draft-ietf-dhc-proxyserver-opt-01.txt   draft-ietf-dhc-proxyserver-opt-02.txt 
Network Working Group Senthil K Balasubramanian Network Working Group Senthil K Balasubramanian
Internet-Draft Hewlett-Packard Company Internet-Draft Intoto
Expires: December 2004 Michael Alexander Expires: March 2005 Michael Alexander
Gustaf Neumann Gustaf Neumann
Wirtschaftsuniversitaet Wien Wirtschaftsuniversitaet Wien
July 2004 October 2004
DHCP Option for Proxy Server Configuration DHCP Option for Proxy Server Configuration
draft-ietf-dhc-proxyserver-opt-01.txt draft-ietf-dhc-proxyserver-opt-02.txt
Status of this Memo Status of this Memo
This document is an Internet-Draft and is in full conformance with This document is an Internet-Draft and is subject to all provisions
all provisions of Section 10 of RFC2026. of section 3 of RFC 3667. By submitting this Internet-Draft, each
author represents that any applicable patent or other IPR claims of
which he or she is aware have been or will be disclosed, and any of
which he or she become aware will be disclosed, in accordance with
RFC 3668.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that other Task Force (IETF), its areas, and its working groups. Note that
groups may also distribute working documents as Internet-Drafts. other groups may also distribute working documents as
Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at http:// The list of current Internet-Drafts can be accessed at
www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on December 2004. This Internet-Draft will expire on March 2005.
Copyright Notice Copyright Notice
Copyright (C) The Internet Society (2004). All Rights Reserved. Copyright (C) The Internet Society (2004). All Rights Reserved.
Abstract Abstract
This document defines a new Dynamic Host Configuration Protocol This document defines a new Dynamic Host Configuration Protocol
(DHCP) option, which can be used to configure the TCP/IP host's Proxy (DHCP) option, which can be used to configure the TCP/IP host's Proxy
Server configuration for standard protocols like HTTP, FTP, NNTP, Server configuration for standard protocols like HTTP, FTP, NNTP,
skipping to change at page 2, line 12 skipping to change at page 2, line 15
uses DHCP to obtain configuration information such as uses DHCP to obtain configuration information such as
network address. network address.
DHCP Server: A DHCP server [RFC-2131] is an Internet host that DHCP Server: A DHCP server [RFC-2131] is an Internet host that
returns configuration parameters to DHCP clients. returns configuration parameters to DHCP clients.
Proxy Server: In a enterprise network that connects to Internet, Proxy Server: In a enterprise network that connects to Internet,
a proxy server is a server that acts as an intermediary a proxy server is a server that acts as an intermediary
between a workstation user and the Internet so that the between a workstation user and the Internet so that the
enterprise can ensure security, administrative control, enterprise can ensure security, administrative control,
and caching service. A Proxy server MAY be associated with and caching service. A Proxy server MAY be associated
or part of a gateway server that separates the enterprise with or part of a gateway server that separates the
network from the outside network (Usually Internet) enterprise network from the outside network (Usually
and a firewall server that protects the enterprise network Internet) and a firewall server that protects the
from outside intrusion. enterprise network from outside intrusion.
RDF:A language (Resource Description Framework [RDF-SYN]) for RDF:A language (Resource Description Framework [RDF-SYN]) for
describing properties of web resources. describing properties of web resources.
2. Introduction 2. Introduction
The Dynamic Host Configuration Protocol [RFC-2131] provides a The Dynamic Host Configuration Protocol [RFC-2131] provides a
framework for passing configuration information to hosts on a TCP/IP framework for passing configuration information to hosts on a TCP/IP
network. This document describes a DHCP configuration option that network. This document describes a DHCP configuration option that
can be used to inform a DHCP client, the IP addresses of one or more can be used to inform a DHCP client, the IP addresses of one or more
skipping to change at page 3, line 31 skipping to change at page 3, line 37
Code Len Proxy Server Configuration Entry Code Len Proxy Server Configuration Entry
+-------+------+------+------+------+------+-....-+------+ +-------+------+------+------+------+------+-....-+------+
| TBD | N | e1 | e2 | e3 | e4 | | en | | TBD | N | e1 | e2 | e3 | e4 | | en |
+-------+------+------+------+------+------+-....-+------+ +-------+------+------+------+------+------+-....-+------+
Code is TBD and will be assigned by IANA according to [RFC-2939]. Code is TBD and will be assigned by IANA according to [RFC-2939].
