GEOPRIV M. Thomson
Internet-Draft J. Winterbottom
Intended status: Standards Track Andrew
Expires: June 20, 2009 December 17, 2008
Discovering the Local Location Information Server (LIS)
draft-ietf-geopriv-lis-discovery-05
Status of this Memo
By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on June 20, 2009.
Thomson & Winterbottom Expires June 20, 2009 [Page 1]
Internet-Draft LIS Discovery December 2008
Abstract
A method is described for the discovery of a Location Information
Server. The method uses a Dynamic Host Configuration Protocol (DHCP)
option. DHCP options are defined for both IPv4 and IPv6 DHCP. A
URI-enabled NAPTR (U-NAPTR) method is described for use where the
DHCP option is unsuccessful. This document defines a U-NAPTR
Application Service for a LIS, with a specific Application Protocol
for the HTTP Enabled Location Delivery (HELD) protocol.
Table of Contents
1. Introduction and Overview . . . . . . . . . . . . . . . . . . 3
1.1. DHCP Discovery . . . . . . . . . . . . . . . . . . . . . . 3
1.2. U-NAPTR Discovery . . . . . . . . . . . . . . . . . . . . 3
1.3. Terminology . . . . . . . . . . . . . . . . . . . . . . . 4
2. LIS Discovery Using DHCP . . . . . . . . . . . . . . . . . . . 5
2.1. LIS Authentication . . . . . . . . . . . . . . . . . . . . 5
2.2. DHCPv4 Option for a LIS Address . . . . . . . . . . . . . 6
2.3. DHCPv6 Option for a LIS Address . . . . . . . . . . . . . 7
3. U-NAPTR for LIS Discovery . . . . . . . . . . . . . . . . . . 9
3.1. Determining a Domain Name . . . . . . . . . . . . . . . . 10
4. Overall Discovery Procedure . . . . . . . . . . . . . . . . . 11
4.1. Virtual Private Networks (VPNs) . . . . . . . . . . . . . 12
5. Security Considerations . . . . . . . . . . . . . . . . . . . 13
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 14
6.1. Registration of DHCPv4 and DHCPv6 Option Codes . . . . . . 14
6.2. Registration of a Location Server Application Service
Tag . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
6.3. Registration of a Location Server Application Protocol
Tag for HELD . . . . . . . . . . . . . . . . . . . . . . . 14
7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 16
8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 17
8.1. Normative References . . . . . . . . . . . . . . . . . . . 17
8.2. Informative References . . . . . . . . . . . . . . . . . . 17
Appendix A. DHCP LIS URI Option Examples . . . . . . . . . . . . 19
A.1. LIS URI Only . . . . . . . . . . . . . . . . . . . . . . . 19
A.2. LIS URI with Fingerprint . . . . . . . . . . . . . . . . . 19
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 21
Intellectual Property and Copyright Statements . . . . . . . . . . 22
Thomson & Winterbottom Expires June 20, 2009 [Page 2]
Internet-Draft LIS Discovery December 2008
1. Introduction and Overview
The location of a device is a useful and sometimes necessary part of
many services. A Location Information Server (LIS) is responsible
for providing that location information to devices with an access
network. The LIS uses knowledge of the access network and its
physical topology to generate and serve location information to
devices.
Each access network requires specific knowledge about topology.
Therefore, it is important to discover the LIS that has the specific
knowledge necessary to locate a device. That is, the LIS that serves
the current access network. Automatic discovery is important where
there is any chance of movement outside a single access network.
Reliance on static configuration can lead to unexpected errors if a
device moves between access networks.
This document describes DHCP options and DNS records that a device
can use to discover a LIS.
The product of a discovery process, such as the one described in this
document, is the address of the service. In this document, the
result is an http: or https: URI, which identifies a LIS.
The URI result from the discovery process is suitable for location
configuration only; that is, the client MUST dereference the URI
using the process described in HELD
[I-D.ietf-geopriv-http-location-delivery]. URIs discovered in this
way are not "location by reference" URIs; dereferencing one of them
provides the location of the requester only. Clients MUST NOT embed
these URIs in fields in other protocols designed to carry the
location of the client.
