draft-ietf-crisp-firs-ipv6-01.txt   draft-ietf-crisp-firs-ipv6-02.txt 
INTERNET-DRAFT Eric A. Hall INTERNET-DRAFT Eric A. Hall
Document: draft-ietf-crisp-firs-ipv6-01.txt May 2003 Document: draft-ietf-crisp-firs-ipv6-02.txt July 2003
Expires: December, 2003 Expires: February, 2004
Category: Experimental Category: Experimental
Defining and Locating IPv6 Address Blocks Defining and Locating IPv6 Address Blocks
in the Federated Internet Registry Service in the Federated Internet Registry Service
Status of this Memo Status of this Memo
This document is an Internet-Draft and is in full conformance with This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC 2026. all provisions of Section 10 of RFC 2026.
skipping to change at line 44 skipping to change at line 44
Copyright (C) The Internet Society (2003). All Rights Reserved. Copyright (C) The Internet Society (2003). All Rights Reserved.
Abstract Abstract
This document defines LDAP schema and searching rules for IPv6 This document defines LDAP schema and searching rules for IPv6
address blocks, in support of the Federated Internet Registry address blocks, in support of the Federated Internet Registry
Service (FIRS) described in [FIRS-ARCH] and [FIRS-CORE]. Service (FIRS) described in [FIRS-ARCH] and [FIRS-CORE].
Table of Contents Table of Contents
1. Introduction..............................................2 1. Introduction...............................................2
2. Prerequisites and Terminology.............................2 2. Prerequisites and Terminology..............................2
3. Naming Syntax.............................................3 3. Naming Syntax..............................................3
4. Object Classes and Attributes.............................5 4. Object Classes and Attributes..............................4
5. Query Processing Rules....................................7 5. Query Processing Rules.....................................7
5.1. Query Pre-Processing...................................8 5.1. Query Pre-Processing....................................7
5.2. Query Bootstrapping....................................8 5.2. Query Bootstrapping.....................................8
5.3. LDAP Matching..........................................9 5.3. LDAP Matching...........................................8
5.4. Example Query.........................................10 5.4. Example Query..........................................10
6. Security Considerations..................................11 6. Security Considerations...................................11
7. IANA Considerations......................................11 7. IANA Considerations.......................................11
8. Author's Addresses.......................................11 8. Normative References......................................12
9. Normative References.....................................11 9. Changes from Previous Versions............................13
10. Acknowledgments..........................................12 10. Author's Address..........................................14
11. Changes from Previous Versions...........................12 11. Acknowledgments...........................................14
12. Full Copyright Statement.................................13 12. Full Copyright Statement..................................14
1. Introduction 1. Introduction
This specification defines the naming syntax, object classes, This specification defines the naming syntax, object classes,
attributes, matching filters, and query processing rules for attributes, matching filters, and query processing rules for
storing and locating IPv6 address blocks in the FIRS service. storing and locating IPv6 address blocks in the FIRS service.
Refer to [FIRS-ARCH] for information on the FIRS architecture and Refer to [FIRS-ARCH] for information on the FIRS architecture and
[FIRS-CORE] for the schema definitions and rules which govern the [FIRS-CORE] for the schema definitions and rules which govern the
FIRS service as a whole. FIRS service as a whole.
skipping to change at line 84 skipping to change at line 84
The definitions in this specification are intended to be used with The definitions in this specification are intended to be used with
FIRS. Their usage outside of FIRS is not prohibited, but any such FIRS. Their usage outside of FIRS is not prohibited, but any such
usage is beyond this specification's scope of authority. usage is beyond this specification's scope of authority.
2. Prerequisites and Terminology 2. Prerequisites and Terminology
The complete set of specifications in the FIRS collection The complete set of specifications in the FIRS collection
cumulative define a structured and distributed information service cumulative define a structured and distributed information service
using LDAPv3 for the data-formatting and transport functions. This using LDAPv3 for the data-formatting and transport functions. This
specification should be read in the context of the complete set of specification should be read in the context of that set, which
specifications, which currently include the following: currently includes [FIRS-ARCH], [FIRS-CORE], [FIRS-DNS],
[FIRS-DNSRR], [FIRS-CONTCT], [FIRS-ASN] and [FIRS-IPV4].
