Network Working GroupInternet Engineering Task Force (IETF) J. LaganierInternet-DraftRequest for Comments: 8004 Luminate Wireless, Inc. Obsoletes: 5204(if approved)L. EggertIntended status:Category: Standards Track NetAppExpires: February 5, 2017 August 4,ISSN: 2070-1721 October 2016 Host Identity Protocol (HIP) Rendezvous Extensiondraft-ietf-hip-rfc5204-bis-08Abstract This document defines a rendezvous extension for the Host Identity Protocol (HIP). The rendezvous extension extends HIP and the HIPregistration extensionRegistration Extension for initiating communication between HIP nodes via HIP rendezvous servers. Rendezvous servers improve reachability and operation when HIP nodes aremulti-homedmultihomed or mobile. This document obsoletesRFC5204.RFC 5204. Status of This Memo ThisInternet-Draftissubmitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documentsan Internet Standards Track document. This document is a product of the Internet Engineering Task Force (IETF).Note that other groups may also distribute working documents as Internet-Drafts. The listIt represents the consensus ofcurrent Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents validthe IETF community. It has received public review and has been approved fora maximumpublication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 7841. Information about the current status ofsix monthsthis document, any errata, and how to provide feedback on it may beupdated, replaced, or obsoleted by other documentsobtained atany time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on February 5, 2017.http://www.rfc-editor.org/info/rfc8004. Copyright Notice Copyright (c) 2016 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Overview of Rendezvous Server Operation . . . . . . . . . . . 3 3.1. Diagram Notation . . . . . . . . . . . . . . . . . . . . 5 3.2. Rendezvous Client Registration . . . . . . . . . . . . . 5 3.3. Relaying the Base Exchange . . . . . . . . . . . . . . . 6 4. Rendezvous Server Extensions . . . . . . . . . . . . . . . . 7 4.1. RENDEZVOUS Registration Type . . . . . . . . . . . . . . 7 4.2. Parameter Formats and Processing . . . . . . . . . . . . 7 4.2.1. RVS_HMAC Parameter . . . . . . . . . . . . . . . . . 7 4.2.2. FROM Parameter . . . . . . . . . . . . . . . . . . . 8 4.2.3. VIA_RVS Parameter . . . . . . . . . . . . . . . . . .89 4.3. Modified Packets Processing . . . . . . . . . . . . . . . 9 4.3.1. Processing Outgoing I1 Packets . . . . . . . . . . . 9 4.3.2. Processing Incoming I1 Packets . . . . . . . . . . . 10 4.3.3. Processing Outgoing R1 Packets . . . . . . . . . . . 10 4.3.4. Processing Incoming R1 Packets . . . . . . . . . . . 10 5. Security Considerations . . . . . . . . . . . . . . . . . . . 11 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11 7.AcknowledgmentsReferences . . . . . . . . . . . . . . . . . . . . . . . . . 128.7.1. Normative References . . . . . . . . . . . . . . . . . . 12 7.2. Informative References . . . . . . .12 8.1. Normative References. . . . . . . . . . 13 Appendix A. Changes from RFC 5204 . . . . . . . .12 8.2. Informative References. . . . . . . 14 Acknowledgments . . . . . . . . . .13 Appendix A. Changes from RFC 5204. . . . . . . . . . . . . . . 14 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 14 1. IntroductionThe"The Host Identity Protocol (HIP)Architecture [I-D.ietf-hip-rfc4423-bis]Architecture" [HIP-ARCH] introduces the rendezvous mechanism to help a HIP node to contact a frequently moving HIP node. The rendezvous mechanism involves a third party, the rendezvous server (RVS), which serves as an initial contact point ("rendezvous point") for its clients. The clients of an RVS are HIP nodes that use the HIP Registration Extension[I-D.ietf-hip-rfc5203-bis][RFC8003] to register their HIT->IP address mappings with the RVS. After this registration, other HIP nodes can initiate a base exchange using the IP address of the RVS instead of the current IP address of the node they attempt to contact. Essentially, the clients of an RVS become reachable at the RVS's IP address. Peers can initiate a HIP base exchange with the IP address of the RVS, which will relay this initial communication such that the base exchange may successfully complete. 