| rfc9445xml2.original.xml | rfc9445.xml | |||
|---|---|---|---|---|
| <?xml version="1.0" encoding="US-ASCII"?> | <?xml version="1.0" encoding="UTF-8"?> | |||
| <!DOCTYPE rfc SYSTEM "rfc2629.dtd"> | ||||
| <?rfc toc="yes"?> | <!DOCTYPE rfc [ | |||
| <?rfc tocompact="yes"?> | <!ENTITY nbsp " "> | |||
| <?rfc tocdepth="3"?> | <!ENTITY zwsp "​"> | |||
| <?rfc tocindent="yes"?> | <!ENTITY nbhy "‑"> | |||
| <?rfc symrefs="yes"?> | <!ENTITY wj "⁠"> | |||
| <?rfc sortrefs="yes"?> | ]> | |||
| <?rfc comments="yes"?> | ||||
| <?rfc inline="yes"?> | <rfc xmlns:xi="http://www.w3.org/2001/XInclude" submissionType="IETF" category=" | |||
| <?rfc compact="yes"?> | std" consensus="true" docName="draft-ietf-opsawg-add-encrypted-dns-12" number="9 | |||
| <?rfc subcompact="no"?> | 445" ipr="trust200902" updates="4014" obsoletes="" xml:lang="en" tocInclude="tru | |||
| <rfc category="std" docName="draft-ietf-opsawg-add-encrypted-dns-12" | e" tocDepth="3" symRefs="true" sortRefs="true" version="3"> | |||
| ipr="trust200902" updates="4014"> | ||||
| <front> | <front> | |||
| <title abbrev="RADIUS DHCP-Options">RADIUS Extensions for DHCP Configured | ||||
| Services</title> | ||||
| <title abbrev="RADIUS DHCP Options">RADIUS Extensions for DHCP-Configured | ||||
| Services</title> | ||||
| <seriesInfo name="RFC" value="9445"/> | ||||
| <author fullname="Mohamed Boucadair" initials="M." surname="Boucadair"> | <author fullname="Mohamed Boucadair" initials="M." surname="Boucadair"> | |||
| <organization>Orange</organization> | <organization>Orange</organization> | |||
| <address> | <address> | |||
| <postal> | <postal> | |||
| <street></street> | <street/> | |||
| <city>Rennes</city> | <city>Rennes</city> | |||
| <region/> | ||||
| <region></region> | ||||
| <code>35000</code> | <code>35000</code> | |||
| <country>France</country> | <country>France</country> | |||
| </postal> | </postal> | |||
| <email>mohamed.boucadair@orange.com</email> | <email>mohamed.boucadair@orange.com</email> | |||
| </address> | </address> | |||
| </author> | </author> | |||
| <author fullname="Tirumaleswar Reddy.K" initials="T." surname="Reddy.K"> | ||||
| <author fullname="Tirumaleswar Reddy" initials="T." surname="Reddy"> | ||||
| <organization>Nokia</organization> | <organization>Nokia</organization> | |||
| <address> | <address> | |||
| <postal> | <postal> | |||
| <street></street> | <street/> | |||
| <city/> | ||||
| <city></city> | <region/> | |||
| <code/> | ||||
| <region></region> | ||||
| <code></code> | ||||
| <country>India</country> | <country>India</country> | |||
| </postal> | </postal> | |||
| <email>kondtir@gmail.com</email> | <email>kondtir@gmail.com</email> | |||
| </address> | </address> | |||
| </author> | </author> | |||
| <author fullname="Alan DeKok" initials="A." surname="DeKok"> | <author fullname="Alan DeKok" initials="A." surname="DeKok"> | |||
| <organization>FreeRADIUS</organization> | <organization>FreeRADIUS</organization> | |||
| <address> | <address> | |||
| <postal> | <postal> | |||
| <street></street> | <street/> | |||
| <city/> | ||||
| <city></city> | <region/> | |||
| <code/> | ||||
| <region></region> | <country/> | |||
| <code></code> | ||||
| <country></country> | ||||
| </postal> | </postal> | |||
| <phone/> | ||||
| <phone></phone> | ||||
| <facsimile></facsimile> | ||||
| <email>aland@freeradius.org</email> | <email>aland@freeradius.org</email> | |||
| <uri/> | ||||
| <uri></uri> | ||||
| </address> | </address> | |||
| </author> | </author> | |||
| <date year="2023" month="August"/> | ||||
| <date /> | <area>ops</area> | |||
| <workgroup>opsawg</workgroup> | <workgroup>opsawg</workgroup> | |||
| <keyword>redirection</keyword> | <keyword>redirection</keyword> | |||
| <keyword>subscriber policies</keyword> | <keyword>subscriber policies</keyword> | |||
| <keyword>differentiated service</keyword> | <keyword>differentiated service</keyword> | |||
| <keyword>DNS</keyword> | <keyword>DNS</keyword> | |||
| <keyword>DoH</keyword> | <keyword>DoH</keyword> | |||
| <keyword>DoT</keyword> | <keyword>DoT</keyword> | |||
| <keyword>DoQ</keyword> | <keyword>DoQ</keyword> | |||
| <keyword>QUIC</keyword> | <keyword>QUIC</keyword> | |||
| <keyword>Encryption</keyword> | <keyword>Encryption</keyword> | |||
| <keyword>Service delivery</keyword> | <keyword>Service delivery</keyword> | |||
| <keyword>Service provisioning</keyword> | <keyword>Service provisioning</keyword> | |||
| <keyword>service activation</keyword> | <keyword>service activation</keyword> | |||
| <keyword>policies</keyword> | <keyword>policies</keyword> | |||
| <keyword>connectivity</keyword> | <keyword>connectivity</keyword> | |||
| <abstract> | <abstract> | |||
| <t>This document specifies two new Remote Authentication Dial-In User | <t>This document specifies two new Remote Authentication Dial-In User | |||
| Service (RADIUS) attributes that carry DHCP options. The specification | Service (RADIUS) attributes that carry DHCP options. The specification | |||
| is generic and can be applicable to any service that relies upon DHCP. | is generic and can be applicable to any service that relies upon DHCP. | |||
| Both DHCPv4 and DHCPv6 configured services are covered.</t> | Both DHCPv4- and DHCPv6-configured services are covered. | |||
| </t> | ||||
| <t>Also, this document updates RFC 4014 by relaxing a constraint on | <t>Also, this document updates RFC 4014 by relaxing a constraint on | |||
| permitted RADIUS Attributes in the RADIUS Attributes DHCP suboption.<!-- | permitted RADIUS attributes in the RADIUS Attributes DHCP suboption. | |||
| </t> | ||||
| </abstract> | </abstract> | |||
| </front> | </front> | |||
| <middle> | <middle> | |||
| <section title="Introduction"> | <section numbered="true" toc="default"> | |||
| <name>Introduction</name> | ||||
| <t>In the context of broadband services, Internet Service Providers | <t>In the context of broadband services, Internet Service Providers | |||
| (ISPs) usually provide DNS resolvers to their customers. To that aim, | (ISPs) usually provide DNS resolvers to their customers. To that aim, | |||
| ISPs deploy dedicated mechanisms (e.g., DHCP <xref | ISPs deploy dedicated mechanisms (e.g., DHCP <xref target="RFC2132" | |||
| target="RFC2132"></xref> <xref target="RFC8415"></xref>, IPv6 Router | format="default"/> <xref target="RFC8415" format="default"/> and IPv6 | |||
| Advertisement <xref target="RFC4861"></xref>) to advertise a list of DNS | Router Advertisement <xref target="RFC4861" format="default"/>) to | |||
| recursive servers to their customers. Typically, the information used to | advertise a list of DNS recursive servers to their customers. Typically, | |||
| populate DHCP messages and/or IPv6 Router Advertisements relies upon | the information used to populate DHCP messages and/or IPv6 Router | |||
| specific Remote Authentication Dial-In User Service (RADIUS) <xref | Advertisements relies upon specific Remote Authentication Dial-In User | |||
| target="RFC2865"></xref> attributes, such as the DNS-Server-IPv6-Address | Service (RADIUS) <xref target="RFC2865" format="default"/> attributes, | |||
| Attribute specified in <xref target="RFC6911"></xref>.</t> | such as the DNS-Server-IPv6-Address Attribute specified in <xref | |||
| target="RFC6911" format="default"/>.</t> | ||||
| <t>With the advent of encrypted DNS (e.g., DNS-over-HTTPS (DoH) <xref | <t>With the advent of encrypted DNS (e.g., DNS over HTTPS | |||
| target="RFC8484"></xref>, DNS-over-TLS (DoT) <xref | (DoH) <xref target="RFC8484" format="default"/>, DNS over TLS (DoT) | |||
| target="RFC7858"></xref>, or DNS-over-QUIC (DoQ) <xref | <xref target="RFC7858" format="default"/>, or DNS over QUIC (DoQ) <xref | |||
| target="RFC9250"></xref>), additional means are required to provision | target="RFC9250" format="default"/>), additional means are required to | |||
| hosts with network-designated encrypted DNS. To fill that void, <xref | provision hosts with network-designated encrypted DNS. To fill that | |||
| target="I-D.ietf-add-dnr"></xref> leverages existing protocols such as | void, <xref target="I-D.ietf-add-dnr" format="default"/> leverages | |||
| DHCP to provide hosts with the required information to connect to an | existing protocols such as DHCP to provide hosts with the required | |||
| encrypted DNS resolver. However, there are no RADIUS attributes that can | information to connect to an encrypted DNS resolver. However, there are | |||
| be used to populate the discovery messages discussed in <xref | no RADIUS attributes that can be used to populate the discovery messages | |||
| target="I-D.ietf-add-dnr"></xref>. The same concern is likely to be | discussed in <xref target="I-D.ietf-add-dnr" format="default"/>. The | |||
| encountered for future services that are configured using DHCP.</t> | same concern is likely to be encountered for future services that are | |||
| configured using DHCP.</t> | ||||
| <t>This document specifies two new RADIUS attributes: DHCPv6-Options | <t>This document specifies two new RADIUS attributes: DHCPv6-Options | |||
| (<xref target="v6"></xref>) and DHCPv4-Options (<xref | (<xref target="v6" format="default"/>) and DHCPv4-Options (<xref | |||
| target="v4"></xref>) Attributes. These attributes can include DHCP | target="v4" format="default"/>). These attributes can include | |||
| options that are listed under the IANA registries that are created in | DHCP options that are listed in the "DHCPv6 Options Permitted | |||
| Sections <xref format="counter" target="drv6-reg"></xref> and <xref | in the RADIUS DHCPv6-Options Attribute" registry (<xref format="default" targ | |||
| format="counter" target="drv4-reg"></xref>. These two attributes are | et="drv6-reg"/>) and the "DHCP Options Permitted | |||
