| draft-ietf-ipv6-node-requirements-03.txt | draft-ietf-ipv6-node-requirements-04.txt | |||
|---|---|---|---|---|
| IPv6 Working Group John Loughney (ed) | IPv6 Working Group John Loughney (ed) | |||
| Internet-Draft Nokia | Internet-Draft Nokia | |||
| March 3, 2003 | June 27, 2003 | |||
| Expires: September 3, 2003 | Expires: December 27, 2003 | |||
| IPv6 Node Requirements | IPv6 Node Requirements | |||
| draft-ietf-ipv6-node-requirements-03.txt | draft-ietf-ipv6-node-requirements-04.txt | |||
| Status of this Memo | Status of this Memo | |||
| This document is an Internet-Draft and is in full conformance with | This document is an Internet-Draft and is in full conformance with | |||
| all provisions of Section 10 of RFC2026. | all provisions of Section 10 of RFC2026. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF), its areas, and its working groups. Note that | Task Force (IETF), its areas, and its working groups. Note that | |||
| other groups may also distribute working documents as Internet- | other groups may also distribute working documents as Internet- | |||
| Drafts. | Drafts. | |||
| skipping to change at page 2, line 5 | skipping to change at page 2, line 5 | |||
| Copyright (C) The Internet Society (2003). All Rights Reserved. | Copyright (C) The Internet Society (2003). All Rights Reserved. | |||
| Abstract | Abstract | |||
| This document defines requirements for IPv6 nodes. It is expected | This document defines requirements for IPv6 nodes. It is expected | |||
| that IPv6 will be deployed in a wide range of devices and situations. | that IPv6 will be deployed in a wide range of devices and situations. | |||
| Specifying the requirements for IPv6 nodes allows IPv6 to function | Specifying the requirements for IPv6 nodes allows IPv6 to function | |||
| well and interoperate in a large number of situations and | well and interoperate in a large number of situations and | |||
| deployments. | deployments. | |||
| Internet-Draft | ||||
| Table of Contents | Table of Contents | |||
| 1. Introduction | 1. Introduction | |||
| 1.1 Scope of this Document | 1.1 Scope of this Document | |||
| 1.2 Description of IPv6 Nodes & Conformance Groups | 1.2 Description of IPv6 Nodes & Conformance Groups | |||
| 2. Abbreviations Used in This Document | 2. Abbreviations Used in This Document | |||
| 3. Sub-IP Layer | 3. Sub-IP Layer | |||
| 3.1 RFC2464 - Transmission of IPv6 Packets over Ethernet Networks | 3.1 RFC2464 - Transmission of IPv6 Packets over Ethernet Networks | |||
| 3.2 RFC2472 - IP version 6 over PPP | 3.2 RFC2472 - IP version 6 over PPP | |||
| 3.3 RFC2492 - IPv6 over ATM Networks | 3.3 RFC2492 - IPv6 over ATM Networks | |||
| skipping to change at page 2, line 46 | skipping to change at page 2, line 48 | |||
| 9. Router Functionality | 9. Router Functionality | |||
| 9.1 General | 9.1 General | |||
| 10. Network Management | 10. Network Management | |||
| 10.1 MIBs | 10.1 MIBs | |||
| 11. Security Considerations | 11. Security Considerations | |||
| 12. References | 12. References | |||
| 12.1 Normative | 12.1 Normative | |||
| 12.2 Non-Normative | 12.2 Non-Normative | |||
| 13. Authors and Acknowledgements | 13. Authors and Acknowledgements | |||
| 14. Editor's Address | 14. Editor's Address | |||
| Appendix A: Change history | Notices | |||
| Appendix B: Specifications Not Included | ||||
| Appendix C: Notices | Internet-Draft | |||
| 1. Introduction | 1. Introduction | |||
| The goal of this document is to define the set of functionality | The goal of this document is to define the set of functionality | |||
| required for an IPv6 node. Many IPv6 nodes will implement optional | required for an IPv6 node. Many IPv6 nodes will implement optional | |||
| or additional features, but all IPv6 nodes can be expected to | or additional features, but all IPv6 nodes can be expected to | |||
| implement the mandatory requirements listed in this document. | implement the mandatory requirements listed in this document. | |||
| This document tries to avoid discussion of protocol details, and | This document tries to avoid discussion of protocol details, and | |||
| references RFCs for this purpose. In case of any conflicting text, | references RFCs for this purpose. In case of any conflicting text, | |||
| skipping to change at page 4, line 4 | skipping to change at page 4, line 4 | |||
| IPv6 covers many specifications. It is intended that IPv6 will be | IPv6 covers many specifications. It is intended that IPv6 will be | |||
| deployed in many different situations and environments. Therefore, | deployed in many different situations and environments. Therefore, | |||
| it is important to develop the requirements for IPv6 nodes, in order | it is important to develop the requirements for IPv6 nodes, in order | |||
| to ensure interoperability. | to ensure interoperability. | |||
| This document assumes that all IPv6 nodes meet the minimum | This document assumes that all IPv6 nodes meet the minimum | |||
| requirements specified here. | requirements specified here. | |||
| 1.2 Description of IPv6 Nodes | 1.2 Description of IPv6 Nodes | |||
| Internet-Draft | ||||
| From Internet Protocol, Version 6 (IPv6) Specification [RFC-2460] we | From Internet Protocol, Version 6 (IPv6) Specification [RFC-2460] we | |||
| have the following definitions: | have the following definitions: | |||
| Description of an IPv6 Node | Description of an IPv6 Node | |||
| - a device that implements IPv6 | - a device that implements IPv6 | |||
| Description of an IPv6 router | Description of an IPv6 router | |||
| - a node that forwards IPv6 packets not explicitly addressed to | - a node that forwards IPv6 packets not explicitly addressed to | |||
| skipping to change at page 5, line 4 | skipping to change at page 5, line 4 | |||
