| draft-ietf-ipv6-node-requirements-11.txt | rfc4294.txt | |||
|---|---|---|---|---|
| IPv6 Working Group John Loughney (ed) | Network Working Group J. Loughney, Ed. | |||
| Internet-Draft Nokia | Request for Comments: 4294 Nokia | |||
| August 23, 2004 | Category: Informational April 2006 | |||
| Expires: February 22, 2005 | ||||
| IPv6 Node Requirements | IPv6 Node Requirements | |||
| draft-ietf-ipv6-node-requirements-11.txt | ||||
| Status of this Memo | ||||
| By submitting this Internet-Draft, I certify that any applicable | ||||
| patent or other IPR claims of which I am aware have been disclosed, | ||||
| and any of which I become aware will be disclosed, in accordance | ||||
| with RFC 3668. | ||||
| Internet-Drafts are working documents of the Internet Engineering | ||||
| Task Force (IETF), its areas, and its working groups. Note that | ||||
| other groups may also distribute working documents as Internet- | ||||
| Drafts. | ||||
| Internet-Drafts are draft documents valid for a maximum of six | ||||
| months and may be updated, replaced, or obsoleted by other documents | ||||
| at any time. It is inappropriate to use Internet-Drafts as | ||||
| reference material or to cite them other than as "work in progress." | ||||
| The list of current Internet-Drafts can be accessed at | Status of This Memo | |||
| http://www.ietf.org/ietf/1id-abstracts.txt. | ||||
| The list of Internet-Draft Shadow Directories can be accessed at | This memo provides information for the Internet community. It does | |||
| http://www.ietf.org/shadow.html. | not specify an Internet standard of any kind. Distribution of this | |||
| memo is unlimited. | ||||
| Copyright Notice | Copyright Notice | |||
| Copyright (C) The Internet Society (2004). All Rights Reserved. | Copyright (C) The Internet Society (2006). | |||
| Abstract | Abstract | |||
| This document defines requirements for IPv6 nodes. It is expected | This document defines requirements for IPv6 nodes. It is expected | |||
| that IPv6 will be deployed in a wide range of devices and | that IPv6 will be deployed in a wide range of devices and situations. | |||
| situations. Specifying the requirements for IPv6 nodes allows IPv6 | Specifying the requirements for IPv6 nodes allows IPv6 to function | |||
| to function well and interoperate in a large number of situations | well and interoperate in a large number of situations and | |||
| and deployments. | deployments. | |||
| Internet-Draft | ||||
| Table of Contents | Table of Contents | |||
| 1. Introduction | 1. Introduction ....................................................2 | |||
| 1.1 Requirement Language | 1.1. Requirement Language .......................................3 | |||
| 1.2 Scope of this Document | 1.2. Scope of This Document .....................................3 | |||
| 1.3 Description of IPv6 Nodes | 1.3. Description of IPv6 Nodes ..................................3 | |||
| 2. Abbreviations Used in This Document | 2. Abbreviations Used in This Document .............................3 | |||
| 3. Sub-IP Layer | 3. Sub-IP Layer ....................................................4 | |||
| 3.1 Transmission of IPv6 Packets over Ethernet Networks - RFC2464 | 3.1. Transmission of IPv6 Packets over Ethernet Networks | |||
| 3.2 IP version 6 over PPP - RFC2472 | - RFC 2464 .................................................4 | |||
| 3.3 IPv6 over ATM Networks - RFC2492 | 3.2. IP version 6 over PPP - RFC 2472 ...........................4 | |||
| 4. IP Layer | 3.3. IPv6 over ATM Networks - RFC 2492 ..........................4 | |||
| 4.1 Internet Protocol Version 6 - RFC2460 | 4. IP Layer ........................................................5 | |||
| 4.2 Neighbor Discovery for IPv6 - RFC2461 | 4.1. Internet Protocol Version 6 - RFC 2460 .....................5 | |||
| 4.3 Path MTU Discovery & Packet Size | 4.2. Neighbor Discovery for IPv6 - RFC 2461 .....................5 | |||
| 4.4 ICMP for the Internet Protocol Version 6 (IPv6) - RFC2463 | 4.3. Path MTU Discovery and Packet Size .........................6 | |||
| 4.5 Addressing | 4.4. ICMP for the Internet Protocol Version 6 (IPv6) - | |||
| 4.6 Multicast Listener Discovery (MLD) for IPv6 - RFC2710 | RFC 2463 ...................................................7 | |||
| 5. DNS and DHCP | 4.5. Addressing .................................................7 | |||
| 5.1 DNS | 4.6. Multicast Listener Discovery (MLD) for IPv6 - RFC 2710 .....8 | |||
| 5.2 Dynamic Host Configuration Protocol for IPv6 (DHCPv6) | 5. DNS and DHCP ....................................................8 | |||
| 6. IPv4 Support and Transition | 5.1. DNS ........................................................8 | |||
| 6.1 Transition Mechanisms | 5.2. Dynamic Host Configuration Protocol for IPv6 | |||
| 7. Mobility | (DHCPv6) - RFC 3315 ........................................9 | |||
| 8. Security | 6. IPv4 Support and Transition ....................................10 | |||
| 8.1 Basic Architecture | 6.1. Transition Mechanisms .....................................10 | |||
| 8.2 Security Protocols | 7. Mobile IP ......................................................10 | |||
| 8.3 Transforms and Algorithms | 8. Security .......................................................10 | |||
| 8.4 Key Management Methods | 8.1. Basic Architecture ........................................10 | |||
| 9. Router Functionality | 8.2. Security Protocols ........................................11 | |||
| 9.1 General | 8.3. Transforms and Algorithms .................................11 | |||
| 10. Network Management | 8.4. Key Management Methods ....................................12 | |||
| 10.1 MIBs | 9. Router-Specific Functionality ..................................12 | |||
| 11. Security Considerations | 9.1. General ...................................................12 | |||
| 12. References | 10. Network Management ............................................12 | |||
| 12.1 Normative | 10.1. Management Information Base Modules (MIBs) ...............12 | |||
| 12.2 Non-Normative | 11. Security Considerations .......................................13 | |||
| 13. Authors and Acknowledgements | 12. References ....................................................13 | |||
| 14. Editor's Address | 12.1. Normative References .....................................13 | |||
| Notices | 12.2. Informative References ...................................16 | |||
| 13. Authors and Acknowledgements ..................................18 | ||||
| Internet-Draft | ||||
| 1. Introduction | 1. Introduction | |||
| The goal of this document is to define the common functionality | The goal of this document is to define the common functionality | |||
| required from both IPv6 hosts and routers. Many IPv6 nodes will | required from both IPv6 hosts and routers. Many IPv6 nodes will | |||
| implement optional or additional features, but this document | implement optional or additional features, but this document | |||
| summarizes requirements from other published Standards Track | summarizes requirements from other published Standards Track | |||
| documents in one place. | documents in one place. | |||
| This document tries to avoid discussion of protocol details, and | This document tries to avoid discussion of protocol details, and | |||
| skipping to change at page 3, line 28 | skipping to change at page 2, line 45 | |||
| Although the document points to different specifications, it should | Although the document points to different specifications, it should | |||
| be noted that in most cases, the granularity of requirements are | be noted that in most cases, the granularity of requirements are | |||
| smaller than a single specification, as many specifications define | smaller than a single specification, as many specifications define | |||
| multiple, independent pieces, some of which may not be mandatory. | multiple, independent pieces, some of which may not be mandatory. | |||
| As it is not always possible for an implementer to know the exact | As it is not always possible for an implementer to know the exact | |||
| usage of IPv6 in a node, an overriding requirement for IPv6 nodes is | usage of IPv6 in a node, an overriding requirement for IPv6 nodes is | |||
| that they should adhere to Jon Postel's Robustness Principle: | that they should adhere to Jon Postel's Robustness Principle: | |||
| Be conservative in what you do, be liberal in what you accept | Be conservative in what you do, be liberal in what you accept from | |||
| from others [RFC-793]. | others [RFC-793]. | |||
