| draft-ietf-cbor-network-addresses-10.txt | draft-ietf-cbor-network-addresses-11.txt | |||
|---|---|---|---|---|
| CBOR Working Group M. Richardson | CBOR Working Group M. Richardson | |||
| Internet-Draft Sandelman Software Works | Internet-Draft Sandelman Software Works | |||
| Intended status: Standards Track C. Bormann | Intended status: Standards Track C. Bormann | |||
| Expires: 9 April 2022 Universität Bremen TZI | Expires: 11 April 2022 Universität Bremen TZI | |||
| 6 October 2021 | 8 October 2021 | |||
| CBOR tags for IPv4 and IPv6 addresses and prefixes | CBOR tags for IPv4 and IPv6 addresses and prefixes | |||
| draft-ietf-cbor-network-addresses-10 | draft-ietf-cbor-network-addresses-11 | |||
| Abstract | Abstract | |||
| This specification defines two CBOR Tags for use with IPv6 and IPv4 | This specification defines two CBOR Tags for use with IPv6 and IPv4 | |||
| addresses and prefixes. | addresses and prefixes. | |||
| // RFC-EDITOR-please-remove: This work is tracked at | // RFC-EDITOR-please-remove: This work is tracked at | |||
| // https://github.com/cbor-wg/cbor-network-address | // https://github.com/cbor-wg/cbor-network-address | |||
| Status of This Memo | Status of This Memo | |||
| skipping to change at page 1, line 35 ¶ | skipping to change at page 1, line 35 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on 9 April 2022. | This Internet-Draft will expire on 11 April 2022. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2021 IETF Trust and the persons identified as the | Copyright (c) 2021 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents (https://trustee.ietf.org/ | Provisions Relating to IETF Documents (https://trustee.ietf.org/ | |||
| license-info) in effect on the date of publication of this document. | license-info) in effect on the date of publication of this document. | |||
| Please review these documents carefully, as they describe your rights | Please review these documents carefully, as they describe your rights | |||
| skipping to change at page 2, line 25 ¶ | skipping to change at page 2, line 25 ¶ | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | |||
| 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 | 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 3. Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . 3 | 3. Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 3.1. Three Forms . . . . . . . . . . . . . . . . . . . . . . . 3 | 3.1. Three Forms . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 3.1.1. Addresses . . . . . . . . . . . . . . . . . . . . . . 3 | 3.1.1. Addresses . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 3.1.2. Prefixes . . . . . . . . . . . . . . . . . . . . . . 3 | 3.1.2. Prefixes . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 3.1.3. Interface Definition . . . . . . . . . . . . . . . . 4 | 3.1.3. Interface Definition . . . . . . . . . . . . . . . . 4 | |||
| 3.2. IPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . 4 | 3.2. IPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . 4 | |||
| 3.3. IPv4 . . . . . . . . . . . . . . . . . . . . . . . . . . 5 | 3.3. IPv4 . . . . . . . . . . . . . . . . . . . . . . . . . . 5 | |||
| 4. Encoder Considerations for Prefixes . . . . . . . . . . . . . 6 | 4. Tag validity . . . . . . . . . . . . . . . . . . . . . . . . 6 | |||
| 5. Decoder Considerations for Prefixes . . . . . . . . . . . . . 6 | 4.1. Deterministic Encoding . . . . . . . . . . . . . . . . . 6 | |||
| 6. CDDL . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 | 4.2. Encoder Considerations for Prefixes . . . . . . . . . . . 6 | |||
| 7. Security Considerations . . . . . . . . . . . . . . . . . . . 8 | 4.3. Decoder Considerations for Prefixes . . . . . . . . . . . 7 | |||
| 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 | 4.3.1. Example implementation . . . . . . . . . . . . . . . 7 | |||