| NBMA Non-Broadcast Multiple Access | NBMA Non-Broadcast Multiple Access | |||
| ND Neighbor Discovery | ND Neighbor Discovery | |||
| NS Neighbor Solicitation | NS Neighbor Solicitation | |||
| NUD Neighbor Unreachability Detection | NUD Neighbor Unreachability Detection | |||
| PPP Point-to-Point Protocol | PPP Point-to-Point Protocol | |||
| Internet-Draft | ||||
| PVC Permanent Virtual Circuit | PVC Permanent Virtual Circuit | |||
| SVC Switched Virtual Circuit | SVC Switched Virtual Circuit | |||
| ULP Upper Layer Protocol | ULP Upper Layer Protocol | |||
| 3. Sub-IP Layer | 3. Sub-IP Layer | |||
| An IPv6 node must follow the RFC related to the link-layer that is | An IPv6 node must follow the RFC related to the link-layer that is | |||
| sending packet. By definition, these specifications are required | sending packet. By definition, these specifications are required | |||
| skipping to change at page 6, line 4 | skipping to change at page 6, line 4 | |||
| The Internet Protocol Version 6 is specified in [RFC-2460]. This | The Internet Protocol Version 6 is specified in [RFC-2460]. This | |||
| specification MUST be supported. | specification MUST be supported. | |||
| Unrecognized options in Hop-by-Hop Options or Destination Options | Unrecognized options in Hop-by-Hop Options or Destination Options | |||
| extensions MUST be processed as described in RFC 2460. | extensions MUST be processed as described in RFC 2460. | |||
| The node MUST follow the packet transmission rules in RFC 2460. | The node MUST follow the packet transmission rules in RFC 2460. | |||
| Nodes MUST always be able to receive fragment headers. However, if it | Nodes MUST always be able to receive fragment headers. However, if it | |||
| Internet-Draft | ||||
| does not implement path MTU discovery it may not need to send | does not implement path MTU discovery it may not need to send | |||
| fragment headers. However, nodes that do not implement transmission | fragment headers. However, nodes that do not implement transmission | |||
| of fragment headers need to impose limitation to payload size of | of fragment headers need to impose limitation to payload size of | |||
| layer 4 protocols. | layer 4 protocols. | |||
| The capability of being a final destination MUST be supported, | The capability of being a final destination MUST be supported, | |||
| whereas the capability of being an intermediate destination MAY be | whereas the capability of being an intermediate destination MAY be | |||
| supported (i.e. - host functionality vs. router functionality). | supported (i.e. - host functionality vs. router functionality). | |||
| RFC 2460 specifies extension headers and the processing for these | RFC 2460 specifies extension headers and the processing for these | |||
| skipping to change at page 7, line 4 | skipping to change at page 7, line 4 | |||
| Some detailed analysis of Neighbor discovery follows: | Some detailed analysis of Neighbor discovery follows: | |||
| Router Discovery is how hosts locate routers that reside on an | Router Discovery is how hosts locate routers that reside on an | |||
| attached link. Router Discovery MUST be supported for | attached link. Router Discovery MUST be supported for | |||
| implementations. However, an implementation MAY support disabling | implementations. However, an implementation MAY support disabling | |||
| this function. | this function. | |||
| Prefix Discovery is how hosts discover the set of address prefixes | Prefix Discovery is how hosts discover the set of address prefixes | |||
| that define which destinations are on-link for an attached link. | that define which destinations are on-link for an attached link. | |||
| Prefix discovery MUST be supported for implementations. However, the | Prefix discovery MUST be supported for implementations. However, the | |||
| Internet-Draft | ||||
| implementation MAY support the option of disabling this function. | implementation MAY support the option of disabling this function. | |||
| Neighbor Unreachability Detection (NUD) MUST be supported for all | Neighbor Unreachability Detection (NUD) MUST be supported for all | |||
| paths between hosts and neighboring nodes. It is not required for | paths between hosts and neighboring nodes. It is not required for | |||
| paths between routers. It is required for multicast. However, when a | paths between routers. It is required for multicast. However, when a | |||
| node receives a unicast Neighbor Solicitation (NS) message (that may | node receives a unicast Neighbor Solicitation (NS) message (that may | |||
| be a NUD's NS), the node MUST respond to it (i.e. send a unicast | be a NUD's NS), the node MUST respond to it (i.e. send a unicast | |||
| Neighbor Advertisement). | Neighbor Advertisement). | |||
| Duplicate Address Detection MUST be supported (RFC2462 section 5.4 | Duplicate Address Detection MUST be supported (RFC2462 section 5.4 | |||
| skipping to change at page 8, line 4 | skipping to change at page 8, line 4 | |||
| The IPv6 specification [RFC-2460] states in chapter 5 that "a minimal | The IPv6 specification [RFC-2460] states in chapter 5 that "a minimal | |||
| IPv6 implementation (e.g., in a boot ROM) may simply restrict itself | IPv6 implementation (e.g., in a boot ROM) may simply restrict itself | |||
| to sending packets no larger than 1280 octets, and omit | to sending packets no larger than 1280 octets, and omit | |||
| implementation of Path MTU Discovery." | implementation of Path MTU Discovery." | |||
| If Path MTU Discovery is not implemented then the sending packet size | If Path MTU Discovery is not implemented then the sending packet size | |||
