| rfc8994v4.txt | rfc8994.txt | |||
|---|---|---|---|---|
| skipping to change at line 327 ¶ | skipping to change at line 327 ¶ | |||
| In both autonomous and non-autonomous instances, the ACP is built | In both autonomous and non-autonomous instances, the ACP is built | |||
| such that it operates in the absence of the data plane. The ACP also | such that it operates in the absence of the data plane. The ACP also | |||
| operates in the presence of any (mis)configured non-autonomous | operates in the presence of any (mis)configured non-autonomous | |||
| management and/or control components in the data plane. | management and/or control components in the data plane. | |||
| The ACP serves several purposes simultaneously: | The ACP serves several purposes simultaneously: | |||
| 1. Autonomic functions communicate over the ACP. The ACP therefore | 1. Autonomic functions communicate over the ACP. The ACP therefore | |||
| directly supports Autonomic Networking functions, as described in | directly supports Autonomic Networking functions, as described in | |||
| [RFC8993]. For example, GRASP ("A GeneRic Autonomic Signaling | [RFC8993]. For example, GRASP ("GeneRic Autonomic Signaling | |||
| Protocol (GRASP)" [RFC8990]) runs securely inside the ACP and | Protocol (GRASP)" [RFC8990]) runs securely inside the ACP and | |||
| depends on the ACP as its "security and transport substrate". | depends on the ACP as its "security and transport substrate". | |||
| 2. A controller or network management system can use ACP to securely | 2. A controller or network management system can use ACP to securely | |||
| bootstrap network devices in remote locations, even if the (data | bootstrap network devices in remote locations, even if the (data | |||
| plane) network in between is not yet configured; no bootstrap | plane) network in between is not yet configured; no bootstrap | |||
| configuration that is dependent on the data plane is required. | configuration that is dependent on the data plane is required. | |||
| An example of such a secure bootstrap process is described in | An example of such a secure bootstrap process is described in | |||
| "Bootstrapping Remote Secure Key Infrastructure (BRSKI)" | "Bootstrapping Remote Secure Key Infrastructure (BRSKI)" | |||
| [RFC8995]. | [RFC8995]. | |||
| skipping to change at line 1241 ¶ | skipping to change at line 1241 ¶ | |||
| can use and require additional elements in certificates or policies | can use and require additional elements in certificates or policies | |||
| or even additional certificates. See Section 6.2.5 for the | or even additional certificates. See Section 6.2.5 for the | |||
| additional check against the id-kp-cmcRA extended key usage attribute | additional check against the id-kp-cmcRA extended key usage attribute | |||
| ("Certificate Management over CMS (CMC) Updates" [RFC6402]), and see | ("Certificate Management over CMS (CMC) Updates" [RFC6402]), and see | |||
| Appendix A.9.5 for possible future extensions. | Appendix A.9.5 for possible future extensions. | |||
| 6.2.2. ACP Certificate AcpNodeName | 6.2.2. ACP Certificate AcpNodeName | |||
| acp-node-name = local-part "@" acp-domain-name | acp-node-name = local-part "@" acp-domain-name | |||
| local-part = [ acp-address ] [ "+" rsub extensions ] | local-part = [ acp-address ] [ "+" rsub extensions ] | |||
| acp-address = 32HEXDIG / "0" ; HEXDIG as of RFC 5234, Appendix B.1 | acp-address = 32HEXDIG / "0" ; HEXDIG as of [RFC5234], Appendix B.1 | |||
| rsub = [ <subdomain> ] ; <subdomain> as of RFC 1034, Section 3.5 | rsub = [ <subdomain> ] ; <subdomain> as of [RFC1034], Section 3.5 | |||
| acp-domain-name = <domain> ; as of RFC 1034, Section 3.5 | acp-domain-name = <domain> ; as of [RFC1034], Section 3.5 | |||
| extensions = *( "+" extension ) | extensions = *( "+" extension ) | |||
| extension = 1*etext ; future standard definition. | extension = 1*etext ; future standard definition. | |||
| etext = ALPHA / DIGIT / ; Printable US-ASCII | etext = ALPHA / DIGIT / ; Printable US-ASCII | |||