The length N gives the total number of octets in the Proxy Server The length N gives the total number of octets in the Proxy Server
Configuration entries. Configuration entries.
The format of Proxy Server Configuration Entry can be either The Proxy Server Configuration entry normally consists of a
protocol/encoding/Address/port tuple or RDF [RDF-SYN] Metadata type. sequence of Protocol Type (p), len (l), flag (f), IP
The minimum length is 8 octets. address and port. But it can also be a sequence of Protocol
Type (p), Len and RDF[RDF-SYN] metadata.
The Proxy Server Configuration entry consists of a sequence of
Protocol Type (p), Encoding (e), IP address and port.
+--+--+--+--+--+--+--+--+ +--+--+--+--+--+--+--+--+--+
|p |e |IP address |port | |p |l | f |IP address|port |
+--+--+--+--+--+--+--+--+ +--+--+--+--+--+--+--+--+--+
The Protocol(p) and encodig (e) are on octet each; each IP address is The Protocol(p) is a two octet integer in network byte order,
four octets, and each port number is a two-octet integer encoded in length (l) and flag (f) are one octet each; each IP
network byte order. address is four octets, and each port number is a two-octet
integer encoded in network byte order.
The protocol type(p) specifies the type of Protocol and MUST be The protocol type(p) specifies the type of Protocol and MUST be
one of the following assigned numbers. one of the following assigned numbers.
+-------------------------------+ +-------------------------------+
| protocol | Number | | protocol | Number |
+-------------------------------+ +-------------------------------+
| HTTP | 80 | | HTTP | 80 |
+-------------------------------+ +-------------------------------+
| FTP | 21 | | FTP | 21 |
skipping to change at page 4, line 27 skipping to change at page 4, line 27
+-------------------------------+ +-------------------------------+
| SOCKS | 1080 | | SOCKS | 1080 |
+-------------------------------+ +-------------------------------+
| WAIS | 210 | | WAIS | 210 |
+-------------------------------+ +-------------------------------+
| IMAP | 220 | | IMAP | 220 |
+-------------------------------+ +-------------------------------+
| RDF | TBD | | RDF | TBD |
+-------------------------------+ +-------------------------------+
The encoding field (e) is by default 0. Otherwise, it can either If the protocol type field is RDF[RDF-SYN], then it MUST be
followed by len (length of RDF metadata) and the actual RDF
metadata.
The length field (l) specifies the length of the Proxy Server
Configuration entry. If some new protocol is introduced in the
future and if some version of dhcpclient doesn't support, then
that particular entry can be ignored and process the following
Proxy Server Configuration Entry, if any.
The flag field (f) is by default 0. Otherwise, it can either
have "-" or "#". have "-" or "#".
If it is "-", then the entry becomes a destination address for If it is "-", then the entry becomes a destination address for
exclusion from forwarding to the proxy. If it is "#", then the proxy exclusion from forwarding to the proxy. If it is "#", then the proxy
requires authentication. requires authentication.
In cases where it makes sense to specify more than one proxy server In cases where it makes sense to specify more than one proxy server
for a given protocol, these proxy servers MUST be specifies as for a given protocol, these proxy servers MUST be specified as
additional IP addresses and ports within the same entry. The list is additional IP addresses and ports within the same entry. The list is
ordered by precedence, with the most preferred proxy server appearing ordered by precedence, with the most preferred proxy server appearing
first in the list, andthe least preferred proxy server appearing last first in the list, andthe least preferred proxy server appearing last
in the list. The DHCP client SHOULD honor this ordering. in the list. The DHCP client SHOULD honor this ordering.
More than one Proxy Server Configuration Entries MAY be specified in More than one Proxy Server Configuration Entries MAY be specified in
the option. In that case, the list is ordered by precedence, with the option. In that case, the list is ordered by precedence, with
the most preferred proxy server appearing first in the list, and the the most preferred proxy server appearing first in the list, and the
least preferred proxy server appearing last in the list. The DHCP least preferred proxy server appearing last in the list. The DHCP
client SHOULD honor this ordering. client SHOULD honor this ordering.
skipping to change at page 5, line 4 skipping to change at page 5, line 11
the most preferred proxy server appearing first in the list, and the the most preferred proxy server appearing first in the list, and the
least preferred proxy server appearing last in the list. The DHCP least preferred proxy server appearing last in the list. The DHCP
client SHOULD honor this ordering. client SHOULD honor this ordering.