2. Terminology This section defines terms used throughout the remainder of this specification. The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119]. In addition to the terminology defined in the HIP specification [RFC7401] and the HIP Registration Extension[I-D.ietf-hip-rfc5203-bis],[RFC8003], this document defines and uses the following terms: Rendezvous Service A HIP service provided bya rendezvous serveran RVS to its rendezvous clients. Therendezvous serverRVS offers to relay some of the arriving base exchange packets between theinitiatorInitiator andresponder.Responder. Rendezvous Server (RVS) A HIP registrar providing rendezvous service. Rendezvous Client A HIP requester that has registered for rendezvous service ata rendezvous server.an RVS. Rendezvous Registration A HIP registration for rendezvous service, established betweena rendezvous serveran RVS and a rendezvous client. 3. Overview of Rendezvous Server Operation Figure 1 shows a simple HIP base exchange withouta rendezvous server,an RVS, in which theinitiatorInitiator initiates the exchange directly with theresponderResponder by sending an I1 packet to theresponder'sResponder's IP address, as per the HIP specification [RFC7401]. +-----+ +-----+ | |-------I1------>| | | I |<------R1-------| R | | |-------I2------>| | | |<------R2-------| | +-----+ +-----+ Figure 1: HIPbase exchangeBase Exchange withoutrendezvous server.a Rendezvous Server The End-Host Mobility and Multihoming with theHost Identity ProtocolHIP specification[I-D.ietf-hip-rfc5206-bis][HIP-HOST-MOB] allows a HIP node to notify its peers about changes in its set of IP addresses. This specification presumes initial reachability of the two nodes with respect to each other. However, such a HIP node MAY also want to be reachable to other future correspondent peers that are unaware of its location change. The HIP Architecture[I-D.ietf-hip-rfc4423-bis][HIP-ARCH] introducesrendezvous serversRVSs with whom a HIP node MAY register itshost identity tagsHost Identity Tags (HITs) and current IP addresses. An RVS relays HIP packets arriving for these HITs to the node's registered IP addresses. When a HIP node has registered with an RVS, it SHOULD record the IP address of its RVS in its DNS record, using the HIP DNS resource record type defined in the HIP DNS Extension[I-D.ietf-hip-rfc5205-bis].[RFC8005]. +-----+ +--I1--->| RVS |---I1--+ | +-----+ | | v +-----+ +-----+ | |<------R1-------| | | I |-------I2------>| R | | |<------R2-------| | +-----+ +-----+ Figure 2: HIPbase exchangeBase Exchange with arendezvous server.Rendezvous Server Figure 2 shows a HIP base exchange involvinga rendezvous server.an RVS. It is assumed that HIP node R previously registered its HITs and current IP addresses with the RVS, using the HIP Registration Extension[I-D.ietf-hip-rfc5203-bis].[RFC8003]. When theinitiatorInitiator I tries to establish contact with theresponderResponder R, it must send the I1 of the base exchange either to one of R's IP addresses (if known via DNS or other means) or to one of R'srendezvous servers.RVSs. Here, I obtains the IP address of R'srendezvous serverRVS from R's DNS record and then sends the I1 packet of the HIP base exchange to RVS. RVS, noticing that the HIT contained in the arriving I1 packet is not one of its own, MUST check its current registrations to determine if it needs to relay the packets. Here, it determines that the HIT belongs to R and then relays the I1 packet to the registered IP address. R then completes the base exchange without further assistance from RVS by sending an R1 directly to the I's IP address, as obtained from the I1 packet. In this specification, the client of the RVS is always theresponder.Responder. However, there might be reasons (such as NAT and firewall traversal) to allow a client to initiate a base exchange through its ownRVS, like NAT and firewall traversal.RVS. This specification does not address such scenarios, which should be specified in other documents. 