| is limited to 1280 octets (standard limit in [RFC-2460]). However, if | is limited to 1280 octets (standard limit in [RFC-2460]). However, if | |||
| this is done, the host MUST be able to receive packets with size up | this is done, the host MUST be able to receive packets with size up | |||
| to the link MTU before reassembly. This is because the node at the | to the link MTU before reassembly. This is because the node at the | |||
| Internet-Draft | ||||
| other side of the link has no way of knowing less than the MTU is | other side of the link has no way of knowing less than the MTU is | |||
| accepted. | accepted. | |||
| 4.3.2 IPv6 Jumbograms - RFC2675 | 4.3.2 IPv6 Jumbograms - RFC2675 | |||
| IPv6 Jumbograms [RFC2675] MAY be supported. | IPv6 Jumbograms [RFC2675] MAY be supported. | |||
| 4.4 ICMP for the Internet Protocol Version 6 (IPv6) - RFC2463 | 4.4 ICMP for the Internet Protocol Version 6 (IPv6) - RFC2463 | |||
| ICMPv6 [RFC-2463] MUST be supported. | ICMPv6 [RFC-2463] MUST be supported. | |||
| skipping to change at page 9, line 4 | skipping to change at page 9, line 4 | |||
| described in this document on all addresses prior to assigning | described in this document on all addresses prior to assigning | |||
| them to an interface. | them to an interface. | |||
| Duplicate Address Detection (DAD) MUST be supported. | Duplicate Address Detection (DAD) MUST be supported. | |||
| 4.5.3 Privacy Extensions for Address Configuration in IPv6 - RFC3041 | 4.5.3 Privacy Extensions for Address Configuration in IPv6 - RFC3041 | |||
| Privacy Extensions for Stateless Address Autoconfiguration [RFC-3041] | Privacy Extensions for Stateless Address Autoconfiguration [RFC-3041] | |||
| SHOULD be supported. It is recommended that this behavior be | SHOULD be supported. It is recommended that this behavior be | |||
| configurable on a connection basis within each application when | configurable on a connection basis within each application when | |||
| Internet-Draft | ||||
| available. It is noted that a number of applications do not work | available. It is noted that a number of applications do not work | |||
| with addresses generated with this method, while other applications | with addresses generated with this method, while other applications | |||
| work quite well with them. | work quite well with them. | |||
| 4.5.4 Default Address Selection for IPv6 | 4.5.4 Default Address Selection for IPv6 | |||
| Default Address Selection for IPv6 [DEFADDR] SHOULD be supported, if | Default Address Selection for IPv6 [DEFADDR] SHOULD be supported, if | |||
| a node has more than one IPv6 address per interface or a node has | a node has more than one IPv6 address per interface or a node has | |||
| more that one IPv6 interface (physical or logical) configured. | more that one IPv6 interface (physical or logical) configured. | |||
| If supported, the rules specified in the document MUST be | If supported, the rules specified in the document MUST be | |||
| implemented. A node needs to belong to one site, however there is no | implemented. A node needs to belong to one site, however there is no | |||
| requirement that a node be able to belong to more than one site. | requirement that a node be able to belong to more than one site. | |||
| This draft has been approved as a proposed standard. | This draft has been approved as a proposed standard. | |||
| 4.5.5 Stateful Address Autoconfiguration | 4.5.5 Stateful Address Autoconfiguration | |||
| Stateful Address Autoconfiguration MAY be supported. DHCP [DHCPv6] | Stateful Address Autoconfiguration MAY be supported. DHCP [DHCPv6] is | |||
| is the standard stateful address configuration protocol. See section | the standard stateful address configuration protocol, see section 5.3 | |||
| 5.3 for details on DHCP. | for DHCPv6 support. | |||
| For nodes which do not support Stateful Address Autoconfiguration, | ||||
| the node may be unable to obtain any IPv6 addresses aside from link- | ||||
| local addresses when it receives a router advertisement with the 'M' | ||||
| flag (Managed address configuration) set and which contains no | ||||
| prefixes advertised for Stateless Address Autoconfiguration (see | ||||
| section 4.5.2). | ||||
| 4.6 Multicast Listener Discovery (MLD) for IPv6 - RFC2710 | 4.6 Multicast Listener Discovery (MLD) for IPv6 - RFC2710 | |||
| Multicast Listener Discovery [RFC-2710] MUST be supported by nodes | Multicast Listener Discovery [RFC-2710] MUST be supported by nodes | |||
| supporting multicast applications. A primary IPv6 multicast | supporting multicast applications. A primary IPv6 multicast | |||
| application is Neighbor Discovery (all those solicited-node mcast | application is Neighbor Discovery (all those solicited-node mcast | |||
| addresses must be joined). | addresses must be joined). | |||
| When MLDv2 [MLDv2] has been completed, it SHOULD take precedence over | When MLDv2 [MLDv2] has been completed, it SHOULD take precedence over | |||
| MLD. | MLD. | |||
| skipping to change at page 9, line 46 | skipping to change at page 10, line 5 | |||
| 5. Transport Layer and DNS | 5. Transport Layer and DNS | |||
| 5.1 Transport Layer | 5.1 Transport Layer | |||
| 5.1.1 TCP and UDP over IPv6 Jumbograms - RFC2147 | 5.1.1 TCP and UDP over IPv6 Jumbograms - RFC2147 | |||
| This specification MUST be supported if jumbograms are implemented | This specification MUST be supported if jumbograms are implemented | |||
| [RFC-2675]. One open issue is if this document needs to be updated, | [RFC-2675]. One open issue is if this document needs to be updated, | |||
| as it refers to an obsoleted document. | as it refers to an obsoleted document. | |||
| Internet-Draft | ||||
| 5.2 DNS | 5.2 DNS | |||
| DNS, as described in [RFC-1034], [RFC-1035], [RFC-1886], [RFC-3152] | DNS, as described in [RFC-1034], [RFC-1035], [RFC-1886], [RFC-3152] | |||
