summaryrefslogtreecommitdiff
path: root/doc/rfc/rfc6440.txt
diff options
context:
space:
mode:
authorThomas Voss <mail@thomasvoss.com> 2024-11-27 20:54:24 +0100
committerThomas Voss <mail@thomasvoss.com> 2024-11-27 20:54:24 +0100
commit4bfd864f10b68b71482b35c818559068ef8d5797 (patch)
treee3989f47a7994642eb325063d46e8f08ffa681dc /doc/rfc/rfc6440.txt
parentea76e11061bda059ae9f9ad130a9895cc85607db (diff)
doc: Add RFC documents
Diffstat (limited to 'doc/rfc/rfc6440.txt')
-rw-r--r--doc/rfc/rfc6440.txt339
1 files changed, 339 insertions, 0 deletions
diff --git a/doc/rfc/rfc6440.txt b/doc/rfc/rfc6440.txt
new file mode 100644
index 0000000..4ad7ed0
--- /dev/null
+++ b/doc/rfc/rfc6440.txt
@@ -0,0 +1,339 @@
+
+
+
+
+
+
+Internet Engineering Task Force (IETF) G. Zorn
+Request for Comments: 6440 Network Zen
+Category: Standards Track Q. Wu
+ISSN: 2070-1721 Y. Wang
+ Huawei
+ December 2011
+
+
+The EAP Re-authentication Protocol (ERP) Local Domain Name DHCPv6 Option
+
+Abstract
+
+ In order to derive a Domain-Specific Root Key (DSRK) from the
+ Extended Master Session Key (EMSK) generated as a side effect of an
+ Extensible Authentication Protocol (EAP) method, the EAP peer must
+ discover the name of the domain to which it is attached.
+
+ This document specifies a Dynamic Host Configuration Protocol
+ Version 6 (DHCPv6) option designed to allow a DHCPv6 server to inform
+ clients using the EAP Re-authentication Protocol (ERP) EAP method of
+ the name of the local domain for ERP.
+
+Status of This Memo
+
+ This is an Internet Standards Track document.
+
+ This document is a product of the Internet Engineering Task Force
+ (IETF). It represents the consensus of the IETF community. It has
+ received public review and has been approved for publication by the
+ Internet Engineering Steering Group (IESG). Further information on
+ Internet Standards is available in Section 2 of RFC 5741.
+
+ Information about the current status of this document, any errata,
+ and how to provide feedback on it may be obtained at
+ http://www.rfc-editor.org/info/rfc6440.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Zorn, et al. Standards Track [Page 1]
+
+RFC 6440 The ERP Local Domain Name DHCPv6 Option December 2011
+
+
+Copyright Notice
+
+ Copyright (c) 2011 IETF Trust and the persons identified as the
+ document authors. All rights reserved.
+
+ This document is subject to BCP 78 and the IETF Trust's Legal
+ Provisions Relating to IETF Documents
+ (http://trustee.ietf.org/license-info) in effect on the date of
+ publication of this document. Please review these documents
+ carefully, as they describe your rights and restrictions with respect
+ to this document. Code Components extracted from this document must
+ include Simplified BSD License text as described in Section 4.e of
+ the Trust Legal Provisions and are provided without warranty as
+ described in the Simplified BSD License.
+
+Table of Contents
+
+ 1. Introduction ....................................................2
+ 2. Terminology .....................................................3
+ 2.1. Standards Language .........................................3
+ 2.2. Acronyms ...................................................3
+ 3. Option Format ...................................................3
+ 3.1. DHCPv6 ERP Local Domain Name Option ........................3
+ 4. Client Behavior .................................................4
+ 5. Relay Agent Behavior ............................................4
+ 6. Security Considerations .........................................4
+ 7. IANA Considerations .............................................4
+ 8. References ......................................................5
+ 8.1. Normative References .......................................5
+ 8.2. Informative References .....................................5
+
+1. Introduction
+
+ The EAP Re-authentication Protocol (ERP) [RFC5296] is designed to
+ allow faster re-authentication of a mobile device that was previously
+ authenticated by means of the Extensible Authentication Protocol
+ [RFC3748]. Given that the local root key (e.g., a DSRK, as described
+ in RFC 5295 [RFC5295]) is generated using the local domain name
+ (LDN), LDN discovery is an important part of re-authentication. As
+ described in RFC 5296 [RFC5296], the LDN to be used in ERP can be
+ learned by the mobile device through the ERP exchange or via a lower-
+ layer mechanism. However, no lower-layer mechanisms for LDN
+ discovery have yet been defined.
+
+ This document specifies an extension to DHCPv6 for LDN to be used
+ in ERP.
+
+
+
+
+
+Zorn, et al. Standards Track [Page 2]
+
+RFC 6440 The ERP Local Domain Name DHCPv6 Option December 2011
+
+
+2. Terminology
+
+2.1. Standards Language
+
+ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
+ "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
+ document are to be interpreted as described in [RFC2119].
+
+2.2. Acronyms
+
+ o FQDN: Fully Qualified Domain Name
+
+ o AAA: Authentication, Authorization, and Accounting
+
+ o DSRK: Domain-Specific Root Key
+
+3. Option Format
+
+ In DHCPv6-based local domain name discovery, the LDN option is used
+ by the DHCPv6 client to obtain the local domain name from the DHCPv6
+ server after full EAP authentication has taken place.
+
+ The contents of the ERP Local Domain Name option are intended only
+ for use with ERP and do not represent the name of a local domain for
+ any other purposes.
