[Search] [txt|pdfized|bibtex] [Tracker] [WG] [Email] [Nits]
Versions: 00                                                            
Network Working Group                                          Subir Das
INTERNET-DRAFT                                           Anthony McAuley
Internet Engineering Task Force                   Telcordia Technologies
draft-ietf-dhc-aaa-requirements-00.txt                     Shinichi Baba
Date: March 8, 2000                                     Yasuro Shobatake
Expires: August, 2000                      Toshiba America Research Inc.

   Authentication, Authorization, and Accounting Requirements for
                    Roaming Nodes using DHCP

Status of this memo

   This document is an Internet-Draft and is in full conformance with
   all provisions of sections 10 of RFC 2026.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups. Note that
   other groups may also distribute working documents as Internet-

   Internet-Drafts are draft documents valid for a maximum of six
   months and may be updated, replaced, or obsoleted by other
   documents at any time. It is inappropriate to use Internet-
   Drafts as reference material or to cite them other than as
   "work in progress".

   The list of current Internet-Drafts can be accessed at

   The list of Internet-Draft Shadow Directories can be accessed at


   The AAA working group is currently defining the requirements for
   Authentication, Authorization, and Accounting (AAA).  This draft
   lists the AAA requirements to aid roaming nodes using a dynamic
   address configuration protocol such as DHCP. The node may or may
   not be using Mobile IP [3] (with co-located care-of-address) or other
   dynamic address binding protocol.

ITSUMO Group               Expires August 2000                 [Page 1]

Internet Draft          AAA Requirements using DHCP           March 2000

1. Introduction

   A network providing communication services to nodes from foreign
   domains, must use Authorization, Authentication, and Accounting (AAA)
   services [1,2]. A dynamically roaming node places stronger
   requirements on AAA than a static node. Moreover, next generation
   network applications will raise the requirements on IP network even
   higher. The Mobile IP [3] Working Group is currently specifying the
   requirements for a roaming node using Mobile IP with Foreign Agents
   [4]. This document specifies the requirements for a roaming node who
   obtains an address using DHCP [5] [17] or similar node configuration
   protocol (e.g., DRCP [6]).

   Recent drafts [7,8] specify how to add authentication to DHCP
   messages. This allows clients to verify DHCP servers or servers to
   verify DHCP clients. It does not, however, specify the interaction
   with a AAA protocol to allow roaming users to access networks in
   multiple administrative domains.

   The document is independent of whether the roaming node uses dynamic
   address binding. The roaming node getting an address through DHCP [5]
   and once authenticated via AAA [1, 13,14] may also use Mobile IP with
   co-located addresses, dynamic DNS updates [9,10], or any other
   dynamic address binding techniques [15,16]. The document does not
   discuss the pros and cons of how best to support roaming users, only
   to ensure that the AAA protocol is sufficiently flexible to support
   both nodes using Mobile IP with Foreign Agents and nodes using DHCP
   (with or without Mobile IP).

   Since many of the requirements for DHCP are similar to those for
   Mobile IP with Foreign Agents, we borrow heavily from the Mobile IP
   requirements document [3, 4].

1.1 Requirements Terminology

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   document are to be interpreted as described in RFC 2119 [REQ].

ITSUMO Group               Expires August 2000                 [Page 2]

Internet Draft          AAA Requirements using DHCP           March 2000

2. Basic Model

   Figure 2 shows that our general model is very much similar to that
   described in [4]. The only change is that we do not assume the AAA
   authentication is necessarily done in a home domain. We assume, more
   generally, that the roaming node authentication is done in a
   (possibly distributed) Public AAA (AAAP), which is similar to AAA
   broker model. The reasons for using the AAAP are discussed in section
   4. Each DHCP client might use a different AAAP that can check its
   credentials, or they may share the same AAAP (even if they are from
   different domains).

                        Local Domain                  Internet
                      +-------------+              +----------------+
                      |  +------+   |              |   +------+     |
                      |  | AAAL |   | AAA Protocol |   | AAAP |     |
                      |  |      +----------------------+      |     |
                      |  +---+--+   |              |   +------+     |
                      |      |      |              |                |
                      |      |      |              +----------------+
                      |      |      |
                      |      |      |
     +--------+       |  +---+---+  |
     | DHCP   |  DHCP |  | DHCP  |  |
     | Client |-------|--| Server|  |
     +--------+       |  +-------+  |         AAAP =  Public authority
                      |             |         AAAL =  local authority

