diff options
Diffstat (limited to 'doc/rfc2485.txt')
-rw-r--r-- | doc/rfc2485.txt | 227 |
1 files changed, 0 insertions, 227 deletions
diff --git a/doc/rfc2485.txt b/doc/rfc2485.txt deleted file mode 100644 index 752b03c5..00000000 --- a/doc/rfc2485.txt +++ /dev/null @@ -1,227 +0,0 @@ - - - - - - -Network Working Group S. Drach -Request for Comments: 2485 Sun Microsystems -Category: Standards Track January 1999 - - - - DHCP Option for The Open Group's User Authentication Protocol - -Status of this Memo - - This document specifies an Internet standards track protocol for the - Internet community, and requests discussion and suggestions for - improvements. Please refer to the current edition of the "Internet - Official Protocol Standards" (STD 1) for the standardization state - and status of this protocol. Distribution of this memo is unlimited. - -Copyright Notice - - Copyright (C) The Internet Society (1999). All Rights Reserved. - -Abstract - - This document defines a DHCP [1] option that contains a list of - pointers to User Authentication Protocol servers that provide user - authentication services for clients that conform to The Open Group - Network Computing Client Technical Standard [2]. - -Introduction - - The Open Group Network Computing Client Technical Standard, a product - of The Open Group's Network Computing Working Group (NCWG), defines a - network computing client user authentication facility named the User - Authentication Protocol (UAP). - - UAP provides two levels of authentication, basic and secure. Basic - authentication uses the Basic Authentication mechanism defined in the - HTTP 1.1 [3] specification. Secure authentication is simply basic - authentication encapsulated in an SSLv3 [4] session. - - In both cases, a UAP client needs to obtain the IP address and port - of the UAP service. Additional path information may be required, - depending on the implementation of the service. A URL [5] is an - excellent mechanism for encapsulation of this information since many - UAP servers will be implemented as components within legacy HTTP/SSL - servers. - - - - - - -Drach Standards Track [Page 1] - -RFC 2485 DCHP Option for the Open Group's UAP January 1999 - - - Most UAP clients have no local state and are configured when booted - through DHCP. No existing DHCP option [6] has a data field that - contains a URL. Option 72 contains a list of IP addresses for WWW - servers, but it is not adequate since a port and/or path can not be - specified. Hence there is a need for an option that contains a list - of URLs. - -User Authentication Protocol Option - - This option specifies a list of URLs, each pointing to a user - authentication service that is capable of processing authentication - requests encapsulated in the User Authentication Protocol (UAP). UAP - servers can accept either HTTP 1.1 or SSLv3 connections. If the list - includes a URL that does not contain a port component, the normal - default port is assumed (i.e., port 80 for http and port 443 for - https). If the list includes a URL that does not contain a path - component, the path /uap is assumed. - - 0 1 2 3 - 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 - +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - | Code | Length | URL list - +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - - Code 98 - - Length The length of the data field (i.e., URL list) in - bytes. - - URL list A list of one or more URLs separated by the ASCII - space character (0x20). - -References - - [1] Droms, R., "Dynamic Host Configuration Protocol", RFC 2131, - March 1997. - - [2] Technical Standard: Network Computing Client, The Open Group, - Document Number C801, October 1998. - - [3] Fielding, R., Gettys, J., Mogul, J., Frystyk, H., and T. - Berners-Lee, "Hypertext Transfer Protocol -- HTTP/1.1", RFC - 2068, January 1997. - - [4] Freier, A., Karlton, P., and P. Kocher, "The SSL Protocol, - Version 3.0", Netscape Communications Corp., November 1996. - Standards Information Base, The Open Group, - http://www.db.opengroup.org/sib.htm#SSL_3. - - - -Drach Standards Track [Page 2] - -RFC 2485 DCHP Option for the Open Group's UAP January 1999 - - - [5] Berners-Lee, T., Masinter, L., and M. McCahill, "Uniform - Resource Locators (URL)", RFC 1738, December 1994. - - [6] Alexander, S. and R. Droms, "DHCP Options and BOOTP Vendor - Extensions", RFC 2132, March 1997. - -Security Considerations - - DHCP currently provides no authentication or security mechanisms. - Potential exposures to attack are discussed in section 7 of the DHCP - protocol specification. - - The User Authentication Protocol does not have a means to detect - whether or not the client is communicating with a rogue - authentication service that the client contacted because it received - a forged or otherwise compromised UAP option from a DHCP service - whose security was compromised. Even secure authentication does not - provide relief from this type of attack. This security exposure is - mitigated by the environmental assumptions documented in the Network - Computing Client Technical Standard. - -Author's Address - - Steve Drach - Sun Microsystems, Inc. - 901 San Antonio Road - Palo Alto, CA 94303 - - Phone: (650) 960-1300 - EMail: drach@sun.com - - - - - - - - - - - - - - - - - - - - - -Drach Standards Track [Page 3] - -RFC 2485 DCHP Option for the Open Group's UAP January 1999 - - -Full Copyright Statement - - Copyright (C) The Internet Society (1999). All Rights Reserved. - - This document and translations of it may be copied and furnished to - others, and derivative works that comment on or otherwise explain it - or assist in its implementation may be prepared, copied, published - and distributed, in whole or in part, without restriction of any - kind, provided that the above copyright notice and this paragraph are - included on all such copies and derivative works. However, this - document itself may not be modified in any way, such as by removing - the copyright notice or references to the Internet Society or other - Internet organizations, except as needed for the purpose of - developing Internet standards in which case the procedures for - copyrights defined in the Internet Standards process must be - followed, or as required to translate it into languages other than - English. - - The limited permissions granted above are perpetual and will not be - revoked by the Internet Society or its successors or assigns. - - This document and the information contained herein is provided on an - "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING - TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING - BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION - HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF - MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. - - - - - - - - - - - - - - - - - - - - - - - - -Drach Standards Track [Page 4] - |