Network Working Group F. Templin, Ed. Internet-Draft Boeing Research & Technology Intended status: Standards Track January 11, 2021 Expires: July 15, 2021 The IPv6 Address-based DHCPv6 Unique Identifier (DUID-V6ADDR) draft-templin-duid-ipv6-01 Abstract This document defines a new DHCPv6 Unique Identifier (DUID) type called DUID-V6ADDR that contains a single 128 bit IPv6 address. DUID-V6ADDR makes it possible for devices to use suitably-derived unique IPv6 addresses to identify themselves to DHCPv6 servers and/or other network nodes. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on July 15, 2021. Copyright Notice Copyright (c) 2021 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Templin Expires July 15, 2021 [Page 1] Internet-Draft DUID-V6ADDR January 2021 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Background . . . . . . . . . . . . . . . . . . . . . . . . . 3 4. DUID-V6ADDR Format . . . . . . . . . . . . . . . . . . . . . 3 5. DUID-V6ADDR Uses . . . . . . . . . . . . . . . . . . . . . . 4 6. Relation to Other DUID Types . . . . . . . . . . . . . . . . 4 7. IPv6 Address Generation Method-Specific DUID Types . . . . . 5 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5 9. Security Considerations . . . . . . . . . . . . . . . . . . . 5 10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 5 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 6 11.1. Normative References . . . . . . . . . . . . . . . . . . 6 11.2. Informative References . . . . . . . . . . . . . . . . . 7 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 7 1. Introduction DHCP Unique Identifiers (DUIDs) are used in DHCPv6 control messages [RFC8415] to identify clients and servers (they may also be used in other protocol messages that import the format such as IPv6 Neighbor Discovery (IPv6 ND) [RFC4861]). This document defines a new DUID type containing a single valid IPv6 address [RFC8200] that has been suitably derived through some means to ensure uniqueness. The new DUID type is termed DUID-V6ADDR. Some methods of producing unique identifiers take care to ensure that the identifier is included in a well-formed IPv6 address. For example, the Host Identity Tag (HIT) [RFC7401][I-D.ietf-drip-rid] is a valid IPv6 address and therefore occupies the same 128-bit space as for any IPv6 address (in network byte order). Other IPv6 address generation methods [RFC7721] also assert uniqueness. The only distinction needed within the DUID space is therefore a new DUID type value indicating the presence of a single IPv6 address. DUID-V6ADDR allows devices to use suitably-derived IPv6 addresses to identify themselves to DHCPv6 servers and vice versa. The DUID- V6ADDR format makes no statement about the method used for generating the IPv6 address, but its use in control messages asserts that the address has been ensured unique through some unspecified means. Valid IPv6 address types include any unicast/anycast Global Unicast (GUA), Link-Local (LLA) or Unique-Local (ULA) address, with the specific address type identified by the subnet prefix per the IPv6 addressing architecture [RFC4193][RFC4291]. The following sections present the DUID-V6ADDR format and type designation. Templin Expires July 15, 2021 [Page 2] Internet-Draft DUID-V6ADDR January 2021 2. Terminology IETF keywords appear in [RFC2119][RFC8174]. 3. Background In DHCPv6, clients identify themselves to servers via DHCP Unique Identifiers (DUIDs) [RFC8415]. DUIDs are identifiers that DHCP servers treat as opaque objects with no internal structure. DUIDs are intended to be globally unique, with no two devices using the same DUID. Four DUIDs types have been defined previously: DUID-LLT the Link-Layer address of one of the device's network interfaces, concatenated with a timestamp. DUID-EN an Enterprise Number plus additional information specific to the enterprise. DUID-LL the Link-Layer address of one of the device's network interfaces. DUID-UUID used in situations where there is a Universally Unique IDentifier (UUID) stored in a device's firmware settings [RFC6355]. This document specifies a fifth DUID type, known as DUID-V6ADDR and identified by DUID-Type value TBD which distinguishes it from all other types. (Note: The DUID Type value allocation policy per IANA is "Standards Action".) 4. DUID-V6ADDR Format The DUID-V6ADDR is carried within control messages. It has the following format: Templin Expires July 15, 2021 [Page 3] Internet-Draft DUID-V6ADDR January 2021 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | DUID-Type (TBD) | IPv6 Address (128 bits) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | | | -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- Figure 1: DUID-V6ADDR Format DUID-Type - DUID-V6ADDR (TBD) - (16 bits) IPv6 Address - An IPv6 Address (128 bits) 5. DUID-V6ADDR Uses The DUID-V6ADDR may appear in DHCPv6 and/or other protocol control messages (such as IPv6 ND) within a service domain when a unique ID based on an IPv6 address is required. Clients and servers include a unique GUA/LLA/ULA as the IPv6 address according to the domain service model, where GUAs are assumed globally unique while LLAs and ULAs are assumed unique within the service domain but not necessarily globally unique. If multiple nodes within the service domain include the same GUA/LLA/ULA, the address assumes the properties of an anycast address. DUID-V6ADDR uses for IPv6 address types other than GUA/LLA/ULA are out of scope. 