draft-ietf-radext-delegated-prefix-01.txt		draft-ietf-radext-delegated-prefix-02.txt
	Network Working Group J. Salowey		Network Working Group J. Salowey
	Internet-Draft R. Droms		Internet-Draft R. Droms
	Intended status: Standards Track Cisco Systems, Inc.		Intended status: Standards Track Cisco Systems, Inc.
	Expires: November 24, 2006 May 23, 2006		Expires: January 11, 2007 July 10, 2006
	RADIUS Delegated-IPv6-Prefix Attribute		RADIUS Delegated-IPv6-Prefix Attribute
	draft-ietf-radext-delegated-prefix-01.txt		draft-ietf-radext-delegated-prefix-02.txt
	Status of this Memo		Status of this Memo
	By submitting this Internet-Draft, each author represents that any		By submitting this Internet-Draft, each author represents that any
	applicable patent or other IPR claims of which he or she is aware		applicable patent or other IPR claims of which he or she is aware
	have been or will be disclosed, and any of which he or she becomes		have been or will be disclosed, and any of which he or she becomes
	aware will be disclosed, in accordance with Section 6 of BCP 79.		aware will be disclosed, in accordance with Section 6 of BCP 79.
	Internet-Drafts are working documents of the Internet Engineering		Internet-Drafts are working documents of the Internet Engineering
	Task Force (IETF), its areas, and its working groups. Note that		Task Force (IETF), its areas, and its working groups. Note that
	skipping to change at page 1, line 34		skipping to change at page 1, line 34
	and may be updated, replaced, or obsoleted by other documents at any		and may be updated, replaced, or obsoleted by other documents at any
	time. It is inappropriate to use Internet-Drafts as reference		time. It is inappropriate to use Internet-Drafts as reference
	material or to cite them other than as "work in progress."		material or to cite them other than as "work in progress."
	The list of current Internet-Drafts can be accessed at		The list of current Internet-Drafts can be accessed at
	http://www.ietf.org/ietf/1id-abstracts.txt.		http://www.ietf.org/ietf/1id-abstracts.txt.
	The list of Internet-Draft Shadow Directories can be accessed at		The list of Internet-Draft Shadow Directories can be accessed at
	http://www.ietf.org/shadow.html.		http://www.ietf.org/shadow.html.
	This Internet-Draft will expire on November 24, 2006.		This Internet-Draft will expire on January 11, 2007.
	Copyright Notice		Copyright Notice
	Copyright (C) The Internet Society (2006).		Copyright (C) The Internet Society (2006).
	Abstract		Abstract
	This document defines a RADIUS (Remote Authentication Dial In User		This document defines a RADIUS (Remote Authentication Dial In User
	Service) attribute that carries an IPv6 prefix that is to be		Service) attribute that carries an IPv6 prefix that is to be
	delegated to the user. This attribute is usable within either RADIUS		delegated to the user. This attribute is usable within either RADIUS
	or Diameter.		or Diameter.
	1. Introduction		1. Introduction
	The Delegated-IPv6-Prefix is a RADIUS attribute [1] that carries an		The Delegated-IPv6-Prefix is a RADIUS attribute [1] that carries an
	IPv6 prefix to be delegated to the user. For example, the prefix in		IPv6 prefix to be delegated to the user, for use in the user's
	a Delegated-IPv6-Prefix attribute can be delegated to another node		network. For example, the prefix in a Delegated-IPv6-Prefix
	through DHCP Prefix Delegation [2].		attribute can be delegated to another node through DHCP Prefix
			Delegation [2].
			The Framed-IPv6-Prefix attribute [4] serves a similar purpose, but
			may also be used for other purposes other than delegating a prefix
			for use in a user's network. Definition of the Delegated-IPv6-Prefix
			allows the simultaneous use of the Framed-IPv6-Prefix for other
			purposes and the Delegated-IPv6-Prefix for prefix delegation.