| 1.1 Requirement Language | 1.1. Requirement Language | |||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in | "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | |||
| this document are to be interpreted as described in RFC 2119 [RFC- | document are to be interpreted as described in RFC 2119 [RFC-2119]. | |||
| 2119]. | ||||
| 1.2 Scope of this Document | 1.2. Scope of This Document | |||
| IPv6 covers many specifications. It is intended that IPv6 will be | IPv6 covers many specifications. It is intended that IPv6 will be | |||
| deployed in many different situations and environments. Therefore, | deployed in many different situations and environments. Therefore, | |||
| it is important to develop the requirements for IPv6 nodes, in order | it is important to develop the requirements for IPv6 nodes to ensure | |||
| to ensure interoperability. | interoperability. | |||
| This document assumes that all IPv6 nodes meet the minimum | This document assumes that all IPv6 nodes meet the minimum | |||
| requirements specified here. | requirements specified here. | |||
| 1.3 Description of IPv6 Nodes | 1.3. Description of IPv6 Nodes | |||
| From Internet Protocol, Version 6 (IPv6) Specification [RFC-2460] we | From the Internet Protocol, Version 6 (IPv6) Specification | |||
| have the following definitions: | [RFC-2460], we have the following definitions: | |||
| Description of an IPv6 Node | Description of an IPv6 Node | |||
| Internet-Draft | - a device that implements IPv6. | |||
| - a device that implements IPv6 | ||||
| Description of an IPv6 router | Description of an IPv6 router | |||
| - a node that forwards IPv6 packets not explicitly addressed to | - a node that forwards IPv6 packets not explicitly addressed | |||
| itself. | to itself. | |||
| Description of an IPv6 Host | Description of an IPv6 Host | |||
| - any node that is not a router. | - any node that is not a router. | |||
| 2. Abbreviations Used in This Document | 2. Abbreviations Used in This Document | |||
| ATM Asynchronous Transfer Mode | ATM Asynchronous Transfer Mode | |||
| AH Authentication Header | AH Authentication Header | |||
| skipping to change at page 5, line 5 | skipping to change at page 4, line 28 | |||
| NUD Neighbor Unreachability Detection | NUD Neighbor Unreachability Detection | |||
| PPP Point-to-Point Protocol | PPP Point-to-Point Protocol | |||
| PVC Permanent Virtual Circuit | PVC Permanent Virtual Circuit | |||
| SVC Switched Virtual Circuit | SVC Switched Virtual Circuit | |||
| 3. Sub-IP Layer | 3. Sub-IP Layer | |||
| Internet-Draft | ||||
| An IPv6 node must include support for one or more IPv6 link-layer | An IPv6 node must include support for one or more IPv6 link-layer | |||
| specifications. Which link-layer specifications are included will | specifications. Which link-layer specifications are included will | |||
| depend upon what link-layers are supported by the hardware available | depend upon what link-layers are supported by the hardware available | |||
| on the system. It is possible for a conformant IPv6 node to support | on the system. It is possible for a conformant IPv6 node to support | |||
| IPv6 on some of its interfaces and not on others. | IPv6 on some of its interfaces and not on others. | |||
| As IPv6 is run over new layer 2 technologies, it is expected that | As IPv6 is run over new layer 2 technologies, it is expected that new | |||
| new specifications will be issued. This section highlights some | specifications will be issued. This section highlights some major | |||
| major layer 2 technologies and is not intended to be complete. | layer 2 technologies and is not intended to be complete. | |||
| 3.1 Transmission of IPv6 Packets over Ethernet Networks - RFC2464 | 3.1. Transmission of IPv6 Packets over Ethernet Networks - RFC 2464 | |||
| Nodes supporting IPv6 over Ethernet interfaces MUST implement | Nodes supporting IPv6 over Ethernet interfaces MUST implement | |||
| Transmission of IPv6 Packets over Ethernet Networks [RFC-2464]. | Transmission of IPv6 Packets over Ethernet Networks [RFC-2464]. | |||
| 3.2 IP version 6 over PPP - RFC2472 | 3.2. IP version 6 over PPP - RFC 2472 | |||
| Nodes supporting IPv6 over PPP MUST implement IPv6 over PPP [RFC- | Nodes supporting IPv6 over PPP MUST implement IPv6 over PPP | |||
| 2472]. | [RFC-2472]. | |||
| 3.3 IPv6 over ATM Networks - RFC2492 | 3.3. IPv6 over ATM Networks - RFC 2492 | |||
| Nodes supporting IPv6 over ATM Networks MUST implement IPv6 over ATM | Nodes supporting IPv6 over ATM Networks MUST implement IPv6 over ATM | |||
| Networks [RFC-2492]. Additionally, RFC 2492 states: | Networks [RFC-2492]. Additionally, RFC 2492 states: | |||
| A minimally conforming IPv6/ATM driver SHALL support the PVC mode | A minimally conforming IPv6/ATM driver SHALL support the PVC mode | |||
| of operation. An IPv6/ATM driver that supports the full SVC mode | of operation. An IPv6/ATM driver that supports the full SVC mode | |||
| SHALL also support PVC mode of operation. | SHALL also support PVC mode of operation. | |||
| 4. IP Layer | 4. IP Layer | |||
| 4.1 Internet Protocol Version 6 - RFC2460 | 4.1. Internet Protocol Version 6 - RFC 2460 | |||
| The Internet Protocol Version 6 is specified in [RFC-2460]. This | The Internet Protocol Version 6 is specified in [RFC-2460]. This | |||
| specification MUST be supported. | specification MUST be supported. | |||
| Unrecognized options in Hop-by-Hop Options or Destination Options | Unrecognized options in Hop-by-Hop Options or Destination Options | |||
| extensions MUST be processed as described in RFC 2460. | extensions MUST be processed as described in RFC 2460. | |||
| The node MUST follow the packet transmission rules in RFC 2460. | The node MUST follow the packet transmission rules in RFC 2460. | |||
| Nodes MUST always be able to send, receive and process fragment | Nodes MUST always be able to send, receive, and process fragment | |||
| headers. All conformant IPv6 implementations MUST be capable of | headers. All conformant IPv6 implementations MUST be capable of | |||
| sending and receving IPv6 packets; forwarding functionality MAY be | sending and receiving IPv6 packets; the forwarding functionality MAY | |||
| supported | be supported. | |||
| RFC 2460 specifies extension headers and the processing for these | RFC 2460 specifies extension headers and the processing for these | |||
| headers. | headers. | |||
| Internet-Draft | ||||
| A full implementation of IPv6 includes implementation of the | A full implementation of IPv6 includes implementation of the | |||
| following extension headers: Hop-by-Hop Options, Routing (Type | following extension headers: Hop-by-Hop Options, Routing (Type 0), | |||
| 0), Fragment, Destination Options, Authentication and | Fragment, Destination Options, Authentication and Encapsulating | |||
| Encapsulating Security Payload. [RFC-2460] | Security Payload [RFC-2460]. | |||
| An IPv6 node MUST be able to process these headers. It should be | An IPv6 node MUST be able to process these headers. It should be | |||
| noted that there is some discussion about the use of Routing Headers | noted that there is some discussion about the use of Routing Headers | |||
| and possible security threats [IPv6-RH] caused by them. | and possible security threats [IPv6-RH] that they cause. | |||
| 4.2 Neighbor Discovery for IPv6 - RFC2461 | 4.2. Neighbor Discovery for IPv6 - RFC 2461 | |||
| Neighbor Discovery SHOULD be supported. RFC 2461 states: | Neighbor Discovery SHOULD be supported. [RFC-2461] states: | |||
| "Unless specified otherwise (in a document that covers operating | "Unless specified otherwise (in a document that covers operating | |||
| IP over a particular link type) this document applies to all link | IP over a particular link type) this document applies to all link | |||
| types. However, because ND uses link-layer multicast for some of | types. However, because ND uses link-layer multicast for some of | |||
| its services, it is possible that on some link types (e.g., NBMA | its services, it is possible that on some link types (e.g., NBMA | |||
| links) alternative protocols or mechanisms to implement those | links) alternative protocols or mechanisms to implement those | |||
| services will be specified (in the appropriate document covering | services will be specified (in the appropriate document covering | |||
| the operation of IP over a particular link type). The services | the operation of IP over a particular link type). The services | |||
| described in this document that are not directly dependent on | described in this document that are not directly dependent on | |||