1.1. DHCP Discovery
DHCP ([RFC2131], [RFC3315]) is a commonly used mechanism for
providing bootstrap configuration information allowing a device to
operate in a specific network environment. The bulk of DHCP
information is largely static; consisting of configuration
information that does not change over the period that the device is
attached to the network. Physical location information might change
over this time, however the address of the LIS does not. Thus, DHCP
is suitable for configuring a device with the address of a LIS.
1.2. U-NAPTR Discovery
Where DHCP is not available, the DNS might be able to provide a URI.
This document describes a method that uses URI-enabled NAPTR
Thomson & Winterbottom Expires June 20, 2009 [Page 3]
Internet-Draft LIS Discovery December 2008
(U-NAPTR) [RFC4848], a Dynamic Delegation Discovery Service (DDDS)
profile that supports URI results.
For the LIS discovery DDDS application, an Application Service tag
"LIS" and an Application Protocol tag "HELD" are created and
registered with the IANA. Taking a domain name, this U-NAPTR
application uses the two tags to determine the LIS URI.
A domain name is the crucial input to the U-NAPTR resolution process.
Section 3.1 of this document describes several methods for deriving
an appropriate domain name.
1.3. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].
This document also uses the term "device" to refer to an end host, or
client consistent with its use in HELD. In HELD and RFC3693
[RFC3693] parlance, the Device is also the Target.
The terms "access network" refers to the network that a device
connects to for Internet access. The "access network provider" is
the entity that operates the access network. This is consistent with
the definition in [I-D.ietf-geopriv-l7-lcp-ps] which combines the
Internet Access Provider (IAP) and Internet Service Provider (ISP).
The access network provider is responsible for allocating the device
a public IP address and for directly or indirectly providing a LIS
service.
Thomson & Winterbottom Expires June 20, 2009 [Page 4]
Internet-Draft LIS Discovery December 2008
2. LIS Discovery Using DHCP
DHCP allows the access network provider to specify the address of a
LIS as part of network configuration. If the device is able to
acquire a LIS URI using DHCP then this URI is used directly; the
U-NAPTR process is not necessary if this option is provided.
This document registers DHCP options for a LIS address for both IPv4
and IPv6.
2.1. LIS Authentication
The DHCP LIS URI option includes an optional authentication method
for the LIS. If an https: URI is provided for the LIS, the option
can optionally include a fingerprint of the server certificate. The
device can use this fingerprint to authenticate the server.
HTTP over TLS [RFC2818] describes how a host can be authenticated
based on an expected domain name. Relying exclusively on a domain
name for authentication is not appropriate for a LIS, since the
domain name associated with the access network might not be known.
Indeed, it is often innapropriate to attempt to assign any particular
domain name to an access network.
This specification defines an alternative means of establishing an
expected identity for the server that uses a certificate fingerprint.
The DHCP option includes a fingerprint for the server certificate
that is offered by the LIS when the associated URI is accessed.
An access network operator is still able to nominate authentication
based on a domain name. If no fingerprint information is included,
the device MUST authenticate the server using the method described in
Section 3.1 of RFC 2818 [RFC2818]. If a fingerprint exists, the
domain name method MUST NOT be used.
The certificate fingerprint can be ignored if the LIS URI doesn't
indicate a protocol that supports exchange of certificates (such as
http:). The LIS MUST be considered unauthenticated.
Note: Whether the device goes on to use the information provided by
an unauthenticated LIS depends on device policy. A device might
choose to continue with alternative methods of discovery before
falling back to an unauthenticated LIS.
The mechanism to generate a fingerprint is to take the hash of the
DER-encoded certificate using a cryptographically strong algorithm.
The hash algorithm used for generating the fingerprint is identified
by a textual name taken from the IANA registry "Hash Function Textual
Thomson & Winterbottom Expires June 20, 2009 [Page 5]
Internet-Draft LIS Discovery December 2008
Names" defined in [RFC4572]. Implementations MUST support SHA-1 as
the hash algorithm and use the label "sha-1" to identify the SHA-1
algorithm.