	2. Terminology		2. Terminology
	The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",		The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
	"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this		"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
	document are to be interpreted as described in RFC 2119 [3].		document are to be interpreted as described in RFC 2119 [3].
	3. Attribute format		3. Attribute format
	The format of the Delegated-IPv6-Prefix is:		The format of the Delegated-IPv6-Prefix is:
	skipping to change at page 2, line 39		skipping to change at page 3, line 4
	Prefix		Prefix
	+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+		+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
	Prefix		Prefix
	+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+		+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
	Prefix |		Prefix |
	+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+		+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
	Type		Type
	TBD for Delegated-IPv6-Prefix		TBD for Delegated-IPv6-Prefix
	Length		Length
	At least 4 and no larger than 20		The length of the entire attribute, in bytes. At least 4
			(to hold Type/Length/Reserved/Prefix-Length for a 0-bit
			prefix), and no larger than 20 (to hold Type/Length/
			Reserved/Prefix-Length for a 128-bit prefix)
	Reserved		Reserved
	Always set to zero		Always set to zero by sender; ignored by receiver
	Prefix-Length		Prefix-Length
	The length of the prefix, in bits. At least 0 and no larger		The length of the prefix being delegated, in bits. At least
	than 128		0 and no larger than 128 bits (identifying a single IPv6
			address)
	Note that the prefix field is only required to be long enough to hold		Note that the prefix field is only required to be long enough to hold
	the prefix bits and can be shorter than 16 bytes. Any bits in the		the prefix bits and can be shorter than 16 bytes. Any bits in the
	prefix field that are not part of the prefix MUST be zero.		prefix field that are not part of the prefix MUST be zero.
	The definition of the Delegated-IPv6-Prefix Attribute is based on the		The definition of the Delegated-IPv6-Prefix Attribute is based on the
	Framed-IPv6-Prefix attribute.		Framed-IPv6-Prefix attribute [4].
	The Delegated-IPv6-Prefix MAY appear in an Access-Accept packet, and		The Delegated-IPv6-Prefix MAY appear in an Access-Accept packet, and
	can appear multiple times. It MAY appear in an Access-Request packet		can appear multiple times. It MAY appear in an Access-Request packet
	as a hint by the NAS to the server that it would prefer these		as a hint by the NAS to the server that it would prefer these
	prefix(es), but the server is not required to honor the hint.		prefix(es), but the server is not required to honor the hint.
	The Delegated-IPv6-Prefix attribute MAY appear in an Accounting-		The Delegated-IPv6-Prefix attribute MAY appear in an Accounting-
	Request packet.		Request packet.
	The Delegated-IPv6-Prefix MUST NOT appear in any other RADIUS		The Delegated-IPv6-Prefix MUST NOT appear in any other RADIUS
	packets.		packets.
	The following table describes which messages the Delegated-IPv6-		The following table describes which messages the Delegated-IPv6-
	Prefix attribute can appear in and in what quantity.		Prefix attribute can appear in and in what quantity.
	Request Accept Accounting # Attribute		+------------------------------------------------------+
	Request		| Request Accept Accounting # Attribute |
	0+ 0+ 0+ TBD Delegated-IPv6-Prefix		| Request |
			| 0+ 0+ 0+ TBD Delegated-IPv6-Prefix |
			+------------------------------------------------------+
	In this table 0+ means that zero or more instances of this attribute		In this table 0+ means that zero or more instances of this attribute
	MAY be present in packet. This attribute MUST NOT appear in any		MAY be present in packet. This attribute MUST NOT appear in any
	packet not listed in the table.		packet not listed in the table.