| multicast, such as Redirects, Next-hop determination, Neighbor | multicast, such as Redirects, Next-hop determination, Neighbor | |||
| skipping to change at page 6, line 46 | skipping to change at page 6, line 20 | |||
| attached link. Router Discovery MUST be supported for | attached link. Router Discovery MUST be supported for | |||
| implementations. | implementations. | |||
| Prefix Discovery is how hosts discover the set of address prefixes | Prefix Discovery is how hosts discover the set of address prefixes | |||
| that define which destinations are on-link for an attached link. | that define which destinations are on-link for an attached link. | |||
| Prefix discovery MUST be supported for implementations. Neighbor | Prefix discovery MUST be supported for implementations. Neighbor | |||
| Unreachability Detection (NUD) MUST be supported for all paths | Unreachability Detection (NUD) MUST be supported for all paths | |||
| between hosts and neighboring nodes. It is not required for paths | between hosts and neighboring nodes. It is not required for paths | |||
| between routers. However, when a node receives a unicast Neighbor | between routers. However, when a node receives a unicast Neighbor | |||
| Solicitation (NS) message (that may be a NUD's NS), the node MUST | Solicitation (NS) message (that may be a NUD's NS), the node MUST | |||
| respond to it (i.e. send a unicast Neighbor Advertisement). | respond to it (i.e., send a unicast Neighbor Advertisement). | |||
| Duplicate Address Detection MUST be supported on all links | Duplicate Address Detection MUST be supported on all links supporting | |||
| supporting link-layer multicast (RFC2462 section 5.4 specifies DAD | link-layer multicast (RFC 2462, Section 5.4, specifies DAD MUST take | |||
| MUST take place on all unicast addresses). | place on all unicast addresses). | |||
| A host implementation MUST support sending Router Solicitations. | A host implementation MUST support sending Router Solicitations. | |||
| Receiving and processing Router Advertisements MUST be supported for | Receiving and processing Router Advertisements MUST be supported for | |||
| Internet-Draft | ||||
| host implementations. The ability to understand specific Router | host implementations. The ability to understand specific Router | |||
| Advertisement options is dependent on supporting the specification | Advertisement options is dependent on supporting the specification | |||
| where the RA is specified. | where the RA is specified. | |||
| Sending and Receiving Neighbor Solicitation (NS) and Neighbor | Sending and Receiving Neighbor Solicitation (NS) and Neighbor | |||
| Advertisement (NA) MUST be supported. NS and NA messages are | Advertisement (NA) MUST be supported. NS and NA messages are | |||
| required for Duplicate Address Detection (DAD). | required for Duplicate Address Detection (DAD). | |||
| Redirect functionality SHOULD be supported. If the node is a router, | Redirect functionality SHOULD be supported. If the node is a router, | |||
| Redirect functionality MUST be supported. | Redirect functionality MUST be supported. | |||
| 4.3 Path MTU Discovery & Packet Size | 4.3. Path MTU Discovery and Packet Size | |||
| 4.3.1 Path MTU Discovery - RFC1981 | 4.3.1. Path MTU Discovery - RFC 1981 | |||
| Path MTU Discovery [RFC-1981] SHOULD be supported, though minimal | Path MTU Discovery [RFC-1981] SHOULD be supported, though minimal | |||
| implementations MAY choose to not support it and avoid large | implementations MAY choose to not support it and avoid large packets. | |||
| packets. The rules in RFC 2460 MUST be followed for packet | The rules in RFC 2460 MUST be followed for packet fragmentation and | |||
| fragmentation and reassembly. | reassembly. | |||
| 4.3.2 IPv6 Jumbograms - RFC2675 | 4.3.2. IPv6 Jumbograms - RFC 2675 | |||
| IPv6 Jumbograms [RFC-2675] MAY be supported. | IPv6 Jumbograms [RFC-2675] MAY be supported. | |||
| 4.4 ICMP for the Internet Protocol Version 6 (IPv6) - RFC2463 | 4.4. ICMP for the Internet Protocol Version 6 (IPv6) - RFC 2463 | |||
| ICMPv6 [RFC-2463] MUST be supported. | ICMPv6 [RFC-2463] MUST be supported. | |||
| Addressing | 4.5. Addressing | |||
| 4.5.1 IP Version 6 Addressing Architecture - RFC3513 | 4.5.1. IP Version 6 Addressing Architecture - RFC 3513 | |||
| The IPv6 Addressing Architecture [RFC-3513] MUST be supported as | The IPv6 Addressing Architecture [RFC-3513] MUST be supported as | |||
| updated by [DEP-SL]. | updated by [RFC-3879]. | |||
| 4.5.2 IPv6 Stateless Address Autoconfiguration - RFC2462 | 4.5.2. IPv6 Stateless Address Autoconfiguration - RFC 2462 | |||
| IPv6 Stateless Address Autoconfiguration is defined in [RFC-2462]. | IPv6 Stateless Address Autoconfiguration is defined in [RFC-2462]. | |||
| This specification MUST be supported for nodes that are hosts. | This specification MUST be supported for nodes that are hosts. | |||
| Static address can be supported as well. | Static address can be supported as well. | |||
| Nodes that are routers MUST be able to generate link local addresses | Nodes that are routers MUST be able to generate link local addresses | |||
| as described in RFC 2462 [RFC-2462]. | as described in RFC 2462 [RFC-2462]. | |||
| From 2462: | From 2462: | |||
| The autoconfiguration process specified in this document applies | The autoconfiguration process specified in this document applies | |||
| only to hosts and not routers. Since host autoconfiguration uses | only to hosts and not routers. Since host autoconfiguration uses | |||
| Internet-Draft | ||||
| information advertised by routers, routers will need to be | information advertised by routers, routers will need to be | |||
| configured by some other means. However, it is expected that | configured by some other means. However, it is expected that | |||
| routers will generate link-local addresses using the mechanism | routers will generate link-local addresses using the mechanism | |||
| described in this document. In addition, routers are expected to | described in this document. In addition, routers are expected to | |||
| successfully pass the Duplicate Address Detection procedure | successfully pass the Duplicate Address Detection procedure | |||
| described in this document on all addresses prior to assigning | described in this document on all addresses prior to assigning | |||
| them to an interface. | them to an interface. | |||
| Duplicate Address Detection (DAD) MUST be supported. | Duplicate Address Detection (DAD) MUST be supported. | |||
| 4.5.3 Privacy Extensions for Address Configuration in IPv6 - RFC3041 | 4.5.3. Privacy Extensions for Address Configuration in IPv6 - RFC 3041 | |||
| Privacy Extensions for Stateless Address Autoconfiguration [RFC- | Privacy Extensions for Stateless Address Autoconfiguration [RFC-3041] | |||
| 3041] SHOULD be supported. It is recommended that this behavior be | SHOULD be supported. It is recommended that this behavior be | |||
| configurable on a connection basis within each application when | configurable on a connection basis within each application when | |||
| available. It is noted that a number of applications do not work | available. It is noted that a number of applications do not work | |||
| with addresses generated with this method, while other applications | with addresses generated with this method, while other applications | |||
| work quite well with them. | work quite well with them. | |||
| 4.5.4 Default Address Selection for IPv6 - RFC3484 | 4.5.4. Default Address Selection for IPv6 - RFC 3484 | |||
| The rules specified in the Default Address Selection for IPv6 [RFC- | The rules specified in the Default Address Selection for IPv6 | |||
| 3484] document MUST be implemented. It is expected that IPv6 nodes | [RFC-3484] document MUST be implemented. It is expected that IPv6 | |||
| will need to deal with multiple addresses. | nodes will need to deal with multiple addresses. | |||
| 4.5.5 Stateful Address Autoconfiguration | 4.5.5. Stateful Address Autoconfiguration | |||
| Stateful Address Autoconfiguration MAY be supported. DHCPv6 [RFC- | Stateful Address Autoconfiguration MAY be supported. DHCPv6 | |||
| 3315] is the standard stateful address configuration protocol; see | [RFC-3315] is the standard stateful address configuration protocol; | |||
| section 5.3 for DHCPv6 support. | see Section 5.3 for DHCPv6 support. | |||
| Nodes which do not support Stateful Address Autoconfiguration may be | Nodes which do not support Stateful Address Autoconfiguration may be | |||