| "!" / "#" / "$" / "%" / "&" / "'" / | "!" / "#" / "$" / "%" / "&" / "'" / | |||
| "*" / "-" / "/" / "=" / "?" / "^" / | "*" / "-" / "/" / "=" / "?" / "^" / | |||
| "_" / "`" / "{" / "|" / "}" / "~" | "_" / "`" / "{" / "|" / "}" / "~" | |||
| routing-subdomain = [ rsub "." ] acp-domain-name | routing-subdomain = [ rsub "." ] acp-domain-name | |||
| Figure 2: ACP Node Name ABNF | Figure 2: ACP Node Name ABNF | |||
| skipping to change at line 2986 ¶ | skipping to change at line 2986 ¶ | |||
| the L bit set to 1 (as defined in Section 3.1 of [RFC4193]). Note | the L bit set to 1 (as defined in Section 3.1 of [RFC4193]). Note | |||
| that the random hash for ACP loopback addresses uses the | that the random hash for ACP loopback addresses uses the | |||
| definition in Section 6.11.2 and not the one in [RFC4193], | definition in Section 6.11.2 and not the one in [RFC4193], | |||
| Section 3.2.2. | Section 3.2.2. | |||
| * No external connectivity: the addresses do not provide access to | * No external connectivity: the addresses do not provide access to | |||
| the Internet. If a node requires further connectivity, it should | the Internet. If a node requires further connectivity, it should | |||
| use another, traditionally managed addressing scheme in parallel. | use another, traditionally managed addressing scheme in parallel. | |||
| * Addresses in the ACP are permanent and do not support temporary | * Addresses in the ACP are permanent and do not support temporary | |||
| addresses as defined in "Privacy Extensions for Stateless Address | addresses as defined in "Temporary Address Extensions for | |||
| Autoconfiguration in IPv6" [RFC4941]. | Stateless Address Autoconfiguration in IPv6" [RFC8981]. | |||
| * Addresses in the ACP are not considered sensitive on privacy | * Addresses in the ACP are not considered sensitive on privacy | |||
| grounds because ACP nodes are not expected to be end-user hosts, | grounds because ACP nodes are not expected to be end-user hosts, | |||
| and therefore ACP addresses do not represent end users or groups | and therefore ACP addresses do not represent end users or groups | |||
| of end users. All ACP nodes are in one (potentially federated) | of end users. All ACP nodes are in one (potentially federated) | |||
| administrative domain. For ACP traffic, the nodes are assumed to | administrative domain. For ACP traffic, the nodes are assumed to | |||
| be either candidate hosts or transit nodes. There are no transit | be either candidate hosts or transit nodes. There are no transit | |||
| nodes with fewer privileges to know the identity of other hosts in | nodes with fewer privileges to know the identity of other hosts in | |||
| the ACP. Therefore, ACP addresses do not need to be pseudorandom | the ACP. Therefore, ACP addresses do not need to be pseudorandom | |||
| as discussed in "Security and Privacy Considerations for IPv6 | as discussed in "Security and Privacy Considerations for IPv6 | |||
| skipping to change at line 6330 ¶ | skipping to change at line 6330 ¶ | |||
| [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol | [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol | |||
| Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, | Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, | |||
| <https://www.rfc-editor.org/info/rfc8446>. | <https://www.rfc-editor.org/info/rfc8446>. | |||
| [RFC8610] Birkholz, H., Vigano, C., and C. Bormann, "Concise Data | [RFC8610] Birkholz, H., Vigano, C., and C. Bormann, "Concise Data | |||
| Definition Language (CDDL): A Notational Convention to | Definition Language (CDDL): A Notational Convention to | |||
| Express Concise Binary Object Representation (CBOR) and | Express Concise Binary Object Representation (CBOR) and | |||
| JSON Data Structures", RFC 8610, DOI 10.17487/RFC8610, | JSON Data Structures", RFC 8610, DOI 10.17487/RFC8610, | |||
| June 2019, <https://www.rfc-editor.org/info/rfc8610>. | June 2019, <https://www.rfc-editor.org/info/rfc8610>. | |||
| [RFC8990] Bormann, C., Carpenter, B., Ed., and B. Liu, Ed., "A | [RFC8990] Bormann, C., Carpenter, B., Ed., and B. Liu, Ed., "GeneRic | |||