3.1. Diagram Notation Notation Significance -------- ------------ I, R I and R are the respective source and destination IP addresses in the IP header. HIT-I, HIT-R HIT-I and HIT-R are theinitiator'sInitiator's and theresponder'sResponder's HITs in the packet, respectively. REG_REQ A REG_REQUEST parameter is present in the HIP header. REG_RES A REG_RESPONSE parameter is present in the HIP header. FROM:I A FROM parameter containing the IP address I is present in the HIP header. RVS_HMAC An RVS_HMAC parameter containing anHMACHashed Message Authentication Code (HMAC) keyed with the appropriate registration key is present in the HIP header. VIA:RVS A VIA_RVS parameter containing the IP address RVS of a rendezvous server is present in the HIP header. 3.2. Rendezvous Client Registration Beforea rendezvous serveran RVS starts to relay HIP packets to a rendezvous client, the rendezvous client needs to register withitthe RVS to receive rendezvous service by using the HIP Registration Extension[I-D.ietf-hip-rfc5203-bis][RFC8003] as illustrated in the following schema: +-----+ +-----+ | | I1 | | | |--------------------------->| | | |<---------------------------| | | I | R1(REG_INFO) | RVS | | | I2(REG_REQ) | | | |--------------------------->| | | |<---------------------------| | | | R2(REG_RES) | | +-----+ +-----+ Rendezvousclient registeringClient Registering with arendezvous server.Rendezvous Server 3.3. Relaying the Base Exchange If a HIP node and one of itsrendezvous serversRVSs have a rendezvous registration, therendezvous serversRVSs relay inbound I1 packets (that contain one of the client's HITs) by rewriting the IP header. They replace the destination IP address of the I1 packet with one of the IP addresses of the owner of the HIT, i.e., the rendezvous client. They MUST also recompute the IP checksum accordingly. Because ofegressingress filtering on the path from the RVS to the client[RFC2827][RFC3013],[RFC2827] [RFC3013], a HIPrendezvous serverRVS SHOULD replace the source IP address, i.e., the IP address of I, with one of its own IP addresses. The replacement IP address SHOULD be chosen according to relevant IPv4 and IPv6 specifications[RFC1122][RFC6724].[RFC1122] [RFC6724]. Because this replacement conceals theinitiator'sInitiator's IP address, the RVS MUST append a FROM parameter containing the original source IP address of the packet. This FROM parameter MUST be integrity protected by an RVS_HMAC keyed with the corresponding rendezvous registration integrity key[I-D.ietf-hip-rfc5203-bis].[RFC8003]. I1(RVS, R, HIT-I, HIT-R I1(I, RVS, HIT-I, HIT-R) +---------+ FROM:I, RVS_HMAC) +----------------------->| |--------------------+ | | RVS | | | | | | | +---------+ | | V +-----+ R1(R, I, HIT-R, HIT-I, VIA:RVS) +-----+ | |<---------------------------------------------| | | | | | | I | I2(I, R, HIT-I, HIT-R) | R | | |--------------------------------------------->| | | |<---------------------------------------------| | +-----+ R2(R, I, HIT-R, HIT-I) +-----+ Rendezvousserver rewritingServer Rewriting IPaddresses.Addresses This modification of HIP packets ata rendezvous serveran RVS can be problematic becausetheHIPprotocoluses integrity checks. Because the I1 does not include HMAC or SIGNATURE parameters, these twoend- to-endend-to-end integrity checks are unaffected by the operation ofrendezvous servers.RVSs. The RVS SHOULD verify the checksum field of an I1 packet before doing any modifications. After modification, it MUST recompute the checksum field using the updated HIP header, which possibly included new FROM and RVS_HMAC parameters, and a pseudo-header containing the updated source and destination IP addresses. This enables theresponderResponder to validate the checksum of the I1 packet "as is", without having to parse any FROM parameters. 