draft-ietf-geopriv-lis-discovery-15.txt   rfc5986.txt 
GEOPRIV M. Thomson Internet Engineering Task Force (IETF) M. Thomson
Internet-Draft J. Winterbottom Request for Comments: 5986 J. Winterbottom
Intended status: Standards Track Andrew Corporation Category: Standards Track Andrew Corporation
Expires: September 9, 2010 March 8, 2010 ISSN: 2070-1721 September 2010
Discovering the Local Location Information Server (LIS) Discovering the Local Location Information Server (LIS)
draft-ietf-geopriv-lis-discovery-15
Abstract Abstract
Discovery of the correct Location Information Server (LIS) in the Discovery of the correct Location Information Server (LIS) in the
local access network is necessary for devices that wish to acquire local access network is necessary for Devices that wish to acquire
location information from the network. A method is described for the location information from the network. A method is described for the
discovery of a LIS in the access network serving a device. Dynamic discovery of a LIS in the access network serving a Device. Dynamic
Host Configuration Protocol (DHCP) options for IP versions 4 and 6 Host Configuration Protocol (DHCP) options for IP versions 4 and 6
are defined that specify a domain name. This domain name is then are defined that specify a domain name. This domain name is then
used as input to a URI-enabled NAPTR (U-NAPTR) resolution process. used as input to a URI-enabled NAPTR (U-NAPTR) resolution process.
Status of This Memo Status of This Memo
This Internet-Draft is submitted to IETF in full conformance with the This is an Internet Standards Track document.
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at This document is a product of the Internet Engineering Task Force
http://www.ietf.org/shadow.html. (IETF). It represents the consensus of the IETF community. It has
received public review and has been approved for publication by the
Internet Engineering Steering Group (IESG). Further information on
Internet Standards is available in Section 2 of RFC 5741.
This Internet-Draft will expire on September 9, 2010. Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
http://www.rfc-editor.org/info/rfc5986.
Copyright Notice Copyright Notice
Copyright (c) 2010 IETF Trust and the persons identified as the Copyright (c) 2010 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction and Overview . . . . . . . . . . . . . . . . . . 3 1. Introduction and Overview . . . . . . . . . . . . . . . . . . 2
1.1. Discovery Procedure Overview . . . . . . . . . . . . . . . 3 1.1. Discovery Procedure Overview . . . . . . . . . . . . . . . 3
1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 4 1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3
2. LIS Discovery Procedure . . . . . . . . . . . . . . . . . . . 4 2. LIS Discovery Procedure . . . . . . . . . . . . . . . . . . . 4
2.1. Residential Gateways . . . . . . . . . . . . . . . . . . . 6 2.1. Residential Gateways . . . . . . . . . . . . . . . . . . . 6
2.2. Virtual Private Networks (VPNs) . . . . . . . . . . . . . 7 2.2. Virtual Private Networks (VPNs) . . . . . . . . . . . . . 7
3. Determining a Domain Name . . . . . . . . . . . . . . . . . . 8 3. Determining a Domain Name . . . . . . . . . . . . . . . . . . 7
3.1. Domain Name Encoding . . . . . . . . . . . . . . . . . . . 8 3.1. Domain Name Encoding . . . . . . . . . . . . . . . . . . . 7
3.2. Access Network Domain Name DHCPv4 Option . . . . . . . . . 9 3.2. Access Network Domain Name DHCPv4 Option . . . . . . . . . 8
3.3. Access Network Domain Name DHCPv6 Option . . . . . . . . . 9 3.3. Access Network Domain Name DHCPv6 Option . . . . . . . . . 8
3.4. Alternative Domain Names . . . . . . . . . . . . . . . . . 10 3.4. Alternative Domain Names . . . . . . . . . . . . . . . . . 9
4. U-NAPTR Resolution of a LIS URI . . . . . . . . . . . . . . . 11 4. U-NAPTR Resolution of a LIS URI . . . . . . . . . . . . . . . 10
5. Security Considerations . . . . . . . . . . . . . . . . . . . 12 5. Security Considerations . . . . . . . . . . . . . . . . . . . 11
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13
6.1. Registration of DHCPv4 and DHCPv6 Option Codes . . . . . . 13 6.1. Registration of DHCPv4 and DHCPv6 Option Codes . . . . . . 13
6.2. Registration of a Location Server Application Service 6.2. Registration of a Location Server Application Service
Tag . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Tag . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
6.3. Registration of a Location Server Application Protocol 6.3. Registration of a Location Server Application Protocol
Tag for HELD . . . . . . . . . . . . . . . . . . . . . . . 14 Tag for HELD . . . . . . . . . . . . . . . . . . . . . . . 13
7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 14 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 14
8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 14 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 14
8.1. Normative References . . . . . . . . . . . . . . . . . . . 14 8.1. Normative References . . . . . . . . . . . . . . . . . . . 14
8.2. Informative References . . . . . . . . . . . . . . . . . . 16 8.2. Informative References . . . . . . . . . . . . . . . . . . 15
1. Introduction and Overview 1. Introduction and Overview
The location of a device is a useful and sometimes necessary part of The location of a Device is a useful and sometimes necessary part of
many services. A Location Information Server (LIS) is responsible many services. A Location Information Server (LIS) is responsible
for providing that location information to devices with attached for providing that location information to Devices with attached
access networks used to provide Internet access. The LIS uses access networks used to provide Internet access. The LIS uses
knowledge of the access network and its physical topology to generate knowledge of the access network and its physical topology to generate
and serve location information to devices. and serve location information to Devices.
Each access network requires specific knowledge about topology. Each access network requires specific knowledge about topology.