| and [RFC-3363] MAY be supported. Not all nodes will need to resolve | and [RFC-3363] MAY be supported. Not all nodes will need to resolve | |||
| addresses. Note that RFC 1886 is currently being updated [RFC-1886- | addresses. Note that RFC 1886 is currently being updated [RFC-1886- | |||
| BIS]. | BIS]. | |||
| 5.2.2 Format for Literal IPv6 Addresses in URL's - RFC2732 | 5.2.2 Format for Literal IPv6 Addresses in URL's - RFC2732 | |||
| RFC 2732 MUST be supported if applications on the node use URL's. | RFC 2732 MUST be supported if applications on the node use URL's. | |||
| 5.3 Dynamic Host Configuration Protocol for IPv6 (DHCPv6) | 5.3 Dynamic Host Configuration Protocol for IPv6 (DHCPv6) | |||
| 5.3.1 Managed Address Configuration | ||||
| An IPv6 node that does not include an implementation of DHCP will be | An IPv6 node that does not include an implementation of DHCP will be | |||
| unable to obtain any IPv6 addresses aside from link-local addresses | unable to obtain any IPv6 addresses aside from link-local addresses | |||
| when it is connected to a link over which it receives a router | when it is connected to a link over which it receives a router | |||
| advertisement with the 'M' flag (Managed address configuration) set | advertisement with the 'M' flag (Managed address configuration) set | |||
| and which contains no prefixes advertised for Stateless Address | and which contains no prefixes advertised for Stateless Address | |||
| Autoconfiguration (see section 4.5.2). An IPv6 node that receives a | Autoconfiguration (see section 4.5.2). An IPv6 node that receives a | |||
| router advertisement with the 'M' flag set and that contains | router advertisement with the 'M' flag set and that contains | |||
| advertised prefixes will configure interfaces with both stateless | advertised prefixes will configure interfaces with both stateless | |||
| autoconfiguration addresses and addresses obtained through DHCP. | autoconfiguration addresses and addresses obtained through DHCP. | |||
| For those IPv6 Nodes that implement DHCP, those nodes MUST use DHCP | For those IPv6 Nodes that implement DHCP, those nodes MUST use DHCP | |||
| upon the receipt of a Router Advertisement with the 'M' flag set (see | upon the receipt of a Router Advertisement with the 'M' flag set (see | |||
| section 5.5.3 of RFC2462). In addition, in the absence of a router, | section 5.5.3 of RFC2462). In addition, in the absence of a router, | |||
| IPv6 Nodes that implement DHCP MUST attempt to use DHCP. | IPv6 Nodes that implement DHCP MUST attempt to use DHCP. | |||
| For IPv6 Nodes that do not implement DHCP, the 'M' flag of a Router | ||||
| Advertisement can be ignored. Furthermore, in the absence of a | ||||
| router, this type of node is not required to initiate DHCP. | ||||
| An IPv6 node that does not include an implementation of DHCP will be | An IPv6 node that does not include an implementation of DHCP will be | |||
| unable to dynamically obtain any IPv6 addresses aside from link-local | unable to dynamically obtain any IPv6 addresses aside from link-local | |||
| addresses when it is connected to a link over which it receives a | addresses when it is connected to a link over which it receives a | |||
| router advertisement with the 'M' flag (Managed address | router advertisement with the 'M' flag (Managed address | |||
| configuration) set and which contains no prefixes advertised for | configuration) set and which contains no prefixes advertised for | |||
| Stateless Address Autoconfiguration (see section 4.5.2). In this | Stateless Address Autoconfiguration (see section 4.5.2). In this | |||
| situation, the IPv6 Node will be unable to communicate with other | situation, the IPv6 Node will be unable to communicate with other | |||
| off-link nodes unless a global or site-local IPv6 address is manually | off-link nodes unless a global or site-local IPv6 address is manually | |||
| configured. | configured. | |||
| 5.3.2 Other stateful configuration | ||||
| DHCP provides the ability to provide other configuration information | ||||
| to the node. An IPv6 node that does not include an implementation of | ||||
| DHCP will be unable to obtain other configuration information such as | ||||
| the addresses of DNS servers when it is connected to a link over | ||||
| which the node receives a router advertisement in which the 'O' flag | ||||
| ("Other stateful configuration") is set. | ||||
| Internet-Draft | ||||
| For those IPv6 Nodes that implement DHCP, those nodes MUST use DHCP | ||||
| upon the receipt of a Router Advertisement with the 'O' flag set (see | ||||
| section 5.5.3 of RFC2462). In addition, in the absence of a router, | ||||
| hosts that implement DHCP MUST attempt to use DHCP. For IPv6 Nodes | ||||
| that do not implement DHCP, the 'O' flag of a Router Advertisement | ||||
| can be ignored. Furthermore, in the absence of a router, this type | ||||
| of node is not required to initiate DHCP. | ||||
| 6. IPv4 Support and Transition | 6. IPv4 Support and Transition | |||
| IPv6 nodes MAY support IPv4. | IPv6 nodes MAY support IPv4. | |||
| 6.1 Transition Mechanisms | 6.1 Transition Mechanisms | |||
| IPv6 nodes SHOULD use native address instead of transition-based | IPv6 nodes SHOULD use native address instead of transition-based | |||
| addressing. | addressing. | |||
| 6.1.1 Transition Mechanisms for IPv6 Hosts and Routers - RFC2893 | 6.1.1 Transition Mechanisms for IPv6 Hosts and Routers - RFC2893 | |||
| If an IPv6 node implement dual stack and/or tunneling, then RFC2893 | If an IPv6 node implement dual stack and/or tunneling, then RFC2893 | |||
| MUST be supported. | MUST be supported. | |||
