draft-ietf-radext-datatypes-06.txt   draft-ietf-radext-datatypes-07.txt 
Network Working Group DeKok, Alan Network Working Group DeKok, Alan
INTERNET-DRAFT FreeRADIUS INTERNET-DRAFT FreeRADIUS
Updates: 2865,3162,6158,6572 Updates: 2865,3162,6158,6572
Category: Standards Track Category: Standards Track
<draft-ietf-radext-datatypes-06.txt> <draft-ietf-radext-datatypes-07.txt>
3 August 2016 24 August 2016
Data Types in the Remote Authentication Data Types in the Remote Authentication
Dial-In User Service Protocol (RADIUS) Dial-In User Service Protocol (RADIUS)
draft-ietf-radext-datatypes-06.txt
Abstract Abstract
RADIUS specifications have used data types for two decades without RADIUS specifications have used data types for two decades without
defining them as managed entities. During this time, RADIUS defining them as managed entities. During this time, RADIUS
implementations have named the data types, and have used them in implementations have named the data types, and have used them in
attribute definitions. This document updates the specifications to attribute definitions. This document updates the specifications to
better follow established practice. We do this by naming the data better follow established practice. We do this by naming the data
types defined in RFC 6158, which have been used since at least RFC types defined in RFC 6158, which have been used since at least the
2865. We provide an IANA registry for the data types, and update the publication of RFC 2865. We provide an IANA registry for the data
RADIUS Attribute Type registry to include a "Data Type" field for types, and update the RADIUS Attribute Type registry to include a
each attribute. Finally, we recommend that authors of RADIUS "Data Type" field for each attribute. Finally, we recommend that
specifications use these types in preference to existing practice. authors of RADIUS specifications use these types in preference to
This document updates RFC 2865, 3162, 6158, and 6572. existing practice. This document updates RFC 2865, 3162, 6158, and
6572.
Status of this Memo Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the This Internet-Draft is submitted to IETF in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet- other groups may also distribute working documents as Internet-
Drafts. Drafts.
skipping to change at page 1, line 49 skipping to change at page 1, line 49
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on March 3, 2017. This Internet-Draft will expire on April 24, 2017.
Copyright Notice Copyright Notice
Copyright (c) 2016 IETF Trust and the persons identified as the Copyright (c) 2016 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info/) in effect on the date of (http://trustee.ietf.org/license-info/) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 3, line 25 skipping to change at page 3, line 25
2.1.2. Attribute Definitions using Data Types ......... 7 2.1.2. Attribute Definitions using Data Types ......... 7
2.1.3. Format of Attribute Definitions ................ 7 2.1.3. Format of Attribute Definitions ................ 7
2.1.4. Defining a New Data Type ....................... 8 2.1.4. Defining a New Data Type ....................... 8
2.2. Implementation Use of Data Types .................... 9 2.2. Implementation Use of Data Types .................... 9
3. Data Type Definitions .................................... 11 3. Data Type Definitions .................................... 11
3.1. integer ............................................. 12 3.1. integer ............................................. 12
3.2. enum ................................................ 12 3.2. enum ................................................ 12
3.3. time ................................................ 13 3.3. time ................................................ 13
3.4. text ................................................ 13 3.4. text ................................................ 13
3.5. string .............................................. 14 3.5. string .............................................. 14
3.6. concat .............................................. 15 3.6. concat .............................................. 16
3.7. ifid ................................................ 16 3.7. ifid ................................................ 16
3.8. ipv4addr ............................................ 17 3.8. ipv4addr ............................................ 17
3.9. ipv6addr ............................................ 17 3.9. ipv6addr ............................................ 18
3.10. ipv6prefix ......................................... 18 3.10. ipv6prefix ......................................... 18
3.11. ipv4prefix ......................................... 19 3.11. ipv4prefix ......................................... 20
3.12. integer64 .......................................... 21 3.12. integer64 .......................................... 21
3.13. tlv ................................................ 21 3.13. tlv ................................................ 22
3.14. vsa ................................................ 23 3.14. vsa ................................................ 23
3.15. extended ........................................... 24 3.15. extended ........................................... 24
3.16. long-extended ...................................... 25 3.16. long-extended ...................................... 26
3.17. evs ................................................ 28 3.17. evs ................................................ 28