| 8.1. Tag 54 - IPv6 . . . . . . . . . . . . . . . . . . . . . . 9 | 5. CDDL . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 | |||
| 8.2. Tag 52 - IPv4 . . . . . . . . . . . . . . . . . . . . . . 9 | 6. Security Considerations . . . . . . . . . . . . . . . . . . . 9 | |||
| 8.3. Tags 260 and 261 . . . . . . . . . . . . . . . . . . . . 9 | 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10 | |||
| 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 9 | 7.1. Tag 54 - IPv6 . . . . . . . . . . . . . . . . . . . . . . 10 | |||
| 9.1. Normative References . . . . . . . . . . . . . . . . . . 9 | 7.2. Tag 52 - IPv4 . . . . . . . . . . . . . . . . . . . . . . 10 | |||
| 9.2. Informative References . . . . . . . . . . . . . . . . . 10 | 7.3. Tags 260 and 261 . . . . . . . . . . . . . . . . . . . . 10 | |||
| Appendix A. Changelog . . . . . . . . . . . . . . . . . . . . . 10 | 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 10 | |||
| Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 10 | 8.1. Normative References . . . . . . . . . . . . . . . . . . 10 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 10 | 8.2. Informative References . . . . . . . . . . . . . . . . . 11 | |||
| Appendix A. Changelog . . . . . . . . . . . . . . . . . . . . . 11 | ||||
| Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 12 | ||||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 12 | ||||
| 1. Introduction | 1. Introduction | |||
| [RFC8949] defines a number of CBOR Tags for common items. Tags 260 | [RFC8949] defines a number of CBOR Tags for common items. Tags 260 | |||
| and 261 were later defined in drafts listed with IANA | and 261 were later defined in drafts listed with IANA | |||
| [IANA.cbor-tags]. These tags were intended to cover addresses (260) | [IANA.cbor-tags]. These tags were intended to cover addresses (260) | |||
| and prefixes (261). Tag 260 distinguishes between IPv6, IPv4, and | and prefixes (261). Tag 260 distinguishes between IPv6, IPv4, and | |||
| MAC [RFC7042] addresses only through the length of the byte string | MAC [RFC7042] addresses only through the length of the byte string | |||
| making it impossible, for example, to drop trailing zeros in the | making it impossible, for example, to drop trailing zeros in the | |||
| encoding of IP addresses. Tag 261 was not documented well enough for | encoding of IP addresses. Tag 261 was not documented well enough for | |||
| skipping to change at page 4, line 19 ¶ | skipping to change at page 4, line 19 ¶ | |||
| length of a prefix built out of the first length bits of the address, | length of a prefix built out of the first length bits of the address, | |||
| they represent information that is commonly used to specify both the | they represent information that is commonly used to specify both the | |||
| network prefix and the IP address of an interface. | network prefix and the IP address of an interface. | |||
| The length of the byte string is always 16 bytes (for IPv6) and 4 | The length of the byte string is always 16 bytes (for IPv6) and 4 | |||
| bytes (for IPv4). | bytes (for IPv4). | |||
| This form is called the Interface Format. | This form is called the Interface Format. | |||
| Interface Format definitions support an optional third element to the | Interface Format definitions support an optional third element to the | |||
| array, which is to be used as the IPv6 Link-Local interface | array, which is to be used as the IPv6 Link-Local zone identifier | |||
| identifier Section 4 of [RFC3542]. This may be an integer, in which | from Section 4 of [RFC3542] and Section 6 of [RFC4007]; for symmetry | |||
| case it is to be interpreted as the interface index. This may be a | this is also provided for IPv4 as in [RFC4001] and [RFC6991]. The | |||
| string, in which case it is to be interpreted as an interface name. | zone identifier may be an integer, in which case it is to be | |||