	4. Diameter Considerations		4. Diameter Considerations
	A definition is needed for an identical attribute with the same Type		When used in Diameter, the attribute defined in this specification
	value for Diameter [4]. The attribute should be available as part of		can be used as a Diameter AVP from the Code space 1-255, i.e., RADIUS
	the NASREQ application [5], as well as the Diameter EAP application		attribute compatibility space. No additional Diameter Code values
	[6].		are therefore allocated. The data types of the attributes are as
			follows:
			Delegated-IPv6-Prefix OctetString
			The attribute in this specification has no special translation
			requirements for Diameter to RADIUS or RADIUS to Diameter gateways,
			i.e., the attribute is copied as is, except for changes relating to
			headers, alignment, and padding. See also RFC 3588 [5], Section 4.1,
			and RFC 4005 [6], Section 9.
			The text in this specification describing the applicability of the
			Delegated-IPv6-Prefix attribute for RADIUS Access-Request applies in
			Diameter to AA-Request [6] or Diameter-EAP-Request [7].
			The text in this specification describing the applicability of the
			Delegated-IPv6-Prefix attribute for RADIUS Access-Accept applies in
			Diameter to AA-Answer or Diameter-EAP-Answer that indicates success.
			The text in this specification describing the applicability of the
			Delegated-IPv6-Prefix attribute for RADIUS Accounting-Request applies
			to Diameter Accounting-Request [6] as well.
	5. IANA Considerations		5. IANA Considerations
	IANA is requested to assign a Type value, TBD, for this attribute		IANA is requested to assign a Type value, TBD, for this attribute
	from the RADIUS Types registry.		from the RADIUS Attribute Types registry.
	6. Security Considerations		6. Security Considerations
	Known security vulnerabilities of the RADIUS protocol are discussed		Known security vulnerabilities of the RADIUS protocol are discussed
	in RFC 2607 [7], RFC 2865 [1] and RFC 2869 [8]. Use of IPsec [9] for		in RFC 2607 [8], RFC 2865 [1] and RFC 2869 [9]. Use of IPsec [10]
	providing security when RADIUS is carried in IPv6 is discussed in RFC		for providing security when RADIUS is carried in IPv6 is discussed in
	3162 [10].		RFC 3162.
			Security considerations for the Diameter protocol are discussed in
			RFC 3588 [5].
	7. Change Log		7. Change Log
			This section to be removed before publication as an RFC.
	The following changes were made in revision -01 of this document:		The following changes were made in revision -01 of this document:
	o Added additional details to Abstract; defined that this attribute		o Added additional details to Abstract; defined that this attribute
	can be used in both RADIUS and Diameter. (Issue 188)		can be used in both RADIUS and Diameter. (Issue 188)
	o Moved and clarified text describing which packets this attribute		o Moved and clarified text describing which packets this attribute
	can appear in adjacent to table in section 3. (Issue 188)		can appear in adjacent to table in section 3. (Issue 188)
	o Fixed RFC 2119 boilerplate in section 2. (Issue 185)		o Fixed RFC 2119 boilerplate in section 2. (Issue 185)
	o Fixed table in section 3 to clarify which packets this attribute		o Fixed table in section 3 to clarify which packets this attribute
	cannot appear in. (Issue 188)		cannot appear in. (Issue 188)
	o Added section 4, Diameter Considerations. (Issue 188)		o Added section 4, Diameter Considerations. (Issue 188)
	o Made some references in section 6, Security Considerations,		o Made some references in section 6, Security Considerations,
	Informative rather than Normative. (Issue 188)		Informative rather than Normative. (Issue 188)
	o Updated reference to RFC 2401 [9] to RFC 4301. (Issue 188)		o Updated reference to RFC 2401 [9] to RFC 4301. (Issue 188)
	o Changed "IP SEC" to "IPsec" in section 6. (Issues 185 and 188)		o Changed "IP SEC" to "IPsec" in section 6. (Issues 185 and 188)
			The following changes were made in revision -02 of this document:
			o Added a second paragraph to the Introduction, referencing the
			Framed-IPv6-Prefix attribute
			o Improved description of attribute fields in section 3
			o Added border to table in section 3
			o Updated Section 4, Diameter Considerations, to describe how this
			attribute would be used in Diameter.
			o Added reference to RFC 3588 in Section 6, Security Considerations.