| unable to obtain any IPv6 addresses aside from link-local addresses | unable to obtain any IPv6 addresses, aside from link-local addresses, | |||
| when it receives a router advertisement with the 'M' flag (Managed | when it receives a router advertisement with the 'M' flag (Managed | |||
| address configuration) set and which contains no prefixes advertised | address configuration) set and that contains no prefixes advertised | |||
| for Stateless Address Autoconfiguration (see section 4.5.2). | for Stateless Address Autoconfiguration (see Section 4.5.2). | |||
| Additionally, such nodes will be unable to obtain other | Additionally, such nodes will be unable to obtain other configuration | |||
| configuration information such as the addresses of DNS servers when | information, such as the addresses of DNS servers when it is | |||
| it is connected to a link over which the node receives a router | connected to a link over which the node receives a router | |||
| advertisement in which the 'O' flag ("Other stateful configuration") | advertisement in which the 'O' flag ("Other stateful configuration") | |||
| is set. | is set. | |||
| 4.6 Multicast Listener Discovery (MLD) for IPv6 - RFC2710 | 4.6. Multicast Listener Discovery (MLD) for IPv6 - RFC 2710 | |||
| Nodes that need to join multicast groups SHOULD implement MLDv2 | Nodes that need to join multicast groups SHOULD implement MLDv2 | |||
| [MLDv2]. However, if the node has applications, which only need | [RFC-3810]. However, if the node has applications that only need | |||
| support for Any-Source Multicast [RFC3569], the node MAY implement | support for Any-Source Multicast [RFC-3569], the node MAY implement | |||
| MLDv1 [MLDv1] instead. If the node has applications, which need | MLDv1 [RFC-2710] instead. If the node has applications that need | |||
| support for Source-Specific Multicast [RFC-3569, SSM-ARCH], the node | ||||
| Internet-Draft | MUST support MLDv2 [RFC-3810]. | |||
| support for Source-Specific Multicast [RFC3569, SSMARCH], the node | ||||
| MUST support MLDv2 [MLDv2]. | ||||
| When MLD is used, the rules in "Source Address Selection for the | When MLD is used, the rules in the "Source Address Selection for the | |||
| Multicast Listener Discovery (MLD) Protocol" [RFC-3590] MUST be | Multicast Listener Discovery (MLD) Protocol" [RFC-3590] MUST be | |||
| followed. | followed. | |||
| 5. DNS and DHCP | 5. DNS and DHCP | |||
| 5.1 DNS | 5.1. DNS | |||
| DNS is described in [RFC-1034], [RFC-1035], [RFC-3152], [RFC-3363] | DNS is described in [RFC-1034], [RFC-1035], [RFC-3152], [RFC-3363], | |||
| and [RFC-3596]. Not all nodes will need to resolve names, and those | and [RFC-3596]. Not all nodes will need to resolve names; those that | |||
| that will never need to resolve DNS names do not need to implement | will never need to resolve DNS names do not need to implement | |||
| resolver functionality. However, the ability to resolve names is a | resolver functionality. However, the ability to resolve names is a | |||
| basic infrastructure capability that applications rely on and | basic infrastructure capability that applications rely on and | |||
| generally needs to be supported. All nodes that need to resolve | generally needs to be supported. All nodes that need to resolve | |||
| names SHOULD implement stub-resolver [RFC-1034] functionality, in | names SHOULD implement stub-resolver [RFC-1034] functionality, as in | |||
| RFC 1034 section 5.3.1 with support for: | RFC 1034, Section 5.3.1, with support for: | |||
| - AAAA type Resource Records [RFC-3596]; | - AAAA type Resource Records [RFC-3596]; | |||
| - reverse addressing in ip6.arpa using PTR records [RFC-3152]; | - reverse addressing in ip6.arpa using PTR records [RFC-3152]; | |||
| - EDNS0 [RFC-2671] to allow for DNS packet sizes larger than 512 | - EDNS0 [RFC-2671] to allow for DNS packet sizes larger than 512 | |||
| octets. | octets. | |||
| Those nodes are RECOMMENDED to support DNS security extentions | Those nodes are RECOMMENDED to support DNS security extensions | |||
| [DNSSEC-INTRO], [DNSSEC-REC] and [DNSSEC-PROT]. | [RFC-4033], [RFC-4034], and [RFC-4035]. | |||
| Those nodes are NOT RECOMMENDED to support the experimental A6 and | Those nodes are NOT RECOMMENDED to support the experimental A6 and | |||
| DNAME Resource Records [RFC-3363]. | DNAME Resource Records [RFC-3363]. | |||
| 5.2 Dynamic Host Configuration Protocol for IPv6 (DHCPv6) - RFC3315 | 5.2. Dynamic Host Configuration Protocol for IPv6 (DHCPv6) - RFC 3315 | |||
| 5.2.1 Managed Address Configuration | 5.2.1. Managed Address Configuration | |||
| The method by which IPv6 Nodes that use DHCP for address assignment | The method by which IPv6 nodes that use DHCP for address assignment | |||
| can obtain IPv6 addresses and other configuration information upon | can obtain IPv6 addresses and other configuration information upon | |||
| receipt of a Router Advertisement with the 'M' flag set is described | receipt of a Router Advertisement with the 'M' flag set is described | |||
| in section 5.5.3 of RFC 2462. | in Section 5.5.3 of RFC 2462. | |||
| In addition, in the absence of a router, those IPv6 Nodes that use | In addition, in the absence of a router, those IPv6 nodes that use | |||
| DHCP for address assignment MUST initiate DHCP to obtain IPv6 | DHCP for address assignment MUST initiate DHCP to obtain IPv6 | |||
| addresses and other configuration information, as described in | addresses and other configuration information, as described in | |||
| section 5.5.2 of RFC 2462. Those IPv6 nodes that do not use DHCP | Section 5.5.2 of RFC 2462. Those IPv6 nodes that do not use DHCP for | |||
| for address assignment can ignore the 'M' flag in Router | address assignment can ignore the 'M' flag in Router Advertisements. | |||
| Advertisements. | ||||
| 5.2.2 Other Configuration Information | ||||
| Internet-Draft | 5.2.2. Other Configuration Information | |||
| The method by which IPv6 Nodes that use DHCP to obtain other | The method by which IPv6 nodes that use DHCP to obtain other | |||
| configuration information can obtain other configuration information | configuration information can obtain other configuration information | |||
| upon receipt of a Router Advertisement with the 'O' flag set is | upon receipt of a Router Advertisement with the 'O' flag set is | |||
| described in section 5.5.3 of RFC 2462. | described in Section 5.5.3 of RFC 2462. | |||
| Those IPv6 Nodes that use DHCP to obtain other configuration | Those IPv6 nodes that use DHCP to obtain other configuration | |||
| information initiate DHCP for other configuration information upon | information initiate DHCP for other configuration information upon | |||
| receipt of a Router Advertisement with the 'O' flag set, as | receipt of a Router Advertisement with the 'O' flag set, as described | |||
| described in section 5.5.3 of RFC 2462. Those IPv6 nodes that do | in Section 5.5.3 of RFC 2462. Those IPv6 nodes that do not use DHCP | |||
| not use DHCP for other configuration information can ignore the 'O' | for other configuration information can ignore the 'O' flag in Router | |||
| flag in Router Advertisements. | Advertisements. | |||
| An IPv6 Node can use the subset of DHCP described in [DHCPv6-SL] to | An IPv6 node can use the subset of DHCP (described in [RFC-3736]) to | |||
| obtain other configuration information. | obtain other configuration information. | |||
| 5.3.3 Use of Router Advertisements in Managed Environments | 5.3.3. Use of Router Advertisements in Managed Environments | |||
| Nodes using the Dynamic Host Configuration Protocol for IPv6 | Nodes using the Dynamic Host Configuration Protocol for IPv6 (DHCPv6) | |||
| (DHCPv6) are expected to determine their default router information | are expected to determine their default router information and on- | |||
| and on-link prefix information from received Router Advertisements. | link prefix information from received Router Advertisements. | |||
| 6. IPv4 Support and Transition | 6. IPv4 Support and Transition | |||
| IPv6 nodes MAY support IPv4. | IPv6 nodes MAY support IPv4. | |||
| 6.1 Transition Mechanisms | 6.1. Transition Mechanisms | |||
| 6.1.1 Transition Mechanisms for IPv6 Hosts and Routers - RFC2893 | 6.1.1. Transition Mechanisms for IPv6 Hosts and Routers - RFC 2893 | |||
| If an IPv6 node implements dual stack and tunneling, then RFC2893 | If an IPv6 node implements dual stack and tunneling, then [RFC-4213] | |||
| MUST be supported. | MUST be supported. | |||
| RFC 2893 is currently being updated. | ||||
| 7. Mobile IP | 7. Mobile IP | |||