4. Updated Registries ....................................... 29 4. Updated Registries ....................................... 29
4.1. Create a Data Type Registry ......................... 29 4.1. Create a Data Type Registry ......................... 29
4.2. Updates to the Attribute Type Registry .............. 30 4.2. Updates to the Attribute Type Registry .............. 30
5. Security Considerations .................................. 35 5. Security Considerations .................................. 35
6. IANA Considerations ...................................... 35 6. IANA Considerations ...................................... 36
7. References ............................................... 36 7. References ............................................... 36
7.1. Normative References ................................ 36 7.1. Normative References ................................ 36
7.2. Informative References .............................. 37 7.2. Informative References .............................. 37
1. Introduction 1. Introduction
RADIUS specifications have historically defined attributes in terms RADIUS specifications have historically defined attributes in terms
of name, type value, and data type. Of these three pieces of of name, value, and data type. Of these three pieces of information,
information, only the type value is managed by IANA. There is no the name is recorded by IANA in the RADIUS Attribute Type registry,
management of, or restriction on, the attribute name, as discussed in but not otherwise managed or restricted, as discussed in [RFC6929]
[RFC6929] Section 2.7.1. There is no management of data type name or Section 2.7.1. The value is managed by IANA, and recorded in that
definition. Experience has shown that there is a need for well registry. The data type is not managed or recorded in the RADIUS
defined data types. Attribute Type registry. Experience has shown that there is a need
to create well known data types, and have them managed by IANA.
This document defines an IANA registry for data types, and updates This document defines an IANA RADIUS Data Type registry, and updates
the RADIUS Attribute Type registry to use those newly defined data the RADIUS Attribute Type registry to use those newly defined data
types. It recommends how both specifications and implementations types. It recommends how both specifications and implementations
should use the data types. It extends the RADIUS Attribute Type should use the data types. It extends the RADIUS Attribute Type
registry to have a data type for each assigned attribute. registry to have a data type for each assigned attribute.
In this section, we review the use of data types in specifications In this section, we review the use of data types in specifications
and implementations. Whe highlight ambiguities and inconsistencies. and implementations. Whe highlight ambiguities and inconsistencies.
The rest of this document is devoted to resolving those problems. The rest of this document is devoted to resolving those problems.
1.1. Specification Problems with Data Types 1.1. Specification Problems with Data Types
skipping to change at page 5, line 35 skipping to change at page 5, line 36
the interpretation of RADIUS standards, and to improve the the interpretation of RADIUS standards, and to improve the
communication between specification authors and IANA. communication between specification authors and IANA.
This document suggests that implementations SHOULD use the data types This document suggests that implementations SHOULD use the data types
defined here, in preference to any "ad hoc" data types currently in defined here, in preference to any "ad hoc" data types currently in
use. This suggestion should have minimal effect on implementations, use. This suggestion should have minimal effect on implementations,
as most "ad hoc" data types are compatible with the ones defined as most "ad hoc" data types are compatible with the ones defined
here. Any difference will typically be limited to the name of the here. Any difference will typically be limited to the name of the
data type. data type.
This document updates [RFC6158] to permit the data types defined in
the "Data Type registry" as "basic data types", as per Section 2.1 of
that document. The recommendations of [RFC6158] are otherwise
unchanged.
1.4. Requirements Language 1.4. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119]. document are to be interpreted as described in [RFC2119].
2. Use of Data Types 2. Use of Data Types
The Data Types can be used in two places: specifications, and The Data Types can be used in two places: specifications, and
implementations. This section discusses both uses, and gives implementations. This section discusses both uses, and gives
skipping to change at page 6, line 52 skipping to change at page 6, line 52
Attr-Data Attr-Data
The "Value" field of an Attribute as defined in [RFC2865] The "Value" field of an Attribute as defined in [RFC2865]
Section 5. The contents of this field MUST be of a valid data Section 5. The contents of this field MUST be of a valid data
type as defined in the RADIUS Data Type registry. type as defined in the RADIUS Data Type registry.
We consistently use "Attr-Data" to refer to the contents of an We consistently use "Attr-Data" to refer to the contents of an
attribute, instead of the more ambiguous name "Value". It is attribute, instead of the more ambiguous name "Value". It is
RECOMMENDED that new specifications follow this practice. RECOMMENDED that new specifications follow this practice.