Hall I-D Expires: December 2003 [page 2]
draft-ietf-crisp-firs-arch-01, "The Federated Internet
Registry Service: Architecture and Implementation"
[FIRS-ARCH]
draft-ietf-crisp-firs-core-01, "The Federated Internet
Registry Service: Core Elements" [FIRS-CORE]
draft-ietf-crisp-firs-dns-01, "Defining and Locating DNS
Domains in the Federated Internet Registry Service"
[FIRS-DNS]
draft-ietf-crisp-firs-dnsrr-01, "Defining and Locating DNS
Resource Records in the Federated Internet Registry
Service" [FIRS-DNSRR]
draft-ietf-crisp-firs-contact-01, "Defining and Locating
Contact Persons in the Federated Internet Registry Service"
[FIRS-CONTCT]
draft-ietf-crisp-firs-asn-01, "Defining and Locating
Autonomous System Numbers in the Federated Internet
Registry Service" (this document) [FIRS-ASN]
draft-ietf-crisp-firs-ipv4-01, "Defining and Locating IPv4
Address Blocks in the Federated Internet Registry Service"
[FIRS-IPV4]
draft-ietf-crisp-firs-ipv6-01, "Defining and Locating IPv6
Address Blocks in the Federated Internet Registry Service"
[FIRS-IPV6]
Hall I-D Expires: February 2004 [page 2]
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL
NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL"
in this document are to be interpreted as described in RFC 2119. in this document are to be interpreted as described in RFC 2119.
3. Naming Syntax 3. Naming Syntax
The naming syntax for IPv4 address blocks in FIRS MUST follow the The naming syntax for IPv6 address blocks in FIRS MUST follow the
form of "cn=<inetIpv4NetworkSyntax>,cn=inetResources,<partition>", form of "cn=<inetIpv6NetworkSyntax>,cn=inetResources,<partition>",
where <inetIpv6NetworkSyntax > is the IPv6 address block resource, where <inetIpv6NetworkSyntaxf> is the IPv6 address block resource,
and where <partition> is a sequence of domainComponent relative and where <partition> is a sequence of domainComponent relative
distinguished names which identifies the scope of authority for distinguished names which identifies the scope of authority for
the selected directory partition. the selected directory partition.
The inetIpv6NetworkSyntax rules use the uncompressed, 32-nibble The inetIpv6NetworkSyntax rules use the uncompressed, 32-nibble
notation, terminated with a subnet "prefix". The network address notation, terminated with a subnet "prefix". The network address
Hall I-D Expires: December 2003 [page 3]
consists of eight sub-components, each of which are separated by a consists of eight sub-components, each of which are separated by a
colon character, and which each consist of four hexadecimal values colon character, and which each consist of four hexadecimal values
that represent one nibble. The entire sequence is followed by a that represent one nibble. The entire sequence is followed by a
"/" character and a three-digit decimal "prefix" value. "/" character and a three-digit decimal "prefix" value.
Entries which use the inetIpv6NetworkSyntax MUST use the starting Entries which use the inetIpv6NetworkSyntax MUST use the starting
address from a range of inclusive addresses, and MUST use CIDR address from a range of inclusive addresses, and MUST use CIDR
prefix notation. In this manner, it is possible to create an prefix notation. In this manner, it is possible to create an
inetIpv6Network entry for a range of addresses of any size inetIpv6Network entry for a range of addresses of any size
(including a single host). (including a single host).
skipping to change at line 165 skipping to change at line 133
input value to "3ffe:ffff:0000:0000:0000:0000:0000:0000/32" in input value to "3ffe:ffff:0000:0000:0000:0000:0000:0000/32" in
order to form a valid inetIpv6NetworkSyntax form. order to form a valid inetIpv6NetworkSyntax form.