| The Mobile IPv6 [MIPv6] specification defines requirements for the | The Mobile IPv6 [RFC-3775] specification defines requirements for the | |||
| following types of nodes: | following types of nodes: | |||
| - mobile nodes | - mobile nodes | |||
| - correspondent nodes with support for route optimization | - correspondent nodes with support for route optimization | |||
| - home agents | - home agents | |||
| - all IPv6 routers | - all IPv6 routers | |||
| Hosts MAY support mobile node functionality described in Section 8.5 | Hosts MAY support mobile node functionality described in Section 8.5 | |||
| of [MIPv6], including support of generic packet tunneling [RFC-2473] | of [RFC-3775], including support of generic packet tunneling [RFC- | |||
| and secure home agent communications [MIPv6-HASEC]. | 2473] and secure home agent communications [RFC-3776]. | |||
| Internet-Draft | ||||
| Hosts SHOULD support route optimization requirements for | Hosts SHOULD support route optimization requirements for | |||
| correspondent nodes described in Section 8.2 of [MIPv6]. | correspondent nodes described in Section 8.2 of [RFC-3775]. | |||
| Routers SHOULD support the generic mobility-related requirements for | Routers SHOULD support the generic mobility-related requirements for | |||
| all IPv6 routers described in Section 8.3 of [MIPv6]. Routers MAY | all IPv6 routers described in Section 8.3 of [RFC-3775]. Routers MAY | |||
| support the home agent functionality described in Section 8.4 of | support the home agent functionality described in Section 8.4 of | |||
| [MIPv6], including support of [RFC-2473] and [MIPv6-HASEC]. | [RFC-3775], including support of [RFC-2473] and [RFC-3776]. | |||
| 8. Security | 8. Security | |||
| This section describes the specification of IPsec for the IPv6 node. | This section describes the specification of IPsec for the IPv6 node. | |||
| 8.1 Basic Architecture | 8.1. Basic Architecture | |||
| Security Architecture for the Internet Protocol [RFC-2401] MUST be | Security Architecture for the Internet Protocol [RFC-4301] MUST be | |||
| supported. RFC-2401 is being updated by the IPsec Working Group. | supported. | |||
| 8.2 Security Protocols | 8.2. Security Protocols | |||
| ESP [RFC-2406] MUST be supported. AH [RFC-2402] MUST be supported. | ESP [RFC-4303] MUST be supported. AH [RFC-4302] MUST be supported. | |||
| RFC-2406 and RFC 2402 are being updated by the IPsec Working Group. | ||||
| 8.3 Transforms and Algorithms | 8.3. Transforms and Algorithms | |||
| Current IPsec RFCs specify the support of transforms and algorithms | Current IPsec RFCs specify the support of transforms and algorithms | |||
| for use with AH and ESP: NULL encryption, DES-CBC, HMAC-SHA-1-96, | for use with AH and ESP: NULL encryption, DES-CBC, HMAC-SHA-1-96, and | |||
| and HMAC-MD5-96. However, "Cryptographic Algorithm Implementation | HMAC-MD5-96. However, "Cryptographic Algorithm Implementation | |||
| Requirements For ESP And AH" [CRYPTREQ] contains the current set of | Requirements For ESP And AH" [RFC-4305] contains the current set of | |||
| mandatory to implement algorithms for ESP and AH. It also specifies | mandatory to implement algorithms for ESP and AH. It also specifies | |||
| algorithms that should be implemented because they are likely to be | algorithms that should be implemented because they are likely to be | |||
| promoted to mandatory at some future time. IPv6 nodes SHOULD | promoted to mandatory at some future time. IPv6 nodes SHOULD conform | |||
| conform to the requirements in [CRYPTREQ] as well as the | to the requirements in [RFC-4305], as well as the requirements | |||
| requirements specified below. | specified below. | |||
| Since ESP encryption and authentication are both optional, support | Since ESP encryption and authentication are both optional, support | |||
| for the NULL encryption algorithm [RFC-2410] and the NULL | for the NULL encryption algorithm [RFC-2410] and the NULL | |||
| authentication algorithm [RFC-2406] MUST be provided to maintain | authentication algorithm [RFC-4303] MUST be provided to maintain | |||
| consistency with the way these services are negotiated. However, | consistency with the way these services are negotiated. However, | |||
| while authentication and encryption can each be NULL, they MUST NOT | while authentication and encryption can each be NULL, they MUST NOT | |||
| both be NULL. The NULL encryption algorithm is also useful for | both be NULL. The NULL encryption algorithm is also useful for | |||
| debugging. | debugging. | |||
| The DES-CBC encryption algorithm [RFC-2405] SHOULD NOT be supported | The DES-CBC encryption algorithm [RFC-2405] SHOULD NOT be supported | |||
| within ESP. Security issues related to the use of DES are discussed | within ESP. Security issues related to the use of DES are discussed | |||
| in [DESDIFF], [DESINT], [DESCRACK]. DES-CBC is still listed as | in [DESDIFF], [DESINT], and [DESCRACK]. DES-CBC is still listed as | |||
| required by the existing IPsec RFCs, but updates to these RFCs will | required by the existing IPsec RFCs, but updates to these RFCs will | |||
| be published soon. DES provides 56 bits of protection, which is no | be published in the near future. DES provides 56 bits of protection, | |||
| which is no longer considered sufficient. | ||||
| Internet-Draft | ||||
| longer considered sufficient. | ||||
| The use of HMAC-SHA-1-96 algorithm [RFC-2404] within AH and ESP MUST | The use of the HMAC-SHA-1-96 algorithm [RFC-2404] within AH and ESP | |||
| be supported. The use of HMAC-MD5-96 algorithm [RFC-2403] within AH | MUST be supported. The use of the HMAC-MD5-96 algorithm [RFC-2403] | |||
| and ESP MAY also be supported. | within AH and ESP MAY also be supported. | |||
| The 3DES-CBC encryption algorithm [RFC-2451] does not suffer from | The 3DES-CBC encryption algorithm [RFC-2451] does not suffer from the | |||
| the same security issues as DES-CBC, and the 3DES-CBC algorithm | same security issues as DES-CBC, and the 3DES-CBC algorithm within | |||
| within ESP MUST be supported to ensure interoperability. | ESP MUST be supported to ensure interoperability. | |||
| The AES-128-CBC algorithm [RFC-3602] MUST also be supported within | The AES-128-CBC algorithm [RFC-3602] MUST also be supported within | |||
| ESP. AES-128 is expected to be a widely available, secure, and | ESP. AES-128 is expected to be a widely available, secure, and | |||
| efficient algorithm. While AES-128-CBC is not required by the | efficient algorithm. While AES-128-CBC is not required by the | |||
| current IPsec RFCs, it is expected to become required in the future. | current IPsec RFCs, it is expected to become required in the future. | |||
| 8.4 Key Management Methods | 8.4. Key Management Methods | |||
| An implementation MUST support the manual configuration of the | An implementation MUST support the manual configuration of the | |||
| security key and SPI. The SPI configuration is needed in order to | security key and SPI. The SPI configuration is needed in order to | |||
| delineate between multiple keys. | delineate between multiple keys. | |||
| Key management SHOULD be supported. Examples of key management | Key management SHOULD be supported. Examples of key management | |||
| systems include IKEv1 [RFC-2407] [RFC-2408] [RFC-2409], IKEv2 | systems include IKEv2 [RFC-4306] and Kerberos; S/MIME and TLS include | |||
| [IKEv2] and Kerberos; S/MIME and TLS include key management | key management functions. | |||
| functions. | ||||
| Where key refresh, anti-replay features of AH and ESP, or on-demand | Where key refresh, anti-replay features of AH and ESP, or on-demand | |||
| creation of Security Associations (SAs) is required, automated | creation of Security Associations (SAs) is required, automated keying | |||
| keying MUST be supported. | MUST be supported. | |||
| Key management methods for multicast traffic are also being worked | Key management methods for multicast traffic are also being worked on | |||
| on by the MSEC WG. | by the MSEC WG. | |||
| 9. Router-Specific Functionality | 9. Router-Specific Functionality | |||
| This section defines general host considerations for IPv6 nodes that | This section defines general host considerations for IPv6 nodes that | |||
| act as routers. Currently, this section does not discuss routing- | act as routers. Currently, this section does not discuss routing- | |||
| specific requirements. | specific requirements. | |||
| 9.1 General | 9.1. General | |||
| 9.1.1 IPv6 Router Alert Option - RFC2711 | 9.1.1. IPv6 Router Alert Option - RFC 2711 | |||