In this document, we use the term "Value" to refer to the contents of We consistently use "Value" to refer to the contents of a data type,
a data type, where that data type cannot carry other data types. In where that data type is simple. For example, an "integer" can have a
other cases, we refer to the contents of a data type with a type- "Value". In contrast, a Vendor-Specific attribute carries complex
specific name, in order to distinguish it from data of other types. information, and thus cannot have a "Value".
For example, the data type "vsa" will contain a data field called
"VSA-Data". For data types which carry complex information, we name the fields
based on the data type. For example, a Vendor-Specific attribute is
defined to carry a "vsa" data type, and the contents of that data
type are described herein as "VSA-Data".
These terms are used in preference to the term "String", which was These terms are used in preference to the term "String", which was
used in multiple incompatible ways. It is RECOMMENDED that future previously used in ambiguous ways. It is RECOMMENDED that future
specifications use type-specific names, and the same naming scheme specifications use type-specific names, and the same naming scheme
for new types. This use will maintain consistent definitions, and for new types. This use will maintain consistent definitions, and
avoid ambiguities. help to avoid ambiguities.
2.1.2. Attribute Definitions using Data Types 2.1.2. Attribute Definitions using Data Types
New RADIUS specifications MUST define attributes using data types New RADIUS specifications MUST define attributes using data types
from the RADIUS Data Type registry. The specification may, of from the RADIUS Data Type registry. The specification may, of
course, define a new data type and use it in the same document. The course, define a new data type and use it in the same document. The
guidelines given in [RFC6929] MUST be followed when defining a new guidelines given in [RFC6929] MUST be followed when defining a new
data type. data type.
Attributes can usually be completely described via the Attribute Type Attributes can usually be completely described via the Attribute Type
code, name, and data type. The use of "ASCII art" is then limited value, name, and data type. The use of "ASCII art" is then limited
only to the definition of new data types, and for complex data types. only to the definition of new data types, and for complex data types.
Use of the new extended attributes [RFC6929] makes ASCII art even Use of the new extended attributes [RFC6929] makes ASCII art even
more problematic. An attribute can be allocated from any of the more problematic. An attribute can be allocated from any of the
extended spaces, with more than one option for attribute header extended spaces, with more than one option for attribute header
format. This allocation decision is made after the specification has format. This allocation decision is made after the specification has
been accepted for publication. As the allocation affects the format been accepted for publication. As the allocation affects the format
of the attribute header, it is essentially impossible to create the of the attribute header, it is essentially impossible to create the
correct ASCII art prior to final publication. Allocation from the correct ASCII art prior to final publication. Allocation from the
different spaces also changes the value of the Length field, also different spaces also changes the value of the Length field, also
skipping to change at page 7, line 47 skipping to change at page 8, line 4
of the document. of the document.
It is therefore RECOMMENDED that "ASCII art" diagrams not be used for It is therefore RECOMMENDED that "ASCII art" diagrams not be used for
new RADIUS attribute specifications. new RADIUS attribute specifications.
2.1.3. Format of Attribute Definitions 2.1.3. Format of Attribute Definitions
When defining a new attribute, the following fields SHOULD be given: When defining a new attribute, the following fields SHOULD be given:
Description Description
A description of the meaning and interpretation of the A description of the meaning and interpretation of the
attribute. attribute.
Type Type
The Attribute Type code, given in the "dotted number" notation The Attribute Type value, given in the "dotted number" notation
from [RFC6929]. Specifications can often leave this as "TBD", from [RFC6929]. Specifications can often leave this as "TBD",
and request that IANA fill in the allocated values. and request that IANA fill in the allocated values.
Length Length
A description of the length of the attribute. For attributes A description of the length of the attribute. For attributes
of variable length, a maximum length SHOULD be given. Since of variable length, a maximum length SHOULD be given. Since
the Length may depend on the Type, the definition of Length may the Length may depend on the Type, the definition of Length may
be affected by IANA allocations. be affected by IANA allocations.
skipping to change at page 8, line 41 skipping to change at page 8, line 43
valid range(s) MUST be defined. valid range(s) MUST be defined.