Therefore, it is important to discover the LIS that has the specific Therefore, it is important to discover the LIS that has the specific
knowledge necessary to locate a device. That is, the LIS that serves knowledge necessary to locate a Device, that is, the LIS that serves
the current access network. Automatic discovery is important where the current access network. Automatic discovery is important where
there is any chance of movement outside a single access network. there is any chance of movement outside a single access network.
Reliance on static configuration can lead to unexpected errors if a Reliance on static configuration can lead to unexpected errors if a
device moves between access networks. Device moves between access networks.
This document describes a process that a device can use to discover a This document describes a process that a Device can use to discover a
LIS. This process uses a DHCP option and the DNS. The product of LIS. This process uses a DHCP option and the DNS. The product of
this discovery process is an http: [RFC2616] or https: [RFC2818] URI this discovery process is an HTTP [RFC2616] or HTTPS [RFC2818] URI
that identifies a LIS. that identifies a LIS.
The URI result from the discovery process is suitable for location The URI result from the discovery process is suitable for location
configuration only; that is, the device MUST dereference the URI configuration only; that is, the Device MUST dereference the URI
using the process described in HELD using the process described in HTTP-Enabled Location Delivery (HELD)
[I-D.ietf-geopriv-http-location-delivery]. URIs discovered in this [RFC5985]. URIs discovered in this way are not "location URIs"
way are not "location URIs" [I-D.ietf-geopriv-lbyr-requirements]; [RFC5808]; dereferencing one of them provides the location of the
dereferencing one of them provides the location of the requester requestor only. Devices MUST NOT embed these URIs in fields in other
only. Devices MUST NOT embed these URIs in fields in other protocols protocols designed to carry the location of the Device.
designed to carry the location of the device.
1.1. Discovery Procedure Overview 1.1. Discovery Procedure Overview
DHCP ([RFC2131], [RFC3315]) is a commonly used mechanism for DHCP ([RFC2131], [RFC3315]) is a commonly used mechanism for
providing bootstrap configuration information allowing a device to providing bootstrap configuration information that allows a Device to
operate in a specific network environment. The DHCP information is operate in a specific network environment. The DHCP information is
largely static; consisting of configuration information that does not largely static, consisting of configuration information that does not
change over the period that the device is attached to the network. change over the period that the Device is attached to the network.
Physical location information might change over this time, however Physical location information might change over this time; however,
the address of the LIS does not. Thus, DHCP is suitable for the address of the LIS does not. Thus, DHCP is suitable for
configuring a device with the address of a LIS. configuring a Device with the address of a LIS.
This document defines a DHCP option that produces a domain name that This document defines a DHCP option that produces a domain name that
identifies the local access network in Section 3. identifies the local access network in Section 3.
Section 4 describes a method that uses URI-enabled NAPTR (U-NAPTR) Section 4 describes a method that uses URI-enabled NAPTR (U-NAPTR)
[RFC4848], a Dynamic Delegation Discovery Service (DDDS) profile that [RFC4848], a Dynamic Delegation Discovery Service (DDDS) profile that
produces a URI for the LIS. The input to this process is provided by produces a URI for the LIS. The input to this process is provided by
the DHCP option. the DHCP option.
For the LIS discovery DDDS application, an Application Service tag For the LIS discovery DDDS application, an Application Service tag
"LIS" and an Application Protocol tag "HELD" are created and "LIS" and an Application Protocol tag "HELD" have been created and
registered with the IANA. Based on the domain name, this U-NAPTR registered with the IANA. Based on the domain name, this U-NAPTR
application uses the two tags to determine a URI for a LIS that application uses the two tags to determine a URI for a LIS that
supports the HELD protocol. supports the HELD protocol.
1.2. Terminology 1.2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119]. document are to be interpreted as described in [RFC2119].
This document also uses the term "device" to refer to an end host, or This document also uses the term "Device" to refer to an end host or
client consistent with its use in HELD. In HELD and RFC3693 client consistent with its use in HELD. In HELD and RFC 3693
[RFC3693] parlance, the Device is also the Target. [RFC3693] parlance, the Device is also the Target.
The terms "access network" refers to the network that a device The term "access network" refers to the network to which a Device
connects to for Internet access. The "access network provider" is connects for Internet access. The "access network provider" is the
the entity that operates the access network. This is consistent with entity that operates the access network. This is consistent with the
the definition in [I-D.ietf-geopriv-l7-lcp-ps] which combines the definition in [RFC5687], which combines the Internet Access Provider
Internet Access Provider (IAP) and Internet Service Provider (ISP). (IAP) and Internet Service Provider (ISP). The access network
The access network provider is responsible for allocating the device provider is responsible for allocating the Device a public IP address
a public IP address and for directly or indirectly providing a LIS and for directly or indirectly providing a LIS service.
service.
2. LIS Discovery Procedure 2. LIS Discovery Procedure
A device that has multiple network interfaces could potentially be A Device that has multiple network interfaces could potentially be
served by a different access network on each interface, each with a served by a different access network on each interface, each with a
different LIS. The device SHOULD attempt to discover the LIS different LIS. The Device SHOULD attempt to discover the LIS
applicable to each network interface, stopping when a LIS is applicable to each network interface, stopping when a LIS is
successfully discovered on any interface. successfully discovered on any interface.
The LIS discovery procedure follows this process: The LIS discovery procedure follows this process:
1. Acquire the access network domain name (Section 3). 1. Acquire the access network domain name (Section 3).
This process might be repeated for each of the network interfaces This process might be repeated for each of the network interfaces
on the device. Domain names acquired from other sources might on the Device. Domain names acquired from other sources might
also be added. also be added.