Multiple fingerprints MAY be included. If a hash algorithm is
indicated, but not supported by a device, it MUST choose the first
algorithm that it supports. If any supported fingerprint does not
match, the LIS MUST be considered as unauthenticated. If no hash
algorithm is supported by the device, it MUST consider the LIS to be
unauthenticated.
2.2. DHCPv4 Option for a LIS Address
This section defines a DHCP for IPv4 (DHCPv4) option for the address
of a LIS.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| LIS_URI | Length | F-Code(1) | F-Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Hash-Type-Len | Hash-Type ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Fingerprint-Value ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| F-Code(0) | URI .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| URI (cont.) ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 1: DHCPv4 LIS URI Option Example
LIS_URI: The IANA assigned option number (TBD). [[IANA/RFC-Editor
Note: Please replace TBD with the assigned DHCPv4 option code.]]
Length: The length of the entire LIS URI option in octets.
F-Code: A single octet indicates the type of data that follows:
fingerprint or URI. A value of 1 indicates that the following
data includes a certificate fingerprint. A value of 0 indicates
that no more supplementary data is included and the URI follows.
An "F-Code" with a value of 0 MUST be included.
Values other than zero or one MAY be ignored. Any other value
MUST be specified in a standards track RFC that SHOULD establish
an IANA registry.
Thomson & Winterbottom Expires June 20, 2009 [Page 6]
Internet-Draft LIS Discovery December 2008
F-Length: If the "F-Code" is non-zero, it MUST be followed by an
octet that indicates the length, in octets, of the data. This
value includes the sum of the lengths of: "Hash-Type-Len",
"Hash-Type", and "Fingerprint-Value".
Hash-Type-Len: The length, in octets, of the "Hash-Type" field.
Hash-Type: A text tag that identifies the hash algorithm used to
generate the fingerprint. The set of values are defined in the
"Hash Function Textual Names" IANA registry [RFC4572].
Fingerprint-Value: The octet values of the certificate fingerprint.
The length of this field is defined by the hash algorithm and MUST
match the remainder of the fingerprint data. If this does not
equal the value of "F-Length" less the length "Hash-Type-Len" and
"Hash-Type", the fingerprint MUST be considered invalid.
Note: An invalid fingerprint is not equivalent to no fingerprint.
URI: The address of the LIS. The URI takes the remainder of the
DHCP option. The URI MUST NOT be NULL terminated.
The DHCPv4 version of this URI SHOULD NOT exceed 225 octets in
length, but MAY be extended by concatenating multiple option
values, as described in [RFC3396].
2.3. DHCPv6 Option for a LIS Address
This section defines a DHCP for IPv6 (DHCPv6) option for the address
of a LIS. The DHCPv6 option for this parameter is similarly
formatted to the DHCPv4 option.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| OPTION_LIS_URI | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| F-Code(1) | F-Length | Hash-Type-Len | Hash-Type ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Fingerprint-Value ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| F-Code(0) | URI .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| URI (cont.) ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 2: DHCPv6 LIS URI Option
Thomson & Winterbottom Expires June 20, 2009 [Page 7]
Internet-Draft LIS Discovery December 2008
OPTION_LIS_URI: The IANA assigned option number (TBD). [[IANA/
RFC-Editor Note: Please replace TBD with the assigned DHCPv6
option code.]]
Length: The length of the LIS URI option in octets.
The format of remainder of the LIS URI option is identical to the
DHCPv4 option.
Thomson & Winterbottom Expires June 20, 2009 [Page 8]
Internet-Draft LIS Discovery December 2008
3. U-NAPTR for LIS Discovery
U-NAPTR resolution for a LIS takes a domain name as input and
produces a URI that identifies the LIS. This process also requires
an Application Service tag and an Application Protocol tag, which
differentiate LIS-related NAPTR records from other records for that
domain.
Section 6.2 defines an Application Service tag of "LIS", which is
used to identify the location service for a particular domain. The
Application Protocol tag "HELD", defined in Section 6.3, is used to
identify a LIS that understands the HELD protocol
[I-D.ietf-geopriv-http-location-delivery].