| interpreted as the interface index. It may be a text string, in | ||||
| which case it is to be interpreted as an interface name. | ||||
| As explained in [RFC4007] the zone identifiers are strictly local to | ||||
| the node. They are useful for communications within a node about | ||||
| connected addresses (for instance, where a link-local peer is | ||||
| discovered by one daemon, and another daemon needs to be informed). | ||||
| They may also have utility in some management protocols. | ||||
| In the cases where the Interface Format is being used to represent | In the cases where the Interface Format is being used to represent | |||
| only an address with an interface identifier, and no interface prefix | only an address with a zone identifier, and no interface prefix | |||
| information, then the prefix length may be replaced with the CBOR | information, then the prefix length may be replaced with the CBOR | |||
| "false" (0xF4). | "null" (0xF6). | |||
| 3.2. IPv6 | 3.2. IPv6 | |||
| IANA has allocated tag 54 for IPv6 uses. (This is the ASCII code for | IANA has allocated tag 54 for IPv6 uses. (This is the ASCII code for | |||
| '6'.) | '6'.) | |||
| An IPv6 address is to be encoded as a sixteen-byte byte string | An IPv6 address is to be encoded as a sixteen-byte byte string | |||
| (Section 3.1 of [RFC8949], major type 2), enclosed in Tag number 54. | (Section 3.1 of [RFC8949], major type 2), enclosed in Tag number 54. | |||
| For example: | For example: | |||
| 54(h'20010db81234deedbeefcafefacefeed') | 54(h'20010db81234deedbeefcafefacefeed') | |||
| An IPv6 prefix, such as 2001:db8:1234::/48 is to be encoded as a two | An IPv6 prefix, such as 2001:db8:1234::/48 is to be encoded as a two | |||
| element array, with the length of the prefix first. Trailing zero | element array, with the length of the prefix first. See Section 4 | |||
| bytes MUST be omitted. | for the detailed construction of the second element. | |||
| For example: | For example: | |||
| 54([48, h'20010db81234']) | 54([48, h'20010db81234']) | |||
| An IPv6 address combined with a prefix length, such as being used for | An IPv6 address combined with a prefix length, such as being used for | |||
| configuring an interface, is to be encoded as a two element array, | configuring an interface, is to be encoded as a two element array, | |||
| with the (full-length) IPv6 address first and the length of the | with the (full-length) IPv6 address first and the length of the | |||
| associated network the prefix next. | associated network the prefix next; a third element can be added for | |||
| the zone identifier. | ||||
| For example: | For example: | |||
| 54([h'20010db81234deedbeefcafefacefeed', 56]) | 54([h'20010db81234deedbeefcafefacefeed', 56]) | |||
| The address-with-prefix form can be reliably distinguished from the | The address-with-prefix form can be reliably distinguished from the | |||
| prefix form only in the sequence of the array elements. | prefix form only in the sequence of the array elements. | |||
| Some example of a link-local IPv6 address with a 64-bit prefix: | Some example of a link-local IPv6 address with a 64-bit prefix: | |||
| 54([h'fe8000000000020202fffffffe030303', 64, 'eth0']) | 54([h'fe8000000000020202fffffffe030303', 64, 'eth0']) | |||
| with a numeric interface identifier: | with a numeric zone identifier: | |||
| 54([h'fe8000000000020202fffffffe030303', 64, 42]) | 54([h'fe8000000000020202fffffffe030303', 64, 42]) | |||
| An IPv6 link-local address without a prefix length: | An IPv6 link-local address without a prefix length: | |||
| 54([h'fe8000000000020202fffffffe030303', false, 42]) | 54([h'fe8000000000020202fffffffe030303', null, 42]) | |||
| Interface identifiers may be used with any kind of IPv6 address, not | Zone identifiers may be used with any kind of IP address, not just | |||