2. Apply U-NAPTR resolution (Section 4) to discover a LIS URI. 2. Apply U-NAPTR resolution (Section 4) to discover a LIS URI.
The U-NAPTR process is applied using each of the domain names as The U-NAPTR process is applied using each of the domain names as
input. input.
3. Verify that the LIS is able to provide location information. 3. Verify that the LIS is able to provide location information.
The first URI that results in a successful response from the LIS The first URI that results in a successful response from the LIS
is used. is used.
A device MUST support discovery using the access network domain name A Device MUST support discovery using the access network domain name
DHCP option (Section 3) as input to U-NAPTR resolution (Section 4). DHCP option (Section 3) as input to U-NAPTR resolution (Section 4).
If this option is not available, DHCPv4 option 15 [RFC2132] is used. If this option is not available, DHCPv4 option 15 [RFC2132] is used.
Other domain names MAY be used, as described in Section 3.4. Other domain names MAY be used, as described in Section 3.4.
A device that discovers a LIS URI MUST attempt to verify that the LIS A Device that discovers a LIS URI MUST attempt to verify that the LIS
is able to provide location information. For the HELD protocol, the is able to provide location information. For the HELD protocol, the
device verifies the URI by making a location request to the LIS. Any Device verifies the URI by making a location request to the LIS. Any
HTTP 200 response containing a HELD response signifies success. This HTTP 200 response containing a HELD response signifies success. This
includes HELD error responses, with the exception of the includes HELD error responses, with the exception of the
"notLocatable" error. "notLocatable" error.
If - at any time - the LIS responds to a request with the If -- at any time -- the LIS responds to a request with the
"notLocatable" error code (see Section 4.3.2 of "notLocatable" error code (see Section 4.3.2 of [RFC5985]), the
[I-D.ietf-geopriv-http-location-delivery]), the device MUST continue Device MUST continue or restart the discovery process. A Device
or restart the discovery process. A device SHOULD NOT make further SHOULD NOT make further requests to a LIS that provides a
requests to a LIS that provides a "notLocatable" error until its "notLocatable" error until its network attachment changes, or it
network attachment changes, or it discovers the LIS on an alternative discovers the LIS on an alternative network interface.
network interface.
Static configuration of a domain name or a LIS URI MAY be used. Note Static configuration of a domain name or a LIS URI MAY be used. Note
that if a device has moved from its customary location, static that if a Device has moved from its customary location, static
configuration might indicate a LIS that is unable to provide accurate configuration might indicate a LIS that is unable to provide accurate
location information. location information.
The product of the LIS discovery process for HELD is an "https:" or The product of the LIS discovery process for HELD is an HTTPS or HTTP
"http:" URI. Nothing distinguishes this URI from other URIs with the URI. Nothing distinguishes this URI from other URIs with the same
same scheme, aside from the fact that it is the product of this scheme, aside from the fact that it is the product of this process.
process. Only URIs produced by the discovery process can be used for Only URIs produced by the discovery process can be used for location
location configuration using HELD. configuration using HELD.
The overall discovery process is summarized in Figure 1. The overall discovery process is summarized in Figure 1.
----------- -----------
( Start ) ( Start )
-----+----- -----+-----
|<--------------------------------------+ |<--------------------------------------+
| | | |
V | V |
------^------- ------^------ | ------^------- ------^------ |
skipping to change at page 6, line 42 skipping to change at page 6, line 9
----------- ----------- ----------- -----------
( Failure ) ( Success ) ( Failure ) ( Success )
----------- ----------- ----------- -----------
Figure 1: LIS Discovery Flowchart Figure 1: LIS Discovery Flowchart
2.1. Residential Gateways 2.1. Residential Gateways
The options available in residential gateways will affect the success The options available in residential gateways will affect the success
of this algorithm in residential network scenarios. A fixed wireline of this algorithm in residential network scenarios. A fixed wireline
scenario is described in more detail in [I-D.ietf-geopriv-l7-lcp-ps], scenario is described in more detail in [RFC5687], Section 3.1. In
Section 3.1. In this fixed wireline environment an intervening this fixed wireline environment, an intervening residential gateway
residential gateway exists between the device and the access network. exists between the Device and the access network. If the residential
If the residential gateway does not provide the appropriate gateway does not provide the appropriate information to the Devices
information to the devices it serves, those devices are unable to it serves, those Devices are unable to discover a LIS.
discover a LIS.
Support of this specification by residential gateways ensures that Support of this specification by residential gateways ensures that
the devices they serve are able to acquire location information. In the Devices they serve are able to acquire location information. In
many cases the residential gateway configures the devices it serves many cases, the residential gateway configures the Devices it serves
using DHCP. A residential gateway is able to use DHCP to assist using DHCP. A residential gateway is able to use DHCP to assist
devices in gaining access to their location information. This can be Devices in gaining access to their location information. This can be
accomplished by providing an access network domain name DHCP option accomplished by providing an access network domain name DHCP option
suitable for LIS discovery, or by acting as a LIS directly. To suitable for LIS discovery, or by acting as a LIS directly. To
actively assist devices, a residential gateway can either: actively assist Devices, a residential gateway can either:
o acquire an access network domain name from the access network o acquire an access network domain name from the access network
provider (possibly using DHCP) and pass the resulting value to provider (possibly using DHCP) and pass the resulting value to
devices; or Devices; or
o discover a LIS on its external interface, then provide devices o discover a LIS on its external interface, then provide Devices
with the domain name that was used to successfully discover the with the domain name that was used to successfully discover the
LIS; or LIS; or
o explicitly include configuration that refers to a particular LIS; o explicitly include configuration that refers to a particular LIS;
or or
o act as a LIS and directly provide location information to the o act as a LIS and directly provide location information to the
devices it serves, including providing a means to discover this Devices it serves, including providing a means to discover this
service. service.