The format of the Proxy Server Configuration using Metadata type is: The format of the Proxy Server Configuration using Metadata type is:
p Len RDF Metadata for the Proxy p Len RDF Metadata for the Proxy
+-------+------+----------------------------------+ +-------+------+----------------------------------+
| RDF | N | RDF | | RDF | N | RDF |
+-------+------+----------------------------------+ +-------+------+----------------------------------+
The RDF payload is freeform RDF metadata for describing proxy The RDF payload is freeform RDF metadata for describing proxy
properties. The length N gives the number of octets in the RDF properties. The length N gives the number of octets in the RDF
metadata field. metadata field.
The following entries specifies the sample format of the RDF data The following entry specifies the sample format of the RDF Meta
field data field
HTTP proxy: HTTP proxy:
<?xml version="1.0"?> <?xml version="1.0"?>
<!DOCTYPE rdf:RDF [<!ENTITY xsd "http://www.w3.org/2001/XMLSchema#">]> <!DOCTYPE rdf:RDF [<!ENTITY xsd "http://www.w3.org/2001/XMLSchema#">]>
<rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:dc="http://purl.org/dc/elements/1.1/"> xmlns:dc="http://purl.org/dc/elements/1.1/">
<rdf:Description rdf:about="http://http-proxy.duke.edu:8080"> <rdf:Description rdf:about="http://http-proxy.duke.edu:8080">
<dc:title>License Gate Proxy</dc:title> <dc:title>License Gate Proxy</dc:title>
<dc:creator>John Doe</dc:creator> <dc:creator>John Doe</dc:creator>
skipping to change at page 6, line 24 skipping to change at page 6, line 24
81 Octets <dc:title>..60 characters..</dc:title> 81 Octets <dc:title>..60 characters..</dc:title>
18 Octets </rdf:Description> 18 Octets </rdf:Description>
10 Octets </rdf:RDF> 10 Octets </rdf:RDF>
,the minimum length would be 418 octes. ,the minimum length would be 418 octes.
5. Option Usage 5. Option Usage
The Proxy Server Configuration entries SHOULD not repeat the same The Proxy Server Configuration entries SHOULD not repeat the same
type of proxy entries. The port MUST be a valid TCP/UDP port. type of proxy entries. The port MUST be a valid TCP/UDP port.
If the length of the Proxy Server Configuration Option exceeds the
maximum permissible within a single option (255 octets), then the
option MUST be represented in the DHCP message as specified
in [RFC-3396].
The following example shows how an RDF version of proxy server
configuration entry of 400 octets is represented in the option.
Code Len Proto Len
+-------+------+------+------+------+------+-....-+------+
| TBD | 255 | RDF | 253 | RDF Meta Data.............|
+-------+------+------+------+------+------+-....-+------+
Code Len Proto Len
+-------+------+------+------+------+------+-....-+------+
| TBD | 149 | RDF | 147 | RDF Meta Data.............|
+-------+------+------+------+------+------+-....-+------+
The following example shows how the same RDF version of proxy
server configuration entry of 400 octets is represented in the
option along with a normal version (p|l|f|IP|port) of proxy
server configuration entry.