| just Link-Local addresses. In particular, they are valid for | Link-Local addresses. In particular, they are valid for multicast | |||
| multicast addresses, and there may still be some significance for | addresses, and there may still be some significance for Globally | |||
| Globally Unique Addresses (GUA). | Unique Addresses (GUA). | |||
| 3.3. IPv4 | 3.3. IPv4 | |||
| IANA has allocated tag 52 for IPv4 uses. (This is the ASCII code for | IANA has allocated tag 52 for IPv4 uses. (This is the ASCII code for | |||
| '4'.) | '4'.) | |||
| An IPv4 address is to be encoded as a four-byte byte string | An IPv4 address is to be encoded as a four-byte byte string | |||
| (Section 3.1 of [RFC8949], major type 2), enclosed in Tag number 52. | (Section 3.1 of [RFC8949], major type 2), enclosed in Tag number 52. | |||
| For example: | For example: | |||
| skipping to change at page 5, line 40 ¶ | skipping to change at page 6, line 4 ¶ | |||
| IANA has allocated tag 52 for IPv4 uses. (This is the ASCII code for | IANA has allocated tag 52 for IPv4 uses. (This is the ASCII code for | |||
| '4'.) | '4'.) | |||
| An IPv4 address is to be encoded as a four-byte byte string | An IPv4 address is to be encoded as a four-byte byte string | |||
| (Section 3.1 of [RFC8949], major type 2), enclosed in Tag number 52. | (Section 3.1 of [RFC8949], major type 2), enclosed in Tag number 52. | |||
| For example: | For example: | |||
| 52(h'c0000201') | 52(h'c0000201') | |||
| An IPv4 prefix, such as 192.0.2.0/24 is to be encoded as a two | An IPv4 prefix, such as 192.0.2.0/24 is to be encoded as a two | |||
| element array, with the length of the prefix first. Trailing zero | element array, with the length of the prefix first. See Section 4 | |||
| bytes MUST be omitted. | for the detailed construction of the second element. | |||
| For example: | For example: | |||
| 52([24, h'c00002']) | 52([24, h'c00002']) | |||
| An IPv4 address combined with a prefix length, such as being used for | An IPv4 address combined with a prefix length, such as being used for | |||
| configuring an interface, is to be encoded as a two element array, | configuring an interface, is to be encoded as a two element array, | |||
| with the (full-length) IPv4 address first and the length of the | with the (full-length) IPv4 address first and the length of the | |||
| associated network the prefix next. | associated network the prefix next; a third element can be added for | |||
| the zone identifier. | ||||
| For example, 192.0.2.1/24 is to be encoded as a two element array, | For example, 192.0.2.1/24 is to be encoded as a two element array, | |||
| with the length of the prefix (implied 192.0.2.0/24) last. | with the length of the prefix (implied 192.0.2.0/24) last. | |||
| 52([h'c0000201', 24]) | 52([h'c0000201', 24]) | |||
| The address-with-prefix form can be reliably distinguished from the | The address-with-prefix form can be reliably distinguished from the | |||
| prefix form only in the sequence of the array elements. | prefix form only in the sequence of the array elements. | |||
| 4. Encoder Considerations for Prefixes | 4. Tag validity | |||
| For the byte strings used in representing prefixes, an encoder MUST | This section discusses when a tag 54 or tag 52 is valid | |||
| omit any right-aligned (trailing) sequence of bytes that are all | (Section 5.3.2 of [RFC8949]). As with all CBOR tags, validity | |||
| zero. | checking can be handled in a generic CBOR library or in the | |||
| application. A generic CBOR library needs to document whether and | ||||
| how it handles validity checking. | ||||
| There is no relationship between the number of bytes omitted and the | The rule ip-address-or-prefix in Figure 1 shows how to check the | |||
| prefix length. For instance, the prefix 2001:db8::/64 is encoded as: | overall structure of these tags and their content, the ranges of | |||