As with devices, configuration of a specific domain name or location As with Devices, configuration of a specific domain name or location
information is only accurate as long as the residential gateway does information is only accurate as long as the residential gateway does
not move. If a residential gateway that relies on configuration not move. If a residential gateway that relies on configuration
rather than automatic discovery is moved, the devices it serves could rather than automatic discovery is moved, the Devices it serves could
be provided with inaccurate information. Devices could be led to be provided with inaccurate information. Devices could be led to
discover a LIS that is unable to provide accurate location discover a LIS that is unable to provide accurate location
information, or - if location is configured on the residential information, or -- if location is configured on the residential
gateway - the residential gateway could provide incorrect location gateway -- the residential gateway could provide incorrect location
information. information.
[I-D.ietf-dhc-container-opt] might be used by an access network
provider to convey configuration information to a residential gateway
for use by the devices it serves. Support and use of this option is
RECOMMENDED for both residential gateways and devices. Option values
found within the container MUST be used after values that are
directly in the DHCP response.
2.2. Virtual Private Networks (VPNs) 2.2. Virtual Private Networks (VPNs)
A device MUST NOT attempt LIS discovery over a VPN network interface A Device MUST NOT attempt LIS discovery over a VPN network interface
until it has attempted and failed to perform discovery on all other until it has attempted and failed to perform discovery on all other
non-VPN interfaces. A device MAY perform discovery over a VPN non-VPN interfaces. A Device MAY perform discovery over a VPN
network interface if it has first attempted discovery on non-VPN network interface if it has first attempted discovery on non-VPN
interfaces, but a LIS discovered in this way is unlikely to have the interfaces, but a LIS discovered in this way is unlikely to have the
information necessary to determine an accurate location. information necessary to determine an accurate location.
Not all interfaces connected to a VPN can be detected by devices or Not all interfaces connected to a VPN can be detected by Devices or
the software running on them. In these cases, it might be that a LIS the software running on them. In these cases, it might be that a LIS
on the remote side of a VPN is inadvertently discovered. A LIS on the remote side of a VPN is inadvertently discovered. A LIS
provides a "notLocatable" error code in response to a request that is provides a "notLocatable" error code in response to a request that it
unable to fulfill (see [I-D.ietf-geopriv-http-location-delivery], is unable to fulfill (see [RFC5985], Section 6.3). This ensures that
Section 6.3). This ensures that even if a device discovers a LIS even if a Device discovers a LIS over the VPN, it does not rely on a
over the VPN, it does not rely on a LIS that is unable to provide LIS that is unable to provide accurate location information.
accurate location information.
3. Determining a Domain Name 3. Determining a Domain Name
DHCP provides a direct means for the access network provider to DHCP provides a direct means for the access network provider to
configure a device. The access network domain name option identifies configure a Device. The access network domain name option identifies
a domain name that is suitable for service discovery within the a domain name that is suitable for service discovery within the
access network. This domain name is used as input to the U-NAPTR access network. This domain name is used as input to the U-NAPTR
resolution process for LIS discovery. resolution process for LIS discovery.
The domain name provided in this option is one owned by the access The domain name provided in this option is one owned by the access
network operator. This domain name is intended for use in network operator. This domain name is intended for use in
discovering services within the access network. discovering services within the access network.
This document registers a DHCP option for the access network domain This document registers a DHCP option for the access network domain
name for both IPv4 and IPv6. name for both IPv4 and IPv6.
skipping to change at page 9, line 21 skipping to change at page 8, line 31
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Code | Length | Access Network Domain Name . | Code | Length | Access Network Domain Name .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
. Access Network Domain Name (cont.) . . Access Network Domain Name (cont.) .
. ... . . ... .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 2: Access Network Domain Name DHCPv4 Option Figure 2: Access Network Domain Name DHCPv4 Option
option-code: OPTION_V4_ACCESS_DOMAIN (TBD). [[IANA/RFC-Editor Note: option-code: OPTION_V4_ACCESS_DOMAIN (213).
Please replace TBD with the assigned DHCPv4 option code, both here
and in Figure 2.]]
option-length: The length of the entire access network domain name option-length: The length of the entire access network domain name
option in octets. option in octets.
option-value: The domain name associated with the access network, option-value: The domain name associated with the access network,
encoded as described in Section 3.1. encoded as described in Section 3.1.
A DHCPv4 client MAY request a access network domain name option in a A DHCPv4 client MAY request an access network domain name option in a
Parameter Request List option, as described in [RFC2131]. Parameter Request List option, as described in [RFC2131].
This option contains a single domain name and, as such, MUST contain This option contains a single domain name and, as such, MUST contain
precisely one root label. precisely one root label.
3.3. Access Network Domain Name DHCPv6 Option 3.3. Access Network Domain Name DHCPv6 Option
This section defines a DHCP for IPv6 (DHCPv6) option for the domain This section defines a DHCP for IPv6 (DHCPv6) option for the domain
name associated with the access network. The DHCPv6 option for this name associated with the access network. The DHCPv6 option for this
parameter is similarly formatted to the DHCPv4 option. parameter is similarly formatted to the DHCPv4 option.
skipping to change at page 10, line 5 skipping to change at page 9, line 16
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| OPTION_V6_ACCESS_DOMAIN | Length | | OPTION_V6_ACCESS_DOMAIN | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
. Access Network Domain Name . . Access Network Domain Name .
. ... . . ... .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 3: DHCPv6 Access Network Domain Name Option Figure 3: DHCPv6 Access Network Domain Name Option
option-code: OPTION_V6_ACCESS_DOMAIN (TBD). [[IANA/RFC-Editor Note: option-code: OPTION_V6_ACCESS_DOMAIN (57).
