datatracker.ietf.org
Sign in
Version 5.7.1.p2, 2014-10-29
Report a bug

Subject Key Identifier (SKI) SEcure Neighbor Discovery (SEND) Name Type Fields
RFC 6495

Internet Engineering Task Force (IETF)                       R. Gagliano
Request for Comments: 6495                                 Cisco Systems
Updates: 3971                                                S. Krishnan
Category: Standards Track                                       Ericsson
ISSN: 2070-1721                                                 A. Kukec
                                                   Enterprise Architects
                                                           February 2012

     Subject Key Identifier (SKI) SEcure Neighbor Discovery (SEND)
                            Name Type Fields

Abstract

   SEcure Neighbor Discovery (SEND) defines the Name Type field in the
   ICMPv6 Trust Anchor option.  This document specifies new Name Type
   fields based on certificate Subject Key Identifiers (SKIs).

Status of This Memo

   This is an Internet Standards Track document.

   This document is a product of the Internet Engineering Task Force
   (IETF).  It represents the consensus of the IETF community.  It has
   received public review and has been approved for publication by the
   Internet Engineering Steering Group (IESG).  Further information on
   Internet Standards is available in Section 2 of RFC 5741.

   Information about the current status of this document, any errata,
   and how to provide feedback on it may be obtained at
   http://www.rfc-editor.org/info/rfc6495.

Copyright Notice

   Copyright (c) 2012 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Gagliano, et al.             Standards Track                    [Page 1]
RFC 6495                 SEND Name Type Registry           February 2012

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . . . 2
   2.  Requirements Notation . . . . . . . . . . . . . . . . . . . . . 2
   3.  Name Type Fields in the ICMPv6 TA Option Defined in This
       Document  . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
   4.  Processing Rules for Routers  . . . . . . . . . . . . . . . . . 4
   5.  IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 4
   6.  Security Considerations . . . . . . . . . . . . . . . . . . . . 5
   7.  Normative References  . . . . . . . . . . . . . . . . . . . . . 5

1.  Introduction

   SEcure Neighbor Discovery (SEND) [RFC3971] utilizes X.509v3
   certificates that include the [RFC3779] extension for IPv6 addresses
   to certify a router's authority over an IPv6 prefix for the NDP
   (Neighbor Discovery Protocol).  The Trust Anchor (TA) option in
   Section 6.4.3 of [RFC3971] allows the identification of the Trust
   Anchor selected by the host.  In that same section, two name types
   were defined: the DER Encoded X.501 Name and a Fully Qualified Domain
   Name (FQDN).

   In any Public Key Infrastructure, the subject name of a certificate
   is only unique within each Certification Authority (CA).
   Consequently, a new option to identify TAs across CAs is needed.

   In [RFC6494], the certificate profile described in [RFC6487] is
   adopted for SEND.  In these documents, the Subject field in the
   certificates is declared to be meaningless and the subjectAltName
   field is not allowed.  On the other hand, the Subject Key Identifier
   (SKI) extension for the X.509 certificates is defined as mandatory
   and non-critical.

   This document specifies new Name Type fields in the SEND TA option
   that allows the use of the SKI X.509 extension to identify TA X.509
   certificates.  This document also defines experimental and reserved
   Name Types values.

   Finally, this document updates [RFC3971] by changing the "Trust
   Anchor option (Type 15) Name Type field" registration procedures from
   Standards Action to Standards Action or IESG Approval [RFC5226].

2.  Requirements Notation

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [RFC2119].

Gagliano, et al.             Standards Track                    [Page 2]

[include full document text]