	8. References		8. References
	8.1. Normative References		8.1. Normative References
	[1] Rigney, C., Willens, S., Rubens, A., and W. Simpson, "Remote		[1] Rigney, C., Willens, S., Rubens, A., and W. Simpson, "Remote
	Authentication Dial In User Service (RADIUS)", RFC 2865,		Authentication Dial In User Service (RADIUS)", RFC 2865,
	June 2000.		June 2000.
	[2] Troan, O. and R. Droms, "IPv6 Prefix Options for Dynamic Host		[2] Troan, O. and R. Droms, "IPv6 Prefix Options for Dynamic Host
	Configuration Protocol (DHCP) version 6", RFC 3633,		Configuration Protocol (DHCP) version 6", RFC 3633,
	December 2003.		December 2003.
	[3] Bradner, S., "Key words for use in RFCs to Indicate Requirement		[3] Bradner, S., "Key words for use in RFCs to Indicate Requirement
	Levels", BCP 14, RFC 2119, March 1997.		Levels", BCP 14, RFC 2119, March 1997.
	8.2. Non-normative References		8.2. Non-normative References
	[4] Calhoun, P., Loughney, J., Guttman, E., Zorn, G., and J. Arkko,		[4] Aboba, B., Zorn, G., and D. Mitton, "RADIUS and IPv6",
			RFC 3162, August 2001.
			[5] Calhoun, P., Loughney, J., Guttman, E., Zorn, G., and J. Arkko,
	"Diameter Base Protocol", RFC 3588, September 2003.		"Diameter Base Protocol", RFC 3588, September 2003.
	[5] Calhoun, P., Zorn, G., Spence, D., and D. Mitton, "Diameter		[6] Calhoun, P., Zorn, G., Spence, D., and D. Mitton, "Diameter
	Network Access Server Application", RFC 4005, August 2005.		Network Access Server Application", RFC 4005, August 2005.
	[6] Eronen, P., Hiller, T., and G. Zorn, "Diameter Extensible		[7] Eronen, P., Hiller, T., and G. Zorn, "Diameter Extensible
	Authentication Protocol (EAP) Application", RFC 4072,		Authentication Protocol (EAP) Application", RFC 4072,
	August 2005.		August 2005.
	[7] Aboba, B. and J. Vollbrecht, "Proxy Chaining and Policy		[8] Aboba, B. and J. Vollbrecht, "Proxy Chaining and Policy
	Implementation in Roaming", RFC 2607, June 1999.		Implementation in Roaming", RFC 2607, June 1999.
	[8] Rigney, C., Willats, W., and P. Calhoun, "RADIUS Extensions",		[9] Rigney, C., Willats, W., and P. Calhoun, "RADIUS Extensions",
	RFC 2869, June 2000.		RFC 2869, June 2000.
	[9] Kent, S. and K. Seo, "Security Architecture for the Internet		[10] Kent, S. and K. Seo, "Security Architecture for the Internet
	Protocol", RFC 4301, December 2005.		Protocol", RFC 4301, December 2005.
	[10] Aboba, B., Zorn, G., and D. Mitton, "RADIUS and IPv6",
	RFC 3162, August 2001.
	Authors' Addresses		Authors' Addresses
	Joe Salowey		Joe Salowey
	Cisco Systems, Inc.		Cisco Systems, Inc.
	2901 Third Avenue		2901 Third Avenue
	Seattle, WA 98121		Seattle, WA 98121
	USA		USA
	Phone: +1 206.310.0596		Phone: +1 206.310.0596
	Email: jsalowey@cisco.com		Email: jsalowey@cisco.com
End of changes. 22 change blocks.
	32 lines changed or deleted		80 lines changed or added
This html diff was produced by rfcdiff 1.32. The latest version is available from http://www.levkowetz.com/ietf/tools/rfcdiff/