Please replace TBD with the assigned DHCPv6 option code.]]
option-length: The length of the entire access network domain name option-length: The length of the entire access network domain name
option in octets. option in octets.
option-value: The domain name associated with the access network, option-value: The domain name associated with the access network,
encoded as described in Section 3.1. encoded as described in Section 3.1.
A DHCPv6 client MAY request a access network domain name option in a A DHCPv6 client MAY request an access network domain name option in
Options Request Option (ORO), as described in [RFC3315]. an Options Request Option (ORO), as described in [RFC3315].
This option contains a single domain name and, as such, MUST contain This option contains a single domain name and, as such, MUST contain
precisely one root label. precisely one root label.
3.4. Alternative Domain Names 3.4. Alternative Domain Names
The U-NAPTR resolution method described requires a domain name as The U-NAPTR resolution method described requires a domain name as
input. The access network domain name DHCP options (Section 3.2 and input. The access network domain name DHCP options (Sections 3.2 and
Section 3.3) is one source of this domain name. 3.3) are one source of this domain name.
If a device knows one or more alternative domain names that might be If a Device knows one or more alternative domain names that might be
used for discovery, it MAY repeat the U-NAPTR process using those used for discovery, it MAY repeat the U-NAPTR process using those
domain names as input. For instance, static configuration of a domain names as input. For instance, static configuration of a
device might be used to provide a device with a domain name. Device might be used to provide a Device with a domain name.
DHCPv4 option 15 [RFC2132] provides an indication of the domain name DHCPv4 option 15 [RFC2132] provides an indication of the domain name
that a host uses when resolving hostnames in DNS. This option is that a host uses when resolving hostnames in DNS. This option is
used when the DHCPv4 access domain name is not available. used when the DHCPv4 access domain name is not available.
DHCPv4 option 15 might not be suitable for some network deployments. DHCPv4 option 15 might not be suitable for some network deployments.
For instance, a global enterprise could operate multiple sites, with For instance, a global enterprise could operate multiple sites, with
devices at all sites using the same value for option 15. In this Devices at all sites using the same value for option 15. In this
type of deployment, it might be desirable to discover a LIS local to type of deployment, it might be desirable to discover a LIS local to
a site. The access domain name option can be given a different value a site. The access domain name option can be given a different value
at each site to enable discovery of a LIS at that site. at each site to enable discovery of a LIS at that site.
Alternative domain names MUST NOT be used unless the access network Alternative domain names MUST NOT be used unless the access network
domain name option is unsuccessful or where external information domain name option is unsuccessful or where external information
indicates that a particular domain name is to be used. indicates that a particular domain name is to be used.
Other domain names might be provided by a DHCP server (for example, Other domain names might be provided by a DHCP server (for example,
[RFC4702] for DHCPv4, [RFC4704] for DHCPv6). However, these domain [RFC4702] for DHCPv4, [RFC4704] for DHCPv6). However, these domain
names could be provided without considering their use for LIS names could be provided without considering their use for LIS
discovery; therefore, it is not likely that these options contain discovery; therefore, it is not likely that these other domain names
useful values. contain useful values.
4. U-NAPTR Resolution of a LIS URI 4. U-NAPTR Resolution of a LIS URI
U-NAPTR [RFC4848] resolution for a LIS takes a domain name as input U-NAPTR [RFC4848] resolution for a LIS takes a domain name as input
and produces a URI that identifies the LIS. This process also and produces a URI that identifies the LIS. This process also
requires an Application Service tag and an Application Protocol tag, requires an Application Service tag and an Application Protocol tag,
which differentiate LIS-related NAPTR records from other records for which differentiate LIS-related NAPTR records from other records for
that domain. that domain.
Section 6.2 defines an Application Service tag of "LIS", which is Section 6.2 defines an Application Service tag of "LIS", which is
used to identify the location service for a given domain. The used to identify the location service for a given domain. The
Application Protocol tag "HELD", defined in Section 6.3, is used to Application Protocol tag "HELD", defined in Section 6.3, is used to
identify a LIS that understands the HELD protocol identify a LIS that understands the HELD protocol [RFC5985].
[I-D.ietf-geopriv-http-location-delivery].
The NAPTR records in the following example demonstrate the use of the The NAPTR records in the following example demonstrate the use of the
Application Service and Protocol tags. Iterative NAPTR resolution is Application Service and Protocol tags. Iterative NAPTR resolution is
used to delegate responsibility for the LIS service from used to delegate responsibility for the LIS service from
"zonea.example.net." and "zoneb.example.net." to "zonea.example.net." and "zoneb.example.net." to
"outsource.example.com.". "outsource.example.com.".
zonea.example.net. zonea.example.net.
;; order pref flags ;; order pref flags
IN NAPTR 100 10 "" "LIS:HELD" ( ; service IN NAPTR 100 10 "" "LIS:HELD" ( ; service
skipping to change at page 11, line 51 skipping to change at page 11, line 31
. ; replacement . ; replacement
) )
Figure 4: Sample LIS:HELD Service NAPTR Records Figure 4: Sample LIS:HELD Service NAPTR Records
Details for the "LIS" Application Service tag and the "HELD" Details for the "LIS" Application Service tag and the "HELD"
Application Protocol tag are included in Section 6. Application Protocol tag are included in Section 6.