| This document is currently being updated. | This document is currently being updated. | |||
| 7. Mobility | 7. Mobility | |||
| Currently, the MIPv6 specification [MIPv6] is nearing completion. | ||||
| Mobile IPv6 places some requirements on IPv6 nodes. This document is | ||||
| not meant to prescribe behaviors, but to capture the consensus of | ||||
| what should be done for IPv6 nodes with respect to Mobile IPv6. | ||||
| 7.1 Mobile IP | 7.1 Mobile IP | |||
| Mobile IPv6 [MIPv6] specification defines requirements for the | Mobile IPv6 [MIPv6] specification defines requirements for the | |||
| following types of nodes: | following types of nodes: | |||
| - mobile nodes | - mobile nodes | |||
| - correspondent nodes with support for route optimization | - correspondent nodes with support for route optimization | |||
| - home agents | - home agents | |||
| - all IPv6 routers | - all IPv6 routers | |||
| Hosts MAY support mobile node functionality. | Hosts MAY support mobile node functionality. | |||
| Hosts SHOULD support route optimization requirements for | Hosts SHOULD support route optimization requirements for | |||
| correspondent nodes. Routers do not need to support route | correspondent nodes. Routers do not need to support route | |||
| optimization. | optimization. | |||
| Routers MAY support home agent functionality. | Routers SHOULD support mobile IP requirements. | |||
| Routers SHOULD support the requirements set for all IPv6 routers. | ||||
| 7.2 Securing Signaling between Mobile Nodes and Home Agents | 7.2 Securing Signaling between Mobile Nodes and Home Agents | |||
| The security mechanisms described in [MIPv6-HASEC] MUST be supported | The security mechanisms described in [MIPv6-HASEC] MUST be supported | |||
| by nodes implementing mobile node or home agent functionality | by nodes implementing mobile node or home agent functionality | |||
| Internet-Draft | ||||
| specified in Mobile IP [MIPv6]. | specified in Mobile IP [MIPv6]. | |||
| 7.3 Generic Packet Tunneling in IPv6 Specification - RFC2473 | 7.3 Generic Packet Tunneling in IPv6 Specification - RFC2473 | |||
| Generic Packet Tunneling [RFC-2473] MUST be suppored for nodes | Generic Packet Tunneling [RFC-2473] MUST be suppored for nodes | |||
| implementing mobile node functionality or Home Agent functionality of | implementing mobile node functionality or Home Agent functionality of | |||
| Mobile IP [MIPv6]. | Mobile IP [MIPv6]. | |||
| 8. Security | 8. Security | |||
| skipping to change at page 12, line 23 | skipping to change at page 12, line 38 | |||
| ESP [RFC-2406] MUST be supported. AH [RFC-2402] MUST be supported. | ESP [RFC-2406] MUST be supported. AH [RFC-2402] MUST be supported. | |||
| 8.3 Transforms and Algorithms | 8.3 Transforms and Algorithms | |||
| Current IPsec RFCs specify the support of certain transforms and | Current IPsec RFCs specify the support of certain transforms and | |||
| algorithms, NULL encryption, DES-CBC, HMAC-SHA-1-96, and HMAC-MD5-96. | algorithms, NULL encryption, DES-CBC, HMAC-SHA-1-96, and HMAC-MD5-96. | |||
| The requirements for these are discussed first, and then additional | The requirements for these are discussed first, and then additional | |||
| algorithms 3DES-CBC, AES-128-CBC, and HMAC-SHA-256-96 are discussed. | algorithms 3DES-CBC, AES-128-CBC, and HMAC-SHA-256-96 are discussed. | |||
| NULL encryption algorithm [RFC-2410] MUST be supported for providing | NULL encryption algorithm [RFC-2410] MUST be supported for providing | |||
| integrity service and also for debugging use. The "ESP DES-CBC Cipher | integrity service and also for debugging use. | |||
| Algorithm With Explicit IV" [RFC-2405] MUST be supported. Security | ||||
| issues related to the use of DES are discussed in [DESDIFF], | The "ESP DES-CBC Cipher Algorithm With Explicit IV" [RFC-2405] SHOULD | |||
| [DESINT], [DESCRACK]. It is currently viewed as an inherently weak | NOT be supported. Security issues related to the use of DES are | |||
| algorithm, and no longer fulfills its intended role. It is still | discussed in [DESDIFF], [DESINT], [DESCRACK]. It is still listed as | |||
| required by the existing IPsec RFCs, however. This document | required by the existing IPsec RFCs, but as it is currently viewed as | |||
| recommends the use of ESP DES-CBC only where interoperability is | an inherently weak algorithm, and no longer fulfills its intended | |||
| required with old implementations supporting DES-CBC. | role. | |||
| The NULL authentication algorithm [RFC-2406] MUST be supported within | The NULL authentication algorithm [RFC-2406] MUST be supported within | |||
| ESP. The use of HMAC-SHA-1-96 within AH and ESP, described in [RFC- | ESP. The use of HMAC-SHA-1-96 within AH and ESP, described in [RFC- | |||
| 2404] MUST be supported. The Use of HMAC-MD5-96 within AH and ESP, | 2404] MUST be supported. The Use of HMAC-MD5-96 within AH and ESP, | |||
| described in [RFC-2403] MUST be supported. An implementer MUST refer | described in [RFC-2403] MUST be supported. An implementer MUST refer | |||
| to Keyed-Hashing for Message Authentication [RFC-2104]. | to Keyed-Hashing for Message Authentication [RFC-2104]. | |||
| 3DES-CBC does not suffer from the issues related to DES-CBC. 3DES-CBC | 3DES-CBC does not suffer from the issues related to DES-CBC. 3DES-CBC | |||
| and ESP CBC-Mode Cipher Algorithms [RFC2451] MAY be supported. AES- | and ESP CBC-Mode Cipher Algorithms [RFC2451] MAY be supported. AES- | |||
| Internet-Draft | ||||
| 128-CBC [ipsec-ciph-aes-cbc] MUST be supported, as it is expected to | 128-CBC [ipsec-ciph-aes-cbc] MUST be supported, as it is expected to | |||
| be a widely available, secure algorithm that is required for | be a widely available, secure algorithm that is required for | |||