For attributes of data type "enum", a list of enumerated values For attributes of data type "enum", a list of enumerated values
and names MUST be given, as with [RFC2865] Section 5.6. and names MUST be given, as with [RFC2865] Section 5.6.
Using a consistent format for attribute definitions helps to make the Using a consistent format for attribute definitions helps to make the
definitions clearer. definitions clearer.
2.1.4. Defining a New Data Type 2.1.4. Defining a New Data Type
When a specification needs to define a new data type, it should When a specification needs to define a new data type, it SHOULD
follow the format used by the definitions in Section 3 of this follow the format used by the definitions in Section 3 of this
document. The text at the start of the data type definition MUST document. The text at the start of the data type definition MUST
describe the data type, including the expected use, and why a new describe the data type, including the expected use, and why a new
data type is required. That text SHOULD include limits on expected data type is required. That text SHOULD include limits on expected
values, and why those limits exist. The fields "Name", "Value", values, and why those limits exist. The field's "Name", "Value",
"Length", and "Format", MUST be given, along with values. "Length", and "Format", MUST be given, along with values.
The "Name" field SHOULD be a single name, all lower-case. The "Name" field SHOULD be a single name, all lower-case.
Contractions such as "ipv4addr" are RECOMMENDED where they add Contractions such as "ipv4addr" are RECOMMENDED where they add
clarity. clarity.
We note that the use of "Value" in the RADIUS Data Type registry can We note that the use of "Value" in the RADIUS Data Type registry can
be confusing. That name is also used in attribute definitions, but be confusing. That name is also used in attribute definitions, but
with a different meaning. We trust that the meaning here is clear with a different meaning. We trust that the meaning here is clear
from the context. from the context.
The "Value" field should be given as to be determined or "TBD" in The "Value" field SHOULD be given as to be determined or "TBD" in
specifications. That number is assigned by IANA. specifications. That number is assigned by IANA.
The "Format" field SHOULD be defined with "ASCII art" in order to The "Format" field SHOULD be defined with "ASCII art" in order to
have a precise definition. Machine-readable formats are also have a precise definition. Machine-readable formats are also
RECOMMENDED. RECOMMENDED.
The definition of a new data type should be done only when absolutely The definition of a new data type should be done only when absolutely
necessary. We do not expect a need for a large number of new data necessary. We do not expect a need for a large number of new data
types. When defining a new data type, the guideliness of [RFC6929] types. When defining a new data type, the guideliness of [RFC6929]
with respect to data types MUST be followed. with respect to data types MUST be followed.
skipping to change at page 10, line 7 skipping to change at page 10, line 10
format, format,
* Attributes where the length is shorter or longer than the allowed * Attributes where the length is shorter or longer than the allowed
length(s) for the given data type, length(s) for the given data type,
The requirements for "reserved" fields are more difficult to The requirements for "reserved" fields are more difficult to
quantify. Implementations SHOULD be able to receive and process quantify. Implementations SHOULD be able to receive and process
attributes where "reserved" fields are non-zero. We do not, however, attributes where "reserved" fields are non-zero. We do not, however,
define any "correct" processing of such attributes. Instead, define any "correct" processing of such attributes. Instead,
specifications which define new meaning for "reserved" fields SHOULD specifications which define new meaning for "reserved" fields SHOULD
describe how older implementations process those fields. We expect describe how the new meaning is compatible with older
that such descriptions are derived from practice. Implementations implementations. We expect that such descriptions are derived from
MUST set "reserved" fields to zero when creating attributes. practice. Implementations MUST set "reserved" fields to zero when
creating attributes.
3. Data Type Definitions 3. Data Type Definitions
This section defines the new data types. For each data type, it This section defines the new data types. For each data type, it
gives a definition, a name, a number, a length, and an encoding gives a definition, a name, a number, a length, and an encoding
format. Where relevant, it describes subfields contained within the format. Where relevant, it describes subfields contained within the
data type. These definitions have no impact on existing RADIUS data type. These definitions have no impact on existing RADIUS
implementations. There is no requirement that implementations use implementations. There is no requirement that implementations use
these names. these names.
skipping to change at page 14, line 7 skipping to change at page 14, line 7
3.4. text 3.4. text
The "text" data type encodes UTF-8 text [RFC3629]. The maximum The "text" data type encodes UTF-8 text [RFC3629]. The maximum
length of the text is given by the encapsulating attribute. Where length of the text is given by the encapsulating attribute. Where
the range of lengths for a particular attribute is limited to a sub- the range of lengths for a particular attribute is limited to a sub-
set of possible lengths, specifications MUST define the valid set of possible lengths, specifications MUST define the valid
range(s). Attributes with length outside of the allowed values range(s). Attributes with length outside of the allowed values
SHOULD be treated as "invalid attributes". SHOULD be treated as "invalid attributes".