| integer values, and the lengths of byte strings. An instance of tag | ||||
| 52 or 54 is valid if it matches that rule and, for ipv6-prefix and | ||||
| ipv4-prefix, the considerations of Sections 4.2 and 4.3. | ||||
| 54([64, h'20010db8']) | 4.1. Deterministic Encoding | |||
| An encoder MUST take care to set all trailing bits in the final byte | The tag validity rules, combined with the rules in Section 4.2.1 of | |||
| to zero, if any. While decoders are expected to ignore them, such | [RFC8949], lead to deterministic encoding for tags 54 and 52 and | |||
| garbage entities could be used as a covert channel, or may reveal the | require no further Additional Deterministic Encoding Considerations | |||
| state of what would otherwise be private memory contents. So for | as per Section 4.2.2 of [RFC8949]. | |||
| example, 2001:db8:1230::/44 MUST be encoded as: | ||||
| 52([44, h'20010db81230']) | 4.2. Encoder Considerations for Prefixes | |||
| For the byte strings used as the second element in the array | ||||
| representing a prefix: | ||||
| (1) An encoder MUST set any unused bytes, and any unused bits in the | ||||
| final byte, if any, to zero. Unused bytes/bits are bytes/bits that | ||||
| are not covered by the prefix length given. So for example, | ||||
| 2001:db8:1230::/44 MUST be encoded as: | ||||
| 54([44, h'20010db81230']) | ||||
| even though variations like: | even though variations like: | |||
| 54([44, h'20010db81233']) | 54([44, h'20010db81233']) | |||
| 54([45, h'20010db8123f']) | 54([44, h'20010db8123f']) | |||
| 54([44, h'20010db8123012']) | ||||
| would be parsed in the exact same way; they MUST be considered | start with the same 44 bits, but are not valid. | |||
| invalid. | ||||
| The same considerations apply to IPv4 prefixes. | (Analogous examples can be constructed for IPv4 prefixes.) | |||
| 5. Decoder Considerations for Prefixes | (2) An encoder MUST then omit any right-aligned (trailing) sequence | |||
| of bytes that are all zero. | ||||
| A decoder MUST consider all bits to the right of the prefix length to | There is no relationship between the number of bytes omitted and the | |||
| be zero. | prefix length. For instance, the prefix 2001:db8::/64 is encoded as: | |||
| A decoder MUST handle the case where a prefix length specifies that | 54([64, h'20010db8']) | |||
| 4.3. Decoder Considerations for Prefixes | ||||
| A decoder MUST check that all unused bits encoded in the byte string | ||||
| ipv6-prefix-bytes/ipv4-prefix-bytes, i.e., the bits to the right of | ||||
| the prefix length, are zero. | ||||
| A decoder MUST also check that the byte string does not end in a zero | ||||
| byte. | ||||
| Since encoders are required to remove zero-valued trailing bytes, a | ||||
| decoder MUST handle the case where a prefix length specifies that | ||||
| more bits are relevant than are actually present in the byte-string. | more bits are relevant than are actually present in the byte-string. | |||
| As a pathological case, ::/128 can be encoded as | ||||
| As an example, ::/128 is encoded as | ||||
| 54([128, h'']) | 54([128, h'']) | |||
| A recommendation for implementations is to first create an array of | ||||
| 16 (or 4) zero bytes. | 4.3.1. Example implementation | |||
| A recommendation for prefix decoder implementations is to first | ||||
| create an array of 16 (or 4) zero bytes. | ||||
| Then taking whichever is smaller between (a) the length of the | Then taking whichever is smaller between (a) the length of the | |||
| included byte-string, and (b) the number of bytes covered by the | included byte-string, and (b) the number of bytes covered by the | |||
| prefix-length rounded up to the next multiple of 8: fail if that | prefix-length rounded up to the next multiple of 8: fail if that | |||