+---+---+----+-+-+-------------+----+---+---+...-+---+-----+
|TBD|255|HTTP|7|0|192.168.5.10 |8080|RDF|243| RDF Meta Data|
+---+---+----+-+-+-------------+----+---+---+...-+---+-----+
+-------+------+------+------+------+------+-....-+------+
| TBD | 159 | RDF | 157 | RDF Meta Data.............|
+-------+------+------+------+------+------+-....-+------+
More than one RDF type of Proxy Server Configuration Entry MUST
not be sent in this option. This is because, the RDF Meta Data is
generally more than 255 octets and always require more than one
option of this type as per [RFC-3396]. However, more than one proxy
server configuration (FTP, HTTP, SOCKS) can be specified with the
same RDF Meta Data as follows
HTTP and FTP Proxy
<?xml version="1.0"?>
<!DOCTYPE rdf:RDF [<!ENTITY xsd "http://www.w3.org/2001/XMLSchema#">]>
<rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:dc="http://purl.org/dc/elements/1.1/">
<rdf:Description rdf:about="ftp://ftp-proxy.duke.edu:8080">
<dc:title>License Gate FTP Proxy</dc:title>
<dc:creator>John Doe</dc:creator>
<dc:publisher>Duke OIT</dc:publisher>
<dc:subject>Offsite Campus Resource Access Proxy</dc:subject>
<dc:type>Service</dc:subject>
<dc:rights>Current Duke faculty, staff, and students</dc:rights>
<dc:date>2004-06-15</dc:date>
</rdf:Description>
<rdf:Description rdf:about="http://http-proxy.duke.edu:8080">
<dc:title>License Gate Proxy</dc:title>
<dc:creator>John Doe</dc:creator>
<dc:publisher>Duke OIT</dc:publisher>
<dc:subject>Offsite Campus Resource Access Proxy</dc:subject>
<dc:type>Service</dc:subject>
<dc:rights>Current Duke faculty, staff, and students</dc:rights>
<dc:date>2004-06-15</dc:date>
</rdf:Description>
</rdf:RDF>
6. Security Considerations 6. Security Considerations
The DHCP Options defined here allow an intruder DHCP server to The DHCP Options defined here allow an intruder DHCP server to
misdirect a client, causing it to access a nonexistent or malicious misdirect a client, causing it to access a nonexistent or malicious
proxy server. This allows for a denial of service or man-in-the-middle proxy server. This allows for a denial of service or man-in-the-middle
attack. This is a well known property of the DCHP protocol; this option attack. This is a well known property of the DCHP protocol; this option
does not create any additional risk of such attacks. does not create any additional risk of such attacks.
DHCP provides an authentication mechanism, as described in RFC 3118 DHCP provides an authentication mechanism, as described in [RFC-3118],
[3], which may be used if authentication is required. which may be used if authentication is required.
7. IANA Considerations 7. IANA Considerations
IANA is requested to assign an option code to the Proxy Server IANA is requested to assign an option code to the Proxy Server
Configuration Option and protocol numbers for the SSL and RDF Configuration Option and protocol numbers for the SSL and RDF
protocol. protocol.
8. Acknowledgements 8. Acknowledgements
Thanks to Srinivas Reddy and Sridhar Ramamoorthy of Satyam InfoWay Thanks to the DHC Working Group for their time and input into the
for their extended help in technical Queries. specification. In particular, thanks to (in alphabetical order)
Bernie Volz, Ralph Droms, Robert Elz, and Ted Lemon for their
thorough review.
9. Normative References 9. Normative References
[RFC-2131] Droms, R., "Dynamic Host Configuration Protocol", RFC 2131, [RFC-2131] Droms, R., "Dynamic Host Configuration Protocol", RFC 2131,
March 1997. March 1997.
[RFC-2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC-2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC-3396] Lemon, T. and S. Cheshire, "Encoding Long DHCP Options",
RFC 3396, November 2002.
10. Informative References 10. Informative References
[RFC-3118] Droms, R. and W. Arbaugh, "Authentication for DHCP [RFC-3118] Droms, R. and W. Arbaugh, "Authentication for DHCP
Messages", RFC 3118, June 2001. Messages", RFC 3118, June 2001.
[RFC-2939] Droms, R., "Procedures and IANA Guidelines for Definition [RFC-2939] Droms, R., "Procedures and IANA Guidelines for Definition
of New DHCP Options and Message Types", BCP 43, RFC 2939, of New DHCP Options and Message Types", BCP 43, RFC 2939,
September 2000. September 2000.
[RFC-2616] Fielding, R., Gettys, J., Mogul, J., Frystyk, H., [RFC-2616] Fielding, R., Gettys, J., Mogul, J., Frystyk, H.,
skipping to change at page 7, line 41 skipping to change at page 8, line 52
[SSL2] Hickman, Kipp, "The SSL Protocol", Netscape Communications [SSL2] Hickman, Kipp, "The SSL Protocol", Netscape Communications
Corp., Feb 9, 1995. Corp., Feb 9, 1995.
[SSL3] A. Frier, P. Karlton, and P. Kocher, "The SSL 3.0 [SSL3] A. Frier, P. Karlton, and P. Kocher, "The SSL 3.0
Protocol", Netscape Communications Corp., Nov 18, 1996. Protocol", Netscape Communications Corp., Nov 18, 1996.