The NAPTR records in the following example demonstrate the use of the
Application Service and Protocol tags. Iterative NAPTR resolution is
used to delegate responsibility for the LIS service from
"zonea.example.net." and "zoneb.example.net." to
"outsource.example.com.".
zonea.example.net.
;; order pref flags
IN NAPTR 100 10 "" "LIS:HELD" ( ; service
"" ; regex
outsource.example.com. ; replacement
)
zoneb.example.net.
;; order pref flags
IN NAPTR 100 10 "" "LIS:HELD" ( ; service
"" ; regex
outsource.example.com. ; replacement
)
outsource.example.com.
;; order pref flags
IN NAPTR 100 10 "u" "LIS:HELD" ( ; service
"!*.!https://lis.example.org:4802/?c=ex!" ; regex
. ; replacement
)
Figure 3: Sample LIS:HELD Service NAPTR Records
Details for the "LIS" Application Service tag and the "HELD"
Application Protocol tag are included in Section 6.
U-NAPTR MUST only be used if the DHCP LIS URI option is not
available.
Thomson & Winterbottom Expires June 20, 2009 [Page 9]
Internet-Draft LIS Discovery December 2008
An https: LIS URI that is a product of U-NAPTR MUST be authenticated
using the domain name method described in Section 3.1 of RFC 2818
[RFC2818].
3.1. Determining a Domain Name
The U-NAPTR discovery method described requires a domain name as
input. This document does not specify how that domain name is
acquired by a device. If a device knows one or more of the domain
names assigned to it, it MAY attempt to use each domain name as
input. Static configuration of a device is possible if a domain name
is known to work for this purpose.
A fully qualified domain name (FQDN) for the device might be provided
by a DHCP server ([RFC4702] for DHCPv4, [RFC4704] for DHCPv6).
DHCPv4 option 15 [RFC2131] could also be used as a source of a domain
name suffix for the device. If DHCP and any of these options are
available, these values could be used as input the U-NAPTR procedure;
however, implementers need to be aware that many DHCP servers do not
provide a sensible value for these options.
Thomson & Winterbottom Expires June 20, 2009 [Page 10]
Internet-Draft LIS Discovery December 2008
4. Overall Discovery Procedure
The individual components of discovery are combined into a single
discovery procedure. Some networks maintain a topology analogous to
an onion and are comprised of layers, or segments, separating hosts
from the Internet through intermediate networks. Applying the
individual discovery methods in an order that favours a physically
proximate LIS over a remote LIS is preferred.
A host MUST support DHCP discovery and MAY support U-NAPTR discovery.
The process described in this document is known to not work in a very
common deployment scenario, namely the fixed wired environment
described in Section 3.1 of [I-D.ietf-geopriv-l7-lcp-ps].
Alternative methods of discovery to address this limitation are
likely.
The following process ensures a greater likelihood of a LIS in close
physical proximity being discovered:
1. Request the DHCP LIS URI Option for each network interface.
2. Use U-NAPTR to discover a LIS URI using all known domain names.
3. Use a statically configured LIS URI.
A host that has multiple network interfaces could potentially be
served by a different access network on each interface, each with a
different LIS. The host SHOULD attempt to discover the LIS
applicable to each network interface, stopping when a LIS is
successfully discovered on any interface.
A host that discovers a LIS URI MUST attempt to verify that the LIS
is able to provide location information. For the HELD protocol, the
host MUST make a location request to the LIS. If the LIS responds to
this request with the "notLocatable" error code (see Section 4.3.2 of
[I-D.ietf-geopriv-http-location-delivery]), the host MUST continue
the discovery process and not make further requests to that LIS on
that network interface.
DHCP discovery MUST be attempted before any other discovery method.
This allows the network access provider a direct and explicit means
of configuring a LIS address. Alternative methods are only specified
as a means to discover a LIS where the DHCP infrastructure does not
support the LIS URI option.
This document does not mandate any particular source for the domain
name that is used as input to U-NAPTR. Alternative methods for
determining the domain name MAY be used.