| The IPv6 Router Alert Option [RFC-2711] is an optional IPv6 Hop-by- | The IPv6 Router Alert Option [RFC-2711] is an optional IPv6 Hop-by- | |||
| Hop Header that is used in conjunction with some protocols (e.g., | Hop Header that is used in conjunction with some protocols (e.g., | |||
| RSVP [RFC-2205], or MLD [RFC-2710]). The Router Alert option will | RSVP [RFC-2205] or MLD [RFC-2710]). The Router Alert option will | |||
| need to be implemented whenever protocols that mandate its usage are | need to be implemented whenever protocols that mandate its usage are | |||
| implemented. See Section 4.6. | implemented. See Section 4.6. | |||
| Internet-Draft | 9.1.2. Neighbor Discovery for IPv6 - RFC 2461 | |||
| 9.1.2 Neighbor Discovery for IPv6 - RFC2461 | ||||
| Sending Router Advertisements and processing Router Solicitation | Sending Router Advertisements and processing Router Solicitation MUST | |||
| MUST be supported. | be supported. | |||
| 10. Network Management | 10. Network Management | |||
| Network Management MAY be supported by IPv6 nodes. However, for | Network Management MAY be supported by IPv6 nodes. However, for IPv6 | |||
| IPv6 nodes that are embedded devices, network management may be the | nodes that are embedded devices, network management may be the only | |||
| only possibility to control these nodes. | possible way of controlling these nodes. | |||
| 10.1 Management Information Base Modules (MIBs) | 10.1. Management Information Base Modules (MIBs) | |||
| The following two MIBs SHOULD be supported by nodes that support an | The following two MIBs SHOULD be supported by nodes that support an | |||
| SNMP agent. | SNMP agent. | |||
| 10.1.1 IP Forwarding Table MIB | 10.1.1. IP Forwarding Table MIB | |||
| IP Forwarding Table MIB [RFC-2096BIS] SHOULD be supported by nodes | IP Forwarding Table MIB [RFC-4292] SHOULD be supported by nodes that | |||
| that support an SNMP agent. | support an SNMP agent. | |||
| 10.1.2 Management Information Base for the Internet Protocol (IP) | 10.1.2. Management Information Base for the Internet Protocol (IP) | |||
| IP MIB [RFC-2011BIS] SHOULD be supported by nodes that support an | IP MIB [RFC-4293] SHOULD be supported by nodes that support an SNMP | |||
| SNMP agent. | agent. | |||
| 11. Security Considerations | 11. Security Considerations | |||
| This draft does not affect the security of the Internet, but | This document does not affect the security of the Internet, but | |||
| implementations of IPv6 are expected to support a minimum set of | implementations of IPv6 are expected to support a minimum set of | |||
| security features to ensure security on the Internet. "IP Security | security features to ensure security on the Internet. "IP Security | |||
| Document Roadmap" [RFC-2411] is important for everyone to read. | Document Roadmap" [RFC-2411] is important for everyone to read. | |||
| The security considerations in RFC2460 describe the following: | The security considerations in RFC 2460 state the following: | |||
| The security features of IPv6 are described in the Security | The security features of IPv6 are described in the Security | |||
| Architecture for the Internet Protocol [RFC-2401]. | Architecture for the Internet Protocol [RFC-2401]. | |||
| 12. References | RFC 2401 has been obsoleted by RFC 4301, therefore refer RFC 4301 for | |||
| the security features of IPv6. | ||||
| 12.1 Normative | ||||
| [CRYPTREQ] D. Eastlake 3rd, "Cryptographic Algorithm Implementa- | ||||
| tion Requirements For ESP And AH", draft-ietf-ipsec- | ||||
| esp-ah-algorithms-01.txt, January 2004. | ||||
| [IKEv2ALGO] J. Schiller, "Cryptographic Algorithms for use in the | ||||
| Internet Key Exchange Version 2", draft-ietf-ipsec- | ||||
| Internet-Draft | ||||
| ikev2-algorithms-05.txt, Work in Progress. | ||||
| [MIPv6] J. Arkko, D. Johnson and C. Perkins, "Mobility Sup- | ||||
| port in IPv6", draft-ietf-mobileip-ipv6-24.txt, Work | ||||
| in progress. | ||||
| [MIPv6-HASEC] J. Arkko, V. Devarapalli and F. Dupont, "Using IPsec | 12. References | |||
| to Protect Mobile IPv6 Signaling between Mobile Nodes | ||||
| and Home Agents", draft-ietf-mobileip-mipv6-ha- | ||||
| ipsec-06.txt, Work in Progress. | ||||
| [MLDv2] Vida, R. et al., "Multicast Listener Discovery Ver- | 12.1. Normative References | |||
| sion 2 (MLDv2) for IPv6", draft-vida-mld-v2-08.txt, | ||||
| Work in Progress. | ||||
| [RFC-1035] Mockapetris, P., "Domain names - implementation and | [RFC-1035] Mockapetris, P., "Domain names - implementation and | |||
| specification", STD 13, RFC 1035, November 1987. | specification", STD 13, RFC 1035, November 1987. | |||
| [RFC-1981] McCann, J., Mogul, J. and Deering, S., "Path MTU | [RFC-1981] McCann, J., Deering, S., and J. Mogul, "Path MTU | |||
| Discovery for IP version 6", RFC 1981, August 1996. | Discovery for IP version 6", RFC 1981, August 1996. | |||
| [RFC-2096BIS] Haberman, B. and Wasserman, M., "IP Forwarding Table | [RFC-2104] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: | |||
| MIB", draft-ietf-ipv6-rfc2096-update-07.txt, Work in | ||||
| Progress. | ||||
| [RFC-2011BIS] Routhier, S (ed), "Management Information Base for | ||||
| the Internet Protocol (IP)", draft-ietf-ipv6- | ||||
| rfc2011-update-09.txt, Work in progress. | ||||
| [RFC-2104] Krawczyk, K., Bellare, M., and Canetti, R., "HMAC: | ||||
| Keyed-Hashing for Message Authentication", RFC 2104, | Keyed-Hashing for Message Authentication", RFC 2104, | |||
| February 1997. | February 1997. | |||
| [RFC-2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC-2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, March 1997. | Requirement Levels", BCP 14, RFC 2119, March 1997. | |||
| [RFC-2401] Kent, S. and Atkinson, R., "Security Architecture for | [RFC-2403] Madson, C. and R. Glenn, "The Use of HMAC-MD5-96 | |||
| the Internet Protocol", RFC 2401, November 1998. | ||||
| [RFC-2402] Kent, S. and Atkinson, R., "IP Authentication | ||||
| Header", RFC 2402, November 1998. | ||||
| [RFC-2403] Madson, C., and Glenn, R., "The Use of HMAC-MD5 | ||||
| within ESP and AH", RFC 2403, November 1998. | within ESP and AH", RFC 2403, November 1998. | |||
| [RFC-2404] Madson, C., and Glenn, R., "The Use of HMAC-SHA-1 | [RFC-2404] Madson, C. and R. Glenn, "The Use of HMAC-SHA-1-96 | |||
| within ESP and AH", RFC 2404, November 1998. | within ESP and AH", RFC 2404, November 1998. | |||
| Internet-Draft | [RFC-2405] Madson, C. and N. Doraswamy, "The ESP DES-CBC Cipher | |||
| [RFC-2405] Madson, C. and Doraswamy, N., "The ESP DES-CBC Cipher | ||||
| Algorithm With Explicit IV", RFC 2405, November 1998. | Algorithm With Explicit IV", RFC 2405, November 1998. | |||
| [RFC-2406] Kent, S. and Atkinson, R., "IP Encapsulating Security | [RFC-2410] Glenn, R. and S. Kent, "The NULL Encryption Algorithm | |||
| Protocol (ESP)", RFC 2406, November 1998. | and Its Use With IPsec", RFC 2410, November 1998. | |||
| [RFC-2407] Piper, D., "The Internet IP Security Domain of | ||||
| Interpretation for ISAKMP", RFC 2407, November 1998. | ||||
| [RFC-2408] Maughan, D., Schertler, M., Schneider, M., and | ||||
| Turner, J., "Internet Security Association and Key | ||||
| Management Protocol (ISAKMP)", RFC 2408, November | ||||
| 1998. | ||||
| [RFC-2409] Harkins, D., and Carrel, D., "The Internet Key | ||||
| Exchange (IKE)", RFC 2409, November 1998. | ||||
| [RFC-2410] Glenn, R. and Kent, S., "The NULL Encryption Algo- | [RFC-2411] Thayer, R., Doraswamy, N., and R. Glenn, "IP Security | |||
| rithm and Its Use With IPsec", RFC 2410, November | Document Roadmap", RFC 2411, November 1998. | |||
| 1998. | ||||
| [RFC-2451] Pereira, R. and Adams, R., "The ESP CBC-Mode Cipher | [RFC-2451] Pereira, R. and R. Adams, "The ESP CBC-Mode Cipher | |||
| Algorithms", RFC 2451, November 1998. | Algorithms", RFC 2451, November 1998. | |||
| [RFC-2460] Deering, S. and Hinden, R., "Internet Protocol, Ver- | [RFC-2460] Deering, S. and R. Hinden, "Internet Protocol, Version | |||
| sion 6 (IPv6) Specification", RFC 2460, December | 6 (IPv6) Specification", RFC 2460, December 1998. | |||
| 1998. | ||||
| [RFC-2461] Narten, T., Nordmark, E. and Simpson, W., "Neighbor | ||||
| Discovery for IP Version 6 (IPv6)", RFC 2461, | ||||
| December 1998. | ||||
| [RFC-2462] Thomson, S. and Narten, T., "IPv6 Stateless Address | [RFC-2461] Narten, T., Nordmark, E., and W. Simpson, "Neighbor | |||
| Autoconfiguration", RFC 2462. | Discovery for IP Version 6 (IPv6)", RFC 2461, December | |||
| 1998. | ||||
| [RFC-2463] Conta, A. and Deering, S., "ICMP for the Internet | [RFC-2462] Thomson, S. and T. Narten, "IPv6 Stateless Address | |||