| specified in order to accommodate both IPv4 and IPv6 deployment contexts | in the RADIUS DHCPv4-Options Attribute" registry (<xref | |||
| while taking into account the constraints in <xref section="3.4" | format="default" target="drv4-reg"/>). These two attributes are specified | |||
| target="RFC6158"></xref>.</t> | in order to accommodate both IPv4 and IPv6 deployment contexts while | |||
| taking into account the constraints in <xref section="3.4" | ||||
| target="RFC6158" format="default"/>.</t> | ||||
| <t>The mechanism specified in this document is a generic mechanism and | <t>The mechanism specified in this document is a generic mechanism and | |||
| might be employed in network scenarios where the DHCP server and the | might be employed in network scenarios where the DHCP server and the | |||
| RADIUS client are located in the same device. The new attributes can | RADIUS client are located in the same device. The new attributes can | |||
| also be used in deployments that rely upon the mechanisms defined in | also be used in deployments that rely upon the mechanisms defined in | |||
| <xref target="RFC4014"></xref> or <xref target="RFC7037"></xref>, which | <xref target="RFC4014" format="default"/> or <xref target="RFC7037" format ="default"/>, which | |||
| allow a DHCP relay agent that is collocated with a RADIUS client to pass | allow a DHCP relay agent that is collocated with a RADIUS client to pass | |||
| attributes obtained from a RADIUS server to a DHCP server. However, an | attributes obtained from a RADIUS server to a DHCP server. However, an | |||
| update to <xref target="RFC4014"></xref> is required so that a DHCP | update to <xref target="RFC4014" format="default"/> is required so that a DHCP | |||
| relay agent can pass the DHCPv4-Options Attribute obtained from a RADIUS | relay agent can pass the DHCPv4-Options Attribute obtained from a RADIUS | |||
| server to a DHCP server (<xref target="RAD"></xref>).</t> | server to a DHCP server (<xref target="RAD" format="default"/>).</t> | |||
| <t>DHCP options that are included in the new RADIUS attributes can be | <t>DHCP options that are included in the new RADIUS attributes can be | |||
| controlled by a deployment specific policy. Discussing such a policy is | controlled by a deployment-specific policy. Discussing such a policy is | |||
| out of scope.</t> | out of scope.</t> | |||
| <t>This document adheres to <xref target="RFC8044" format="default"/> for | ||||
| <t>This document adheres to <xref target="RFC8044"></xref> for defining | defining | |||
| the new attributes.</t> | the new attributes.</t> | |||
| <t>A sample deployment usage of the RADIUS DHCPv6-Options and DHCPv4-Optio | ||||
| <t>A sample deployment usage of the DHCPv6-Options and DHCPv4-Options | ns | |||
| RADIUS attributes is described in <xref target="sample"></xref>.</t> | Attributes is described in <xref target="sample" format="default"/>.</t> | |||
| </section> | </section> | |||
| <section numbered="true" toc="default"> | ||||
| <section title="Terminology"> | <name>Terminology</name> | |||
| <t>The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | <t> | |||
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and | The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQU | |||
| "OPTIONAL" in this document are to be interpreted as described in BCP 14 | IRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL | |||
| <xref target="RFC2119"></xref> <xref target="RFC8174"></xref> when, and | NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14> | |||
| only when, they appear in all capitals, as shown here.</t> | RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>", | |||
| "<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are to | ||||
| <t>This document makes use of the terms defined in <xref | be interpreted as | |||
| target="RFC2865"></xref>, <xref target="RFC8415"></xref>, and <xref | described in BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/> | |||
| target="RFC8499"></xref>. The following additional terms are used: <list | when, and only when, they appear in all capitals, as shown here. | |||
| style="hanging"> | </t> | |||
| <t hangText="DHCP:">refers to both DHCPv4 <xref | <t>This document makes use of the terms defined in <xref target="RFC2865" | |||
| target="RFC2132"></xref> and DHCPv6 <xref | format="default"/>, <xref target="RFC8415" format="default"/>, and <xref target= | |||
| target="RFC8415"></xref>.</t> | "RFC8499" format="default"/>. The following additional terms are used: </t> | |||
| <dl newline="false" spacing="normal"> | ||||
| <t hangText="Encrypted DNS:">refers to a scheme where DNS exchanges | <dt>DHCP:</dt> | |||
| are transported over an encrypted channel. Examples of encrypted DNS | <dd>refers to both DHCPv4 <xref target="RFC2132" format="default"/> | |||
| are DoT, DoH, and DoQ.</t> | and DHCPv6 <xref target="RFC8415" format="default"/>.</dd> | |||
| <dt>Encrypted DNS:</dt> | ||||
| <t hangText="Encrypted DNS resolver:">refers to a resolver (<xref | <dd>refers to a scheme where DNS exchanges are transported over an | |||
| section="6" target="RFC8499"></xref>) that supports encrypted | encrypted channel. Examples of encrypted DNS are DoT, DoH, and | |||
| DNS.</t> | DoQ.</dd> | |||
| <dt>Encrypted DNS resolver:</dt> | ||||
| <t hangText="DHCP*-Options:">refers to DHCPv4-Options and | <dd>refers to a resolver (<xref section="6" target="RFC8499" | |||
| DHCPv6-Options Attributes (<xref target="att"></xref>).</t> | format="default"/>) that supports encrypted DNS.</dd> | |||
| </list></t> | <dt>DHCP*-Options:</dt> | |||
| <dd>refers to the DHCPv4-Options and DHCPv6-Options Attributes (<xref | ||||
| target="att" format="default"/>).</dd> | ||||
| </dl> | ||||
| </section> | </section> | |||
| <section anchor="att" title="DHCP Options RADIUS Attributes"> | <section anchor="att" numbered="true" toc="default"> | |||
| <name>RADIUS DHCP Options Attributes</name> | ||||
| <t>This section specifies two new RADIUS attributes for RADIUS clients | <t>This section specifies two new RADIUS attributes for RADIUS clients | |||
| and servers to exchange DHCP-encoded data. This data is then used to | and servers to exchange DHCP-encoded data. This data is then used to | |||
| feed the DHCP procedure between a DHCP client and a DHCP server.</t> | feed the DHCP procedure between a DHCP client and a DHCP server.</t> | |||
| <t>Both the DHCPv4-Options and DHCPv6-Options Attributes use the "Long | ||||
| <t>Both DHCPv4-Options and DHCPv6-Options Attributes use the "Long | Extended Type" format (<xref section="2.2" target="RFC6929" format="defaul | |||
| Extended Type" format (<xref section="2.2" target="RFC6929"></xref>). | t"/>). | |||
| The description of the fields is provided in Sections <xref | The description of the fields is provided in Sections <xref format="counte | |||
| format="counter" target="v6"></xref> and <xref format="counter" | r" target="v6"/> and <xref format="counter" target="v4"/>.</t> | |||
| target="v4"></xref>.</t> | ||||
| <t>These attributes use the "Long Extended Type" format in order to | <t>These attributes use the "Long Extended Type" format in order to | |||
| permit the transport of attributes encapsulating more than 253 octets of | permit the transport of attributes encapsulating more than 253 octets of | |||
| data. DHCP options that can be included in the DHCP*-Options RADIUS | data. DHCP options that can be included in the RADIUS DHCP*-Options | |||
| attributes are limited by the maximum packet size of 4096 bytes (<xref | Attributes are limited by the maximum packet size of 4096 bytes (<xref sec | |||
| section="3" target="RFC2865"></xref>). In order to accommodate | tion="3" target="RFC2865" format="default"/>). In order to accommodate | |||
| deployments with large DHCP options, RADIUS implementations are | deployments with large DHCP options, RADIUS implementations are | |||
| RECOMMENDED to support a packet size up to 65535 bytes. Such a | <bcp14>RECOMMENDED</bcp14> to support a packet size up to 65535 bytes. Suc h a | |||
| recommendation can be met if RADIUS implementations support a mechanism | recommendation can be met if RADIUS implementations support a mechanism | |||
| that relaxes the 4096 bytes limit (e.g., <xref target="RFC7499"></xref> | that relaxes the limit of 4096 bytes (e.g., the mechanisms described in <x | |||
| or <xref target="RFC7930"></xref>).</t> | ref target="RFC7499" format="default"/> | |||
| or <xref target="RFC7930" format="default"/>).</t> | ||||
| <t>The value fields of DHCP*-Options Attributes are encoded in clear and | <t>The Value fields of the DHCP*-Options Attributes are encoded in the cle | |||
| not encrypted as, for example, Tunnel-Password Attribute <xref | ar and | |||
| target="RFC2868"></xref>.</t> | not encrypted like, for example, the Tunnel-Password Attribute <xref targe | |||
| t="RFC2868" format="default"/>.</t> | ||||
| <t>RADIUS implementations may support a configuration parameter to | <t>RADIUS implementations may support a configuration parameter to | |||
| control the DHCP options that can be included in a DHCP*-Options RADIUS | control the DHCP options that can be included in a RADIUS DHCP*-Options | |||
| attribute. Likewise, DHCP server implementations may support a | Attribute. Likewise, DHCP server implementations may support a | |||
| configuration parameter to control the permitted DHCP options in a | configuration parameter to control the permitted DHCP options in a | |||
| DHCP*-Options RADIUS attribute. Absent explicit configuration, RADIUS | RADIUS DHCP*-Options Attribute. Absent explicit configuration, RADIUS | |||
| implementations and DHCP server implementations SHOULD ignore | implementations and DHCP server implementations <bcp14>SHOULD</bcp14> igno | |||