| interoperability. It is not required by the current IPsec RFCs, | interoperability. It is not required by the current IPsec RFCs, | |||
| however. | however. | |||
| The "HMAC-SHA-256-96 Algorithm and Its Use With IPsec" [ipsec-ciph- | The "HMAC-SHA-256-96 Algorithm and Its Use With IPsec" [ipsec-ciph- | |||
| sha-256] MAY be supported. | sha-256] MAY be supported. | |||
| 8.4 Key Management Methods | 8.4 Key Management Methods | |||
| skipping to change at page 13, line 39 | skipping to change at page 14, line 5 | |||
| be supported. | be supported. | |||
| 10. Network Management | 10. Network Management | |||
| Network Management, MAY be supported by IPv6 nodes. However, for | Network Management, MAY be supported by IPv6 nodes. However, for | |||
| IPv6 nodes that are embedded devices, network management may be the | IPv6 nodes that are embedded devices, network management may be the | |||
| only possibility to control these hosts. | only possibility to control these hosts. | |||
| 10.1 MIBs | 10.1 MIBs | |||
| Internet-Draft | ||||
| In a general sense, MIBs SHOULD be supported by nodes that support a | In a general sense, MIBs SHOULD be supported by nodes that support a | |||
| SNMP agent. | SNMP agent. | |||
| 10.1.1 IP Forwarding Table MIB | 10.1.1 IP Forwarding Table MIB | |||
| Support for this MIB does not imply that IPv4 or IPv4 specific | Support for this MIB does not imply that IPv4 or IPv4 specific | |||
| portions of this MIB be supported. | portions of this MIB be supported. | |||
| 10.1.2 Management Information Base for the Internet Protocol (IP) | 10.1.2 Management Information Base for the Internet Protocol (IP) | |||
| skipping to change at page 14, line 41 | skipping to change at page 15, line 5 | |||
| from specific security threats, compared with the same threats in | from specific security threats, compared with the same threats in | |||
| unicast [MC-THREAT]. | unicast [MC-THREAT]. | |||
| An implementer should also consider the analysis of anycast | An implementer should also consider the analysis of anycast | |||
| [ANYCAST]. | [ANYCAST]. | |||
| 12. References | 12. References | |||
| 12.1 Normative | 12.1 Normative | |||
| Internet-Draft | ||||
| [ADDRARCHv3] Hinden, R. and Deering, S. "IP Version 6 Addressing | [ADDRARCHv3] Hinden, R. and Deering, S. "IP Version 6 Addressing | |||
| Architecture", Work in progress. | Architecture", RFC 3513, April 2003. | |||
| [DEFADDR] Draves, R., "Default Address Selection for IPv6", Work | [DEFADDR] Draves, R., "Default Address Selection for IPv6", RFC | |||
| in progress. | 3484, February 2003. | |||
| [DHCPv6] Bound, J. et al., "Dynamic Host Configuration Protocol | [DHCPv6] Bound, J. et al., "Dynamic Host Configuration Protocol | |||
| for IPv6 (DHCPv6)", Work in progress. | for IPv6 (DHCPv6)", Work in progress. | |||
| [MIPv6] Johnson D. and Perkins, C., "Mobility Support in | [MIPv6] Johnson D. and Perkins, C., "Mobility Support in | |||
| IPv6", Work in progress. | IPv6", Work in progress. | |||
| [MIPv6-HASEC] J. Arkko, V. Devarapalli, F. Dupont, "Using IPsec to | [MIPv6-HASEC] J. Arkko, V. Devarapalli, F. Dupont, "Using IPsec to | |||
| Protect Mobile IPv6 Signaling betweenMobile Nodes and | Protect Mobile IPv6 Signaling betweenMobile Nodes and | |||
| Home Agents", draft-ietf-mobileip-mipv6-ha-ipsec-03 | Home Agents", Work in Progress. | |||
| (work in progress), February 2003. | ||||
| [MLDv2] Vida, R. et al., "Multicast Listener Discovery Version | [MLDv2] Vida, R. et al., "Multicast Listener Discovery Version | |||
| 2 (MLDv2) for IPv6", Work in Progress. | 2 (MLDv2) for IPv6", Work in Progress. | |||
| [RFC-1035] Mockapetris, P., "Domain names - implementation and | [RFC-1035] Mockapetris, P., "Domain names - implementation and | |||
| specification", STD 13, RFC 1035, November 1987. | specification", STD 13, RFC 1035, November 1987. | |||
| [RFC-1886] Thomson, S. et al.and Huitema, C., "DNS Extensions to | [RFC-1886] Thomson, S. et al.and Huitema, C., "DNS Extensions to | |||
| support IP version 6", RFC 1886, December 1995. | support IP version 6", RFC 1886, December 1995. | |||
| skipping to change at page 15, line 43 | skipping to change at page 16, line 5 | |||
| Keyed-Hashing for Message Authentication", RFC 2104, | Keyed-Hashing for Message Authentication", RFC 2104, | |||
| February 1997. | February 1997. | |||
| [RFC-2119] Bradner, S., "Key words for use in RFCs to | [RFC-2119] Bradner, S., "Key words for use in RFCs to | |||
| Indicate Requirement Levels", BCP 14, RFC 2119, March | Indicate Requirement Levels", BCP 14, RFC 2119, March | |||
| 1997. | 1997. | |||
| [RFC-2373] Hinden, R. and Deering, S., "IP Version 6 Addressing | [RFC-2373] Hinden, R. and Deering, S., "IP Version 6 Addressing | |||
| Architecture", RFC 2373, July 1998. | Architecture", RFC 2373, July 1998. | |||
| Internet-Draft | ||||
| [RFC-2401] Kent, S. and Atkinson, R., "Security Architecture for | [RFC-2401] Kent, S. and Atkinson, R., "Security Architecture for | |||
| the Internet Protocol", RFC 2401, November 1998. | the Internet Protocol", RFC 2401, November 1998. | |||
| [RFC-2402] Kent, S. and Atkinson, R., "IP Authentication | [RFC-2402] Kent, S. and Atkinson, R., "IP Authentication | |||
| Header", RFC 2402, November 1998. | Header", RFC 2402, November 1998. | |||
| [RFC-2403] Madson, C., and Glenn, R., "The Use of HMAC-MD5 within | [RFC-2403] Madson, C., and Glenn, R., "The Use of HMAC-MD5 within | |||
| ESP and AH", RFC 2403, November 1998. | ESP and AH", RFC 2403, November 1998. | |||
| [RFC-2404] Madson, C., and Glenn, R., "The Use of HMAC-SHA-1 | [RFC-2404] Madson, C., and Glenn, R., "The Use of HMAC-SHA-1 | |||
| skipping to change at page 16, line 25 | skipping to change at page 16, line 36 | |||