Attributes of type "text" which are allocated in the standard space
(Section 1.2 of [RFC6929]) are limited to no more than 253 octets of
data. Attributes of type "text" which are allocated in the extended
space can be longer. In both cases, these limits are reduced when
the data is encapsulated inside of an another attribute.
Where the text is intended to carry data in a particular format, Where the text is intended to carry data in a particular format,
(e.g. Framed-Route), the format MUST be given. The specification (e.g. Framed-Route), the format MUST be given. The specification
SHOULD describe the format in a machine-readable way, such as via SHOULD describe the format in a machine-readable way, such as via
Augmented Backus-Naur Form (ABNF). Attributes with values not Augmented Backus-Naur Form (ABNF) [RFC5234]. Attributes with values
matching the defined format SHOULD be treated as "invalid not matching the defined format SHOULD be treated as "invalid
attributes". attributes".
Note that the "text" data type does not terminate with a NUL octet Note that the "text" data type does not terminate with a NUL octet
(hex 00). The Attribute has a Length field and does not use a (hex 00). The Attribute has a Length field and does not use a
terminator. Texts of length zero (0) MUST NOT be sent; omit the terminator. Texts of length zero (0) MUST NOT be sent; omit the
entire attribute instead. entire attribute instead.
Name Name
text text
skipping to change at page 14, line 47 skipping to change at page 15, line 6
+-+-+-+-+-+-+-+- +-+-+-+-+-+-+-+-
3.5. string 3.5. string
The "string" data type encodes binary data, as a sequence of The "string" data type encodes binary data, as a sequence of
undistinguished octets. Where the range of lengths for a particular undistinguished octets. Where the range of lengths for a particular
attribute is limited to a sub-set of possible lengths, specifications attribute is limited to a sub-set of possible lengths, specifications
MUST define the valid range(s). Attributes with length outside of MUST define the valid range(s). Attributes with length outside of
the allowed values SHOULD be treated as "invalid attributes". the allowed values SHOULD be treated as "invalid attributes".
Attributes of type "string" which are allocated in the standard space
(Section 1.2 of [RFC6929]) are limited to no more than 253 octets of
data. Attributes of type "string" which are allocated in the
extended space can be longer. In both cases, these limits are
reduced when the data is encapsulated inside of an another attribute.
Note that the "string" data type does not terminate with a NUL octet Note that the "string" data type does not terminate with a NUL octet
(hex 00). The Attribute has a Length field and does not use a (hex 00). The Attribute has a Length field and does not use a
terminator. Strings of length zero (0) MUST NOT be sent; omit the terminator. Strings of length zero (0) MUST NOT be sent; omit the
entire attribute instead. entire attribute instead. a Where there is a need to encapsulate
complex data structures, and TLVs cannot be used, the "string" data
Where there is a need to encapsulate complex data structures, and type MUST be used. This requirement includes encapsulation of data
TLVs cannot be used, the "string" data type MUST be used. This structures defined outside of RADIUS, which are opaque to the RADIUS
requirement include encapsulation of data structures defined outside infrastucture. It also includes encapsulation of some data
of RADIUS, which are opaque to the RADIUS infrastucture. It also structures which are not opaque to RADIUS, such as the contents of
includes encapsulation of some data structures which are not opaque CHAP-Password.
to RADIUS, such as the contents of CHAP-Password.
There is little reason to define a new RADIUS data type for only one There is little reason to define a new RADIUS data type for only one
attribute. However, where the complex data type cannot be attribute. However, where the complex data type cannot be
represented as TLVs, and is expected to be used in many attributes, a represented as TLVs, and is expected to be used in many attributes, a
new data type SHOULD be defined. new data type SHOULD be defined.