| non-permitted DHCP options received in a DHCP*-Options RADIUS | re | |||
| attribute.</t> | non-permitted DHCP options received in a RADIUS DHCP*-Options | |||
| Attribute.</t> | ||||
| <t>RADIUS supplied data is specific configuration data that is returned | <t>RADIUS-supplied data is specific configuration data that is returned | |||
| as a function of authentication and authorization checks. As such, | as a function of authentication and authorization checks. As such, | |||
| absent any explicit configuration on the DHCP server, RADIUS supplied | absent any explicit configuration on the DHCP server, RADIUS-supplied | |||
| data by means of DHCP*-Options Attributes take precedence over any local | data by means of the DHCP*-Options Attributes take precedence over any loc | |||
| al | ||||
| configuration.</t> | configuration.</t> | |||
| <t>These attributes are defined with globally unique names. The naming | <t>These attributes are defined with globally unique names. The naming | |||
| of the attributes follows the guidelines in Section 2.7.1 of <xref | of the attributes follows the guidelines in <xref target="RFC6929" section | |||
| target="RFC6929"></xref>. Invalid attributes are handled as per Section | ="2.7.1" sectionFormat="of"/>. Invalid attributes are handled as per <xref targe | |||
| 2.8 of <xref target="RFC6929"></xref>.</t> | t="RFC6929" section="2.8" sectionFormat="of"/>.</t> | |||
| <section anchor="v6" numbered="true" toc="default"> | ||||
| <section anchor="v6" title="DHCPv6-Options Attribute"> | <name>DHCPv6-Options Attribute</name> | |||
| <t>This attribute is of type "string" as defined in <xref | <t>This attribute is of type "string" as defined in <xref section="3.5" | |||
| section="3.5" target="RFC8044"></xref>.</t> | target="RFC8044" format="default"/>.</t> | |||
| <t>The DHCPv6-Options Attribute <bcp14>MAY</bcp14> appear in a RADIUS Ac | ||||
| <t>The DHCPv6-Options Attribute MAY appear in a RADIUS Access-Accept | cess-Accept | |||
| packet. It MAY also appear in a RADIUS Access-Request packet as a hint | packet. It <bcp14>MAY</bcp14> also appear in a RADIUS Access-Request pac | |||
| ket as a hint | ||||
| to the RADIUS server to indicate a preference. However, the server is | to the RADIUS server to indicate a preference. However, the server is | |||
| not required to honor such a preference.</t> | not required to honor such a preference.</t> | |||
| <t>The DHCPv6-Options Attribute <bcp14>MAY</bcp14> appear in a RADIUS Co | ||||
| <t>The DHCPv6-Options Attribute MAY appear in a RADIUS CoA-Request | A-Request | |||
| packet.</t> | packet.</t> | |||
| <t>The DHCPv6-Options Attribute <bcp14>MAY</bcp14> appear in a RADIUS | ||||
| <t>The DHCPv6-Options Attribute MAY appear in a RADIUS | ||||
| Accounting-Request packet.</t> | Accounting-Request packet.</t> | |||
| <t>The DHCPv6-Options Attribute <bcp14>MUST NOT</bcp14> appear in any ot | ||||
| <t>The DHCPv6-Options Attribute MUST NOT appear in any other RADIUS | her RADIUS | |||
| packet.</t> | packet.</t> | |||
| <t>The DHCPv6-Options Attribute is structured as follows:</t> | <t>The DHCPv6-Options Attribute is structured as follows:</t> | |||
| <dl newline="true" spacing="normal"> | ||||
| <t>Type<list style="empty"> | <dt>Type</dt> | |||
| <t>245</t> | <dd><t>245</t></dd> | |||
| </list></t> | <dt>Length</dt> | |||
| <dd>This field indicates the total length, in octets, of all | ||||
| <t>Length<list style="empty"> | fields of this attribute, including the Type, Length, | |||
| <t>This field indicates the total length, in octets, of all fields | Extended-Type, and Value fields.</dd> | |||
| of this attribute, including the Type, Length, Extended-Type, and | <dt>Extended-Type</dt> | |||
| "Value".</t> | <dd>3 (see <xref target="IANA-Att" format="default"/>)</dd> | |||
| </list></t> | <dt>Value</dt> | |||
| <dd><t>This field contains a list of DHCPv6 options (<xref | ||||
| <t>Extended-Type<list style="empty"> | target="RFC8415" section="21" sectionFormat="of"/>). Multiple | |||
| <t>TBA1 (see <xref target="IANA-Att"></xref>).</t> | instances of the same DHCPv6 option <bcp14>MAY</bcp14> be | |||
| </list></t> | included. If an option appears multiple times, each instance is | |||
| considered separate, and the data areas of the options <bcp14>MUST | ||||
| <t>Value<list style="empty"> | NOT</bcp14> be concatenated or otherwise combined. Consistent | |||
| <t>This field contains a list of DHCPv6 options (Section 21 of | with <xref target="RFC7227" section="17" sectionFormat="of"/>, | |||
| <xref target="RFC8415"></xref>). Multiple instances of the same | this document does not impose any option order when multiple | |||
| DHCPv6 option MAY be included. If an option appears multiple | options are present.</t> | |||
| times, each instance is considered separate and the data areas of | <t>The permitted DHCPv6 options are | |||
| the options MUST NOT be concatenated or otherwise combined. | listed in the "DHCPv6 Options Permitted | |||
| Consistent with Section 17 of <xref target="RFC7227"></xref>, this | in the RADIUS DHCPv6-Options Attribute" registry (<xref | |||
| document does not impose any option order when multiple options | format="default" target="drv6-reg"/>).</t></dd> | |||
| are present.</t> | </dl> | |||
| <t><vspace blankLines="1" /></t> | ||||
| <t>Permitted DHCPv6 options in the DHCPv6-Options Attribute are | ||||
| maintained by IANA in the registry created in <xref | ||||
| format="default" target="drv6-reg"></xref>.</t> | ||||
| </list></t> | ||||
| <t>The DHCPv6-Options Attribute is associated with the following | <t>The DHCPv6-Options Attribute is associated with the following | |||
| identifier: 245.TBA1.</t> | identifier: 245.3.</t> | |||
| </section> | </section> | |||
| <section anchor="v4" numbered="true" toc="default"> | ||||
| <section anchor="v4" title="DHCPv4-Options Attribute"> | <name>DHCPv4-Options Attribute</name> | |||
| <t>This attribute is of type "string" as defined in <xref | <t>This attribute is of type "string" as defined in <xref section="3.5" | |||
| section="3.5" target="RFC8044"></xref>.</t> | target="RFC8044" format="default"/>.</t> | |||
| <t>The DHCPv4-Options Attribute <bcp14>MAY</bcp14> appear in a RADIUS Ac | ||||
| <t>The DHCPv4-Options Attribute MAY appear in a RADIUS Access-Accept | cess-Accept | |||
| packet. It MAY also appear in a RADIUS Access-Request packet as a hint | packet. It <bcp14>MAY</bcp14> also appear in a RADIUS Access-Request pac | |||
| ket as a hint | ||||
| to the RADIUS server to indicate a preference. However, the server is | to the RADIUS server to indicate a preference. However, the server is | |||
| not required to honor such a preference.</t> | not required to honor such a preference.</t> | |||
| <t>The DHCPv4-Options Attribute <bcp14>MAY</bcp14> appear in a RADIUS Co | ||||
| <t>The DHCPv4-Options Attribute MAY appear in a RADIUS CoA-Request | A-Request | |||
| packet.</t> | packet.</t> | |||
| <t>The DHCPv4-Options Attribute <bcp14>MAY</bcp14> appear in a RADIUS | ||||
| <t>The DHCPv4-Options Attribute MAY appear in a RADIUS | ||||
| Accounting-Request packet.</t> | Accounting-Request packet.</t> | |||
| <t>The DHCPv4-Options Attribute <bcp14>MUST NOT</bcp14> appear in any ot | ||||
| <t>The DHCPv4-Options Attribute MUST NOT appear in any other RADIUS | her RADIUS | |||
| packet.</t> | packet.</t> | |||
| <t>The DHCPv4-Options Attribute is structured as follows:</t> | <t>The DHCPv4-Options Attribute is structured as follows:</t> | |||
| <dl newline="true" spacing="normal"> | ||||
| <t>Type<list style="empty"> | <dt>Type</dt> | |||
| <t>245</t> | <dd>245</dd> | |||
| </list></t> | <dt>Length</dt> | |||
| <dd>This field indicates the total length, in octets, of all fields | ||||
| <t>Length<list style="empty"> | of this attribute, including the Type, Length, Extended-Type, and | |||
| <t>This field indicates the total length, in octets, of all fields | Value fields.</dd> | |||
| of this attribute, including the Type, Length, Extended-Type, and | <dt>Extended-Type</dt> | |||
| "Value".</t> | <dd>4 (see <xref target="IANA-Att" format="default"/>)</dd> | |||
| </list></t> | <dt>Value</dt> | |||
| <dd><t>This field contains a list of DHCPv4 options. Multiple | ||||
| <t>Extended-Type<list style="empty"> | instances of the same DHCPv4 option <bcp14>MAY</bcp14> be included, | |||
| <t>TBA2 (see <xref target="IANA-Att"></xref>).</t> | especially for concatenation-requiring options that exceed the | |||
| </list></t> | maximum DHCPv4 option size of 255 octets. The mechanism specified in | |||
| <xref target="RFC3396" format="default"/> <bcp14>MUST</bcp14> be | ||||
| <t>Value<list style="empty"> | used for splitting and concatenating the instances of a | |||
| <t>This field contains a list of DHCPv4 options. Multiple | concatenation-requiring option.</t> | |||
| instances of the same DHCPv4 option MAY be included, especially | <t>The permitted DHCPv4 options are | |||
| for concatenation-requiring options that exceed the maximum DHCPv4 | listed in the "DHCP Options Permitted | |||
| option size of 255 octets. The mechanism specified in <xref | in the RADIUS DHCPv4-Options Attribute" registry (<xref format="default" | |||
| target="RFC3396"></xref> MUST be used for splitting and | target="drv4-reg"/>).</t></dd> | |||
| concatenating the instances of a concatenation-requiring | </dl> | |||
| option.</t> | ||||
| <t><vspace blankLines="1" />Permitted DHCPv4 options in the | ||||
| DHCPv4-Options Attribute are maintained by IANA in the registry | ||||
| created in <xref format="default" target="drv4-reg"></xref>.</t> | ||||
| </list></t> | ||||
| <t>The DHCPv4-Options Attribute is associated with the following | <t>The DHCPv4-Options Attribute is associated with the following | |||
| identifier: 245.TBA2.</t> | identifier: 245.4.</t> | |||