Thomson & Winterbottom Expires June 20, 2009 [Page 11]
Internet-Draft LIS Discovery December 2008
Static configuration MAY be used if all other discovery methods fail.
Note however, that if a host has moved from its customary location,
static configuration might indicate a LIS that is unable to provide a
location.
The product of the LIS discovery process is an http: or https: URI.
Nothing distinguishes this URI from other URIs with the same scheme,
aside from the fact that it is the product of this process. Only
URIs produced by the discovery process can be used for location
configuration using HELD. URIs that are not a product of LIS
discovery MUST NOT be used for location configuration.
4.1. Virtual Private Networks (VPNs)
LIS discovery over a VPN network interface SHOULD NOT be performed.
A LIS discovered in this way is unlikely to have the information
necessary to determine an accurate location.
Since not all interfaces connected to a VPN can be detected by hosts,
a LIS SHOULD NOT provide location information in response to requests
that it can identify as originating from a VPN pool. This ensures
that even if a host discovers a LIS over the VPN, it does not rely on
a LIS that is unable to provide accurate location information. The
exception to this is where the LIS and host are able to determine a
location without access network support.
Thomson & Winterbottom Expires June 20, 2009 [Page 12]
Internet-Draft LIS Discovery December 2008
5. Security Considerations
The primary attack against the methods described in this document is
one that would lead to impersonation of a LIS. The LIS is
responsible for providing location information and this information
is critical to a number of network services; furthermore, a host does
not necessarily have a prior relationship with a LIS. Several
methods are described here that can limit the probablity of, or
provide some protection against, such an attack.
The address of a LIS is usually well-known within an access network;
therefore, interception of messages does not introduce any specific
concerns.
If DHCP is used, the integrity of DHCP options is limited by the
security of the channel over which they are provided. Physical
security and separation of DHCP messages from other packets are
commonplace methods that can reduce the possibility of attack within
an access network; alternatively, DHCP authentication [RFC3118] can
provide a degree of protection against modification.
An attacker could attempt to compromise the U-NAPTR resolution. A
more thorough description of the security considerations for U-NAPTR
applications is included in [RFC4848].
In addition to considerations related to U-NAPTR, it is important to
recognize that the output of this is entirely dependent on its input.
An attacker who can control the domain name is therefore able to
control the final URI. Any mechanism for automatically determining
such a domain name MUST consider such attacks.
Thomson & Winterbottom Expires June 20, 2009 [Page 13]
Internet-Draft LIS Discovery December 2008
6. IANA Considerations
6.1. Registration of DHCPv4 and DHCPv6 Option Codes
The IANA is requested to assign an option code for the DHCPv4 option
for a LIS address, as described in Section 2.2 of this document.
The IANA is requested to assign an option code for the DHCPv6 option
for a LIS address, as described in Section 2.3 of this document.
6.2. Registration of a Location Server Application Service Tag
This section registers a new S-NAPTR/U-NAPTR Application Service tag
for a LIS, as mandated by [RFC3958].
Application Service Tag: LIS
Intended usage: Identifies a service that provides a host with its
location information.
Defining publication: RFCXXXX
Related publications: HELD [I-D.ietf-geopriv-http-location-delivery]
Contact information: The authors of this document
Author/Change controller: The IESG
6.3. Registration of a Location Server Application Protocol Tag for
HELD
This section registers a new S-NAPTR/U-NAPTR Application Protocol tag
for the HELD [I-D.ietf-geopriv-http-location-delivery] protocol, as
mandated by [RFC3958].
Application Service Tag: HELD
Intended Usage: Identifies the HELD protocol.
Applicable Service Tag(s): LIS
Terminal NAPTR Record Type(s): U
Defining Publication: RFCXXXX
Thomson & Winterbottom Expires June 20, 2009 [Page 14]
Internet-Draft LIS Discovery December 2008
Related Publications: HELD [I-D.ietf-geopriv-http-location-delivery]
Contact Information: The authors of this document
Author/Change Controller: The IESG
Thomson & Winterbottom Expires June 20, 2009 [Page 15]
Internet-Draft LIS Discovery December 2008
7. Acknowledgements
The authors would like to thank Leslie Daigle for her work on
U-NAPTR; Peter Koch for his feedback on the DNS aspects of this
document; Andy Newton for constructive suggestions with regards to
document direction; Hannes Tschofenig and Richard Barnes for input
and reviews; Dean Willis for constructive feedback; Pasi Eronen for
the certificate fingerprint concept.