These requirements are stronger than [RFC6158], which makes the above These requirements are stronger than [RFC6158], which makes the above
encapsulation a "SHOULD". This document defines data types for use encapsulation a "SHOULD". This document defines data types for use
in RADIUS, so there are few reasons to avoid using them. in RADIUS, so there are few reasons to avoid using them.
skipping to change at page 16, line 38 skipping to change at page 16, line 50
Format Format
0 0
0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7
+-+-+-+-+-+-+-+- +-+-+-+-+-+-+-+-
| Octets ... | Octets ...
+-+-+-+-+-+-+-+- +-+-+-+-+-+-+-+-
3.7. ifid 3.7. ifid
The "ifid" data type encodes an Interface-Id as an 8-octet string in The "ifid" data type encodes an Interface-Id as an 8 octet IPv6
network byte order. Interface Identifier network byte order.
Name Name
ifid ifid
Value Value
7 7
Length Length
skipping to change at page 18, line 42 skipping to change at page 19, line 6
3.10. ipv6prefix 3.10. ipv6prefix
The "ipv6prefix" data type encodes an IPv6 prefix, using both a The "ipv6prefix" data type encodes an IPv6 prefix, using both a
prefix length and an IPv6 address in network byte order. Where the prefix length and an IPv6 address in network byte order. Where the
range of prefixes for a particular attribute is limited to a sub-set range of prefixes for a particular attribute is limited to a sub-set
of possible prefixes, specifications MUST define the valid range(s). of possible prefixes, specifications MUST define the valid range(s).
Attributes with Addresses outside of the allowed range(s) SHOULD be Attributes with Addresses outside of the allowed range(s) SHOULD be
treated as "invalid attributes". treated as "invalid attributes".
Attributes with a Prefix-Length field having value greater than 128 Attributes with a Prefix-Length field having value greater than 128
SHOULD be treated as "invalid attributes". MUST be treated as "invalid attributes".
Name Name
ipv6prefix ipv6prefix
Value Value
10 10
Length Length
At least two, and no more than eighteen octets. At least two, and no more than eighteen octets.
Format Format
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Reserved | Prefix-Length | Prefix ... | Reserved | Prefix-Length | Prefix ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
... Prefix ... ... Prefix ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
... Prefix ... ... Prefix ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
... Prefix | ... Prefix |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Subfields Subfields
skipping to change at page 19, line 40 skipping to change at page 19, line 51
Prefix-Length Prefix-Length
The length of the prefix, in bits. At least 0 and no larger The length of the prefix, in bits. At least 0 and no larger
than 128. than 128.
Prefix Prefix
The Prefix field is up to 16 octets in length. Bits outside of The Prefix field is up to 16 octets in length. Bits outside of
the Prefix-Length, if included, MUST be zero. the Prefix-Length, if included, MUST be zero.
The Prefix field SHOULD NOT contain more octets than necessary
to encode the Prefix.
3.11. ipv4prefix 3.11. ipv4prefix
The "ipv4prefix" data type encodes an IPv4 prefix, using both a The "ipv4prefix" data type encodes an IPv4 prefix, using both a
prefix length and an IPv4 address in network byte order. Where the prefix length and an IPv4 address in network byte order. Where the
range of prefixes for a particular attribute is limited to a sub-set range of prefixes for a particular attribute is limited to a sub-set
of possible prefixes, specifications MUST define the valid range(s). of possible prefixes, specifications MUST define the valid range(s).
Attributes with Addresses outside of the allowed range(s) SHOULD be Attributes with Addresses outside of the allowed range(s) SHOULD be
treated as "invalid attributes". treated as "invalid attributes".
Attributes with a Prefix-Length field having value greater than 32 Attributes with a Prefix-Length field having value greater than 32
SHOULD be treated as "invalid attributes". MUST be treated as "invalid attributes".
Name Name
ipv4prefix ipv4prefix
Value Value
11 11
Length Length
six octets six octets
Format Format
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Reserved | Prefix-Length | Prefix ... | Reserved | Prefix-Length | Prefix ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
... Prefix | ... Prefix |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Subfields Subfields
Reserved Reserved
This field, which is reserved and MUST be present, is always This field, which is reserved and MUST be present, is always
set to zero. This field is one octet in length. set to zero. This field is one octet in length.
skipping to change at page 26, line 30 skipping to change at page 26, line 39
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Extended-Type |M| Reserved | Ext-Data ... | Extended-Type |M| Reserved | Ext-Data ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Subfields Subfields
Extended-Type Extended-Type
This field is identical to the Extended-Type field defined This field is identical to the Extended-Type field defined
above in Section 2.13. above in Section 3.15.