| </section> | </section> | |||
| </section> | </section> | |||
| <section anchor="RAD" numbered="true" toc="default"> | ||||
| <name>Passing RADIUS DHCP Options Attributes by DHCP Relay Agents to DHCP | ||||
| Servers</name> | ||||
| <section numbered="true" toc="default"> | ||||
| <name>Context</name> | ||||
| <t>The RADIUS Attributes DHCP suboption <xref target="RFC4014" | ||||
| format="default"/> enables a DHCPv4 relay agent to pass identification | ||||
| and authorization attributes received during RADIUS authentication to | ||||
| a DHCPv4 server. However, <xref target="RFC4014" format="default"/> | ||||
| defines a frozen set of RADIUS attributes that can be included in such | ||||
| a suboption. This limitation is suboptimal in contexts where new | ||||
| services are deployed (e.g., support of encrypted DNS <xref | ||||
| target="I-D.ietf-add-dnr" format="default"/>).</t> | ||||
| <section anchor="RAD" | <t><xref target="update" format="default"/> updates <xref | |||
| title="Passing DHCP Options RADIUS Attributes by DHCP Relay Agents | target="RFC4014" format="default"/> by relaxing that constraint and | |||
| to DHCP Servers"> | allowing additional RADIUS attributes to be tagged as permitted in the | |||
| <section title="Context"> | RADIUS Attributes DHCP suboption. The | |||
| <t>The RADIUS Attributes suboption <xref target="RFC4014"></xref> | permitted attributes are registered in the new "RADIUS Attributes | |||
| enables a DHCPv4 relay agent to pass identification and authorization | Permitted in RADIUS Attributes DHCP Suboption" registry (<xref target="IANA-R | |||
| attributes received during RADIUS authentication to a DHCPv4 server. | AD" | |||
| However, <xref target="RFC4014"></xref> defines a frozen set of RADIUS | format="default"/>). | |||
| attributes that can be included in such a suboption. This limitation | </t> | |||
| is suboptimal in contexts where new services are deployed (e.g., | ||||
| support of encrypted DNS <xref target="I-D.ietf-add-dnr"></xref>).</t> | ||||
| <t><xref target="update"></xref> updates <xref | ||||
| target="RFC4014"></xref> by relaxing that constraint and allowing to | ||||
| tag additional RADIUS attributes as permitted in the RADIUS Attributes | ||||
| DHCP suboption. <xref target="IANA-RAD"></xref> creates a new IANA | ||||
| registry to maintain the set of permitted attributes in the RADIUS | ||||
| Attributes DHCP suboption.</t> | ||||
| </section> | </section> | |||
| <section anchor="update" numbered="true" toc="default"> | ||||
| <name>Updates to RFC 4014</name> | ||||
| <t/> | ||||
| <section anchor="update1" numbered="true" toc="default"> | ||||
| <name>Section 3 of RFC 4014</name> | ||||
| <t>This document updates <xref target="RFC4014" section="3" sectionFor | ||||
| mat="of"/> | ||||
| as follows:</t> | ||||
| <section anchor="update" title="Updates to RFC 4014"> | <t>OLD:</t> | |||
| <t></t> | <blockquote><t>To avoid dependencies between the address | |||
| allocation and other state information between the RADIUS server | ||||
| and the DHCP server, the DHCP relay agent <bcp14>SHOULD</bcp14> | ||||
| include only the attributes in the table below in an instance of | ||||
| the RADIUS Attributes suboption. The table, based on the | ||||
| analysis in RFC 3580 [8], lists attributes that | ||||
| <bcp14>MAY</bcp14> be included:</t> | ||||
| <section anchor="update1" title="Section 3 of RFC 4014"> | <artwork name="" type="" align="left" alt=""><![CDATA[ | |||
| <t>This document updates Section 3 of <xref target="RFC4014"></xref> | # Attribute | |||
| as follows:<list style="hanging"> | ||||
| <t hangText="OLD:"><vspace blankLines="1" />To avoid | ||||
| dependencies between the address allocation and other state | ||||
| information between the RADIUS server and the DHCP server, the | ||||
| DHCP relay agent SHOULD include only the attributes in the table | ||||
| below in an instance of the RADIUS Attributes suboption. The | ||||
| table, based on the analysis in RFC 3580 [8], lists attributes | ||||
| that MAY be included:<vspace blankLines="1" /><figure> | ||||
| <artwork><![CDATA[ # Attribute | ||||
| --- --------- | --- --------- | |||
| 1 User-Name (RFC 2865 [3]) | 1 User-Name (RFC 2865 [3]) | |||
| 6 Service-Type (RFC 2865) | 6 Service-Type (RFC 2865) | |||
| 26 Vendor-Specific (RFC 2865) | 26 Vendor-Specific (RFC 2865) | |||
| 27 Session-Timeout (RFC 2865) | 27 Session-Timeout (RFC 2865) | |||
| 88 Framed-Pool (RFC 2869) | 88 Framed-Pool (RFC 2869) | |||
| 100 Framed-IPv6-Pool (RFC 3162 [7]) | 100 Framed-IPv6-Pool (RFC 3162 [7]) | |||
| ]]></artwork> | ]]></artwork> | |||
| </figure></t> | </blockquote> | |||
| <t hangText="NEW:"><vspace blankLines="1" />To avoid | <t>NEW:</t> | |||
| dependencies between the address allocation and other state | <blockquote><t>To avoid dependencies between the address | |||
| information between the RADIUS server and the DHCP server, the | allocation and other state information between the RADIUS server | |||
| DHCP relay agent SHOULD include only the attributes in the | and the DHCP server, the DHCP relay agent <bcp14>SHOULD</bcp14> | |||
| IANA-maintained registry (<xref target="IANA-RAD"></xref> of | only include the attributes in the "RADIUS Attributes | |||
| [This-Document]) in an instance of the RADIUS Attributes | Permitted in RADIUS Attributes DHCP Suboption" registry (<xref | |||
| suboption. The DHCP relay agent may support a configuration | target="IANA-RAD" format="default"/> of [RFC9445]) in an instance | |||
| parameter to control the attributes in a RADIUS Attributes | of the RADIUS Attributes DHCP suboption. The DHCP relay agent may | |||
| suboption.</t> | support a configuration parameter to control the attributes in a | |||
| </list></t> | RADIUS Attributes DHCP suboption.</t></blockquote> | |||
| </section> | </section> | |||
| <section anchor="update2" numbered="true" toc="default"> | ||||
| <name>Section 4 of RFC 4014</name> | ||||
| <t>This document updates <xref target="RFC4014" section="4" sectionFor | ||||
| mat="of"/> | ||||
| as follows:</t> | ||||
| <section anchor="update2" title="Section 4 of RFC 4014"> | <t>OLD:</t> | |||
| <t>This document updates Section 4 of <xref target="RFC4014"></xref> | <blockquote><t>If the relay agent relays RADIUS attributes not | |||
| as follows:<list style="hanging"> | included in the table in Section 4, the DHCP server | |||
| <t hangText="OLD:"><vspace blankLines="1" />If the relay agent | <bcp14>SHOULD</bcp14> ignore them.</t></blockquote> | |||
| relays RADIUS attributes not included in the table in Section 4, | ||||
| the DHCP server SHOULD ignore them.</t> | <t>NEW:</t> | |||
| <blockquote><t>If the relay agent relays RADIUS attributes not | ||||
| included in the "RADIUS Attributes Permitted in RADIUS Attributes DH | ||||
| CP Suboption" registry (<xref target="IANA-RAD" | ||||
| format="default"/> of [RFC9445]) and explicit | ||||
| configuration is absent, the DHCP server <bcp14>SHOULD</bcp14> ignor | ||||
| e | ||||
| them.</t></blockquote> | ||||
| <t hangText="NEW:"><vspace blankLines="1" />If the relay agent | ||||
| relays RADIUS attributes not included in the IANA-maintained | ||||
| registry (<xref target="IANA-RAD"></xref> of [This-Document]), | ||||
| and absent explicit configuration, the DHCP server SHOULD ignore | ||||
| them.</t> | ||||
| </list></t> | ||||
| </section> | </section> | |||
| </section> | </section> | |||
| </section> | </section> | |||
| <section anchor="sample" numbered="true" toc="default"> | ||||
| <section anchor="sample" | <name>An Example: Applicability to Encrypted DNS Provisioning</name> | |||
| title="An Example: Applicability to Encrypted DNS Provisioning"> | ||||
| <t>Typical deployment scenarios are similar to those described, for | <t>Typical deployment scenarios are similar to those described, for | |||
| instance, in <xref section="2" target="RFC6911"></xref>. For | instance, in <xref section="2" target="RFC6911" format="default"/>. For | |||
| illustration purposes, <xref target="ex"></xref> shows an example where | illustration purposes, <xref target="ex" format="default"/> shows an examp | |||
| le where | ||||
| a Customer Premises Equipment (CPE) is provided with an encrypted DNS | a Customer Premises Equipment (CPE) is provided with an encrypted DNS | |||
| resolver. This example assumes that the Network Access Server (NAS) | resolver. This example assumes that the Network Access Server (NAS) | |||
| embeds both RADIUS client and DHCPv6 server capabilities.</t> | embeds both RADIUS client and DHCPv6 server capabilities.</t> | |||
| <figure anchor="ex"> | ||||
| <t><figure align="center" anchor="ex" | <name>An Example of RADIUS IPv6 Encrypted DNS Exchange</name> | |||
| title="An Example of RADIUS IPv6 Encrypted DNS Exchange"> | <artwork name="" type="" align="left" alt=""><![CDATA[ | |||
| <artwork><![CDATA[+-------------+ +-------------+ | +-------------+ +-------------+ +-------+ | |||
| +-------+ | ||||
| | CPE | | NAS | | AAA | | | CPE | | NAS | | AAA | | |||
| |DHCPv6 client| |DHCPv6 server| |Server | | |DHCPv6 Client| |DHCPv6 Server| |Server | | |||
| | | |RADIUS client| | | | | | |RADIUS Client| | | | |||
| +------+------+ +------+------+ +---+---+ | +------+------+ +------+------+ +---+---+ | |||
| | | | | | | | | |||
| o-----DHCPv6 Solicit----->| | | o-----DHCPv6 Solicit----->| | | |||
| | o----Access-Request ---->| | | o----Access-Request ---->| | |||
| | | | | | | | | |||
| | |<----Access-Accept------o | | |<----Access-Accept------o | |||
| | | DHCPv6-Options | | | | DHCPv6-Options | | |||
| |<----DHCPv6 Advertise----o (OPTION_V6_DNR) | | |<----DHCPv6 Advertise----o (OPTION_V6_DNR) | | |||
| | (OPTION_V6_DNR) | | | | (OPTION_V6_DNR) | | | |||
| | | | | | | | | |||