            Figure 1: AAA Servers Model

    DHCP server does not have direct access to the data needed for
    authentication. So it is expected that the server will consult the
    local authority (AAAL) for verification. Since the server and the
    local authority are in the same domain it is assumed that they will
    have strong security associations. Alternatively, they may be
    co-located. On the other hand, AAAL itself may not have enough
    information stored locally to complete the transaction. However,
    AAAL is expected to be configured with enough information to
    negotiate the client's verification with corresponding AAAP.
    Sometimes client may notify its own AAAP for verification via its
    registration message (e.g., Client's NAI [11]). The local AAA and
    public AAA should have sufficient security relationships and access
    control so that they can negotiate the authorization and enable the
    client to have the requested resources. Once this is over, DHCP

ITSUMO Group               Expires August 2000                 [Page 3]

Internet Draft          AAA Requirements using DHCP           March 2000

    server will be notified about the successful negotiation and the
    server can provide the requested resources to the client. If it is
    not authorized, server will be informed to terminate the service to
    the client.

3. Requirements

     Based on the above scenarios, the following specific requirements
     for AAA can be ascertained.

    -  Either the DHCP Server and AAAL are co-located or they share a
       security relationship.

    -  The DHCP server should be configured to obtain authorization from
       a trusted local AAA server (AAAL).

    -  The local authority (AAAL) has to share, or dynamically
       establish, security relationships with public authorities (AAAP)
       that are able to check client credentials.

    -  The client must have a security association with its public
       authority (AAAP).

    -  Nobody can reconstruct and reuse the credentials that the client

    -  The DHCP  server MUST be able to terminate service to the
       client based on policy determination by the AAA server.

    -  The DHCP server should be able to handle requests for many
       clients simultaneously.

    -  The client may resend a request if it does not get a reply in
       some time, so the AAA entities must be designed to operate
       correctly and efficiently with multiple requests for the same

    -  The DHCP server has to keep state for pending client requests
       while the local authority contacts the appropriate external

    -  Support replay protection and optional non-repudiation
       capabilities for all authorization and accounting messages.

    -  AAA server need not know any IP address of the client and it
       identifies clients by other means, e.g., Network Access

ITSUMO Group               Expires August 2000                 [Page 4]

Internet Draft          AAA Requirements using DHCP           March 2000

       Identifier (NAI).

    -  Client NAI domain allows AAAL to easily determine the AAAP.

    -  The local AAA server MUST support anonymous access.

    -  There is no requirement for AAA to transport `DHCP or other
       node configuration messages'.

    -  AAA must complete in one round trip. A major component of the
       setup latency is the time taken to traverse the wide-area
       Internet that is likely to separate the AAAL and the AAAP.

    -  AAA must allow a node to register once in its domain and move
       among subnets in the same domain without requiring more AAA.
       After the initial registration, the AAAP  and AAAL would not
       be needed.

    -  Support accounting information via AAAP servers providing
       accounting clearinghouse and reconciliation between serving and
       home networks.

    -  AAA MUST support message privacy and integrity.

4. Reasons for using Public AAA

   AAA servers model in [4] shows a configuration in which the local
   and the home authority have to share trust.  This configuration
   causes a quadratic growth in the number of trust relationships as
   the number of AAA authorities (local AAA and home AAA) increases.
   This has been identified as a problem by the roamops working group
   [12], and any AAA proposal MUST solve this problem. Using public AAA
   (AAAP) solves many of the scalability problems associated with
   requiring direct business/roaming relationships between every two
   administrative domains. A public AAA may play the role of a proxy
   between two administrative domains which have security associations
   with the AAAP, and relay AAA messages back and forth securely.

   The AAAP enables the local and home domains to cooperate without
   requiring each of the networks to have a direct business or security
   relationship with all the other networks.  Thus, AAAPs offer the
   needed scalability for managing trust relationships between otherwise
   independent network domains.  Use of the AAAP does not preclude
   managing separate trust relationships between domains, but it does
   offer an alternative suitable for commercial environments.

ITSUMO Group               Expires August 2000                 [Page 5]

Internet Draft          AAA Requirements using DHCP           March 2000

5. Security Considerations

   This draft defines the AAA requirements for roaming nodes using
   DHCP or similar type of node configuration protocol. Since AAA is
   security driven, most of this documents addresses the security
   considerations AAA must make on behalf of roaming nodes using node
   configuration protocols.

6. Acknowledgements

   The requirements in section 3 were taken from a draft submitted by
   S. Glass, S. Jacobs, and C. Perkins of the Mobile IP working group.
   We would like to acknowledge their work.

