draft-ietf-radext-dynamic-discovery-14.txt   draft-ietf-radext-dynamic-discovery-15.txt 
RADIUS Extensions Working Group S. Winter RADIUS Extensions Working Group S. Winter
Internet-Draft RESTENA Internet-Draft RESTENA
Intended status: Experimental M. McCauley Intended status: Experimental M. McCauley
Expires: October 12, 2015 AirSpayce Expires: November 1, 2015 AirSpayce
April 10, 2015 April 30, 2015
NAI-based Dynamic Peer Discovery for RADIUS/TLS and RADIUS/DTLS NAI-based Dynamic Peer Discovery for RADIUS/TLS and RADIUS/DTLS
draft-ietf-radext-dynamic-discovery-14 draft-ietf-radext-dynamic-discovery-15
Abstract Abstract
This document specifies a means to find authoritative RADIUS servers This document specifies a means to find authoritative RADIUS servers
for a given realm. It is used in conjunction with either RADIUS/TLS for a given realm. It is used in conjunction with either RADIUS/TLS
and RADIUS/DTLS. and RADIUS/DTLS.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
skipping to change at page 1, line 33 skipping to change at page 1, line 33
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on October 12, 2015. This Internet-Draft will expire on November 1, 2015.
Copyright Notice Copyright Notice
Copyright (c) 2015 IETF Trust and the persons identified as the Copyright (c) 2015 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 14, line 34 skipping to change at page 14, line 34
already be tainted. This makes subjectAltName:otherName:sRVName not already be tainted. This makes subjectAltName:otherName:sRVName not
a trusted comparison item. a trusted comparison item.
Further to this, this specification's NAPTR entries may be of type Further to this, this specification's NAPTR entries may be of type
"A" which do not involve resolution of any SRV records, which again "A" which do not involve resolution of any SRV records, which again
makes subjectAltName:otherName:sRVName unsuited for this purpose. makes subjectAltName:otherName:sRVName unsuited for this purpose.
This section defines the NAIRealm name as a form of otherName from This section defines the NAIRealm name as a form of otherName from
the GeneralName structure in SubjectAltName defined in [RFC5280]. the GeneralName structure in SubjectAltName defined in [RFC5280].
id-on-nai OBJECT IDENTIFIER ::= { id-on XXX } id-on-naiRealm OBJECT IDENTIFIER ::= { id-on XXX }
NAIRealm ::= UTF8String (SIZE (1..MAX)) ub-naiRealm-length INTEGER ::= 255
NAIRealm ::= UTF8String (SIZE (1..ub-naiRealm-length))
The NAIRealm, if present, MUST contain an NAI realm as defined in The NAIRealm, if present, MUST contain an NAI realm as defined in
[I-D.ietf-radext-nai]. It MAY substitute the leftmost dot-separated [I-D.ietf-radext-nai]. It MAY substitute the leftmost dot-separated
label of the NAI with the single character "*" to indicate a wildcard label of the NAI with the single character "*" to indicate a wildcard
match for "all labels in this part". Further features of regular match for "all labels in this part". Further features of regular
expressions, such as a number of characters followed by a * to expressions, such as a number of characters followed by a * to
indicate a common prefix inside the part, are not permitted. indicate a common prefix inside the part, are not permitted.
The comparison of an NAIRealm to the NAI realm as derived from user The comparison of an NAIRealm to the NAI realm as derived from user
input with this algorithm is a byte-by-byte comparison, except for input with this algorithm is a byte-by-byte comparison, except for
skipping to change at page 28, line 6 skipping to change at page 28, line 6
This document requires that a number of Object Identifiers be This document requires that a number of Object Identifiers be
assigned. They are now under the control of IANA following [RFC7299] assigned. They are now under the control of IANA following [RFC7299]
IANA is requested to assign the following identifiers: IANA is requested to assign the following identifiers:
TBD99 is to be assigned from the "SMI Security for PKIX Module TBD99 is to be assigned from the "SMI Security for PKIX Module
Identifier Registry". The suggested description is id-mod-nai- Identifier Registry". The suggested description is id-mod-nai-
realm-08. realm-08.
TBD98 is to be assigned from the "SMI Security for PKIX Other Name TBD98 is to be assigned from the "SMI Security for PKIX Other Name
Forms Registry." The suggested description is id-on-nai. Forms Registry." The suggested description is id-on-naiRealm.
RFC Editor Note: please replace the occurences of TBD98 and TBD99 in RFC Editor Note: please replace the occurences of TBD98 and TBD99 in
Appendix A of the document with the actually assigned numbers. Appendix A of the document with the actually assigned numbers.
8. References 8. References
8.1. Normative References 8.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
skipping to change at page 30, line 37 skipping to change at page 31, line 34
FROM PKIX1Implicit-2009 FROM PKIX1Implicit-2009
{iso(1) identified-organization(3) dod(6) internet(1) security(5) {iso(1) identified-organization(3) dod(6) internet(1) security(5)
mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-implicit-02(59)} mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-implicit-02(59)}
-- from RFC 5280, RFC 5912 -- from RFC 5280, RFC 5912
; ;
-- Service Name Object Identifier -- Service Name Object Identifier
id-on OBJECT IDENTIFIER ::= { id-pkix 8 } id-on OBJECT IDENTIFIER ::= { id-pkix 8 }
id-on-nai OBJECT IDENTIFIER ::= { id-on TBD98 } id-on-naiRealm OBJECT IDENTIFIER ::= { id-on TBD98 }
-- Service Name -- Service Name
naiRealm OTHER-NAME ::= { NAIRealm IDENTIFIED BY { id-on-nai }} naiRealm OTHER-NAME ::= { NAIRealm IDENTIFIED BY { id-on-naiRealm }}
NAIRealm ::= UTF8String (SIZE (1..MAX)) ub-naiRealm-length INTEGER ::= 255
NAIRealm ::= UTF8String (SIZE (1..ub-naiRealm-length))
END END
Authors' Addresses Authors' Addresses
Stefan Winter Stefan Winter
Fondation RESTENA Fondation RESTENA
6, rue Richard Coudenhove-Kalergi 6, rue Richard Coudenhove-Kalergi
Luxembourg 1359 Luxembourg 1359
LUXEMBOURG LUXEMBOURG
 End of changes. 9 change blocks. 
10 lines changed or deleted 14 lines changed or added

This html diff was produced by rfcdiff 1.42. The latest version is available from http://tools.ietf.org/tools/rfcdiff/