U-NAPTR resolution might produce multiple results from each iteration U-NAPTR resolution might produce multiple results from each iteration
of the algorithm. Order and preference values in the NAPTR record of the algorithm. Order and preference values in the NAPTR record
determine which value is chosen. A device MAY attempt to use determine which value is chosen. A Device MAY attempt to use
alternative choices if the first choice is not successful. However, alternative choices if the first choice is not successful. However,
if a request to the resulting URI produces a HELD "notLocatable" if a request to the resulting URI produces a HELD "notLocatable"
response, or equivalent, the device SHOULD NOT attempt to use any response, or equivalent, the Device SHOULD NOT attempt to use any
alternative choices from the same domain name. alternative choices from the same domain name.
An "https:" LIS URI that is a product of U-NAPTR MUST be An HTTPS LIS URI that is a product of U-NAPTR MUST be authenticated
authenticated using the domain name method described in Section 3.1 using the domain name method described in Section 3.1 of RFC 2818
of RFC 2818 [RFC2818]. The domain name that is used in this [RFC2818]. The domain name that is used in this authentication is
authentication is the one extracted from the URI, not the input to the one extracted from the URI, not the one that was input to the
the U-NAPTR resolution process. U-NAPTR resolution process.
5. Security Considerations 5. Security Considerations
The address of a LIS is usually well-known within an access network; The address of a LIS is usually well-known within an access network;
therefore, interception of messages does not introduce any specific therefore, interception of messages does not introduce any specific
concerns. concerns.
The primary attack against the methods described in this document is The primary attack against the methods described in this document is
one that would lead to impersonation of a LIS. The LIS is one that would lead to impersonation of a LIS. The LIS is
responsible for providing location information and this information responsible for providing location information, and this information
is critical to a number of network services; furthermore, a device is critical to a number of network services; furthermore, a Device
does not necessarily have a prior relationship with a LIS. Several does not necessarily have a prior relationship with a LIS. Several
methods are described here that can limit the probability of, or methods are described here that can limit the probability of, or
provide some protection against, such an attack. These methods MUST provide some protection against, such an attack. These methods MUST
be applied unless similar protections are in place, or in cases - be applied unless similar protections are in place, or in cases --
such as an emergency - where location information of dubious origin such as an emergency -- where location information of dubious origin
is arguably better than none at all. is arguably better than none at all.
An attacker could attempt to compromise LIS discovery at any of three An attacker could attempt to compromise LIS discovery at any of three
stages: stages:
1. providing a falsified domain name to be used as input to U-NAPTR 1. providing a falsified domain name to be used as input to U-NAPTR
2. altering the DNS records used in U-NAPTR resolution 2. altering the DNS records used in U-NAPTR resolution
3. impersonation of the LIS 3. impersonating the LIS
U-NAPTR is entirely dependent on its inputs. In falsifying a domain The domain name that used to authenticate the LIS is the domain name
name, an attacker avoids any later protections, bypassing them input to the U-NAPTR process, not the output of that process
entirely. To ensure that the access network domain name DHCP option [RFC3958], [RFC4848]. As a result, the results of DNS queries do not
can be relied upon, preventing DHCP messages from being modified or need integrity protection.
spoofed by attackers is necessary. Physical or link layer security
are commonplace methods that can reduce the possibility of such an
attack within an access network; alternatively, DHCP authentication
[RFC3118] can provide a degree of protection against modification or
spoofing.
The domain name that is used to authenticated the LIS is the domain An HTTPS URI is authenticated using the method described in Section
name in the URI that is the result of the U-NAPTR resolution. 3.1 of [RFC2818]. HTTP client implementations frequently do not
Therefore, if an attacker were able to modify or spoof any of the DNS provide a means to authenticate based on a domain name other than the
records used in the DDDS resolution, this URI could be replaced by an one indicated in the request URI, namely the U-NAPTR output. To
invalid URI. The application of DNS security (DNSSEC) [RFC4033] avoid having to authenticate the LIS with a domain name that is
provides a means to limit attacks that rely on modification of the different from the one used to identify it, a client MAY choose to
DNS records used in U-NAPTR resolution. Security considerations reject URIs that contain a domain name that is different to the
specific to U-NAPTR are described in more detail in [RFC4848]. U-NAPTR input. To support endpoints that enforce the above
restriction on URIs, network administrators SHOULD ensure that the
domain name in the DHCP option is the same as the one contained in
the resulting URI.
An "https:" URI is authenticated using the method described in Authentication of a LIS relies on the integrity of the domain name
Section 3.1 of [RFC2818]. The domain name used for this acquired from DHCP. An attacker that is able to falsify a domain
authentication is the domain name in the URI resulting from U-NAPTR name circumvents the protections provided. To ensure that the access
resolution, not the input domain name as in [RFC3958]. Using the network domain name DHCP option can be relied upon, preventing DHCP
domain name in the URI is more compatible with existing HTTP client messages from being modified or spoofed by attackers is necessary.
software, which authenticate servers based on the domain name in the Physical- or link-layer security are commonly used to reduce the
URI. possibility of such an attack within an access network. DHCP
authentication [RFC3118] might also provide a degree of protection
against modification or spoofing.
A LIS that is identified by an "http:" URI cannot be authenticated. A LIS that is identified by an HTTP URI cannot be authenticated. Use
Use of unsecured HTTP also does not meet requirements in HELD for of unsecured HTTP also does not meet requirements in HELD for
confidentiality and integrity. If an "http:" URI is the product of confidentiality and integrity. If an HTTP URI is the product of LIS
LIS discovery, this leaves devices vulnerable to several attacks. discovery, this leaves Devices vulnerable to several attacks. Lower-
Lower layer protections, such as layer 2 traffic separation might be layer protections, such as Layer 2 traffic separation might be used
used to provide some guarantees. to provide some guarantees.