Thomson & Winterbottom Expires June 20, 2009 [Page 16]
Internet-Draft LIS Discovery December 2008
8. References
8.1. Normative References
[RFC2131] Droms, R., "Dynamic Host Configuration Protocol",
RFC 2131, March 1997.
[RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818, May 2000.
[RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C.,
and M. Carney, "Dynamic Host Configuration Protocol for
IPv6 (DHCPv6)", RFC 3315, July 2003.
[RFC3396] Lemon, T. and S. Cheshire, "Encoding Long Options in the
Dynamic Host Configuration Protocol (DHCPv4)", RFC 3396,
November 2002.
[RFC4572] Lennox, J., "Connection-Oriented Media Transport over the
Transport Layer Security (TLS) Protocol in the Session
Description Protocol (SDP)", RFC 4572, July 2006.
[RFC4702] Stapp, M., Volz, B., and Y. Rekhter, "The Dynamic Host
Configuration Protocol (DHCP) Client Fully Qualified
Domain Name (FQDN) Option", RFC 4702, October 2006.
[RFC4704] Volz, B., "The Dynamic Host Configuration Protocol for
IPv6 (DHCPv6) Client Fully Qualified Domain Name (FQDN)
Option", RFC 4704, October 2006.
[RFC4848] Daigle, L., "Domain-Based Application Service Location
Using URIs and the Dynamic Delegation Discovery Service
(DDDS)", RFC 4848, April 2007.
[I-D.ietf-geopriv-http-location-delivery]
Barnes, M., Winterbottom, J., Thomson, M., and B. Stark,
"HTTP Enabled Location Delivery (HELD)",
draft-ietf-geopriv-http-location-delivery-10 (work in
progress), October 2008.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
8.2. Informative References
[RFC3118] Droms, R. and W. Arbaugh, "Authentication for DHCP
Messages", RFC 3118, June 2001.
[RFC3693] Cuellar, J., Morris, J., Mulligan, D., Peterson, J., and
Thomson & Winterbottom Expires June 20, 2009 [Page 17]
Internet-Draft LIS Discovery December 2008
J. Polk, "Geopriv Requirements", RFC 3693, February 2004.
[RFC3958] Daigle, L. and A. Newton, "Domain-Based Application
Service Location Using SRV RRs and the Dynamic Delegation
Discovery Service (DDDS)", RFC 3958, January 2005.
[I-D.ietf-geopriv-l7-lcp-ps]
Tschofenig, H. and H. Schulzrinne, "GEOPRIV Layer 7
Location Configuration Protocol; Problem Statement and
Requirements", draft-ietf-geopriv-l7-lcp-ps-08 (work in
progress), June 2008.
Thomson & Winterbottom Expires June 20, 2009 [Page 18]
Internet-Draft LIS Discovery December 2008
Appendix A. DHCP LIS URI Option Examples
A.1. LIS URI Only
Figure 4 shows an example LIS URI option for DHCPv6 in hexadecimal
form. This example is the simplest form, with an http: URI and no
fingerprint information.
Hexadecimal representation of LIS option, including the leading
DHCPv4 option code and length octets: [[IANA/RFC-Editor Note: Please
replace instances of "??:??" in the following example with the
hexadecimal representation of the IANA allocated DHCPv6 option code;
replace "???" with the decimal representation of the IANA allocated
DHCPv6 option code.]]
??:??:00:1d:00:68:74:74:70:3a:2f:2f:6c:69:73:2e:65:78:61:6d:
70:6c:65:2e:6f:72:67:3a:34:38:30:31:2f
Octet Value Description
------- ------- --------------------------------------------------
00-01 ??:?? LIS URI Option Code (???)