M (More) M (More)
The More field is one (1) bit in length, and indicates whether The More field is one (1) bit in length, and indicates whether
or not the current attribute contains "more" than 251 octets of or not the current attribute contains "more" than 251 octets of
data. The More field MUST be clear (0) if the Length field has data. The More field MUST be clear (0) if the Length field has
value less than 255. The More field MAY be set (1) if the value less than 255. The More field MAY be set (1) if the
Length field has value of 255. Length field has value of 255.
If the More field is set (1), it indicates that the Ext-Data If the More field is set (1), it indicates that the Ext-Data
skipping to change at page 29, line 27 skipping to change at page 29, line 37
field is outside the scope of this specification. field is outside the scope of this specification.
4. Updated Registries 4. Updated Registries
This section defines a new IANA registry for RADIUS data types, and This section defines a new IANA registry for RADIUS data types, and
then updates the existing RADIUS Attribute Type registry to use the then updates the existing RADIUS Attribute Type registry to use the
data types from the new registry. data types from the new registry.
4.1. Create a Data Type Registry 4.1. Create a Data Type Registry
This section defines a new RADIUS registry, called "Data Type". This section defines a new registry located under "RADIUS Types",
Allocation in this registry requires IETF Review. The "Registration called "Data Type". Allocation in this registry requires IETF
Procedures" for the Data Type Registry are "Standards Action". Review. The "Registration Procedures" for the Data Type registry are
"Standards Action".
The Data Type Registry contains three columns of data, as follows. The Data Type registry contains three columns of data, as follows.
Value Value
The number of the data type. The value field is an artifact of The number of the data type. The value field is an artifact of
the registry, and has no on-the-wire meaning. the registry, and has no on-the-wire meaning.
Description Description
The name of the data type. The name field is used only for the The name of the data type. The name field is used only for the
registry, and has no on-the-wire meaning. registry, and has no on-the-wire meaning.
skipping to change at page 30, line 23 skipping to change at page 30, line 33
10 ipv6prefix [RFC3162], TBD 10 ipv6prefix [RFC3162], TBD
11 ipv4prefix [RFC6572], TBD 11 ipv4prefix [RFC6572], TBD
12 integer64 [RFC6929], TBD 12 integer64 [RFC6929], TBD
13 tlv [RFC6929], TBD 13 tlv [RFC6929], TBD
14 evs [RFC6929], TBD 14 evs [RFC6929], TBD
15 extended [RFC6929], TBD 15 extended [RFC6929], TBD
16 long-extended [RFC6929], TBD 16 long-extended [RFC6929], TBD
4.2. Updates to the Attribute Type Registry 4.2. Updates to the Attribute Type Registry
This section updates the RADIUS Attribute Type Registry to have a new This section updates the RADIUS Attribute Type registry to have a new
column, which is inserted in between the existing "Description" and column, which is inserted in between the existing "Description" and
"Reference" columns. The new column is named "Data Type". The "Reference" columns. The new column is named "Data Type". The
contents of that column are the name of a data type, corresponding to contents of that column are the name of a data type, corresponding to
the attribute in that row, or blank if the attribute type is the attribute in that row, or blank if the attribute type is
unassigned. The name of the data type is taken from the RADIUS Data unassigned. The name of the data type is taken from the RADIUS Data
Type registry, defined above. Type registry, as defined above.
The existing registration requirements for the Attribute Type The existing registration requirements for the RADIUS Attribute Type
Registry are unchanged. registry are otherwise unchanged.
NOTE TO RFC EDITOR: Before the document is published, please remove this
note, and the following text in this section.
The updated registry follows in CSV format. The updated registry follows in CSV format.