6. IANA Considerations 6. IANA Considerations
6.1. Registration of DHCPv4 and DHCPv6 Option Codes 6.1. Registration of DHCPv4 and DHCPv6 Option Codes
The IANA has assigned an option code of (TBD) for the DHCPv4 option The IANA has assigned an option code of 213 for the DHCPv4 option for
for an access network domain name option, as described in Section 3.2 an access network domain name option, as described in Section 3.2 of
of this document. this document.
The IANA has assigned an option code of (TBD) for the DHCPv6 option The IANA has assigned an option code of 57 for the DHCPv6 option for
for an access network domain name option, as described in Section 3.3 an access network domain name option, as described in Section 3.3 of
of this document. this document.
6.2. Registration of a Location Server Application Service Tag 6.2. Registration of a Location Server Application Service Tag
This section registers a new S-NAPTR/U-NAPTR Application Service tag This section registers a new S-NAPTR/U-NAPTR Application Service tag
for a LIS, as mandated by [RFC3958]. for LIS, as mandated by [RFC3958].
Application Service Tag: LIS Application Service Tag: LIS
Intended usage: Identifies a service that provides a device with its Intended usage: Identifies a service that provides a Device with its
location information. location information.
Defining publication: RFCXXXX Defining publication: RFC 5986
Related publications: HELD [I-D.ietf-geopriv-http-location-delivery] Related publications: HELD [RFC5985]
Contact information: The authors of this document Contact information: The authors of this document
Author/Change controller: The IESG Author/Change controller: The IESG
6.3. Registration of a Location Server Application Protocol Tag for 6.3. Registration of a Location Server Application Protocol Tag for
HELD HELD
This section registers a new S-NAPTR/U-NAPTR Application Protocol tag This section registers a new S-NAPTR/U-NAPTR Application Protocol tag
for the HELD [I-D.ietf-geopriv-http-location-delivery] protocol, as for the HELD protocol [RFC5985], as mandated by [RFC3958].
mandated by [RFC3958].
Application Protocol Tag: HELD Application Protocol Tag: HELD
Intended Usage: Identifies the HELD protocol. Intended Usage: Identifies the HELD protocol.
Applicable Service Tag(s): LIS Applicable Service Tag(s): LIS
Terminal NAPTR Record Type(s): U Terminal NAPTR Record Type(s): U
Defining Publication: RFC 5986
Defining Publication: RFCXXXX Related Publications: HELD [RFC5985]
Related Publications: HELD [I-D.ietf-geopriv-http-location-delivery]
Contact Information: The authors of this document Contact Information: The authors of this document
Author/Change Controller: The IESG Author/Change Controller: The IESG
7. Acknowledgements 7. Acknowledgements
This document uses a mechanism that is largely identical to that in This document uses a mechanism that is largely identical to that in
[RFC5222] and [RFC5223]. The authors would like to thank Leslie [RFC5222] and [RFC5223]. The authors would like to thank Leslie
Daigle for her work on U-NAPTR; Peter Koch for feedback on how not to Daigle for her work on U-NAPTR; Peter Koch for feedback on how not to
use DNS for discovery; Andy Newton for constructive suggestions with use DNS for discovery; Andy Newton for constructive suggestions with
regards to document direction; Richard Barnes, Joe Salowey, Barbara regards to document direction; Richard Barnes, Joe Salowey, Barbara
Stark, and Hannes Tschofenig for input and reviews; Dean Willis for Stark, and Hannes Tschofenig for input and reviews; and Dean Willis
constructive feedback. for constructive feedback.
8. References 8. References
8.1. Normative References 8.1. Normative References
[RFC1035] Mockapetris, P., "Domain [RFC1035] Mockapetris, P., "Domain names - implementation and
names - implementation and specification", STD 13, RFC 1035, November 1987.
specification", STD 13,
RFC 1035, November 1987.
[RFC2131] Droms, R., "Dynamic Host
Configuration Protocol",
RFC 2131, March 1997.
[RFC2132] Alexander, S. and R. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Droms, "DHCP Options and Requirement Levels", BCP 14, RFC 2119, March 1997.
BOOTP Vendor Extensions",
RFC 2132, March 1997.
[RFC2616] Fielding, R., Gettys, J., [RFC2131] Droms, R., "Dynamic Host Configuration Protocol",
Mogul, J., Frystyk, H., RFC 2131, March 1997.
Masinter, L., Leach, P.,
and T. Berners-Lee,
"Hypertext Transfer
Protocol -- HTTP/1.1",
RFC 2616, June 1999.
[RFC2818] Rescorla, E., "HTTP Over [RFC2132] Alexander, S. and R. Droms, "DHCP Options and BOOTP Vendor
TLS", RFC 2818, May 2000. Extensions", RFC 2132, March 1997.
[RFC3315] Droms, R., Bound, J., [RFC2616] Fielding, R., Gettys, J., Mogul, J., Frystyk, H.,
Volz, B., Lemon, T., Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext
Perkins, C., and M. Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999.
Carney, "Dynamic Host
Configuration Protocol for
IPv6 (DHCPv6)", RFC 3315,
July 2003.
[RFC4033] Arends, R., Austein, R., [RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818, May 2000.
Larson, M., Massey, D.,
and S. Rose, "DNS Security
Introduction and
Requirements", RFC 4033,
March 2005.
[RFC4702] Stapp, M., Volz, B., and [RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C.,
Y. Rekhter, "The Dynamic and M. Carney, "Dynamic Host Configuration Protocol for
Host Configuration IPv6 (DHCPv6)", RFC 3315, July 2003.
Protocol (DHCP) Client
Fully Qualified Domain
Name (FQDN) Option",
RFC 4702, October 2006.
[RFC4704] Volz, B., "The Dynamic [RFC4033] Arends, R., Austein, R., Larson, M., Massey, D., and S.