| GeneRic Autonomic Signaling Protocol (GRASP)", RFC 8990, | Autonomic Signaling Protocol (GRASP)", RFC 8990, | |||
| DOI 10.17487/RFC8990, May 2021, | DOI 10.17487/RFC8990, May 2021, | |||
| <https://www.rfc-editor.org/info/rfc8990>. | <https://www.rfc-editor.org/info/rfc8990>. | |||
| [RFC8995] Pritikin, M., Richardson, M., Eckert, T., Behringer, M., | [RFC8995] Pritikin, M., Richardson, M., Eckert, T., Behringer, M., | |||
| and K. Watsen, "Bootstrapping Remote Secure Key | and K. Watsen, "Bootstrapping Remote Secure Key | |||
| Infrastructure (BRSKI)", RFC 8995, DOI 10.17487/RFC8995, | Infrastructure (BRSKI)", RFC 8995, DOI 10.17487/RFC8995, | |||
| May 2021, <https://www.rfc-editor.org/info/rfc8995>. | May 2021, <https://www.rfc-editor.org/info/rfc8995>. | |||
| 13.2. Informative References | 13.2. Informative References | |||
| skipping to change at line 6383 ¶ | skipping to change at line 6383 ¶ | |||
| 802.1AB-2016, March 2016, | 802.1AB-2016, March 2016, | |||
| <https://standards.ieee.org/standard/802_1AB-2016.html>. | <https://standards.ieee.org/standard/802_1AB-2016.html>. | |||
| [MACSEC] IEEE, "IEEE Standard for Local and Metropolitan Area | [MACSEC] IEEE, "IEEE Standard for Local and Metropolitan Area | |||
| Networks: Media Access Control (MAC) Security", | Networks: Media Access Control (MAC) Security", | |||
| DOI 10.1109/IEEESTD.2006.245590, IEEE 802.1AE-2006, August | DOI 10.1109/IEEESTD.2006.245590, IEEE 802.1AE-2006, August | |||
| 2006, | 2006, | |||
| <https://standards.ieee.org/standard/802_1AE-2006.html>. | <https://standards.ieee.org/standard/802_1AE-2006.html>. | |||
| [NOC-AUTOCONFIG] | [NOC-AUTOCONFIG] | |||
| Eckert, T., "Autoconfiguration of NOC services in ACP | Eckert, T., Ed., "Autoconfiguration of NOC services in ACP | |||
| networks via GRASP", Work in Progress, Internet-Draft, | networks via GRASP", Work in Progress, Internet-Draft, | |||
| draft-eckert-anima-noc-autoconfig-00, 2 July 2018, | draft-eckert-anima-noc-autoconfig-00, 2 July 2018, | |||
| <https://tools.ietf.org/html/draft-eckert-anima-noc- | <https://tools.ietf.org/html/draft-eckert-anima-noc- | |||
| autoconfig-00>. | autoconfig-00>. | |||
| [OP-TECH] Wikipedia, "Operational technology", October 2020, | [OP-TECH] Wikipedia, "Operational technology", October 2020, | |||
| <https://en.wikipedia.org/w/ | <https://en.wikipedia.org/w/ | |||
| index.php?title=Operational_technology&oldid=986363045>. | index.php?title=Operational_technology&oldid=986363045>. | |||
| [RFC1112] Deering, S., "Host extensions for IP multicasting", STD 5, | [RFC1112] Deering, S., "Host extensions for IP multicasting", STD 5, | |||
| skipping to change at line 6487 ¶ | skipping to change at line 6487 ¶ | |||
| [RFC4607] Holbrook, H. and B. Cain, "Source-Specific Multicast for | [RFC4607] Holbrook, H. and B. Cain, "Source-Specific Multicast for | |||
| IP", RFC 4607, DOI 10.17487/RFC4607, August 2006, | IP", RFC 4607, DOI 10.17487/RFC4607, August 2006, | |||
| <https://www.rfc-editor.org/info/rfc4607>. | <https://www.rfc-editor.org/info/rfc4607>. | |||
| [RFC4610] Farinacci, D. and Y. Cai, "Anycast-RP Using Protocol | [RFC4610] Farinacci, D. and Y. Cai, "Anycast-RP Using Protocol | |||
| Independent Multicast (PIM)", RFC 4610, | Independent Multicast (PIM)", RFC 4610, | |||
| DOI 10.17487/RFC4610, August 2006, | DOI 10.17487/RFC4610, August 2006, | |||
| <https://www.rfc-editor.org/info/rfc4610>. | <https://www.rfc-editor.org/info/rfc4610>. | |||
| [RFC4941] Narten, T., Draves, R., and S. Krishnan, "Privacy | ||||
| Extensions for Stateless Address Autoconfiguration in | ||||
| IPv6", RFC 4941, DOI 10.17487/RFC4941, September 2007, | ||||
| <https://www.rfc-editor.org/info/rfc4941>. | ||||
| [RFC4985] Santesson, S., "Internet X.509 Public Key Infrastructure | [RFC4985] Santesson, S., "Internet X.509 Public Key Infrastructure | |||
| Subject Alternative Name for Expression of Service Name", | Subject Alternative Name for Expression of Service Name", | |||
| RFC 4985, DOI 10.17487/RFC4985, August 2007, | RFC 4985, DOI 10.17487/RFC4985, August 2007, | |||