6. Relation to Other DUID Types DUID-V6ADDR differs in size, format and contents from DUID-LLT, DUID- EN and DUID-LL. DUID-V6ADDR shares the same size and format as DUID- UUID, however DUID-UUID includes a UUID which is by definition not an IPv6 address. (A case could be considered for allowing the existing DUID-UUID format to also include an IPv6 address (i.e., instead of a UUID), however this would require a domain-wide observation of the alternate use. It would further not be possible for software to distinguish a UUID from an IPv6 address, since UUIDs by definition do not honor the IPv6 addressing architecture.) Templin Expires July 15, 2021 [Page 4] Internet-Draft DUID-V6ADDR January 2021 7. IPv6 Address Generation Method-Specific DUID Types An alternative to defining a generic DUID-V6ADDR type for all manners of IPv6 addresses would be to define a specific DUID type for each IPv6 address generation method. This would result in the assignment of additional DUID type values as more and more IPv6 address generation methods become standards. While the DUID type value assigned number space is not a scarce commodity, assigning a new DUID type value for each new IPv6 address generation method as they become standards would require updates to widely-deployed legacy systems that only care that a valid IPv6 address is included and do not need to know the address generation method used. It should also be noted that different unique IPv6 address generation methods must presumably use a distinct IPv6 subnet prefix not shared by other address generation methods in order to avoid duplication. Hence, implementations that need to know the address generation method used can examine the IPv6 address subnet prefix in the DUID- V6ADDR in order to determine the address generation method. 8. IANA Considerations IANA is requested to assign a value TBD in the 'dhcpv6-parameters' registry for DUID-V6ADDR. 9. Security Considerations DHCP and other control message traffic such as IPv6 ND are sent in the clear. An eavesdropper residing on the path could therefore examine the traffic and obtain the unique IPv6 address asserted by a particular machine. This may raise some privacy issues but is not a new issue brought on by the use of the DUID type defined in this document. 10. Acknowledgements This work is aligned with the NASA Safe Autonomous Systems Operation (SASO) program under NASA contract number NNA16BD84C. This work is aligned with the FAA as per the SE2025 contract number DTFAWA-15-D-00030. This work is aligned with the Boeing Commercial Airplanes (BCA) Internet of Things (IoT) and autonomy programs. Templin Expires July 15, 2021 [Page 5] Internet-Draft DUID-V6ADDR January 2021 This work is aligned with the Boeing Information Technology (BIT) MobileNet program. 11. References 11.1. Normative References [I-D.ietf-drip-rid] Moskowitz, R., Card, S., Wiethuechter, A., and A. Gurtov, "UAS Remote ID", draft-ietf-drip-rid-06 (work in progress), December 2020. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . [RFC4193] Hinden, R. and B. Haberman, "Unique Local IPv6 Unicast Addresses", RFC 4193, DOI 10.17487/RFC4193, October 2005, . [RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing Architecture", RFC 4291, DOI 10.17487/RFC4291, February 2006, . [RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman, "Neighbor Discovery for IP version 6 (IPv6)", RFC 4861, DOI 10.17487/RFC4861, September 2007, . [RFC7401] Moskowitz, R., Ed., Heer, T., Jokela, P., and T. Henderson, "Host Identity Protocol Version 2 (HIPv2)", RFC 7401, DOI 10.17487/RFC7401, April 2015, . [RFC7721] Cooper, A., Gont, F., and D. Thaler, "Security and Privacy Considerations for IPv6 Address Generation Mechanisms", RFC 7721, DOI 10.17487/RFC7721, March 2016, . [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, . [RFC8200] Deering, S. and R. Hinden, "Internet Protocol, Version 6 (IPv6) Specification", STD 86, RFC 8200, DOI 10.17487/RFC8200, July 2017, . Templin Expires July 15, 2021 [Page 6] Internet-Draft DUID-V6ADDR January 2021 [RFC8415] Mrugalski, T., Siodelski, M., Volz, B., Yourtchenko, A., Richardson, M., Jiang, S., Lemon, T., and T. Winters, "Dynamic Host Configuration Protocol for IPv6 (DHCPv6)", RFC 8415, DOI 10.17487/RFC8415, November 2018, . 11.2. Informative References [RFC6355] Narten, T. and J. Johnson, "Definition of the UUID-Based DHCPv6 Unique Identifier (DUID-UUID)", RFC 6355, DOI 10.17487/RFC6355, August 2011, . Author's Address Fred L. Templin (editor) Boeing Research & Technology P.O. Box 3707 Seattle, WA 98124 USA Email: fltemplin@acm.org Templin Expires July 15, 2021 [Page 7]