Host Configuration Rose, "DNS Security Introduction and Requirements",
Protocol for IPv6 (DHCPv6) RFC 4033, March 2005.
Client Fully Qualified
Domain Name (FQDN)
Option", RFC 4704,
October 2006.
[RFC4848] Daigle, L., "Domain-Based [RFC4702] Stapp, M., Volz, B., and Y. Rekhter, "The Dynamic Host
Application Service Configuration Protocol (DHCP) Client Fully Qualified
Location Using URIs and Domain Name (FQDN) Option", RFC 4702, October 2006.
the Dynamic Delegation
Discovery Service (DDDS)",
RFC 4848, April 2007.
[I-D.ietf-geopriv-http-location-delivery] Barnes, M., Winterbottom, [RFC4704] Volz, B., "The Dynamic Host Configuration Protocol for
J., Thomson, M., and B. IPv6 (DHCPv6) Client Fully Qualified Domain Name (FQDN)
Stark, "HTTP Enabled Option", RFC 4704, October 2006.
Location Delivery (HELD)",
draft-ietf-geopriv-http-
location-delivery-16 (work
in progress), August 2009.
[I-D.ietf-dhc-container-opt] Droms, R., "Container [RFC4848] Daigle, L., "Domain-Based Application Service Location
Option for Server Using URIs and the Dynamic Delegation Discovery Service
Configuration", draft- (DDDS)", RFC 4848, April 2007.
ietf-dhc-container-opt-05
(work in progress),
March 2009.
[RFC2119] Bradner, S., "Key words [RFC5985] Barnes, M., Ed., "HTTP-Enabled Location Delivery (HELD)",
for use in RFCs to RFC 5985, September 2010.
Indicate Requirement
Levels", BCP 14, RFC 2119,
March 1997.
8.2. Informative References 8.2. Informative References
[RFC3118] Droms, R. and W. Arbaugh, [RFC3118] Droms, R. and W. Arbaugh, "Authentication for DHCP
"Authentication for DHCP Messages", RFC 3118, June 2001.
Messages", RFC 3118,
June 2001.
[RFC3693] Cuellar, J., Morris, J., [RFC3693] Cuellar, J., Morris, J., Mulligan, D., Peterson, J., and
Mulligan, D., Peterson, J. Polk, "Geopriv Requirements", RFC 3693, February 2004.
J., and J. Polk, "Geopriv
Requirements", RFC 3693,
February 2004.
[RFC3958] Daigle, L. and A. Newton, [RFC3958] Daigle, L. and A. Newton, "Domain-Based Application
"Domain-Based Application Service Location Using SRV RRs and the Dynamic Delegation
Service Location Using SRV Discovery Service (DDDS)", RFC 3958, January 2005.
RRs and the Dynamic
Delegation Discovery
Service (DDDS)", RFC 3958,
January 2005.
[RFC5222] Hardie, T., Newton, A., [RFC5222] Hardie, T., Newton, A., Schulzrinne, H., and H.
Schulzrinne, H., and H. Tschofenig, "LoST: A Location-to-Service Translation
Tschofenig, "LoST: A Protocol", RFC 5222, August 2008.
Location-to-Service
Translation Protocol",
RFC 5222, August 2008.
[RFC5223] Schulzrinne, H., Polk, J., [RFC5223] Schulzrinne, H., Polk, J., and H. Tschofenig, "Discovering
and H. Tschofenig, Location-to-Service Translation (LoST) Servers Using the
"Discovering Location-to- Dynamic Host Configuration Protocol (DHCP)", RFC 5223,
Service Translation (LoST) August 2008.
Servers Using the Dynamic
Host Configuration
Protocol (DHCP)",
RFC 5223, August 2008.
[I-D.ietf-geopriv-l7-lcp-ps] Tschofenig, H. and H. [RFC5687] Tschofenig, H. and H. Schulzrinne, "GEOPRIV Layer 7
Schulzrinne, "GEOPRIV Location Configuration Protocol: Problem Statement and
Layer 7 Location Requirements", RFC 5687, March 2010.
Configuration Protocol;
Problem Statement and
Requirements", draft-ietf-
geopriv-l7-lcp-ps-10 (work
in progress), July 2009.
[I-D.ietf-geopriv-lbyr-requirements] Marshall, R., [RFC5808] Marshall, R., "Requirements for a Location-by-Reference
"Requirements for a Mechanism", RFC 5808, May 2010.
Location-by-Reference
Mechanism", draft-ietf-
geopriv-lbyr-requirements-
09 (work in progress),
November 2009.
Authors' Addresses Authors' Addresses
Martin Thomson Martin Thomson
Andrew Corporation Andrew Corporation
Andrew Building (39) Andrew Building (39)
Wollongong University Campus Wollongong University Campus
Northfields Avenue Northfields Avenue
Wollongong, NSW 2522 Wollongong, NSW 2522
AU AU
Phone: +61 2 4221 2915
EMail: martin.thomson@andrew.com EMail: martin.thomson@andrew.com
James Winterbottom James Winterbottom
Andrew Corporation Andrew Corporation
Andrew Building (39) Andrew Building (39)
Wollongong University Campus Wollongong University Campus
Northfields Avenue Northfields Avenue
Wollongong, NSW 2522 Wollongong, NSW 2522
AU AU
Phone: +61 2 4221 2938
EMail: james.winterbottom@andrew.com EMail: james.winterbottom@andrew.com
 End of changes. 103 change blocks. 
312 lines changed or deleted 217 lines changed or added

This html diff was produced by rfcdiff 1.38. The latest version is available from http://tools.ietf.org/tools/rfcdiff/