| Interpretation for ISAKMP", RFC 2407, November 1998. | Interpretation for ISAKMP", RFC 2407, November 1998. | |||
| [RFC-2408] Maughan, D., Schertler, M., Schneider, M., and Turner, | [RFC-2408] Maughan, D., Schertler, M., Schneider, M., and Turner, | |||
| J., "Internet Security Association and Key Management | J., "Internet Security Association and Key Management | |||
| Protocol (ISAKMP)", RFC 2408, November 1998. | Protocol (ISAKMP)", RFC 2408, November 1998. | |||
| [RFC-2409] Harkins, D., and Carrel, D., "The Internet Key | [RFC-2409] Harkins, D., and Carrel, D., "The Internet Key | |||
| Exchange (IKE)", RFC 2409, November 1998. | Exchange (IKE)", RFC 2409, November 1998. | |||
| [RFC-2410] Glenn, R. and Kent, S., "The NULL Encryption Algorithm | [RFC-2410] Glenn, R. and Kent, S., "The NULL Encryption Algorithm | |||
| and Its Use With IPsec", RFC 2410, November 1998 | and Its Use With IPsec", RFC 2410, November 1998. | |||
| [RFC-2451] Pereira, R. and Adams, R., "The ESP CBC-Mode Cipher | [RFC-2451] Pereira, R. and Adams, R., "The ESP CBC-Mode Cipher | |||
| Algorithms", RFC 2451, November 1998 | Algorithms", RFC 2451, November 1998. | |||
| [RFC-2460] Deering, S. and Hinden, R., "Internet Protocol, Ver- | [RFC-2460] Deering, S. and Hinden, R., "Internet Protocol, Ver- | |||
| sion 6 (IPv6) Specification", RFC 2460, December 1998. | sion 6 (IPv6) Specification", RFC 2460, December 1998. | |||
| [RFC-2461] Narten, T., Nordmark, E. and Simpson, W., "Neighbor | [RFC-2461] Narten, T., Nordmark, E. and Simpson, W., "Neighbor | |||
| Discovery for IP Version 6 (IPv6)", RFC 2461, December | Discovery for IP Version 6 (IPv6)", RFC 2461, December | |||
| 1998. | 1998. | |||
| [RFC-2462] Thomson, S. and Narten, T., "IPv6 Stateless Address | [RFC-2462] Thomson, S. and Narten, T., "IPv6 Stateless Address | |||
| Autoconfiguration", RFC 2462. | Autoconfiguration", RFC 2462. | |||
| [RFC-2463] Conta, A. and Deering, S., "ICMP for the Internet Pro- | [RFC-2463] Conta, A. and Deering, S., "ICMP for the Internet Pro- | |||
| tocol Version 6 (IPv6)", RFC 2463, December 1998. | tocol Version 6 (IPv6)", RFC 2463, December 1998. | |||
| [RFC-2472] Haskin, D. and Allen, E., "IP version 6 over PPP", RFC | [RFC-2472] Haskin, D. and Allen, E., "IP version 6 over PPP", RFC | |||
| Internet-Draft | ||||
| 2472, December 1998. | 2472, December 1998. | |||
| [RFC-2473] Conta, A. and Deering, S., "Generic Packet Tunneling | [RFC-2473] Conta, A. and Deering, S., "Generic Packet Tunneling | |||
| in IPv6 Specification", RFC 2473, December 1998. | in IPv6 Specification", RFC 2473, December 1998. | |||
| [RFC-2710] Deering, S., Fenner, W. and Haberman, B., "Multicast | [RFC-2710] Deering, S., Fenner, W. and Haberman, B., "Multicast | |||
| Listener Discovery (MLD) for IPv6", RFC 2710, October | Listener Discovery (MLD) for IPv6", RFC 2710, October | |||
| 1999. | 1999. | |||
| [RFC-2711] Partridge, C. and Jackson, A., "IPv6 Router Alert | [RFC-2711] Partridge, C. and Jackson, A., "IPv6 Router Alert | |||
| skipping to change at page 17, line 26 | skipping to change at page 17, line 37 | |||
| sion 6 (IPv6) Addresses in the Domain Name System | sion 6 (IPv6) Addresses in the Domain Name System | |||
| (DNS)", RFC 3363, August 2002. | (DNS)", RFC 3363, August 2002. | |||
| 12.2 Non-Normative | 12.2 Non-Normative | |||
| [ANYCAST] Hagino, J and Ettikan K., "An Analysis of IPv6 Anycast" | [ANYCAST] Hagino, J and Ettikan K., "An Analysis of IPv6 Anycast" | |||
| Work in Progress. | Work in Progress. | |||
| [DESDIFF] Biham, E., Shamir, A., "Differential Cryptanalysis of | [DESDIFF] Biham, E., Shamir, A., "Differential Cryptanalysis of | |||
| DES-like cryptosystems", Journal of Cryptology Vol 4, Jan | DES-like cryptosystems", Journal of Cryptology Vol 4, Jan | |||
| 1991 | 1991. | |||
| [DESCRACK] Cracking DES, O'Reilly & Associates, Sebastapol, CA 2000. | [DESCRACK] Cracking DES, O'Reilly & Associates, Sebastapol, CA 2000. | |||
| [DESINT] Bellovin, S., "An Issue With DES-CBC When Used Without | [DESINT] Bellovin, S., "An Issue With DES-CBC When Used Without | |||
| Strong Integrity", Proceedings of the 32nd IETF, Danvers, | Strong Integrity", Proceedings of the 32nd IETF, Danvers, | |||
| MA, April 1995. | MA, April 1995. | |||
| [MC-THREAT] Ballardie A. and Crowcroft, J.; Multicast-Specific Secu- | [MC-THREAT] Ballardie A. and Crowcroft, J.; Multicast-Specific Secu- | |||
| rity Threats and Counter-Measures; In Proceedings "Sympo- | rity Threats and Counter-Measures; In Proceedings "Sympo- | |||
| sium on Network and Distributed System Security", Febru- | sium on Network and Distributed System Security", Febru- | |||
| ary 1995, pp.2-16. | ary 1995, pp.2-16. | |||
| [SOI] C. Madson, "Son-of-IKE Requirements", Work in Progress. | [SOI] C. Madson, "Son-of-IKE Requirements", Work in Progress. | |||
| [RFC-793] Postel, J., "Transmission Control Protocol", RFC 793, | [RFC-793] Postel, J., "Transmission Control Protocol", RFC 793, | |||
| August 1980. | August 1980. | |||
| Internet-Draft | ||||
| [RFC-1034] Mockapetris, P., "Domain names - concepts and facili- | [RFC-1034] Mockapetris, P., "Domain names - concepts and facili- | |||
| ties", RFC 1034, November 1987. | ties", RFC 1034, November 1987. | |||
| [RFC-2147] Borman, D., "TCP and UDP over IPv6 Jumbograms", RFC 2147, | [RFC-2147] Borman, D., "TCP and UDP over IPv6 Jumbograms", RFC 2147, | |||
| May 1997. | May 1997. | |||
| [RFC-2464] Crawford, M., "Transmission of IPv6 Packets over Ethernet | [RFC-2464] Crawford, M., "Transmission of IPv6 Packets over Ethernet | |||
| Networks", RFC 2462, December 1998. | Networks", RFC 2462, December 1998. | |||
| [RFC-2492] G. Armitage, M. Jork, P. Schulter, G. Harter, IPv6 over | [RFC-2492] G. Armitage, M. Jork, P. Schulter, G. Harter, IPv6 over | |||