[RFC-1625] M. St. Pierre, J. Fullton, K. Gamiel, J. Goldman, B. Kahle, [RFC-1625] M. St. Pierre, J. Fullton, K. Gamiel, J. Goldman, B. Kahle,
J. Kunze, H. Morris, F. Schiettecatte, "WAIS over Z39.50-1988", J. Kunze, H. Morris, F. Schiettecatte, "WAIS over Z39.50-1988",
RFC 1625, June 1994. RFC 1625, June 1994.
[RDF-SYN] Becket, D. and B. McBride, Ed., "RDF/XML Syntax Specification", [RDF-SYN] Becket, D. and B. McBride, Ed., "RDF/XML Syntax Specification",
W3C REC-rdf-syntax, February 2004, W3C REC-rdf-syntax, February 2004,
<http://www.w3.org/TR/rdf-syntax-grammar/>. <http://www.w3.org/TR/rdf-syntax-grammar/>.
Author's Address Author's Address
Senthil K Balasubramanian Senthil K Balasubramanian
Hewlett Packard Intoto Software (I) Pvt Ltd
29 Cunnigham Road, C/o DBS Office Business Center
Bangalore Suite No.204, 31-A Cathedral Garden Road
India 560 052 Chennai, India 600 034
Phone: +91 44 2827 5191
EMail: ksenthil@intotoinc.com
Phone: +91 80 2205 3103
EMail: ksenthil@india.hp.com
Michael Alexander Michael Alexander
Wirtschaftsuniversitaet Wien Wirtschaftsuniversitaet Wien
Augasse 2-6 Augasse 2-6
A-1090 Vienna, Austria A-1090 Vienna, Austria
Phone: +43 31336 4467 Phone: +43 31336 4467
Email: malexand@wu-wien.ac.at Email: malexand@wu-wien.ac.at
Gustaf Neumann Gustaf Neumann
Wirtschaftsuniversitaet Wien Wirtschaftsuniversitaet Wien
Augasse 2-6 Augasse 2-6
A-1090 Vienna, Austria A-1090 Vienna, Austria
Phone: +43 31336 4671 Phone: +43 31336 4671
Email: neumann@wu-wien.ac.at Email: neumann@wu-wien.ac.at
Intellectual Property Statement Intellectual Property Statement
The IETF takes no position regarding the validity or scope of any The IETF takes no position regarding the validity or scope of any
intellectual property or other rights that might be claimed to Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights this document or the extent to which any license under such rights
might or might not be available; neither does it represent that it might or might not be available; nor does it represent that it has
has made any effort to identify any such rights. Information on the made any independent effort to identify any such rights. Information
IETF's procedures with respect to rights in standards-track and on the procedures with respect to rights in RFC documents can be
standards-related documentation can be found in BCP-11. Copies of found in BCP 78 and BCP 79.
claims of rights made available for publication and any assurances of
licenses to be made available, or the result of an attempt made to Copies of IPR disclosures made to the IETF Secretariat and any
obtain a general license or permission for the use of such assurances of licenses to be made available, or the result of an
proprietary rights by implementors or users of this specification can attempt made to obtain a general license or permission for the use of
be obtained from the IETF Secretariat. such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary copyrights, patents or patent applications, or other proprietary
rights which may cover technology that may be required to practice rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF Executive this standard. Please address the information to the IETF at
Director. ietf-ipr@ietf.org.
Full Copyright Statement
Copyright (C) The Internet Society (2004). All Rights Reserved. Disclaimer of Validity
This document and translations of it may be copied and furnished to This document and the information contained herein are provided on an
others, and derivative works that comment on or otherwise explain it "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
or assist in its implementation may be prepared, copied, published OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
and distributed, in whole or in part, without restriction of any ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
kind, provided that the above copyright notice and this paragraph are INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
included on all such copies and derivative works. However, this INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
document itself may not be modified in any way, such as by removing WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
the copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of
developing Internet standards in which case the procedures for
copyrights defined in the Internet Standards process must be
followed, or as required to translate it into languages other than
English.
The limited permissions granted above are perpetual and will not be Copyright Statement
revoked by the Internet Society or its successors or assignees.
This document and the information contained herein is provided on an Copyright (C) The Internet Society (2004). This document is subject
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING to the rights, licenses and restrictions contained in BCP 78, and
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING except as set forth therein, the authors retain all their rights.
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Acknowledgment Acknowledgment
Funding for the RFC Editor function is currently provided by the Funding for the RFC Editor function is currently provided by the
Internet Society. Internet Society.
nnnn
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/