| Protocol Version 6 (IPv6)", RFC 2463, December 1998. | Autoconfiguration", RFC 2462, December 1998. | |||
| [RFC-2472] Haskin, D. and Allen, E., "IP version 6 over PPP", | [RFC-2463] Conta, A. and S. Deering, "Internet Control Message | |||
| RFC 2472, December 1998. | Protocol (ICMPv6) for the Internet Protocol Version 6 | |||
| (IPv6) Specification", RFC 2463, December 1998. | ||||
| [RFC-2473] Conta, A. and Deering, S., "Generic Packet Tunneling | [RFC-2472] Haskin, D. and E. Allen, "IP Version 6 over PPP", RFC | |||
| in IPv6 Specification", RFC 2473, December 1998. Xxx | 2472, December 1998. | |||
| add | ||||
| [RFC-2671] Vixie, P., "Extension Mechanisms for DNS (EDNS0)", | [RFC-2473] Conta, A. and S. Deering, "Generic Packet Tunneling in | |||
| RFC 2671, August 1999. | IPv6 Specification", RFC 2473, December 1998. | |||
| Internet-Draft | [RFC-2671] Vixie, P., "Extension Mechanisms for DNS (EDNS0)", RFC | |||
| 2671, August 1999. | ||||
| [RFC-2710] Deering, S., Fenner, W. and Haberman, B., "Multicast | [RFC-2710] Deering, S., Fenner, W., and B. Haberman, "Multicast | |||
| Listener Discovery (MLD) for IPv6", RFC 2710, October | Listener Discovery (MLD) for IPv6", RFC 2710, October | |||
| 1999. | 1999. | |||
| [RFC-2711] Partridge, C. and Jackson, A., "IPv6 Router Alert | [RFC-2711] Partridge, C. and A. Jackson, "IPv6 Router Alert | |||
| Option", RFC 2711, October 1999. | Option", RFC 2711, October 1999. | |||
| [RFC-3041] Narten, T. and Draves, R., "Privacy Extensions for | [RFC-3041] Narten, T. and R. Draves, "Privacy Extensions for | |||
| Stateless Address Autoconfiguration in IPv6", RFC | Stateless Address Autoconfiguration in IPv6", RFC | |||
| 3041, January 2001. | 3041, January 2001. | |||
| [RFC-3152] Bush, R., "Delegation of IP6.ARPA", RFC 3152, August | [RFC-3152] Bush, R., "Delegation of IP6.ARPA", BCP 49, RFC 3152, | |||
| 2001. | August 2001. | |||
| [RFC-3315] Bound, J. et al., "Dynamic Host Configuration Proto- | [RFC-3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, | |||
| col for IPv6 (DHCPv6)", RFC 3315, July 2003. | C., and M. Carney, "Dynamic Host Configuration | |||
| Protocol for IPv6 (DHCPv6)", RFC 3315, July 2003. | ||||
| [RFC-3363] Bush, R., et al., "Representing Internet Protocol | [RFC-3363] Bush, R., Durand, A., Fink, B., Gudmundsson, O., and | |||
| version 6 (IPv6) Addresses in the Domain Name System | T. Hain, "Representing Internet Protocol version 6 | |||
| (DNS)", RFC 3363, August 2002. | (IPv6) Addresses in the Domain Name System (DNS)", RFC | |||
| 3363, August 2002. | ||||
| [RFC-3484] Draves, R., "Default Address Selection for IPv6", RFC | [RFC-3484] Frye, R., Levi, D., Routhier, S., and B. Wijnen, | |||
| 3484, February 2003. | "Coexistence between Version 1, Version 2, and Version | |||
| 3 of the Internet-standard Network Management | ||||
| Framework", BCP 74, RFC 3584, August 2003. | ||||
| [RFC-3513] Hinden, R. and Deering, S. "IP Version 6 Addressing | [RFC-3513] Hinden, R. and S. Deering, "Internet Protocol Version | |||
| Architecture", RFC 3513, April 2003. | 6 (IPv6) Addressing Architecture", RFC 3513, April | |||
| 2003. | ||||
| [RFC-3590] Haberman, B., "Source Address Selection for the Mul- | [RFC-3590] Haberman, B., "Source Address Selection for the | |||
| ticast Listener Discovery (MLD) Protocol", RFC 3590, | Multicast Listener Discovery (MLD) Protocol", RFC | |||
| 3590, September 2003. | ||||
| [RFC-3596] Thomson, S., Huitema, C., Ksinant, V., and M. Souissi, | ||||
| "DNS Extensions to Support IP Version 6", RFC 3596, | ||||
| October 2003. | ||||
| [RFC-3602] Frankel, S., Glenn, R., and S. Kelly, "The AES-CBC | ||||
| Cipher Algorithm and Its Use with IPsec", RFC 3602, | ||||
| September 2003. | September 2003. | |||
| [RFC-3596] Thomson, S., et al., "DNS Extensions to support IP | [RFC-3775] Johnson, D., Perkins, C., and J. Arkko, "Mobility | |||
| version 6", RFC 3596, October 2003. | Support in IPv6", RFC 3775, June 2004. | |||
| [RFC-3602] S. Frankel, "The AES-CBC Cipher Algorithm and Its Use | [RFC-3776] Arkko, J., Devarapalli, V., and F. Dupont, "Using | |||
| with IPsec", RFC 3602, September 2003. | IPsec to Protect Mobile IPv6 Signaling Between Mobile | |||
| Nodes and Home Agents", RFC 3776, June 2004. | ||||
| [DEP-SL] C. Huitema, B. Carpenter, "Deprecating Site Local | [RFC-3810] Vida, R. and L. Costa, "Multicast Listener Discovery | |||
| Addresses", draft-ietf-ipv6-deprecate-site-local- | Version 2 (MLDv2) for IPv6", RFC 3810, June 2004. | |||
| 03.txt, Work in Progress. | ||||
| 12.2 Non-Normative | [RFC-3879] Huitema, C. and B. Carpenter, "Deprecating Site Local | |||
| Addresses", RFC 3879, September 2004. | ||||
| [ANYCAST] Hagino, J and Ettikan K., "An Analysis of IPv6 Anycast", | [RFC-4292] Haberman, B., "IP Forwarding Table MIB", RFC 4292, | |||
| draft-ietf-ipngwg-ipv6-anycast-analysis-02.txt, Work in | April 2006. | |||
| Progress. | ||||
| [DESDIFF] Biham, E., Shamir, A., "Differential Cryptanalysis of | [RFC-4293] Routhier, S., Ed., "Management Information Base for | |||
| the Internet Protocol (IP)", RFC 4293, April 2006. | ||||
| Internet-Draft | [RFC-4301] Kent, S. and R. Atkinson, "Security Architecture for | |||
| the Internet Protocol", RFC 4301, December 2005. | ||||
| [RFC-4302] Kent, S., "IP Authentication Header", RFC 4302, | ||||
| December 2005. | ||||
| [RFC-4303] Kent, S., "IP Encapsulating Security Payload (ESP)", | ||||
| RFC 4303, December 2005. | ||||
| [RFC-4305] Eastlake 3rd, D., "Cryptographic Algorithm | ||||
| Implementation Requirements for Encapsulating Security | ||||
| Payload (ESP) and Authentication Header (AH)", RFC | ||||
| 4305, December 2005. | ||||
| 12.2. Informative References | ||||
| [DESDIFF] Biham, E., Shamir, A., "Differential Cryptanalysis of | ||||
| DES-like cryptosystems", Journal of Cryptology Vol 4, | DES-like cryptosystems", Journal of Cryptology Vol 4, | |||
| Jan 1991. | Jan 1991. | |||
| [DESCRACK] Cracking DES, O'Reilly & Associates, Sebastapol, CA | [DESCRACK] Cracking DES, O'Reilly & Associates, Sebastapol, CA | |||
| 2000. | 2000. | |||
| [DESINT] Bellovin, S., "An Issue With DES-CBC When Used Without | [DESINT] Bellovin, S., "An Issue With DES-CBC When Used Without | |||
| Strong Integrity", Proceedings of the 32nd IETF, | Strong Integrity", Proceedings of the 32nd IETF, | |||
| Danvers, MA, April 1995. | Danvers, MA, April 1995. | |||
| [DHCPv6-SL] R. Droms, "A Guide to Implementing Stateless DHCPv6 Ser- | [IPv6-RH] P. Savola, "Security of IPv6 Routing Header and Home | |||
| vice", RFC 3736, April 2004. | Address Options", Work in Progress. | |||
| [DNSSEC-INTRO] Arends, R., Austein, R., Larson, M., Massey, D. and | ||||
| Rose, S., "DNS Security Introduction and Requirements" | ||||
| draft-ietf-dnsext-dnssec-intro-10.txt, Work in Progress. | ||||
| [DNSSEC-REC] Arends, R., Austein, R., Larson, M., Massey, D. and | ||||
| Rose, S., "Resource Records for the DNS Security Exten- | ||||
| sions", draft-ietf-dnsext-dnssec-records-08.txt, Work in | ||||
| Progress. | ||||
| [DNSSEC-PROT] Arends, R., Austein, R., Larson, M., Massey, D. and | [RFC-793] Postel, J., "Transmission Control Protocol", STD 7, | |||
| Rose, S., "Protocol Modifications for the DNS Security | RFC 793, September 1981. | |||
| Extensions", draft-ietf-dnsext-dnssec-protocol-06.txt, | ||||
| Work in Progress. | ||||
| [IKE2] Kaufman, C. (ed), "Internet Key Exchange (IKEv2) Proto- | [RFC-1034] Mockapetris, P., "Domain names - concepts and | |||
| col", draft-ietf-ipsec-ikev2-13.txt, Work in Progress. | facilities", STD 13, RFC 1034, November 1987. | |||
| [IPv6-RH] P. Savola, "Security of IPv6 Routing Header and Home | [RFC-2205] Braden, R., Zhang, L., Berson, S., Herzog, S., and S. | |||
| Address Options", draft-savola-ipv6-rh-ha-security- | Jamin, "Resource ReSerVation Protocol (RSVP) -- | |||
| 03.txt, Work in Progress. | Version 1 Functional Specification", RFC 2205, | |||
| September 1997. | ||||
| [MC-THREAT] Ballardie A. and Crowcroft, J.; Multicast-Specific Secu- | [RFC-2464] Crawford, M., "Transmission of IPv6 Packets over | |||
| rity Threats and Counter-Measures; In Proceedings "Sym- | Ethernet Networks", RFC 2464, December 1998. | |||
| posium on Network and Distributed System Security", | ||||
| February 1995, pp.2-16. | ||||
| [RFC-793] Postel, J., "Transmission Control Protocol", RFC 793, | [RFC-2492] Armitage, G., Schulter, P., and M. Jork, "IPv6 over | |||
| August 1980. | ATM Networks", RFC 2492, January 1999. | |||
| [RFC-1034] Mockapetris, P., "Domain names - concepts and facili- | [RFC-2675] Borman, D., Deering, S., and R. Hinden, "IPv6 | |||
| ties", RFC 1034, November 1987. | Jumbograms", RFC 2675, August 1999. | |||