   The authors acknowledge the contributions of other members of the
   ITSUMO (Internet Technologies Supporting Universal Mobile Operation)
   team from Telcordia (P. Agrawal, J.C. Chen, A. Dutta, D. Famolari,
   S. Madhani, F. Vakil, P. Ramanathan, H. Sherry and R. Wolff) and
   Toshiba America Research Incorporated (T. Kodama).


   [1] S. Farrell, J. Vollbrecht, P. Calhoun, L. Gommans, G. Gross,
       B. de Bruijn, C. de Laat, M. Holdrege and D. Spence,  "AAA
       Authorizatiopn Requirements,"
       <draft-ietf-aaa-authorization-reqs-01.txt>, October 1999.

   [2] J. Arkko, "Requirements  for Internet-scale Accounting
       Management," <draft-arkko-acctreq-00.txt>, August, 1998.

   [3] C. Perkins, "IP Mobility Support," RFC 2002, October 1996.

   [4] S. Glass, S. Jacobs, C. Perkins, "Mobile IP Authentication,
       Authorization, and Accounting Requirements,"
       <draft-ietf-mobileip-aaa-reqs-00.txt>, October, 1999.

   [5] R. Droms, "Dynamic Host Configuration Protocol," Request for
       Comments 2131, March, 1997.

   [6] A. McAuley, S. Das, S. Baba, Y. Shobatake, "Dynamic Registration
       and Configuration Protocol (DRCP)," <draft-itsumo-drcp-00.txt>,
       October, 1999.

ITSUMO Group               Expires August 2000                 [Page 6]

Internet Draft          AAA Requirements using DHCP           March 2000

   [7] R. Droms, "Authentication for DHCP Messages," <draft-gupta-dhcp-
       auth-12.txt>, October, 1999.

   [8] V. Gupta, "Flexible Authentication for DHCP Messages,"
       <draft-ietf-dhc-authentication-12.txt>, October, 1998.

   [9] A. Gustafsson, "A DNS RR for encoding DHCP information,"
       <draft-ietf-dnsind-dhcp-rr.00.txt>, October, 1999.

   [10] M. Stapp, Y. Rekhter, "Interaction between DHCP and DNS,"
        <draft-ietf-dhc-dhcp-dns-11.txt>, October, 1999.

   [11] B. Aboba and M. A. Beadles, "The network access identifier,"
        RFC 2486, January 1999.

   [12] B. Adoba and G. Zorn, "Criteria for evaluating roaming
        protocols," RFC 2477, December 1998.

   [13] J. Wang and R. Wang, "Cellular network Authentication,
        Authorization, and Accounting requirements,"
        <draft-wang-aaa-cel-req-00.txt>, October, 1999.

   [14] M. Beadles and et.al., "Criteria for evaluating AAA protocols
        for network access", <draft-ietf-aaa-na-reqts-01.txt>, October

   [15] H. Schulzrinne and et. al., "SIP: Session initiation protocol,"
        RFC 2543, March 1999.

   [16] E. Wedlund and H. Schulzrinne, "Mobility support using SIP",
        Proc. The second ACM International workshop on Wireless Mobile
        Multimedia, ACM/IEEE, pp 76-82, August, 1999.

   [17] A. McAuley, S. Das, S. Baba, Y. Shobatake, " Requirements for
        Extending DHCP into New Environments,"
        <draft-dhc-enhance-requirements-00.txt>, March, 2000.

7. Authors' Addresses

   Subir Das
   MCC 1D210R, Telcordia
   445 South Street, Morristown, NJ 07960
   Phone: +1 973 829 4959
   email: subir@research.telcordia.com

ITSUMO Group               Expires August 2000                 [Page 7]

Internet Draft          AAA Requirements using DHCP           March 2000

   Anthony J. McAuley
   MCC 1C235B, Telcordia
   445 South Street, Morristown, NJ 07960
   Phone: +1 973 829 4698
   email: mcauley@research.telcordia.com

   Shinichi Baba
   Toshiba America Research Inc.
   P.O. Box 136 Convent Station, NJ 07961-0136
   Phone: +1 973 829 4759
   email: sbaba@tari.toshiba.com

   Yasuro Shobatake
   Toshiba America Research Inc.
   P.O. Box 136 Convent Station, NJ 07961-0136
   Phone: +1 973 829 3951
   email: yasuro.shobatake@toshiba.co.jp

ITSUMO Group               Expires August 2000                 [Page 8]