An augmented BNF for this syntax is as follows: An augmented BNF for this syntax is as follows:
inetIpv6NetworkSyntax = inetIpv6Octet ":" inetIpv6Octet ":" inetIpv6NetworkSyntax = inetIpv6Octet ":" inetIpv6Octet ":"
inetIpv6Octet ":" inetIpv6Octet ":" inetIpv6Octet ":" inetIpv6Octet ":" inetIpv6Octet ":" inetIpv6Octet ":"
inetIpv6Octet ":" inetIpv6Octet ":" inetIpv6Octet "/" inetIpv6Octet ":" inetIpv6Octet ":" inetIpv6Octet "/"
inetIpv6Prefix inetIpv6Prefix
Hall I-D Expires: February 2004 [page 3]
inetIpv6Octet = 4*4nibblePart inetIpv6Octet = 4*4nibblePart
nibblePart = hexadecimal digit between "0" and "F" inclusive nibblePart = hexadecimal digit between "0" and "F" inclusive
inetIpv6Prefix = decimal value between "1" and "128" inetIpv6Prefix = decimal value between "1" and "128"
inclusive, with the non-affective leading zeroes removed inclusive, with the non-affective leading zeroes removed
The inetIpv6NetworkSyntax syntax is as follows: The inetIpv6NetworkSyntax syntax is as follows:
inetIpv6NetworkSyntax inetIpv6NetworkSyntax
( 1.3.6.1.4.1.7161.1.3.1 NAME 'inetIpv6NetworkSyntax' DESC ( 1.3.6.1.4.1.7161.1.6.0 NAME 'inetIpv6NetworkSyntax' DESC
'An IPv6 address and prefix.' ) 'An IPv6 address and prefix.' )
For example, an IPv6 network with a range of addresses between For example, an IPv6 network with a range of addresses between
"3ffe:ffff::" and "3ffe:ffff:ffff:ffff:ffff:ffff:ffff:ffff" would "3ffe:ffff::" and "3ffe:ffff:ffff:ffff:ffff:ffff:ffff:ffff" would
be written as "cn=3ffe:ffff:0000:0000:0000:0000:0000:0000/32". be written as "cn=3ffe:ffff:0000:0000:0000:0000:0000:0000/32".
Hall I-D Expires: December 2003 [page 4]
Similarly, a host address of "3ffe:ffff::1:2:3:4" would be written Similarly, a host address of "3ffe:ffff::1:2:3:4" would be written
as "cn=3ffe:ffff:0000:0000:0001:0002:0003:0004/128". as "cn=3ffe:ffff:0000:0000:0001:0002:0003:0004/128".
Note that the entry name of Note that the entry name of
"cn=0000:0000:0000:0000:0000:0000:0000:0000/0" encompasses the "cn=0000:0000:0000:0000:0000:0000:0000:0000/0" encompasses the
entire IPv6 address space. entire IPv6 address space.
Note that the use of "/" is illegal as data in URLs, and MUST be Note that the use of "/" is illegal as data in URLs, and MUST be
escaped before it is stored in a URL as data. escaped before it is stored in a URL as data.
skipping to change at line 209 skipping to change at line 176
exists as a referral source, the entry MUST also be defined with exists as a referral source, the entry MUST also be defined with
the referral object class, in addition to the above requirements. the referral object class, in addition to the above requirements.
The inetIpv6Network object class is a structural object class The inetIpv6Network object class is a structural object class
which is subordinate to the inetResources object class. The which is subordinate to the inetResources object class. The
inetIpv6Network object class has no mandatory attributes, although inetIpv6Network object class has no mandatory attributes, although
it does have several optional attributes. The inetIpv6Network it does have several optional attributes. The inetIpv6Network
object class also inherits the attributes defined in the object class also inherits the attributes defined in the
inetResources object class, including the "cn" naming attribute. inetResources object class, including the "cn" naming attribute.
Hall I-D Expires: February 2004 [page 4]
The schema definition for the inetIpv6Network object class is as The schema definition for the inetIpv6Network object class is as
follows: follows:
inetIpv6Network inetIpv6Network
( 1.3.6.1.4.1.7161.1.3.0 NAME 'inetIpv6Network' DESC 'IPv6 ( 1.3.6.1.4.1.7161.1.6.1
network attributes.' SUP inetResources STRUCTURAL MAY ( NAME 'inetIpv6Network'
inetIpv6DelegationStatus $ inetIpv6DelegationDate $ DESC 'IPv6 network attributes.'
