. .
. Fingerprint-Value .
. . . .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
. (Hash-Type-Len through Fingerprint-Value Repeated) .
. . . . .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 4: DHCPv6 LIS Certificate Fingerprints Option Figure 5: DHCPv6 LIS Certificate Fingerprints Option
OPTION_LIS_CERT_FP: The IANA assigned option number (TBD). [[IANA/ OPTION_LIS_CERT_FP: The IANA assigned option number (TBD). [[IANA/
RFC-Editor Note: Please replace TBD with the assigned DHCPv6 RFC-Editor Note: Please replace TBD with the assigned DHCPv6
option code.]] option code.]]
Length: The length of the LIS certificate fingerprints option in Length: The length of the LIS certificate fingerprints option in
octets. octets.
The semantics of remainder of the LIS URI option are identical to Fingerprint-Sub-Options: A series of one or more sub-options, as
the DHCPv4 option. As shown, length fields are extended to 16 shown in Figure 6.
bits, removing the need for concatenation to accomodate values
longer than 255 octets in length. DHCPv6 prohibits concatenation 0 1 2 3
of option values. 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| HashAlgorithm | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
. Fingerprint-Value .
. ... .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 6: DHCPv6 LIS Certificate Fingerprints Sub-Option
The semantics of the DHCPv6 LIS certificate fingerprints sub-options
are identical to the DHCPv4 option except that concatenation is
neither required nor permitted. Length fields are 16 bits in length;
therefore, concatenation is not needed to accomodate values longer
than 255 octets. DHCPv6 prohibits concatenation of option values.
3. U-NAPTR for LIS Discovery 3. U-NAPTR for LIS Discovery
U-NAPTR resolution for a LIS takes a domain name as input and U-NAPTR resolution for a LIS takes a domain name as input and
produces a URI that identifies the LIS. This process also requires produces a URI that identifies the LIS. This process also requires
an Application Service tag and an Application Protocol tag, which an Application Service tag and an Application Protocol tag, which
differentiate LIS-related NAPTR records from other records for that differentiate LIS-related NAPTR records from other records for that
domain. domain.
Section 6.3 defines an Application Service tag of "LIS", which is Section 6.3 defines an Application Service tag of "LIS", which is
skipping to change at page 10, line 44 skipping to change at page 10, line 44
"" ; regex "" ; regex
outsource.example.com. ; replacement outsource.example.com. ; replacement
) )
outsource.example.com. outsource.example.com.
;; order pref flags ;; order pref flags
IN NAPTR 100 10 "u" "LIS:HELD" ( ; service IN NAPTR 100 10 "u" "LIS:HELD" ( ; service
"!*.!https://lis.example.org:4802/?c=ex!" ; regex "!*.!https://lis.example.org:4802/?c=ex!" ; regex
. ; replacement . ; replacement
) )
Figure 5: Sample LIS:HELD Service NAPTR Records Figure 7: Sample LIS:HELD Service NAPTR Records
Details for the "LIS" Application Service tag and the "HELD" Details for the "LIS" Application Service tag and the "HELD"
Application Protocol tag are included in Section 6. Application Protocol tag are included in Section 6.
U-NAPTR MUST only be used if the DHCP LIS URI option is not U-NAPTR MUST only be used if the DHCP LIS URI option is not
available. available.
An https: LIS URI that is a product of U-NAPTR MUST be authenticated An https: LIS URI that is a product of U-NAPTR MUST be authenticated
using the domain name method described in Section 3.1 of RFC 2818 using the domain name method described in Section 3.1 of RFC 2818
[RFC2818]. [RFC2818].
skipping to change at page 18, line 22 skipping to change at page 18, line 22
[RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818, May 2000. [RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818, May 2000.
[RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., [RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C.,
and M. Carney, "Dynamic Host Configuration Protocol for and M. Carney, "Dynamic Host Configuration Protocol for
IPv6 (DHCPv6)", RFC 3315, July 2003. IPv6 (DHCPv6)", RFC 3315, July 2003.
[RFC3396] Lemon, T. and S. Cheshire, "Encoding Long Options in the [RFC3396] Lemon, T. and S. Cheshire, "Encoding Long Options in the
Dynamic Host Configuration Protocol (DHCPv4)", RFC 3396, Dynamic Host Configuration Protocol (DHCPv4)", RFC 3396,
November 2002. November 2002.
[RFC4572] Lennox, J., "Connection-Oriented Media Transport over the
Transport Layer Security (TLS) Protocol in the Session
Description Protocol (SDP)", RFC 4572, July 2006.
[RFC4702] Stapp, M., Volz, B., and Y. Rekhter, "The Dynamic Host [RFC4702] Stapp, M., Volz, B., and Y. Rekhter, "The Dynamic Host
Configuration Protocol (DHCP) Client Fully Qualified Configuration Protocol (DHCP) Client Fully Qualified
Domain Name (FQDN) Option", RFC 4702, October 2006. Domain Name (FQDN) Option", RFC 4702, October 2006.
[RFC4704] Volz, B., "The Dynamic Host Configuration Protocol for [RFC4704] Volz, B., "The Dynamic Host Configuration Protocol for
IPv6 (DHCPv6) Client Fully Qualified Domain Name (FQDN) IPv6 (DHCPv6) Client Fully Qualified Domain Name (FQDN)
Option", RFC 4704, October 2006. Option", RFC 4704, October 2006.
[RFC4848] Daigle, L., "Domain-Based Application Service Location [RFC4848] Daigle, L., "Domain-Based Application Service Location
Using URIs and the Dynamic Delegation Discovery Service Using URIs and the Dynamic Delegation Discovery Service
(DDDS)", RFC 4848, April 2007. (DDDS)", RFC 4848, April 2007.
[RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security
(TLS) Protocol Version 1.2", RFC 5246, August 2008.
[I-D.ietf-geopriv-http-location-delivery] [I-D.ietf-geopriv-http-location-delivery]
Barnes, M., Winterbottom, J., Thomson, M., and B. Stark, Barnes, M., Winterbottom, J., Thomson, M., and B. Stark,
"HTTP Enabled Location Delivery (HELD)", "HTTP Enabled Location Delivery (HELD)",
draft-ietf-geopriv-http-location-delivery-12 (work in draft-ietf-geopriv-http-location-delivery-12 (work in
progress), January 2009. progress), January 2009.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
8.2. Informative References 8.2. Informative References
 End of changes. 33 change blocks. 
99 lines changed or deleted 112 lines changed or added

This html diff was produced by rfcdiff 1.35. The latest version is available from http://tools.ietf.org/tools/rfcdiff/