Value,Description,Data Type,Reference Value,Description,Data Type,Reference
1,User-Name,text,[RFC2865] 1,User-Name,text,[RFC2865]
2,User-Password,string,[RFC2865] 2,User-Password,string,[RFC2865]
3,CHAP-Password,string,[RFC2865] 3,CHAP-Password,string,[RFC2865]
4,NAS-IP-Address,ipv4addr,[RFC2865] 4,NAS-IP-Address,ipv4addr,[RFC2865]
5,NAS-Port,integer,[RFC2865] 5,NAS-Port,integer,[RFC2865]
6,Service-Type,enum,[RFC2865] 6,Service-Type,enum,[RFC2865]
skipping to change at page 36, line 6 skipping to change at page 36, line 19
6. IANA Considerations 6. IANA Considerations
IANA is instructed to create one new registry as described above in IANA is instructed to create one new registry as described above in
Section 4.1. The "TBD" text in that section should be replaced with Section 4.1. The "TBD" text in that section should be replaced with
the RFC number of this document when it is published. the RFC number of this document when it is published.
IANA is instructed to update the RADIUS Attribute Type registry, as IANA is instructed to update the RADIUS Attribute Type registry, as
described above in Section 4.2. described above in Section 4.2.
IANA is instructed to require that all allocation requests in the IANA is instructed to require that all allocation requests in the
RADIUS Attribute Type Registry contain a "Data Type" field. That RADIUS Attribute Type registry contain a "Data Type" field. That
field is required to contain one of the "Data Type" names contained field is required to contain one of the "Data Type" names contained
in the RADIUS Data Type registry. in the RADIUS Data Type registry.
IANA is instructed to require that updates to the RADIUS Data Type IANA is instructed to require that updates to the RADIUS Data Type
registry contain the following fields, with the associated registry contain the following fields, with the associated
instructions: instructions:
* Value. IANA is instructed to assign the next unused integer in * Value. IANA is instructed to assign the next unused integer in
sequence to new data type definitions. sequence to new data type definitions.
* Name. IANA is instructed to require that this name be unique * Name. IANA is instructed to require that this name be unique
in the registry. in the registry.
* Reference. IANA is instructed to update this field with a * Reference. IANA is instructed to update this field with a
reference reference to the document which defines the data type.
to the document which defines the data type.
7. References 7. References
7.1. Normative References 7.1. Normative References
[RFC2119] [RFC2119]
Bradner, S., "Key words for use in RFCs to Indicate Requirement Bradner, S., "Key words for use in RFCs to Indicate Requirement
Levels", RFC 2119, March, 1997. Levels", RFC 2119, March, 1997.
[RFC2865] [RFC2865]
skipping to change at page 37, line 19 skipping to change at page 37, line 31
7.2. Informative References 7.2. Informative References
[RFC2868] [RFC2868]
Zorn, G., Leifer, D., Rubens, A., Shriver, J., Holdrege, M., and I. Zorn, G., Leifer, D., Rubens, A., Shriver, J., Holdrege, M., and I.
Goyret, "RADIUS Attributes for Tunnel Protocol Support", RFC 2868, Goyret, "RADIUS Attributes for Tunnel Protocol Support", RFC 2868,
June 2000. June 2000.
[RFC2869] [RFC2869]
Rigney, C., et al, "RADIUS Extensions", RFC 2869, June 2000. Rigney, C., et al, "RADIUS Extensions", RFC 2869, June 2000.
[RFC5234]
Crocker, D. and P. Overell, "Augmented BNF for Syntax
Specifications: ABNF", RFC 5234, January 2008.
[RFC6929] [RFC6929]
DeKok, A., and Lior, A., "Remote Authentication Dial In User DeKok, A., and Lior, A., "Remote Authentication Dial In User
Service (RADIUS) Protocol Extensions", RFC 6929, April 2013. Service (RADIUS) Protocol Extensions", RFC 6929, April 2013.
[RFC7268] [RFC7268]
Aboba, B, et al, "RADIUS Attributes for IEEE 802 Networks", RFC Aboba, B, et al, "RADIUS Attributes for IEEE 802 Networks", RFC
7268, July 2015. 7268, July 2015.
[RFC7499] [RFC7499]
Perez-Mendez A., et al, "Support of Fragmentation of RADIUS Perez-Mendez A., et al, "Support of Fragmentation of RADIUS
 End of changes. 43 change blocks. 
68 lines changed or deleted 99 lines changed or added

This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/