4. Rendezvous Server Extensions This section describes extensions to the HIP Registration Extension[I-D.ietf-hip-rfc5203-bis],[RFC8003], allowing a HIP node to register witha rendezvous serveran RVS for rendezvous service and to notify the RVS aware of changes to its current location. It also describes an extension to the HIP specification [RFC7401] itself, allowing establishment of HIP associations via one or more HIPrendezvous server(s).RVSs. 4.1. RENDEZVOUS Registration Type This specification defines an additional registration for the HIP Registration Extension[I-D.ietf-hip-rfc5203-bis][RFC8003] that allows registering witha rendezvous serveran RVS for rendezvous service. Number Registration Type ------ ----------------- 1 RENDEZVOUS 4.2. Parameter Formats and Processing 4.2.1. RVS_HMAC Parameter The RVS_HMAC is a non-critical parameter whose only difference with the HMAC parameter defined in the HIP specification [RFC7401] is its "type" code. This change causes it to be located after the FROM parameter (as opposed to the HMAC): Type 65500 Length Variable. Length in octets, excluding Type, Length, and Padding. HMAC HMAC computed over the HIP packet, excluding the RVS_HMAC parameter and any following parameters. The HMAC is keyed with the appropriate HIP integrity key (HIP-lg or HIP-gl) established when rendezvous registration happened. The HIP "checksum" field MUST be set to zero, and the HIP header length in the HIP common header MUST be calculated not to cover any excluded parameter when the HMAC is calculated. The size of the HMAC is the natural size of the hash computation output depending on the used hash function. To allow a rendezvous client and its RVS to verify the integrity of packets flowing between them, both SHOULD protect packets with an added RVS_HMAC parameter keyed with the HIP-lg or HIP-gl integrity key established while registration occurred. A valid RVS_HMAC SHOULD be present on every packet flowing between a client and a server and MUST be present when a FROM parameter is processed. 4.2.2. FROM Parameter 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | Address | | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type 65498 Length 16 Address An IPv6 address or an IPv4-in-IPv6 format IPv4 address.A rendezvous serverAn RVS MUST add a FROM parameter containing the original source IP address of a HIP packet whenever the source IP address in the IP header is rewritten. If one or more FROM parameters are already present, the new FROM parameter MUST be appended after the existing ones. Whenever an RVS inserts a FROM parameter, it MUST insert an RVS_HMAC protecting the packet integrity, especially the IP address included in the FROM parameter. 4.2.3. VIA_RVS Parameter 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | Address | | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ . . . . . . +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | Address | | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type 65502 Length Variable Address An IPv6 address or an IPv4-in-IPv6 format IPv4 address. After theresponderResponder receives a relayed I1 packet, it can begin to send HIP packets addressed to theinitiator'sInitiator's IP address, without further assistance from an RVS. For debugging purposes, it MUST append a newly created VIA_RVS parameter at the end of the R1 packet that contains the IP address of the RVS that relayed the I1 packet. Including more than one IP address in the VIA_RVS parameter is outside the scope of this specification. The main goal of using the VIA_RVS parameter is to allow operators to diagnose possible issues encountered while establishing a HIP association via an RVS. 4.3. Modified Packets Processing The following subsections describe the differences of the processing of I1 and R1 whilea rendezvous serveran RVS is involved in the base exchange. 4.3.1. Processing Outgoing I1 Packets AninitiatorInitiator SHOULD NOT send an opportunistic I1 with a NULL destination HIT to an IP address that is known to be a rendezvous server address, unless it wants to establish a HIP association with therendezvous serverRVS itself and does not know its HIT. When an RVS rewrites the source IP address of an I1 packet due to egress filtering, it MUST add a FROM parameter to the I1 that contains theinitiator'sInitiator's source IP address. This FROM parameter MUST be protected by an RVS_HMAC keyed with the integrity key established at rendezvous registration. 