| o-----DHCPv6 Request----->| | | o-----DHCPv6 Request----->| | | |||
| | | | | | | | | |||
| |<------DHCPv6 Reply------o | | |<------DHCPv6 Reply------o | | |||
| | (OPTION_V6_DNR) | | | | (OPTION_V6_DNR) | | | |||
| | | | | | | | | |||
| DHCPv6 RADIUS]]></artwork> | DHCPv6 RADIUS | |||
| </figure></t> | ]]></artwork> | |||
| </figure> | ||||
| <t>Upon receipt of the DHCPv6 Solicit message from a CPE, the NAS sends | <t>Upon receipt of the DHCPv6 Solicit message from a CPE, the NAS sends | |||
| a RADIUS Access-Request message to the Authentication, Authorization, | a RADIUS Access-Request message to the Authentication, Authorization, | |||
| and Accounting (AAA) server. Once the AAA server receives the request, | and Accounting (AAA) server. Once the AAA server receives the request, | |||
| it replies with an Access-Accept message (possibly after having sent a | it replies with an Access-Accept message (possibly after having sent a | |||
| RADIUS Access-Challenge message and assuming the CPE is entitled to | RADIUS Access-Challenge message and assuming the CPE is entitled to | |||
| connect to the network) that carries a list of parameters to be used for | connect to the network) that carries a list of parameters to be used for | |||
| this session, and which include the encrypted DNS information. Such an | this session, which includes the encrypted DNS information. Such | |||
| information is encoded as OPTION_V6_DNR (144) instances (<xref | information is encoded as OPTION_V6_DNR (144) instances <xref | |||
| target="I-D.ietf-add-dnr"></xref>) in the DHCPv6-Options RADIUS | target="I-D.ietf-add-dnr" format="default"/> in the RADIUS DHCPv6-Options | |||
| attribute. These instances are then used by the NAS to complete the | Attribute. These instances are then used by the NAS to complete | |||
| DHCPv6 procedure that the CPE initiated to retrieve information about | the DHCPv6 procedure that the CPE initiated to retrieve information | |||
| the encrypted DNS service to use. The Discovery of Network-designated | about the encrypted DNS service to use. The Discovery of | |||
| Resolvers (DNR) procedure defined in <xref | Network-designated Resolvers (DNR) procedure defined in <xref | |||
| target="I-D.ietf-add-dnr"></xref> is then followed between the DHCPv6 | target="I-D.ietf-add-dnr" format="default"/> is then followed between | |||
| client and the DHCPv6 server.</t> | the DHCPv6 client and the DHCPv6 server.</t> | |||
| <t>Should any encrypted DNS-related information (e.g., Authentication | <t>Should any encrypted DNS-related information (e.g., Authentication | |||
| Domain Name (ADN), IPv6 address) change, the RADIUS server sends a | Domain Name (ADN) and IPv6 address) change, the RADIUS server sends a | |||
| RADIUS Change-of-Authorization (CoA) message <xref | RADIUS Change-of-Authorization (CoA) message <xref target="RFC5176" format | |||
| target="RFC5176"></xref> that carries the DHCPv6-Options Attribute with | ="default"/> that carries the DHCPv6-Options Attribute with | |||
| the updated OPTION_V6_DNR information to the NAS. Once that message is | the updated OPTION_V6_DNR information to the NAS. Once that message is | |||
| received and validated by the NAS, it replies with a RADIUS CoA ACK | received and validated by the NAS, it replies with a RADIUS CoA ACK | |||
| message. The NAS replaces the old encrypted DNS resolver information | message. The NAS replaces the old encrypted DNS resolver information | |||
| with the new one and sends a DHCPv6 Reconfigure message which leads the | with the new one and sends a DHCPv6 Reconfigure message, which leads the | |||
| DHCPv6 client to initiate a Renew/Reply message exchange with the DHCPv6 | DHCPv6 client to initiate a Renew/Reply message exchange with the DHCPv6 | |||
| server.</t> | server.</t> | |||
| <t>In deployments where the NAS behaves as a DHCPv6 relay agent, the | <t>In deployments where the NAS behaves as a DHCPv6 relay agent, the | |||
| procedure discussed in <xref section="3" target="RFC7037"></xref> can be | procedure discussed in <xref section="3" target="RFC7037" | |||
| followed. To that aim, <xref target="urd"></xref> updates the "RADIUS | format="default"/> can be followed. | |||
| Attributes Permitted in DHCPv6 RADIUS Option" registry (<xref | ||||
| target="DHCP-RADIUS"></xref>). CoA-Requests can be used following the | ||||
| procedure specified in <xref target="RFC6977"></xref>.</t> | ||||
| <t><xref target="ex2"></xref> shows another example where a CPE is | To that aim, the "RADIUS Attributes Permitted in DHCPv6 | |||
| RADIUS Option" registry has been updated (<xref target="urd" | ||||
| format="default"/>). CoA-Requests can be used following the procedure | ||||
| specified in <xref target="RFC6977" format="default"/>.</t> | ||||
| <t><xref target="ex2" format="default"/> shows another example where a CPE | ||||
| is | ||||
| provided with an encrypted DNS resolver, but the CPE uses DHCPv4 to | provided with an encrypted DNS resolver, but the CPE uses DHCPv4 to | |||
| retrieve its encrypted DNS resolver.</t> | retrieve its encrypted DNS resolver.</t> | |||
| <figure anchor="ex2"> | ||||
| <t><figure align="center" anchor="ex2" | <name>An Example of RADIUS IPv4 Encrypted DNS Exchange</name> | |||
| title="An Example of RADIUS IPv4 Encrypted DNS Exchange"> | <artwork name="" type="" align="left" alt=""><![CDATA[ | |||
| <artwork><![CDATA[+-------------+ +-------------+ | +-------------+ +-------------+ +-------+ | |||
| +-------+ | ||||
| | CPE | | NAS | | AAA | | | CPE | | NAS | | AAA | | |||
| |DHCPv4 client| |DHCPv4 server| |Server | | |DHCPv4 Client| |DHCPv4 Server| |Server | | |||
| | | |RADIUS client| | | | | | |RADIUS Client| | | | |||
| +------+------+ +------+------+ +---+---+ | +------+------+ +------+------+ +---+---+ | |||
| | | | | | | | | |||
| o------DHCPDISCOVER------>| | | o------DHCPDISCOVER------>| | | |||
| | o----Access-Request ---->| | | o----Access-Request ---->| | |||
| | | | | | | | | |||
| | |<----Access-Accept------o | | |<----Access-Accept------o | |||
| | | DHCPv4_Options | | | | DHCPv4-Options | | |||
| |<-----DHCPOFFER----------o (OPTION_V4_DNR) | | |<-----DHCPOFFER----------o (OPTION_V4_DNR) | | |||
| | (OPTION_V4_DNR) | | | | (OPTION_V4_DNR) | | | |||
| | | | | | | | | |||
| o-----DHCPREQUEST-------->| | | o-----DHCPREQUEST-------->| | | |||
| | (OPTION_V4_DNR) | | | | (OPTION_V4_DNR) | | | |||
| | | | | | | | | |||
| |<-------DHCPACK----------o | | |<-------DHCPACK----------o | | |||
| | (OPTION_V4_DNR) | | | | (OPTION_V4_DNR) | | | |||
| | | | | | | | | |||
| DHCPv4 RADIUS]]></artwork> | DHCPv4 RADIUS | |||
| </figure></t> | ]]></artwork> | |||
| </figure> | ||||
| <t>Other deployment scenarios can be envisaged, such as returning | <t>Other deployment scenarios can be envisaged, such as returning | |||
| customized service parameters (e.g., different DoH URI Templates) as a | customized service parameters (e.g., different DoH URI Templates) as a | |||
| function of the service/policies/preferences that are set by a network | function of the service, policies, and preferences that are set by a | |||
| administrator. How an administrator indicates its | network administrator. How an administrator indicates its service, | |||
| service/policies/preferences to an AAA server is out of scope.</t> | policies, and preferences to an AAA server is out of scope.</t> | |||
| </section> | </section> | |||
| <section anchor="Security" title="Security Considerations"> | <section anchor="Security" numbered="true" toc="default"> | |||
| <t>RADIUS-related security considerations are discussed in <xref | <name>Security Considerations</name> | |||
| target="RFC2865"></xref>.</t> | <t>RADIUS-related security considerations are discussed in <xref target="R | |||
| FC2865" format="default"/>.</t> | ||||
| <t>DHCPv6-related security issues are discussed in <xref section="22" | <t>DHCPv6-related security issues are discussed in <xref section="22" targ | |||
| target="RFC8415"></xref>, while DHCPv4-related security issues are | et="RFC8415" format="default"/>, while DHCPv4-related security issues are | |||
| discussed in <xref section="7" target="RFC2131"></xref>. Security | discussed in <xref section="7" target="RFC2131" format="default"/>. Securi | |||
| ty | ||||
| considerations specific to the DHCP options that are carried in RADIUS | considerations specific to the DHCP options that are carried in RADIUS | |||
| are discussed in relevant documents that specify these options. For | are discussed in relevant documents that specify these options. For | |||
| example, security considerations (including traffic theft) are discussed | example, security considerations (including traffic theft) are discussed | |||
| in <xref section="7" target="I-D.ietf-add-dnr"></xref>.</t> | in <xref section="7" target="I-D.ietf-add-dnr" format="default"/>.</t> | |||
| <t>RADIUS servers have conventionally tolerated the input of arbitrary | <t>RADIUS servers have conventionally tolerated the input of arbitrary | |||
| data via the "string" data type (<xref section="3.5" | data via the "string" data type (<xref section="3.5" target="RFC8044" | |||
| target="RFC8044"></xref>). This practice allows RADIUS servers to | format="default"/>). This practice allows RADIUS servers to support | |||
| support newer standards without software upgrades, by allowing | newer standards without software upgrades, by allowing administrators to | |||
| administrators to manually create complex attribute content and, then, | manually create complex attribute content and then pass that content | |||
| to pass that content to a RADIUS server as opaque strings. While this | to a RADIUS server as opaque strings. While this practice is useful, it | |||