| skipping to change at page 18, line 44 | skipping to change at page 19, line 5 | |||
| Marc Blanchet | Marc Blanchet | |||
| [marc.blanchet@viagenie.qc.ca] | [marc.blanchet@viagenie.qc.ca] | |||
| Samita Chakrabarti | Samita Chakrabarti | |||
| [samita.chakrabarti@eng.sun.com] | [samita.chakrabarti@eng.sun.com] | |||
| Alain Durand | Alain Durand | |||
| [alain.durand@sun.com] | [alain.durand@sun.com] | |||
| Internet-Draft | ||||
| Gerard Gastaud | Gerard Gastaud | |||
| [gerard.gastaud@alcatel.fr] | [gerard.gastaud@alcatel.fr] | |||
| Jun-ichiro itojun Hagino | Jun-ichiro itojun Hagino | |||
| [itojun@iijlab.net] | [itojun@iijlab.net] | |||
| Atsushi Inoue | Atsushi Inoue | |||
| [inoue@isl.rdc.toshiba.co.jp] | [inoue@isl.rdc.toshiba.co.jp] | |||
| Masahiro Ishiyama | Masahiro Ishiyama | |||
| [masahiro@isl.rdc.toshiba.co.jp] | [masahiro@isl.rdc.toshiba.co.jp] | |||
| John Loughney | John Loughney | |||
| [john.loughney@nokia.com] | [john.loughney@nokia.com] | |||
| Okabe Nobuo | Okabe Nobuo | |||
| [nov@tahi.org] | [nov@tahi.org] | |||
| Rajiv Raghunarayan | Rajiv Raghunarayan | |||
| skipping to change at page 19, line 25 | skipping to change at page 19, line 37 | |||
| Shoichi Sakane | Shoichi Sakane | |||
| [shouichi.sakane@jp.yokogawa.com] | [shouichi.sakane@jp.yokogawa.com] | |||
| Dave Thaler | Dave Thaler | |||
| [dthaler@windows.microsoft.com] | [dthaler@windows.microsoft.com] | |||
| Juha Wiljakka | Juha Wiljakka | |||
| [juha.wiljakka@Nokia.com] | [juha.wiljakka@Nokia.com] | |||
| The authors would like to thank Ran Atkinson, Jim Bound, Brian Carpenter, Ralph Droms, Christian Huitema, Adam Machalek, Thomas Narten, Juha Ollila and Pekka Savola for their comments. | The authors would like to thank Ran Atkinson, Jim Bound, Brian Car- | |||
| penter, Ralph Droms, Christian Huitema, Adam Machalek, Thomas Narten, | ||||
| Juha Ollila and Pekka Savola for their comments. | ||||
| 14. Editor's Contact Information | 14. Editor's Contact Information | |||
| Comments or questions regarding this document should be sent to the IPv6 | Comments or questions regarding this document should be sent to the | |||
| Working Group mailing list (ipng@sunroof.eng.sun.com) or to: | IPv6 Working Group mailing list (ipng@sunroof.eng.sun.com) or to: | |||
| John Loughney | John Loughney | |||
| Nokia Research Center | Nokia Research Center | |||
| It„merenkatu 11-13 | It„merenkatu 11-13 | |||
| 00180 Helsinki | 00180 Helsinki | |||
| Finland | Finland | |||
| Phone: +358 50 483 6242 | Phone: +358 50 483 6242 | |||
| Email: John.Loughney@Nokia.com | Email: John.Loughney@Nokia.com | |||
| Appendix A: Change history | Internet-Draft | |||
| The following is a list of changes since the previous version. | ||||
| - Small updates based upon feedback from the IPv6 mailing list. | ||||
| - Updated information on Stateful Address Autoconfiguration & DHCP. | ||||
| - Updated MIBs section. | ||||
| - Updated Mobile IP section. | ||||
| - Rewrote Security section. | ||||
| Appendix B: Specifications Not Included | ||||
| Here is a list of documents considered, but not included in this document. | ||||
| In general, Information documents are not considered to place requirements | ||||
| on implementations. Experimental documents are just that, experimental, | ||||
| and cannot place requirements on the general behavior of IPv6 nodes. | ||||
| Upper Protocols | ||||
| 2428 FTP Extensions For IPv6 And NATs | ||||
| Compression | ||||
| 2507 IP Header Compression | ||||
| 2508 Compressing IP/UDP/RTP Headers For Low-Speed Serial Links | ||||
| 2509 IP Header Compression Over PPP | ||||
| Informational | ||||
| 1752 The Recommendation For The IP Next Generation Protocol API RFCs | ||||
| 1881 IPv6 Address Allocation Management. | ||||
| 1887 An Architecture For Ipv6 Unicast Address Allocation | ||||
| 2104 HMAC: Keyed-Hashing For Message Authentication | ||||
| 2374 An IPv6 Aggregatable Global Unicast Address Format. | ||||
| 2450 Proposed TLA And NLA Assignment Rules. | ||||
| Experimental | ||||
| 2874 DNS Extensions To Support Ipv6 Address Aggregation | ||||
| 2471 IPv6 Testing Address Allocation. | ||||
| Other | ||||
| 2526 Reserved IPv6 Subnet Anycast | ||||
| 2732 Format For Literal IPv6 Addr In URLs | ||||
| 2894 Router Renumbering | ||||
| 3122 Extensions To IPv6 ND For Inverse Discovery | ||||
| Appendix C: Notices | Notices | |||
| The IETF takes no position regarding the validity or scope of any | The IETF takes no position regarding the validity or scope of any | |||
| intellectual property or other rights that might be claimed to per- | intellectual property or other rights that might be claimed to per- | |||
| tain to the implementation or use of the technology described in this | tain to the implementation or use of the technology described in this | |||
| document or the extent to which any license under such rights might | document or the extent to which any license under such rights might | |||
| or might not be available; neither does it represent that it has made | or might not be available; neither does it represent that it has made | |||
| any effort to identify any such rights. Information on the IETF's | any effort to identify any such rights. Information on the IETF's | |||
| procedures with respect to rights in standards-track and standards- | procedures with respect to rights in standards-track and standards- | |||
| related documentation can be found in BCP-11. Copies of claims of | related documentation can be found in BCP-11. Copies of claims of | |||
| rights made available for publication and any assurances of licenses | rights made available for publication and any assurances of licenses | |||
| End of changes. | ||||
This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/ | ||||