4.3.2. Processing Incoming I1 Packets Whena rendezvous serveran RVS receives an I1 whose destination HIT is not its own, it consults its registration database to find a registration for the rendezvous service established by the HIT owner. If it finds an appropriate registration, it relays the packet to the registered IP address. If it does not find an appropriate registration, it drops the packet.A rendezvous serverAn RVS SHOULD interpret any incoming opportunistic I1 (i.e., an I1 with a NULL destination HIT) as an I1 addressed to itself and SHOULD NOT attempt to relay it to one of its clients. When a rendezvous client receives an I1, it MUST validate any present RVS_HMAC parameter. If the RVS_HMAC cannot be verified, the packet SHOULD be dropped. If the RVS_HMAC cannot be verified and a FROM parameter is present, the packet MUST be dropped. A rendezvous client acting asresponderResponder SHOULD drop opportunistic I1s that include a FROM parameter, because this indicates that the I1 has been relayed. 4.3.3. Processing Outgoing R1 Packets When aresponderResponder replies to an I1 relayed via an RVS, it MUST append to the regular R1 header a VIA_RVS parameter containing the IP addresses of the traversed RVSs. 4.3.4. Processing Incoming R1 Packets The HIP specification [RFC7401] mandates that a system receiving an R1 MUST first check to see if it has sent an I1 to the originator of the R1 (i.e., the system is in state I1-SENT). When the R1 is replying to a relayed I1, this check SHOULD be based on HITs only. In case the IP addresses are also checked, then the source IP address MUST be checked against the IP address included in the VIA_RVS parameter. 5. Security Considerations This section discusses the known threats introduced by these HIP extensions and the implications on the overall security of HIP. In particular, it argues that the extensions described in this document do not introduce additional threats tothe Host Identity Protocol.HIP. It is difficult to encompass the whole scope of threats introduced byrendezvous serversRVSs because their presence has implications both at the IP and HIP layers. In particular, these extensions might allow for redirection, amplification, and reflection attacks at the IP layer, as well as attacks on the HIP layer itself, for example,man- in-the-middleman-in-the-middle attacks against the HIP base exchange. If aninitiatorInitiator has a priori knowledge of theresponder'sResponder's host identity when it first contacts theresponderResponder via an RVS, it has a means to verify the signatures in the HIP base exchange, which protects against man-in-the-middle attacks. If aninitiatorInitiator does not have a priori knowledge of theresponder'sResponder's host identity (so-called "opportunisticinitiators"),Initiators"), it is almost impossible to defend the HIP exchange against these attacks, because the public keys exchanged cannot be authenticated. The only approach would be to mitigate hijacking threats on HIP state by requiring an R1 answering an opportunistic I1 to come from the same IP address that originally sent the I1. This procedure retains a level of security that is equivalent to what exists in the Internet today. However, for reasons of simplicity, this specification does not allow the establishment of a HIP association viaa rendezvous serveran RVS in an opportunistic manner. 