| practice is useful, it is RECOMMENDED that RADIUS servers that implement | is <bcp14>RECOMMENDED</bcp14> that RADIUS servers that implement the | |||
| the present specification are updated to understand the format and | present specification are updated to understand the format and encoding | |||
| encoding of DHCP options. Administrators can, thus, enter the DHCP | of DHCP options. Administrators can thus enter the DHCP options as | |||
| options as options instead of manually-encoded opaque strings. This | options instead of manually encoded opaque strings. This recommendation | |||
| recommendation increases security and interoperability by ensuring that | increases security and interoperability by ensuring that the options are | |||
| the options are encoded correctly. It also increases usability for | encoded correctly. It also increases usability for administrators.</t> | |||
| administrators.</t> | <t>The considerations discussed in <xref target="RFC4014" section="7" sect | |||
| ionFormat="of"/> and <xref target="RFC7037" section="8" sectionFormat="of"/> | ||||
| <t>The considerations discussed in Section 7 of <xref | ||||
| target="RFC4014"></xref> and Section 8 of <xref target="RFC7037"></xref> | ||||
| should be taken into account in deployments where DHCP relay agents pass | should be taken into account in deployments where DHCP relay agents pass | |||
| the DHCP*-Options Attributes to DHCP servers. Additional considerations | the DHCP*-Options Attributes to DHCP servers. Additional considerations | |||
| specific to the use of Reconfigure messages are discussed in <xref | specific to the use of Reconfigure messages are discussed in <xref section | |||
| section="9" target="RFC6977"></xref>.</t> | ="9" target="RFC6977" format="default"/>.</t> | |||
| </section> | ||||
| <section title="Table of Attributes"> | ||||
| <t>The following table provides a guide as what type of RADIUS packets | ||||
| that may contain these attributes, and in what quantity.</t> | ||||
| <t><figure> | ||||
| <artwork><![CDATA[Access- Access- Access- Challenge Acct. # | ||||
| Attribute | ||||
| Request Accept Reject Request | ||||
| 0+ 0+ 0 0 0+ 245.TBA1 DHCPv6-Options | ||||
| 0+ 0+ 0 0 0+ 245.TBA2 DHCPv4-Options | ||||
| CoA-Request CoA-ACK CoA-NACK # Attribute | ||||
| 0+ 0 0 245.TBA1 DHCPv6-Options | ||||
| 0+ 0 0 245.TBA2 DHCPv4-Options | ||||
| ]]></artwork> | ||||
| </figure></t> | ||||
| <t>The following table defines the meaning of the above table | ||||
| entries:<figure> | ||||
| <artwork><![CDATA[ 0 This attribute MUST NOT be present in packet. | ||||
| 0+ Zero or more instances of this attribute MAY be present in packet. | ||||
| ]]></artwork> | ||||
| </figure></t> | ||||
| </section> | </section> | |||
| <section numbered="true" toc="default"> | ||||
| <name>Table of Attributes</name> | ||||
| <t>The following table provides a guide as to what type of RADIUS packets | ||||
| may contain these attributes and in what quantity.</t> | ||||
| <section anchor="IANA" title="IANA Considerations"> | <table align="left" anchor="attributes-table"> | |||
| <section anchor="IANA-Att" title="New RADIUS Attributes"> | <name>Table of Attributes</name> | |||
| <t>IANA is requested to assign two new RADIUS attribute types from the | <thead> | |||
| IANA registry "Radius Attribute Types" <xref | <tr> | |||
| target="RADIUS-Types"></xref>:</t> | <th>Access-Request</th> | |||
| <th>Access-Accept</th> | ||||
| <texttable anchor="ra" style="headers" title="New RADIUS Attributes"> | <th>Access-Reject</th> | |||
| <ttcol>Value</ttcol> | <th>Challenge</th> | |||
| <th>#</th> | ||||
| <ttcol>Description</ttcol> | <th>Attribute</th> | |||
| </tr> | ||||
| <ttcol>Data Type</ttcol> | </thead> | |||
| <tbody> | ||||
| <ttcol>Reference</ttcol> | <tr> | |||
| <td>0+</td> | ||||
| <c>245.TBA1</c> | <td>0+</td> | |||
| <td>0</td> | ||||
| <c>DHCPv6-Options</c> | <td>0</td> | |||
| <td>245.3</td> | ||||
| <c>string</c> | <td>DHCPv6-Options</td> | |||
| </tr> | ||||
| <c>This-Document</c> | <tr> | |||
| <td>0+</td> | ||||
| <td>0+</td> | ||||
| <td>0</td> | ||||
| <td>0</td> | ||||
| <td>245.4</td> | ||||
| <td>DHCPv4-Options</td> | ||||
| </tr> | ||||
| <tr> | ||||
| <th>Accounting-Request</th> | ||||
| <th>CoA-Request</th> | ||||
| <th>CoA-ACK</th> | ||||
| <th>CoA-NACK</th> | ||||
| <th>#</th> | ||||
| <th>Attribute</th> | ||||
| </tr> | ||||
| <tr> | ||||
| <td>0+</td> | ||||
| <td>0+</td> | ||||
| <td>0</td> | ||||
| <td>0</td> | ||||
| <td>245.3</td> | ||||
| <td>DHCPv6-Options</td> | ||||
| </tr> | ||||
| <tr> | ||||
| <td>0+</td> | ||||
| <td>0+</td> | ||||
| <td>0</td> | ||||
| <td>0</td> | ||||
| <td>245.4</td> | ||||
| <td>DHCPv4-Options</td> | ||||
| </tr> | ||||
| </tbody> | ||||
| </table> | ||||
| <c>245.TBA2</c> | <t>Notation for <xref target="attributes-table"/>:</t> | |||
| <c>DHCPv4-Options</c> | <dl newline="false" spacing="normal" indent="4"> | |||
| <c>string</c> | <dt>0</dt><dd>This attribute <bcp14>MUST NOT</bcp14> be present in | |||
| packet.</dd> | ||||
| <dt>0+</dt><dd>Zero or more instances of this attribute <bcp14>MAY</bcp14> | ||||
| be present in packet.</dd> | ||||
| </dl> | ||||
| <c>This-Document</c> | </section> | |||
| </texttable> | <section anchor="IANA" numbered="true" toc="default"> | |||
| <name>IANA Considerations</name> | ||||
| <t></t> | <section anchor="IANA-Att" numbered="true" toc="default"> | |||
| <name>New RADIUS Attributes</name> | ||||
| <t>IANA has assigned two new RADIUS attribute types in the | ||||
| "Radius Attribute Types" <xref target="RADIUS-Types" format="default"/> | ||||
| registry:</t> | ||||
| <table anchor="ra" align="center"> | ||||
| <name>New RADIUS Attributes</name> | ||||
| <thead> | ||||
| <tr> | ||||
| <th align="left">Value</th> | ||||
| <th align="left">Description</th> | ||||
| <th align="left">Data Type</th> | ||||
| <th align="left">Reference</th> | ||||
| </tr> | ||||
| </thead> | ||||
| <tbody> | ||||
| <tr> | ||||
| <td align="left">245.3</td> | ||||
| <td align="left">DHCPv6-Options</td> | ||||
| <td align="left">string</td> | ||||
| <td align="left">RFC 9445</td> | ||||
| </tr> | ||||
| <tr> | ||||
| <td align="left">245.4</td> | ||||
| <td align="left">DHCPv4-Options</td> | ||||
| <td align="left">string</td> | ||||
| <td align="left">RFC 9445</td> | ||||
| </tr> | ||||
| </tbody> | ||||
| </table> | ||||
| <t/> | ||||
| </section> | </section> | |||
| <section anchor="urd" numbered="true" toc="default"> | ||||
| <section anchor="urd" | <name>New RADIUS Attribute Permitted in DHCPv6 RADIUS Option</name> | |||
| title="New RADIUS Attribute Permitted in DHCPv6 RADIUS Option"> | <t>IANA has added the following entry to the "RADIUS | |||
| <t>IANA is requested to add the following entry to the "RADIUS | ||||
| Attributes Permitted in DHCPv6 RADIUS Option" subregistry in the | Attributes Permitted in DHCPv6 RADIUS Option" subregistry in the | |||
| "Dynamic Host Configuration Protocol for IPv6 (DHCPv6)" registry <xref | "Dynamic Host Configuration Protocol for IPv6 (DHCPv6)" registry <xref t | |||
| target="DHCP-RADIUS"></xref>:</t> | arget="DHCPv6" format="default"/>:</t> | |||
| <table anchor="rd" align="center"> | ||||
| <texttable anchor="rd" style="headers" | <name>New RADIUS Attribute Permitted in DHCPv6 RADIUS Option</name> | |||
| title="New RADIUS Attribute Permitted in DHCPv6 RADIUS Option | <thead> | |||
| "> | <tr> | |||
| <ttcol>Type Code</ttcol> | <th align="left">Type Code</th> | |||
| <th align="left">Attribute</th> | ||||
| <ttcol>Attribute</ttcol> | <th align="left">Reference</th> | |||
| </tr> | ||||
| <ttcol>Reference</ttcol> | </thead> | |||
| <tbody> | ||||
| <c>245.TBA1</c> | <tr> | |||
| <td align="left">245.3</td> | ||||
| <c>DHCPv6-Options</c> | <td align="left">DHCPv6-Options</td> | |||
| <td align="left">RFC 9445</td> | ||||
| <c>This-Document</c> | </tr> | |||
| </texttable> | </tbody> | |||
| </table> | ||||
| <t></t> | <t/> | |||
| </section> | </section> | |||
| <section anchor="IANA-RAD" numbered="true" toc="default"> | ||||
| <section anchor="IANA-RAD" | <name>RADIUS Attributes Permitted in RADIUS Attributes DHCP Suboption</n | |||
| title="RADIUS Attributes Permitted in RADIUS Attributes DHCP Sub- | ame> | |||
| option"> | <t>IANA has created a new subregistry entitled "RADIUS | |||
| <t>IANA is requested to create a new sub-registry entitled "RADIUS | Attributes Permitted in RADIUS Attributes DHCP Suboption" in the "Dynami | |||
| Attributes Permitted in RADIUS Attributes Sub-option" in the "Dynamic | c | |||
| Host Configuration Protocol (DHCP) and Bootstrap Protocol (BOOTP) | Host Configuration Protocol (DHCP) and Bootstrap Protocol (BOOTP) | |||
| Parameters" registry <xref target="BOOTP"></xref>.</t> | Parameters" registry <xref target="BOOTP" format="default"/>.</t> | |||
| <t>The allocation policy of this new subregistry is "Expert Review" | ||||
| <t>The allocation policy of this new sub-registry is Expert Review | (<xref target="RFC8126" section="4.5" | |||
| (Section 4.5 of <xref target="RFC8126"></xref>). Designated experts | sectionFormat="of"/>). Designated experts should carefully consider | |||
| should carefully consider the security implications of allowing the | the security implications of allowing a relay agent to include new | |||
| relay agent to include new RADIUS attributes to this registry. | RADIUS attributes in this subregistry. Additional considerations are | |||
| Additional considerations are provided in <xref | provided in <xref target="reg" format="default"/>.</t> | |||
| target="reg"></xref>.</t> | <t>The initial contents of this subregistry are listed in <xref target=" | |||
| rad-new" format="default"/>. The Reference field includes the document that | ||||
| <t>The initial content of this sub-registry is listed in <xref | registers or specifies the attribute.</t> | |||