02 00:1d Option Length = 29
03 00 F-Code = 0 (URI)
04- 68:74:74:70:3a:2f:2f:6c:69:73:2e:65:78:61:6d:70:
-1f 6c:65:2e:6f:72:67:3a:34:38:30:31:2f
- LIS URI = "http://lis.example.org:4801/"
Figure 4: Example of a Simple LIS URI Option
A.2. LIS URI with Fingerprint
Figure 5 shows an example LIS URI option for DHCPv4 in hexadecimal
form. This example shows the inclusion of two fingerprints, the
first based on SHA-256, and the second based on SHA-1.
Thomson & Winterbottom Expires June 20, 2009 [Page 19]
Internet-Draft LIS Discovery December 2008
Hexadecimal representation of LIS option, including the leading
DHCPv4 option code and length octets: [[IANA/RFC-Editor Note: Please
replace two instances of "??" in the following example with the
hexadecimal representation of the IANA allocated DHCPv4 option code;
replace "???" with the decimal representation of the IANA allocated
DHCPv4 option code.]]
??:69:01:28:07:73:68:61:2d:32:35:36:49:20:77:6f:6e:64:65:72:
20:69:66:74:68:69:73:20:77:69:6c:6c:20:62:65:20:6e:6f:74:69:
63:65:64:3f:01:1a:07:73:68:61:2d:31:39:39:62:6f:74:74:6c:65:
73:6f:66:62:65:65:72:6f:6e:74:68:65:00:68:74:74:70:73:3a:2f:
2f:6c:69:73:2e:65:78:61:6d:70:6c:65:2e:6f:72:67:3a:34:38:30:
32:2f:3f:63:3d:65:78
Octet Value Description
------- ------- --------------------------------------------------
00 ?? LIS URI Option Code (???)
01 6a Option Length = 106
02 01 F-Code = 1 (Fingerprint)
03 28 F-Length = 40
04 07 Hash-Type-Len = 7
05-0b 73:68:61:2d:32:35:36
- Hash-Type = "sha-256"
0c- 49:20:77:6f:6e:64:65:72:20:69:66:74:68:69:73:20:
-2b 77:69:6c:6c:20:62:65:20:6e:6f:74:69:63:65:64:3f
- Fingerprint-Value (SHA-256 output)
2c 01 F-Code = 1 (Fingerprint)
2d 1a F-Length = 26
2e 07 Hash-Type-Len = 5
2f-33 73:68:61:2d:31
- Hash-Type = "sha-1"
34- 39:39:62:6f:74:74:6c:65:73:6f:
-47 66:62:65:65:72:6f:6e:74:68:65
- Fingerprint-Value (SHA-1 output)
48 00 F-Code = 0 (URI)
49- 68:74:74:70:73:3a:2f:2f:6c:69:73:2e:65:78:61:6d:70:
-6a 6c:65:2e:6f:72:67:3a:34:38:30:32:2f:3f:63:3d:65:78
- LIS URI = "https://lis.example.org:4802/?c=ex"
Figure 5: Example LIS URI Option with Fingerprint Data
Thomson & Winterbottom Expires June 20, 2009 [Page 20]
Internet-Draft LIS Discovery December 2008
Authors' Addresses
Martin Thomson
Andrew
PO Box U40
Wollongong University Campus, NSW 2500
AU
Phone: +61 2 4221 2915
Email: martin.thomson@andrew.com
URI: http://www.andrew.com/
James Winterbottom
Andrew
PO Box U40
Wollongong University Campus, NSW 2500
AU
Phone: +61 2 4221 2938
Email: james.winterbottom@andrew.com
URI: http://www.andrew.com/
Thomson & Winterbottom Expires June 20, 2009 [Page 21]
Internet-Draft LIS Discovery December 2008
Full Copyright Statement
Copyright (C) The IETF Trust (2008).
This document is subject to the rights, licenses and restrictions
contained in BCP 78, and except as set forth therein, the authors
retain all their rights.
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Intellectual Property
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at
ietf-ipr@ietf.org.
Thomson & Winterbottom Expires June 20, 2009 [Page 22]