6. IANA Considerations [RFC5204], obsoleted by this document, made the following definitions and reservations in theIANA Registry for HIP Parameters Types:"Parameter Types" subregistry under "Host Identity Protocol (HIP) Parameters": Value Parameter Type Length ----- -------------- -------- 65498 FROM 16 65500 RVS_HMAC variable 65502 VIA_RVS variableThis document updatesIn theIANA Registry for HIP Parameters Types by replacing"Parameter Types" subregistry under "Host Identity Protocol (HIP) Parameters", references to [RFC5204] have been replaced by references to this document. [RFC5204], obsoleted by this document, made the following definition and reservation in theIANA Registry for HIP Registration Types:"Registration Types" subregistry under "Host Identity Protocol (HIP) Parameters": Value Registration Type ----- ----------------- 1 RENDEZVOUSThis document updatesIn theIANA Registry for HIP Registration Types by replacing"Registration Types" subregistry under "Host Identity Protocol (HIP) Parameters", references to [RFC5204] have been replaced by references to this document.8.7. References8.1.7.1. Normative References[I-D.ietf-hip-rfc5203-bis] Laganier, J. and L. Eggert, "Host Identity Protocol (HIP) Registration Extension", draft-ietf-hip-rfc5203-bis-10 (work in progress), January 2016. [I-D.ietf-hip-rfc5205-bis] Laganier, J., "Host Identity Protocol (HIP) Domain Name System (DNS) Extension", draft-ietf-hip-rfc5205-bis-09 (work in progress), January 2016.[RFC1122] Braden, R., Ed., "Requirements for Internet Hosts - Communication Layers", STD 3, RFC 1122, DOI 10.17487/RFC1122, October 1989, <http://www.rfc-editor.org/info/rfc1122>. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, <http://www.rfc-editor.org/info/rfc2119>. [RFC6724] Thaler, D., Ed., Draves, R., Matsumoto, A., and T. Chown, "Default Address Selection for Internet Protocol Version 6 (IPv6)", RFC 6724, DOI 10.17487/RFC6724, September 2012, <http://www.rfc-editor.org/info/rfc6724>. [RFC7401] Moskowitz, R., Ed., Heer, T., Jokela, P., and T. Henderson, "Host Identity Protocol Version 2 (HIPv2)", RFC 7401, DOI 10.17487/RFC7401, April 2015, <http://www.rfc-editor.org/info/rfc7401>.8.2.[RFC8003] Laganier, J. and L. Eggert, "Host Identity Protocol (HIP) Registration Extension", RFC 8003, DOI 10.17487/RFC8003, October 2016, <http://www.rfc-editor.org/info/rfc8003>. [RFC8005] Laganier, J., "Host Identity Protocol (HIP) Domain Name System (DNS) Extension", RFC 8005, DOI 10.17487/RFC8005, October 2016, <http://www.rfc-editor.org/info/rfc8005>. 7.2. Informative References[I-D.ietf-hip-rfc4423-bis][HIP-ARCH] Moskowitz, R. and M. Komu, "Host Identity Protocol Architecture",draft-ietf-hip-rfc4423-bis-14 (workWork inprogress),Progress, draft-ietf-hip-rfc4423- bis-14, June 2016.[I-D.ietf-hip-rfc5206-bis][HIP-HOST-MOB] Henderson, T., Vogt, C., and J. Arkko, "Host Mobility with the Host Identity Protocol",draft-ietf-hip-rfc5206-bis-12 (workWork inprogress), MayProgress, draft-ietf- hip-rfc5206-bis-14, October 2016. [RFC2827] Ferguson, P. and D. Senie, "Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing", BCP 38, RFC 2827, DOI 10.17487/RFC2827, May 2000, <http://www.rfc-editor.org/info/rfc2827>. [RFC3013] Killalea, T., "Recommended Internet Service Provider Security Services and Procedures", BCP 46, RFC 3013, DOI 10.17487/RFC3013, November 2000, <http://www.rfc-editor.org/info/rfc3013>. [RFC5204] Laganier, J. and L. Eggert, "Host Identity Protocol (HIP) Rendezvous Extension", RFC 5204, DOI 10.17487/RFC5204, April 2008, <http://www.rfc-editor.org/info/rfc5204>. Appendix A. Changes from RFC 5204 o Updated HIP references to revised HIP specifications.7.Acknowledgments The following people have provided thoughtful and helpful discussions and/or suggestions that have improved this document: Marcus Brunner, Tom Henderson, Miika Komu, Mika Kousa, Pekka Nikander, Juergen Quittek, Justino Santos, Simon Schuetz, Tim Shepard, Kristian Slavov,Martin Stiemerling,andJuergen Quittek.Martin Stiemerling. Lars Eggert has received funding from the European Union's Horizon 2020 research and innovation program 2014-2018 under grant agreement No. 644866. This document reflects only the authors'viewsviews, and the European Commission is not responsible for any use that may be made of the information it contains. Thanks to Joel M. Halpern for performing the Gen-ART review of this document as part of the publication process. Authors' Addresses Julien Laganier Luminate Wireless, Inc. Cupertino, CAUSA EMail:United States of America Email: julien.ietf@gmail.com Lars Eggert NetApp Sonnenallee 1 Kirchheim 85551 Germany Phone: +49 151 12055791EMail:Email: lars@netapp.com URI: http://eggert.org