| target="rad-new"></xref>. The reference may include the document that | <table anchor="rad-new" align="center"> | |||
| registers or specifies the Attribute.</t> | <name>Initial Contents of RADIUS Attributes Permitted in RADIUS Attrib | |||
| utes DHCP Suboption Registry</name> | ||||
| <texttable anchor="rad-new" style="headers" | <thead> | |||
| title="RADIUS Attributes Permitted in RADIUS Attributes DHCP | <tr> | |||
| Suboption"> | <th align="left">Type Code</th> | |||
| <ttcol>Type Code</ttcol> | <th align="left">Attribute</th> | |||
| <th align="left">Reference</th> | ||||
| <ttcol>Attribute</ttcol> | </tr> | |||
| </thead> | ||||
| <ttcol>Reference</ttcol> | <tbody> | |||
| <tr> | ||||
| <c>1</c> | <td align="left">1</td> | |||
| <td align="left">User-Name</td> | ||||
| <c>User-Name</c> | <td align="left"><xref target="RFC2865" format="default"/></td> | |||
| </tr> | ||||
| <c>[RFC2865]</c> | <tr> | |||
| <td align="left">6</td> | ||||
| <c>6</c> | <td align="left">Service-Type</td> | |||
| <td align="left"><xref target="RFC2865" format="default"/></td> | ||||
| <c>Service-Type</c> | </tr> | |||
| <tr> | ||||
| <c>[RFC2865]</c> | <td align="left">26</td> | |||
| <td align="left">Vendor-Specific</td> | ||||
| <c>26</c> | <td align="left"><xref target="RFC2865" format="default"/></td> | |||
| </tr> | ||||
| <c>Vendor-Specific</c> | <tr> | |||
| <td align="left">27</td> | ||||
| <c>[RFC2865]</c> | <td align="left">Session-Timeout</td> | |||
| <td align="left"><xref target="RFC2865" format="default"/></td> | ||||
| <c>27</c> | </tr> | |||
| <tr> | ||||
| <c>Session-Timeout</c> | <td align="left">88</td> | |||
| <td align="left">Framed-Pool</td> | ||||
| <c>[RFC2865]</c> | <td align="left"><xref target="RFC2869" format="default"/></td> | |||
| </tr> | ||||
| <c>88</c> | <tr> | |||
| <td align="left">100</td> | ||||
| <c>Framed-Pool</c> | <td align="left">Framed-IPv6-Pool</td> | |||
| <td align="left"><xref target="RFC3162" format="default"/></td> | ||||
| <c>[RFC2869]</c> | </tr> | |||
| <tr> | ||||
| <c>100</c> | <td align="left">245.4</td> | |||
| <td align="left">DHCPv4-Options</td> | ||||
| <c>Framed-IPv6-Pool</c> | <td align="left">RFC 9445</td> | |||
| </tr> | ||||
| <c>[RFC3162]</c> | </tbody> | |||
| </table> | ||||
| <c>245.TBA2</c> | <t/> | |||
| <c>DHCPv4-Options</c> | ||||
| <c>This-Document</c> | ||||
| </texttable> | ||||
| <t></t> | ||||
| </section> | </section> | |||
| <section numbered="true" toc="default"> | ||||
| <section title="DHCP Options Permitted in the RADIUS DHCP*-Options Attribu | <name>DHCP Options Permitted in the RADIUS DHCP*-Options Attributes</nam | |||
| te"> | e> | |||
| <t></t> | <t/> | |||
| <section anchor="drv6-reg" numbered="true" toc="default"> | ||||
| <section anchor="drv6-reg" title="DHCPv6"> | <name>DHCPv6</name> | |||
| <t>IANA is requested to create a new sub-registry entitled "DHCPv6 | <t>IANA has created a new subregistry entitled "DHCPv6 | |||
| Options Permitted in the RADIUS DHCPv6-Options Attribute" in the | Options Permitted in the RADIUS DHCPv6-Options Attribute" in the | |||
| "Dynamic Host Configuration Protocol for IPv6 (DHCPv6)" registry | "Dynamic Host Configuration Protocol for IPv6 (DHCPv6)" registry | |||
| <xref target="DHCP-RADIUS"></xref>.</t> | <xref target="DHCPv6" format="default"/>.</t> | |||
| <t>The registration policy for this new subregistry is "Expert | ||||
| <t>The registration policy for this new sub-registry is Expert | Review" (<xref target="RFC8126" section="4.5" | |||
| Review (Section 4.5 of <xref target="RFC8126"></xref>). See more | sectionFormat="of"/>). See more details in <xref target="reg" | |||
| details in <xref target="reg"></xref>.</t> | format="default"/>.</t> | |||
| <t>The initial content of this subregistry is listed in <xref | ||||
| <t>The initial content of this sub-registry is listed in <xref | target="drv6" format="default"/>. The Value and Description fields | |||
| target="drv6"></xref>. The Value and Description fields echo those | echo those in the "Option Codes" subregistry of <xref | |||
| of <xref target="DHCPv6"></xref>. The reference may include the | target="DHCPv6" format="default"/>. The Reference field includes the | |||
| document that registers the option or the document that specifies | document that registers or specifies the option.</t> | |||
| the option.</t> | <table anchor="drv6" align="center"> | |||
| <name>Initial Content of DHCPv6 Options Permitted in the RADIUS DHCP | ||||
| <texttable anchor="drv6" style="headers" | v6-Options Attribute Registry</name> | |||
| title="Initial DHCPv6 Options Permitted in the RADIUS DHCPv | <thead> | |||
| 6-Options Attribute"> | <tr> | |||
| <ttcol>Value</ttcol> | <th align="left">Value</th> | |||
| <th align="left">Description</th> | ||||
| <ttcol>Description</ttcol> | <th align="left">Reference</th> | |||
| </tr> | ||||
| <ttcol>Reference</ttcol> | </thead> | |||
| <tbody> | ||||
| <c>144</c> | <tr> | |||
| <td align="left">144</td> | ||||
| <c>OPTION_V6_DNR</c> | <td align="left">OPTION_V6_DNR</td> | |||
| <td align="left">RFC 9445</td> | ||||
| <c>This-Document</c> | </tr> | |||
| </texttable> | </tbody> | |||
| </table> | ||||
| <t></t> | <t/> | |||
| </section> | </section> | |||
| <section anchor="drv4-reg" numbered="true" toc="default"> | ||||
| <section anchor="drv4-reg" title="DHCPv4"> | <name>DHCPv4</name> | |||
| <t>IANA is requested to create a new sub-registry entitled "DHCP | <t>IANA has created a new subregistry entitled "DHCP | |||
| Options Permitted in the RADIUS DHCPv4-Options Attribute" in the | Options Permitted in the RADIUS DHCPv4-Options Attribute" in the | |||
| "Dynamic Host Configuration Protocol (DHCP) and Bootstrap Protocol | "Dynamic Host Configuration Protocol (DHCP) and Bootstrap Protocol | |||
| (BOOTP) Parameters" registry <xref target="BOOTP"></xref>.</t> | (BOOTP) Parameters" registry <xref target="BOOTP" format="default"/>.< | |||
| /t> | ||||
| <t>The registration policy for this new sub-registry is Expert | <t>The registration policy for this new subregistry is Expert | |||
| Review (Section 4.5 of <xref target="RFC8126"></xref>). See more | Review (<xref target="RFC8126" section="4.5" sectionFormat="of"/>). Se | |||
| details in <xref target="reg"></xref>.</t> | e more | |||
| details in <xref target="reg" format="default"/>.</t> | ||||
| <t>The initial content of this sub-registry is listed in <xref | <t>The initial content of this subregistry is listed in <xref | |||
| target="drv4"></xref>. The Tag and Name fields echo those of <xref | target="drv4" format="default"/>. The Tag and Name fields echo those | |||
| target="BOOTP"></xref>. The reference may include the document that | in the "BOOTP Vendor Extensions and DHCP Options" subregistry of | |||
| registers the option or the document that specifies the option.</t> | <xref target="BOOTP" format="default"/>. The Reference field | |||
| includes the document that registers or specifies the option.</t> | ||||
| <texttable anchor="drv4" style="headers" | <table anchor="drv4" align="center"> | |||
| title="Initial DHCPv4 Options Permitted in the RADIUS DHCPv | <name>Initial Content of DHCPv4 Options Permitted in the RADIUS DHCP | |||
| 4-Options Attribute"> | v4-Options Attribute Registry</name> | |||
| <ttcol>Tag</ttcol> | <thead> | |||
| <tr> | ||||
| <ttcol>Name</ttcol> | <th align="left">Tag</th> | |||
| <th align="left">Name</th> | ||||
| <ttcol>Reference</ttcol> | <th align="left">Reference</th> | |||
| </tr> | ||||
| <c>162</c> | </thead> | |||
| <tbody> | ||||
| <c>OPTION_V4_DNR</c> | <tr> | |||
| <td align="left">162</td> | ||||
| <c>This-Document</c> | <td align="left">OPTION_V4_DNR</td> | |||
| </texttable> | <td align="left">RFC 9445</td> | |||
| </tr> | ||||
| <t></t> | </tbody> | |||
| </table> | ||||
| <t/> | ||||
| </section> | </section> | |||
| <section anchor="reg" numbered="true" toc="default"> | ||||
| <section anchor="reg" title="Guidelines for the Designated Experts"> | <name>Guidelines for the Designated Experts</name> | |||
| <t>It is suggested that multiple designated experts be appointed for | <t>It is suggested that multiple designated experts be appointed for | |||
| registry change requests.</t> | registry change requests.</t> | |||
| <t>Criteria that should be applied by the designated experts include | <t>Criteria that should be applied by the designated experts include | |||
| determining whether the proposed registration duplicates existing | determining whether the proposed registration duplicates existing | |||
| entries and whether the registration description is clear and fits | entries and whether the registration description is clear and fits | |||
| the purpose of this registry.</t> | the purpose of this registry.</t> | |||
| <t>Registration requests are to be sent to | <t>Registration requests are to be sent to | |||
| radius-dhcp-review@ietf.org and are evaluated within a three-week | <radius-dhcp-review@ietf.org> and are evaluated within a three-w eek | |||
| review period on the advice of one or more designated experts. | review period on the advice of one or more designated experts. | |||
| Within the review period, the designated experts will either approve | Within the review period, the designated experts will either approve | |||
| or deny the registration request, communicating this decision to the | or deny the registration request, communicating this decision to the | |||
| review list and IANA. Denials should include an explanation and, if | review list and IANA. Denials should include an explanation and, if | |||
| applicable, suggestions as to how to make the request | applicable, suggestions as to how to make the request | |||
| successful.</t> | successful.</t> | |||
| </section> | </section> | |||