+
+3.1. DHCPv6 ERP Local Domain Name Option
+
+ The format of this option is:
+
+ 0 1 2 3
+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | OPTION_ERP_LOCAL_DOMAIN_NAME| option-length |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | erp-local-domain-name...
+ +-+-+-+-+-+-+-+-+-+-+-+-+-
+
+ option code
+ OPTION_ERP_LOCAL_DOMAIN_NAME (65)
+
+ option-length
+ Length of the erp-local-domain-name field, in octets
+
+
+
+
+
+
+
+
+Zorn, et al. Standards Track [Page 3]
+
+RFC 6440 The ERP Local Domain Name DHCPv6 Option December 2011
+
+
+ erp-local-domain-name
+ This field contains the name of the local ERP domain and MUST be
+ encoded as specified in Section 8 of RFC 3315 [RFC3315]. Note
+ that this encoding does enable the use of internationalized domain
+ names, but only as a set of A-labels [RFC5890].
+
+4. Client Behavior
+
+ If a DHCPv6 client doesn't know the ERP LDN and requires the DHCPv6
+ server to provide the DHCPv6 ERP LDN option, it MUST include an
+ Option Request option requesting the DHCPv6 ERP Local Domain Name
+ option, as described in Section 22.7 of RFC 3315 [RFC3315].
+
+ When the DHCPv6 client receives an ERP Local Domain Name option with
+ the ERP LDN present in it, it MUST verify that the option length is
+ no more than 256 octets (the maximum length of a single fully
+ qualified domain name (FQDN) allowed by the DNS), and that the local
+ domain name is a properly encoded single FQDN, as specified in
+ Section 8 of RFC 3315 ("Representation and Use of Domain Names")
+ [RFC3315].
+
+5. Relay Agent Behavior
+
+ If a DHCPv6 relay agent has pre-existing knowledge of the ERP local
+ domain name for a client (for example, from a previous AAA exchange),
+ it SHOULD include it in an instance of the DHCPv6 ERP Local Domain
+ Name option and forward to the DHCPv6 server as a suboption of the
+ Relay-Supplied Options option [RFC6422].
+
+6. Security Considerations
+
+ The communication between the DHCPv6 client and the DHCPv6 server for
+ the exchange of local domain name information is security sensitive
+ and requires server authentication and integrity protection. DHCPv6
+ security as described in [RFC3315] can be used for this purpose.
+
+7. IANA Considerations
+
+ IANA has added the name "OPTION_ERP_LOCAL_DOMAIN_NAME" to the
+ registry titled "Options Permitted in the Relay-Supplied Options
+ Option" maintained at http://www.iana.org/.
+
+ IANA has assigned one new option code to the registry titled "DHCP
+ Option Codes" maintained at http://www.iana.org/, referencing this
+ document.
+
+
+
+
+
+
+Zorn, et al. Standards Track [Page 4]
+
+RFC 6440 The ERP Local Domain Name DHCPv6 Option December 2011
+
+
+8. References
+
+8.1. Normative References
+
+ [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
+ Requirement Levels", BCP 14, RFC 2119, March 1997.
+
+ [RFC3315] Droms, R., Ed., Bound, J., Volz, B., Lemon, T., Perkins,
+ C., and M. Carney, "Dynamic Host Configuration Protocol
+ for IPv6 (DHCPv6)", RFC 3315, July 2003.
+
+ [RFC5295] Salowey, J., Dondeti, L., Narayanan, V., and M. Nakhjiri,
+ "Specification for the Derivation of Root Keys from an
+ Extended Master Session Key (EMSK)", RFC 5295,
+ August 2008.
+
+ [RFC5296] Narayanan, V. and L. Dondeti, "EAP Extensions for EAP
+ Re-authentication Protocol (ERP)", RFC 5296, August 2008.
+
+ [RFC6422] Lemon, T. and Q. Wu, "Relay-Supplied DHCP Options",
+ RFC 6422, December 2011.
+
+8.2. Informative References
+
+ [RFC3748] Aboba, B., Blunk, L., Vollbrecht, J., Carlson, J., and H.
+ Levkowetz, Ed., "Extensible Authentication Protocol
+ (EAP)", RFC 3748, June 2004.
+
+ [RFC5890] Klensin, J., "Internationalized Domain Names for
+ Applications (IDNA): Definitions and Document Framework",
+ RFC 5890, August 2010.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Zorn, et al. Standards Track [Page 5]
+
+RFC 6440 The ERP Local Domain Name DHCPv6 Option December 2011
+
+
+Authors' Addresses
+
+ Glen Zorn
+ Network Zen
+ 227/358 Thanon Sanphawut
+ Bang Na, Bangkok 10260
+ Thailand
+
+ Phone: +66 (0) 87-040-4617
+ EMail: glenzorn@gmail.com
+
+
+ Qin Wu
+ Huawei Technologies Co., Ltd.
+ 101 Software Avenue, Yuhua District
+ Nanjing, Jiangsu 210012
+ China
+
+ Phone: +86-25-56623633
+ EMail: sunseawq@huawei.com
+
+
+ Yungui Wang
+ Huawei Technologies Co., Ltd.
+ 101 Software Avenue, Yuhua District
+ Nanjing, Jiangsu 210012
+ China
+
+ Phone: +86-25-56624545
+ EMail: w52006@huawei.com
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Zorn, et al. Standards Track [Page 6]
+