| [RFC-2205] Braden, B. (ed.), Zhang, L., Berson, S., Herzog, S. and | [RFC-4213] Nordmark, E. and R. Gilligan, "Basic Transition | |||
| S. Jamin, "Resource ReSerVation Protocol (RSVP)", RFC | Mechanisms for IPv6 Hosts and Routers", RFC 4213, | |||
| 2205, September 1997. | October 2005. | |||
| Internet-Draft | [RFC-3569] Bhattacharyya, S., "An Overview of Source-Specific | |||
| Multicast (SSM)", RFC 3569, July 2003. | ||||
| [RFC-2464] Crawford, M., "Transmission of IPv6 Packets over Ether- | [RFC-3736] Droms, R., "Stateless Dynamic Host Configuration | |||
| net Networks", RFC 2462, December 1998. | Protocol (DHCP) Service for IPv6", RFC 3736, April | |||
| 2004. | ||||
| [RFC-2492] G. Armitage, M. Jork, P. Schulter, G. Harter, IPv6 over | [RFC-4001] Daniele, M., Haberman, B., Routhier, S., and J. | |||
| ATM Networks", RFC 2492, January 1999. | Schoenwaelder, "Textual Conventions for Internet | |||
| Network Addresses", RFC 4001, February 2005. | ||||
| [RFC-2675] Borman, D., Deering, S. and Hinden, B., "IPv6 Jumbo- | [RFC-4033] Arends, R., Austein, R., Larson, M., Massey, D., and | |||
| grams", RFC 2675, August 1999. | S. Rose, "DNS Security Introduction and Requirements", | |||
| RFC 4033, March 2005. | ||||
| [RFC-2851] M. Daniele, B. Haberman, S. Routhier, J. Schoenwaelder, | [RFC-4034] Arends, R., Austein, R., Larson, M., Massey, D., and | |||
| "Textual Conventions for Internet Network Addresses", | S. Rose, "Resource Records for the DNS Security | |||
| RFC 2851, June 2000. | Extensions", RFC 4034, March 2005. | |||
| [RFC-2893] Gilligan, R. and Nordmark, E., "Transition Mechanisms | [RFC-4035] Arends, R., Austein, R., Larson, M., Massey, D., and | |||
| for IPv6 Hosts and Routers", RFC 2893, August 2000. | S. Rose, "Protocol Modifications for the DNS Security | |||
| Extensions", RFC 4035, March 2005. | ||||
| [RFC-3569] S. Bhattacharyya, Ed., "An Overview of Source-Specific | [RFC-4306] Kaufman, C., Ed., "Internet Key Exchange (IKEv2) | |||
| Multicast (SSM)", RFC 3569, July 2003. | Protocol", RFC 4306, December 2005. | |||
| [SSM-ARCH] H. Holbrook, B. Cain, "Source-Specific Multicast for | [SSM-ARCH] H. Holbrook, B. Cain, "Source-Specific Multicast for | |||
| IP", draft-ietf-ssm-arch-04.txt, Work in Progress. | IP", Work in Progress. | |||
| 13. Authors and Acknowledgements | 13. Authors and Acknowledgements | |||
| This document was written by the IPv6 Node Requirements design team: | This document was written by the IPv6 Node Requirements design team: | |||
| Jari Arkko | Jari Arkko | |||
| [jari.arkko@ericsson.com] | [jari.arkko@ericsson.com] | |||
| Marc Blanchet | Marc Blanchet | |||
| [marc.blanchet@viagenie.qc.ca] | [marc.blanchet@viagenie.qc.ca] | |||
| skipping to change at page 19, line 4 | skipping to change at page 18, line 31 | |||
| Gerard Gastaud | Gerard Gastaud | |||
| [gerard.gastaud@alcatel.fr] | [gerard.gastaud@alcatel.fr] | |||
| Jun-ichiro itojun Hagino | Jun-ichiro itojun Hagino | |||
| [itojun@iijlab.net] | [itojun@iijlab.net] | |||
| Atsushi Inoue | Atsushi Inoue | |||
| [inoue@isl.rdc.toshiba.co.jp] | [inoue@isl.rdc.toshiba.co.jp] | |||
| Masahiro Ishiyama | Masahiro Ishiyama | |||
| Internet-Draft | ||||
| [masahiro@isl.rdc.toshiba.co.jp] | [masahiro@isl.rdc.toshiba.co.jp] | |||
| John Loughney | John Loughney | |||
| [john.loughney@nokia.com] | [john.loughney@nokia.com] | |||
| Rajiv Raghunarayan | Rajiv Raghunarayan | |||
| [raraghun@cisco.com] | [raraghun@cisco.com] | |||
| Shoichi Sakane | Shoichi Sakane | |||
| [shouichi.sakane@jp.yokogawa.com] | [shouichi.sakane@jp.yokogawa.com] | |||
| Dave Thaler | Dave Thaler | |||
| [dthaler@windows.microsoft.com] | [dthaler@windows.microsoft.com] | |||
| Juha Wiljakka | Juha Wiljakka | |||
| [juha.wiljakka@Nokia.com] | [juha.wiljakka@Nokia.com] | |||
| The authors would like to thank Ran Atkinson, Jim Bound, Brian Car- | The authors would like to thank Ran Atkinson, Jim Bound, Brian | |||
| penter, Ralph Droms, Christian Huitema, Adam Machalek, Thomas Nar- | Carpenter, Ralph Droms, Christian Huitema, Adam Machalek, Thomas | |||
| ten, Juha Ollila and Pekka Savola for their comments. | Narten, Juha Ollila, and Pekka Savola for their comments. | |||
| 14. Editor's Contact Information | Editor's Contact Information | |||
| Comments or questions regarding this document should be sent to the | Comments or questions regarding this document should be sent to the | |||
| IPv6 Working Group mailing list (ipv6@ietf.org) or to: | IPv6 Working Group mailing list (ipv6@ietf.org) or to: | |||
| John Loughney | John Loughney | |||
| Nokia Research Center | Nokia Research Center | |||
| Itamerenkatu 11-13 | Itamerenkatu 11-13 | |||
| 00180 Helsinki | 00180 Helsinki | |||
| Finland | Finland | |||
| Phone: +358 50 483 6242 | Phone: +358 50 483 6242 | |||
| Email: John.Loughney@Nokia.com | EMail: John.Loughney@Nokia.com | |||
| Notices | Full Copyright Statement | |||
| Copyright (C) The Internet Society (2006). | ||||
| This document is subject to the rights, licenses and restrictions | ||||
| contained in BCP 78, and except as set forth therein, the authors | ||||
| retain all their rights. | ||||
| This document and the information contained herein are provided on an | ||||
| "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS | ||||
| OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET | ||||
| ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, | ||||
| INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE | ||||
| INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED | ||||
| WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. | ||||
| Intellectual Property | ||||
| The IETF takes no position regarding the validity or scope of any | The IETF takes no position regarding the validity or scope of any | |||
| Intellectual Property Rights or other rights that might be claimed | Intellectual Property Rights or other rights that might be claimed to | |||
| to pertain to the implementation or use of the technology described | pertain to the implementation or use of the technology described in | |||
| in this document or the extent to which any license under such | this document or the extent to which any license under such rights | |||
| rights might or might not be available; nor does it represent that | might or might not be available; nor does it represent that it has | |||
| it has made any independent effort to identify any such rights. | made any independent effort to identify any such rights. Information | |||
| Information on the procedures with respect to rights in RFC docu- | on the procedures with respect to rights in RFC documents can be | |||
| ments can be found in BCP 78 and BCP 79. | found in BCP 78 and BCP 79. | |||
| Copies of IPR disclosures made to the IETF Secretariat and any | Copies of IPR disclosures made to the IETF Secretariat and any | |||
| assurances of licenses to be made available, or the result of an | assurances of licenses to be made available, or the result of an | |||
| attempt made to obtain a general license or permission for the use of | ||||
| Internet-Draft | such proprietary rights by implementers or users of this | |||
| specification can be obtained from the IETF on-line IPR repository at | ||||
| attempt made to obtain a general license or permission for the use | ||||
| of such proprietary rights by implementers or users of this specifi- | ||||
| cation can be obtained from the IETF on-line IPR repository at | ||||
| http://www.ietf.org/ipr. | http://www.ietf.org/ipr. | |||
| The IETF invites any interested party to bring to its attention any | The IETF invites any interested party to bring to its attention any | |||
| copyrights, patents or patent applications, or other proprietary | copyrights, patents or patent applications, or other proprietary | |||
| rights that may cover technology that may be required to implement | rights that may cover technology that may be required to implement | |||
| this standard. Please address the information to the IETF at ietf- | this standard. Please address the information to the IETF at | |||
| ipr@ietf.org. | ietf-ipr@ietf.org. | |||
| Acknowledgement | Acknowledgement | |||
| Funding for the RFC Editor function is currently provided by the | Funding for the RFC Editor function is provided by the IETF | |||
| Internet Society. | Administrative Support Activity (IASA). | |||
| End of changes. 174 change blocks. | ||||
| 440 lines changed or deleted | 371 lines changed or added | |||
This html diff was produced by rfcdiff 1.29, available from http://www.levkowetz.com/ietf/tools/rfcdiff/ | ||||