| </section> | </section> | |||
| </section> | </section> | |||
| <section anchor="Acknowledgements" title="Acknowledgements"> | ||||
| <t>Thanks to Christian Jacquenet, Neil Cook, Joe Clarke, Qin Wu, Dirk | ||||
| von-Hugo, Tom Petch, and Chongfeng Xie for the review and | ||||
| suggestions.</t> | ||||
| <t>Thanks to Ben Schwartz and Bernie Volz for the comments.</t> | ||||
| <t>Thanks to Rob Wilton for the careful AD review.</t> | ||||
| <t>Thanks to Ralf Weber for the dnsdir reviews, Robert Sparks for genart | ||||
| review, and Tatuya Jinmei for the int-dir review.</t> | ||||
| <t>Thanks to Eric Vyncke, Paul Wouters, and Warren Kumari for the IESG | ||||
| review.</t> | ||||
| </section> | ||||
| </middle> | </middle> | |||
| <back> | <back> | |||
| <references title="Normative References"> | ||||
| <?rfc include="reference.RFC.2119"?> | ||||
| <?rfc include='reference.RFC.2865'?> | <displayreference target="I-D.ietf-add-dnr" to="DNR"/> | |||
| <?rfc include='reference.RFC.6158'?> | <references> | |||
| <name>References</name> | ||||
| <references> | ||||
| <name>Normative References</name> | ||||
| <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.2 | ||||
| 119.xml"/> | ||||
| <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.2 | ||||
| 865.xml"/> | ||||
| <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.6 | ||||
| 158.xml"/> | ||||
| <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8 | ||||
| 044.xml"/> | ||||
| <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8 | ||||
| 174.xml"/> | ||||
| <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.6 | ||||
| 929.xml"/> | ||||
| <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8 | ||||
| 415.xml"/> | ||||
| <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8 | ||||
| 126.xml"/> | ||||
| <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.4 | ||||
| 014.xml"/> | ||||
| <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.3 | ||||
| 396.xml"/> | ||||
| </references> | ||||
| <references> | ||||
| <name>Informative References</name> | ||||
| <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8 | ||||
| 499.xml"/> | ||||
| <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.6 | ||||
| 911.xml"/> | ||||
| <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.5 | ||||
| 176.xml"/> | ||||
| <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8 | ||||
| 484.xml"/> | ||||
| <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7 | ||||
| 858.xml"/> | ||||
| <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9 | ||||
| 250.xml"/> | ||||
| <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.2 | ||||
| 868.xml"/> | ||||
| <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.2 | ||||
| 869.xml"/> | ||||
| <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.3 | ||||
| 162.xml"/> | ||||
| <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.4 | ||||
| 861.xml"/> | ||||
| <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.2 | ||||
| 132.xml"/> | ||||
| <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.2 | ||||
| 131.xml"/> | ||||
| <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7 | ||||
| 037.xml"/> | ||||
| <?rfc include='reference.RFC.8044'?> | <!-- [I-D.ietf-add-dnr] IESG state RFC Ed Queue. Updated to long version because missing editor role for Boucadair --> | |||
| <?rfc include='reference.RFC.8174'?> | <reference anchor="I-D.ietf-add-dnr" target="https://datatracker.ietf.org/doc/ht | |||
| ml/draft-ietf-add-dnr-16"> | ||||
| <front> | ||||
| <title>DHCP and Router Advertisement Options for the Discovery of Network-design | ||||
| ated Resolvers (DNR)</title> | ||||
| <author initials="M." surname="Boucadair" fullname="Mohamed Boucadair" role="edi | ||||
| tor"> | ||||
| <organization>Orange</organization> | ||||
| </author> | ||||
| <author initials="T." surname="Reddy.K" fullname="Tirumaleswar Reddy.K" role="ed | ||||
| itor"> | ||||
| <organization>Nokia</organization> | ||||
| </author> | ||||
| <author initials="D." surname="Wing" fullname="Dan Wing"> | ||||
| <organization>Citrix Systems, Inc.</organization> | ||||
| </author> | ||||
| <author initials="N." surname="Cook" fullname="Neil Cook"> | ||||
| <organization>Open-Xchange</organization> | ||||
| </author> | ||||
| <author initials="T." surname="Jensen" fullname="Tommy Jensen"> | ||||
| <organization>Microsoft</organization> | ||||
| </author> | ||||
| <date month="April" day="27" year="2023"/> | ||||
| </front> | ||||
| <seriesInfo name="Internet-Draft" value="draft-ietf-add-dnr-16"/> | ||||
| </reference> | ||||
| <?rfc include='reference.RFC.6929'?> | <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7 | |||
| 227.xml"/> | ||||
| <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7 | ||||
| 930.xml"/> | ||||
| <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7 | ||||
| 499.xml"/> | ||||
| <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.6 | ||||
| 977.xml"/> | ||||
| <?rfc include='reference.RFC.8415'?> | <reference anchor="RADIUS-Types" target="http://www.iana.org/assignments | |||
| /radius-types"> | ||||
| <front> | ||||
| <title>RADIUS Types</title> | ||||
| <author> | ||||
| <organization>IANA</organization> | ||||
| </author> | ||||
| <date/> | ||||
| </front> | ||||
| </reference> | ||||
| <?rfc include='reference.RFC.8126'?> | <reference anchor="DHCPv6" target="https://www.iana.org/assignments/dhcp | |||
| v6-parameters"> | ||||
| <front> | ||||
| <title>Dynamic Host Configuration Protocol for IPv6 (DHCPv6)</title> | ||||
| <author> | ||||
| <organization>IANA</organization> | ||||
| </author> | ||||
| <date/> | ||||
| </front> | ||||
| </reference> | ||||
| <?rfc include='reference.RFC.4014'?> | <reference anchor="BOOTP" target="https://www.iana.org/assignments/bootp | |||
| -dhcp-parameters"> | ||||
| <front> | ||||
| <title>Dynamic Host Configuration Protocol (DHCP) and Bootstrap | ||||
| Protocol (BOOTP) Parameters</title> | ||||
| <author> | ||||
| <organization>IANA</organization> | ||||
| </author> | ||||
| <date/> | ||||
| </front> | ||||
| </reference> | ||||
| <?rfc include='reference.RFC.3396'?> | </references> | |||
| </references> | </references> | |||
| <references title="Informative References"> | <section anchor="Acknowledgements" numbered="false" toc="default"> | |||
| <?rfc include='reference.RFC.8499'?> | <name>Acknowledgements</name> | |||
| <t>Thanks to <contact fullname="Christian Jacquenet"/>, <contact | ||||
| <?rfc include='reference.RFC.6911'?> | fullname="Neil Cook"/>, <contact fullname="Joe Clarke"/>, <contact | |||
| fullname="Qin Wu"/>, <contact fullname="Dirk von-Hugo"/>, <contact | ||||
| <?rfc include='reference.RFC.5176'?> | fullname="Tom Petch"/>, and <contact fullname="Chongfeng Xie"/> for the | |||
| review and suggestions.</t> | ||||
| <?rfc include='reference.RFC.8484'?> | <t>Thanks to <contact fullname="Ben Schwartz"/> and <contact | |||
| fullname="Bernie Volz"/> for the comments.</t> | ||||
| <?rfc include='reference.RFC.7858'?> | <t>Thanks to <contact fullname="Rob Wilton"/> for the careful AD | |||
| review.</t> | ||||
| <?rfc include='reference.RFC.9250'?> | <t>Thanks to <contact fullname="Ralf Weber"/> for the dnsdir reviews, | |||
| <contact fullname="Robert Sparks"/> for the genart review, and <contact | ||||
| <?rfc include='reference.RFC.2868'?> | fullname="Tatuya Jinmei"/> for the intdir review.</t> | |||
| <t>Thanks to <contact fullname="Éric Vyncke"/>, <contact fullname="Paul | ||||
| <?rfc include='reference.RFC.2869'?> | Wouters"/>, and <contact fullname="Warren Kumari"/> for the IESG | |||
| review.</t> | ||||
| <?rfc include='reference.RFC.3162'?> | </section> | |||
| <?rfc include='reference.RFC.4861'?> | ||||
| <?rfc include='reference.RFC.2132'?> | ||||
| <?rfc include='reference.RFC.2131'?> | ||||
| <?rfc include='reference.RFC.7037'?> | ||||
| <?rfc include='reference.I-D.ietf-add-dnr'?> | ||||
| <?rfc include='reference.RFC.7227'?> | ||||
| <?rfc include='reference.RFC.7930'?> | ||||
| <?rfc include='reference.RFC.7499'?> | ||||
| <?rfc include='reference.RFC.6977'?> | ||||
| <reference anchor="RADIUS-Types" | ||||
| target="http://www.iana.org/assignments/radius-types"> | ||||
| <front> | ||||
| <title>RADIUS Types</title> | ||||
| <author> | ||||
| <organization>IANA</organization> | ||||
| </author> | ||||
| <date /> | ||||
| </front> | ||||
| </reference> | ||||
| <reference anchor="DHCP-RADIUS" | ||||
| target="https://www.iana.org/assignments/dhcpv6-parameters/dhcp | ||||
| v6-parameters.xhtml"> | ||||
| <front> | ||||
| <title>Dynamic Host Configuration Protocol for IPv6 (DHCPv6)</title> | ||||
| <author> | ||||
| <organization>IANA</organization> | ||||
| </author> | ||||
| <date /> | ||||
| </front> | ||||
| </reference> | ||||
| <reference anchor="BOOTP" | ||||
| target="https://www.iana.org/assignments/bootp-dhcp-parameters/ | ||||
| bootp-dhcp-parameters.xhtml"> | ||||
| <front> | ||||
| <title>Dynamic Host Configuration Protocol (DHCP) and Bootstrap | ||||
| Protocol (BOOTP) Parameters</title> | ||||
| <author> | ||||
| <organization>IANA</organization> | ||||
| </author> | ||||
| <date /> | ||||
| </front> | ||||
| </reference> | ||||
| <reference anchor="DHCPv6" | ||||
| target="https://www.iana.org/assignments/dhcpv6-parameters/dhcp | ||||
| v6-parameters.xhtml#dhcpv6-parameters-2"> | ||||
| <front> | ||||
| <title>Dynamic Host Configuration Protocol for IPv6 (DHCPv6), Option | ||||
| Codes</title> | ||||
| <author> | ||||
| <organization>IANA</organization> | ||||
| </author> | ||||
| <date /> | ||||
| </front> | ||||
| </reference> | ||||
| </references> | ||||
| </back> | </back> | |||
| </rfc> | </rfc> | |||
| End of changes. 131 change blocks. | ||||
| 734 lines changed or deleted | 757 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. | ||||