| number is greater than 16 (or 4), and then copy that many bytes from | number is greater than 16 (or 4), and then copy that many bytes from | |||
| the byte-string into the array. | the byte-string into the byte array. | |||
| Finally, looking at the last three bits of the prefix-length in bits | ||||
| (that is, the prefix-length modulo 8), use a static array of 8 values | ||||
| to force the lower, non-relevant bits to zero, or simply: | ||||
| unused_bits = (8 - (prefix_length_in_bits & 7)) % 8; | ||||
| if (length_in_bytes > 0) | ||||
| address_bytes[length_in_bytes - 1] &= (0xFF << unused_bits); | ||||
| A particularly paranoid decoder could examine the lower non-relevant | Finally, looking at the number of unused bits in the last byte (if | |||
| bits to determine if they are non-zero, and reject the prefix. This | any) of the range covered by the prefix length, check that any unused | |||
| would detect non-compliant encoders, or a possible covert channel. | bits in the byte string are zero: | |||
| unused_bits = (8 - (prefix_length_in_bits % 8)) % 8; | ||||
| if (length_in_bytes > 0 && | if (length_in_bytes > 0 && | |||
| (address_bytes[length_in_bytes - 1] & ~(0xFF << unused_bits)) | (address_bytes[length_in_bytes - 1] & ~(0xFF << unused_bits)) | |||
| != 0) | != 0) | |||
| fail(); | fail(); | |||
| 6. CDDL | 5. CDDL | |||
| For use with CDDL [RFC8610], the typenames defined in Figure 1 are | For use with CDDL [RFC8610], the typenames defined in Figure 1 are | |||
| recommended: | recommended: | |||
| ip-address-or-prefix = ipv6-address-or-prefix / | ip-address-or-prefix = ipv6-address-or-prefix / | |||
| ipv4-address-or-prefix | ipv4-address-or-prefix | |||
| ipv6-address-or-prefix = #6.54(ipv6-address / | ipv6-address-or-prefix = #6.54(ipv6-address / | |||
| ipv6-address-with-prefix / | ipv6-address-with-prefix / | |||
| ipv6-prefix) | ipv6-prefix) | |||
| ipv4-address-or-prefix = #6.52(ipv4-address / | ipv4-address-or-prefix = #6.52(ipv4-address / | |||
| ipv4-address-with-prefix / | ipv4-address-with-prefix / | |||
| ipv4-prefix) | ipv4-prefix) | |||
| ipv6-address = bytes .size 16 | ipv6-address = bytes .size 16 | |||
| ipv4-address = bytes .size 4 | ipv4-address = bytes .size 4 | |||
| ipv6-address-with-prefix = [ipv6-address, ipv6-prefix-value, | ipv6-address-with-prefix = [ipv6-address, | |||
| ?ipv6-interface-identifier] | ipv6-prefix-length / null, | |||
| ipv4-address-with-prefix = [ipv4-address, ipv4-prefix-length] | ?ip-zone-identifier] | |||
| ipv4-address-with-prefix = [ipv4-address, | ||||
| ipv4-prefix-length / null, | ||||
| ?ip-zone-identifier] | ||||
| ipv6-prefix-value = ipv6-prefix-length | ||||
| / false | ||||
| ipv6-prefix-length = 0..128 | ipv6-prefix-length = 0..128 | |||
| ipv4-prefix-length = 0..32 | ipv4-prefix-length = 0..32 | |||
| ipv6-prefix = [ipv6-prefix-length, ipv6-prefix-bytes] | ipv6-prefix = [ipv6-prefix-length, ipv6-prefix-bytes] | |||
| ipv4-prefix = [ipv4-prefix-length, ipv4-prefix-bytes] | ipv4-prefix = [ipv4-prefix-length, ipv4-prefix-bytes] | |||
| ipv6-prefix-bytes = bytes .size (uint .le 16) | ipv6-prefix-bytes = bytes .size (uint .le 16) | |||
| ipv4-prefix-bytes = bytes .size (uint .le 4) | ipv4-prefix-bytes = bytes .size (uint .le 4) | |||
| ipv6-interface-identifier = uint / tstr | ip-zone-identifier = uint / text | |||
| Figure 1 | Figure 1: CDDL types for tags 54 and 52 | |||
| 7. Security Considerations | 6. Security Considerations | |||
| This document provides an CBOR encoding for IPv4 and IPv6 address | This document provides an CBOR encoding for IPv4 and IPv6 address | |||
| information. Any applications using these encodings will need to | information. Any applications using these encodings will need to | |||
| consider the security implications of this data in their specific | consider the security implications of these data in their specific | |||