| <https://www.rfc-editor.org/info/rfc4985>. | <https://www.rfc-editor.org/info/rfc4985>. | |||
| [RFC5790] Liu, H., Cao, W., and H. Asaeda, "Lightweight Internet | [RFC5790] Liu, H., Cao, W., and H. Asaeda, "Lightweight Internet | |||
| Group Management Protocol Version 3 (IGMPv3) and Multicast | Group Management Protocol Version 3 (IGMPv3) and Multicast | |||
| Listener Discovery Version 2 (MLDv2) Protocols", RFC 5790, | Listener Discovery Version 2 (MLDv2) Protocols", RFC 5790, | |||
| DOI 10.17487/RFC5790, February 2010, | DOI 10.17487/RFC5790, February 2010, | |||
| <https://www.rfc-editor.org/info/rfc5790>. | <https://www.rfc-editor.org/info/rfc5790>. | |||
| skipping to change at line 6681 ¶ | skipping to change at line 6676 ¶ | |||
| Multiple Addresses", RFC 8684, DOI 10.17487/RFC8684, March | Multiple Addresses", RFC 8684, DOI 10.17487/RFC8684, March | |||
| 2020, <https://www.rfc-editor.org/info/rfc8684>. | 2020, <https://www.rfc-editor.org/info/rfc8684>. | |||
| [RFC8739] Sheffer, Y., Lopez, D., Gonzalez de Dios, O., Pastor | [RFC8739] Sheffer, Y., Lopez, D., Gonzalez de Dios, O., Pastor | |||
| Perales, A., and T. Fossati, "Support for Short-Term, | Perales, A., and T. Fossati, "Support for Short-Term, | |||
| Automatically Renewed (STAR) Certificates in the Automated | Automatically Renewed (STAR) Certificates in the Automated | |||
| Certificate Management Environment (ACME)", RFC 8739, | Certificate Management Environment (ACME)", RFC 8739, | |||
| DOI 10.17487/RFC8739, March 2020, | DOI 10.17487/RFC8739, March 2020, | |||
| <https://www.rfc-editor.org/info/rfc8739>. | <https://www.rfc-editor.org/info/rfc8739>. | |||
| [RFC8981] Gont, F., Krishnan, S., Narten, T., and R. Draves, | ||||
| "Temporary Address Extensions for Stateless Address | ||||
| Autoconfiguration in IPv6", RFC 8981, | ||||
| DOI 10.17487/RFC8981, February 2021, | ||||
| <https://www.rfc-editor.org/info/rfc8981>. | ||||
| [RFC8992] Jiang, S., Ed., Du, Z., Carpenter, B., and Q. Sun, | [RFC8992] Jiang, S., Ed., Du, Z., Carpenter, B., and Q. Sun, | |||
| "Autonomic IPv6 Edge Prefix Management in Large-Scale | "Autonomic IPv6 Edge Prefix Management in Large-Scale | |||
| Networks", RFC 8992, DOI 10.17487/RFC8992, May 2021, | Networks", RFC 8992, DOI 10.17487/RFC8992, May 2021, | |||
| <https://www.rfc-editor.org/info/rfc8992>. | <https://www.rfc-editor.org/info/rfc8992>. | |||
| [RFC8993] Behringer, M., Ed., Carpenter, B., Eckert, T., Ciavaglia, | [RFC8993] Behringer, M., Ed., Carpenter, B., Eckert, T., Ciavaglia, | |||
| L., and J. Nobre, "A Reference Model for Autonomic | L., and J. Nobre, "A Reference Model for Autonomic | |||
| Networking", RFC 8993, DOI 10.17487/RFC8993, May 2021, | Networking", RFC 8993, DOI 10.17487/RFC8993, May 2021, | |||
| <https://www.rfc-editor.org/info/rfc8993>. | <https://www.rfc-editor.org/info/rfc8993>. | |||
| [ROLL-APPLICABILITY] | [ROLL-APPLICABILITY] | |||
| Richardson, M. C., "ROLL Applicability Statement | Richardson, M., "ROLL Applicability Statement Template", | |||
| Template", Work in Progress, Internet-Draft, draft-ietf- | Work in Progress, Internet-Draft, draft-ietf-roll- | |||
| roll-applicability-template-09, 3 May 2016, | applicability-template-09, 3 May 2016, | |||
| <https://tools.ietf.org/html/draft-ietf-roll- | <https://tools.ietf.org/html/draft-ietf-roll- | |||
| applicability-template-09>. | applicability-template-09>. | |||
| [SR] Wikipedia, "Single-root input/output virtualization", | [SR] Wikipedia, "Single-root input/output virtualization", | |||
| September 2020, <https://en.wikipedia.org/w/ | September 2020, <https://en.wikipedia.org/w/ | |||
| index.php?title=Single-root_input/ | index.php?title=Single-root_input/ | |||
| output_virtualization&oldid=978867619>. | output_virtualization&oldid=978867619>. | |||
| [TLS-DTLS13] | [TLS-DTLS13] | |||
| Rescorla, E., Tschofenig, H., and N. Modadugu, "The | Rescorla, E., Tschofenig, H., and N. Modadugu, "The | |||
| End of changes. 8 change blocks. | ||||
| 17 lines changed or deleted | 18 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||