| context. For example, identifying which byte sequences in a protocol | context. For example, identifying which byte sequences in a protocol | |||
| are addresses may allow an attacker or eavesdropper to better | are addresses may allow an attacker or eavesdropper to better | |||
| understand what parts of a packet to attack. | understand what parts of a packet to attack. | |||
| The right-hand bits of the prefix, after the prefix-length, are | Applications need to check the validity (Section 4) of a tag before | |||
| ignored by this protocol. A malicious party could use them to | acting on any of its contents. If the validity checking is not done | |||
| transmit covert data in a way that would not affect the primary use | in the generic CBOR decoder, it needs to be done in the application; | |||
| of this encoding. Such abuse would be detected by examination of the | in any case it needs to be done before the tag is transformed into a | |||
| raw protocol bytes. Users of this encoding should be aware of this | platform-specific representation that could conceal validity errors. | |||
| possibility. | ||||
| There are many ways in which the encodings may be invalid: wrong byte | The right-hand bits of the prefix, after the prefix-length, are set | |||
| lengths (too long, too short), or invalid prefix lengths (greater | to zero by this protocol. (Otherwise, a malicious party could use | |||
| than 32 for IPv4, greater than 128 for IPv6, negative values, etc.) | them to transmit covert data in a way that would not affect the | |||
| These are all invalid and this error needs to be signaled to the | primary use of this encoding. Such abuse is detected by tag validity | |||
| application, and the entire content thrown away. | checking, and can also be detected by examination of the raw protocol | |||
| bytes.) | ||||
| 8. IANA Considerations | 7. IANA Considerations | |||
| IANA has allocated two tags from the Specification Required area of | IANA has allocated two tags from the Specification Required area of | |||
| the Concise Binary Object Representation (CBOR) Tags | the Concise Binary Object Representation (CBOR) Tags | |||
| [IANA.cbor-tags]: | [IANA.cbor-tags]: | |||
| 8.1. Tag 54 - IPv6 | 7.1. Tag 54 - IPv6 | |||
| Data Item: byte string or array | Data Item: byte string or array | |||
| Semantics: IPv6, [prefixlen,IPv6], [IPv6,prefixpart] | Semantics: IPv6, [prefixlen,IPv6], [IPv6,prefixpart] | |||
| 8.2. Tag 52 - IPv4 | 7.2. Tag 52 - IPv4 | |||
| Data Item: byte string or array | Data Item: byte string or array | |||
| Semantics: IPv4, [prefixlen,IPv4], [IPv4,prefixpart] | Semantics: IPv4, [prefixlen,IPv4], [IPv4,prefixpart] | |||
| 8.3. Tags 260 and 261 | 7.3. Tags 260 and 261 | |||
| IANA is requested to add the note "DEPRECATED in favor of 52 and 54 | IANA is requested to add the note "DEPRECATED in favor of 52 and 54 | |||
| for IP addresses" to registrations 260 and 261 | for IP addresses" to registrations 260 and 261 | |||
| 9. References | 8. References | |||
| 9.1. Normative References | 8.1. Normative References | |||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, | Requirement Levels", BCP 14, RFC 2119, | |||
| DOI 10.17487/RFC2119, March 1997, | DOI 10.17487/RFC2119, March 1997, | |||
| <https://www.rfc-editor.org/info/rfc2119>. | <https://www.rfc-editor.org/info/rfc2119>. | |||
| [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC | [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC | |||
| 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, | 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, | |||
| May 2017, <https://www.rfc-editor.org/info/rfc8174>. | May 2017, <https://www.rfc-editor.org/info/rfc8174>. | |||
| skipping to change at page 10, line 10 ¶ | skipping to change at page 11, line 10 ¶ | |||
| Definition Language (CDDL): A Notational Convention to | Definition Language (CDDL): A Notational Convention to | |||
| Express Concise Binary Object Representation (CBOR) and | Express Concise Binary Object Representation (CBOR) and | |||
| JSON Data Structures", RFC 8610, DOI 10.17487/RFC8610, | JSON Data Structures", RFC 8610, DOI 10.17487/RFC8610, | |||
| June 2019, <https://www.rfc-editor.org/info/rfc8610>. | June 2019, <https://www.rfc-editor.org/info/rfc8610>. | |||
| [RFC8949] Bormann, C. and P. Hoffman, "Concise Binary Object | [RFC8949] Bormann, C. and P. Hoffman, "Concise Binary Object | |||
| Representation (CBOR)", STD 94, RFC 8949, | Representation (CBOR)", STD 94, RFC 8949, | |||
| DOI 10.17487/RFC8949, December 2020, | DOI 10.17487/RFC8949, December 2020, | |||
| <https://www.rfc-editor.org/info/rfc8949>. | <https://www.rfc-editor.org/info/rfc8949>. | |||
| 9.2. Informative References | 8.2. Informative References | |||
| [IANA.cbor-tags] | [IANA.cbor-tags] | |||
| IANA, "Concise Binary Object Representation (CBOR) Tags", | IANA, "Concise Binary Object Representation (CBOR) Tags", | |||
| <http://www.iana.org/assignments/cbor-tags>. | <http://www.iana.org/assignments/cbor-tags>. | |||
| [RFC3542] Stevens, W., Thomas, M., Nordmark, E., and T. Jinmei, | [RFC3542] Stevens, W., Thomas, M., Nordmark, E., and T. Jinmei, | |||
| "Advanced Sockets Application Program Interface (API) for | "Advanced Sockets Application Program Interface (API) for | |||
| IPv6", RFC 3542, DOI 10.17487/RFC3542, May 2003, | IPv6", RFC 3542, DOI 10.17487/RFC3542, May 2003, | |||
| <https://www.rfc-editor.org/info/rfc3542>. | <https://www.rfc-editor.org/info/rfc3542>. | |||
| [RFC4001] Daniele, M., Haberman, B., Routhier, S., and J. | ||||
| Schoenwaelder, "Textual Conventions for Internet Network | ||||
| Addresses", RFC 4001, DOI 10.17487/RFC4001, February 2005, | ||||
| <https://www.rfc-editor.org/info/rfc4001>. | ||||
| [RFC4007] Deering, S., Haberman, B., Jinmei, T., Nordmark, E., and | ||||
| B. Zill, "IPv6 Scoped Address Architecture", RFC 4007, | ||||
| DOI 10.17487/RFC4007, March 2005, | ||||
| <https://www.rfc-editor.org/info/rfc4007>. | ||||
| [RFC6991] Schoenwaelder, J., Ed., "Common YANG Data Types", | ||||
| RFC 6991, DOI 10.17487/RFC6991, July 2013, | ||||
| <https://www.rfc-editor.org/info/rfc6991>. | ||||
| [RFC7042] Eastlake 3rd, D. and J. Abley, "IANA Considerations and | [RFC7042] Eastlake 3rd, D. and J. Abley, "IANA Considerations and | |||
| IETF Protocol and Documentation Usage for IEEE 802 | IETF Protocol and Documentation Usage for IEEE 802 | |||
| Parameters", BCP 141, RFC 7042, DOI 10.17487/RFC7042, | Parameters", BCP 141, RFC 7042, DOI 10.17487/RFC7042, | |||
| October 2013, <https://www.rfc-editor.org/info/rfc7042>. | October 2013, <https://www.rfc-editor.org/info/rfc7042>. | |||
| Appendix A. Changelog | Appendix A. Changelog | |||
| This section is to be removed before publishing as an RFC. | This section is to be removed before publishing as an RFC. | |||
| * 03 | * 03 | |||
| * 02 | * 02 | |||
| * 01 added security considerations about covert channel | * 01 added security considerations about covert channel | |||
| Acknowledgements | Acknowledgements | |||
| Roman Danyliw, Donald Eastlake, Ben Kaduk, Barry Leiba, and Eric | Roman Danyliw, Donald Eastlake, Ben Kaduk, Barry Leiba, and Éric | |||
| Vyncke reviewed the document and provided suggested text. | Vyncke reviewed the document and provided suggested text. Jürgen | |||
| Schönwälder helped finding the history of IPv4 zone identifiers. | ||||
| Authors' Addresses | Authors' Addresses | |||
| Michael Richardson | Michael Richardson | |||
| Sandelman Software Works | Sandelman Software Works | |||
| Email: mcr+ietf@sandelman.ca | Email: mcr+ietf@sandelman.ca | |||
| Carsten Bormann | Carsten Bormann | |||
| Universität Bremen TZI | Universität Bremen TZI | |||
| End of changes. 51 change blocks. | ||||
| 104 lines changed or deleted | 156 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||