SUP inetResources
STRUCTURAL
MAY ( inetIpv6DelegationStatus $ inetIpv6DelegationDate $
inetIpv6Registrar $ inetIpv6Registry $ inetIpv6Contacts $ inetIpv6Registrar $ inetIpv6Registry $ inetIpv6Contacts $
inetIpv6RoutingContacts ) ) inetIpv6RoutingContacts ) )
The attributes from the inetIpv6Network object class are described The attributes from the inetIpv6Network object class are described
below: below:
inetIpv6Contacts inetIpv6Contacts
( 1.3.6.1.4.1.7161.1.3.2 NAME 'inetIpv6Contacts' DESC ( 1.3.6.1.4.1.7161.1.6.2
'Contacts for general administrative issues concerning this NAME 'inetIpv6Contacts'
IPv6 address block.' EQUALITY caseIgnoreMatch SYNTAX DESC 'Contacts for general administrative issues concerning
inetContactSyntax ) this IPv6 address block.'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.7161.1.7.1 )
Hall I-D Expires: December 2003 [page 5]
inetIpv6DelegationDate inetIpv6DelegationDate
( 1.3.6.1.4.1.7161.1.3.3 NAME 'inetIpv6DelegationDate' DESC ( 1.3.6.1.4.1.7161.1.6.3
'Date this IPv6 address block was delegated.' EQUALITY NAME 'inetIpv6DelegationDate'
generalizedTimeMatch ORDERING generalizedTimeOrderingMatch DESC 'Date this IPv6 address block was delegated.'
SYNTAX generalizedTime SINGLE-VALUE ) EQUALITY generalizedTimeMatch
ORDERING generalizedTimeOrderingMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
SINGLE-VALUE )
inetIpv6DelegationStatus inetIpv6DelegationStatus
( 1.3.6.1.4.1.7161.1.3.4 NAME 'inetIpv6DelegationStatus' DESC ( 1.3.6.1.4.1.7161.1.6.4
'Delegation status of this IPv6 address block.' EQUALITY NAME 'inetIpv6DelegationStatus'
numericStringMatch SYNTAX numericString{2} SINGLE-VALUE ) DESC 'Delegation status of this IPv6 address block.'
EQUALITY numericStringMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{2}
SINGLE-VALUE )
Hall I-D Expires: February 2004 [page 5]
NOTE: In an effort to facilitate internationalization and NOTE: In an effort to facilitate internationalization and
programmatic processing, the current status of a delegation programmatic processing, the current status of a delegation
is identified by a 16-bit integer. The values and status is identified by a 16-bit integer. The values and status
mapping is as follows: mapping is as follows:
0 Reserved delegation (permanently inactive) 0 Reserved delegation (permanently inactive)
1 Assigned and active (normal state) 1 Assigned and active (normal state)
2 Assigned but not yet active (new delegation) 2 Assigned but not yet active (new delegation)
3 Assigned but on hold (disputed) 3 Assigned but on hold (disputed)
4 Assignment revoked (database purge pending) 4 Assignment revoked (database purge pending)
Additional values are reserved for future use, and are to Additional values are reserved for future use, and are to
be administered by IANA. be administered by IANA.
Note that there is no status code for "unassigned"; Note that there is no status code for "unassigned";
unassigned entries SHOULD NOT exist, and SHOULD NOT be unassigned entries SHOULD NOT exist, and SHOULD NOT be
returned as answers. returned as answers.
inetIpv6Registrar inetIpv6Registrar
( 1.3.6.1.4.1.7161.1.3.5 NAME 'inetIpv6Registrar' DESC ( 1.3.6.1.4.1.7161.1.6.5
'Registrar who delegated this IPv6 address block.' EQUALITY NAME 'inetIpv6Registrar'
caseIgnoreMatch SYNTAX directoryString ) DESC 'Registrar who delegated this IPv6 address block.'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
NOTE: The inetIpv6Registrar attribute uses a URL to NOTE: The inetIpv6Registrar attribute uses a URL to
indicate the registrar who delegated the address block. The indicate the registrar who delegated the address block. The
attribute structure is identical to the labeledURI attribute structure is identical to the labeledURI
attribute, as defined in [RFC2798], including the URL and attribute, as defined in [RFC2798], including the URL and
textual comments. The data can refer to any valid URL. textual comments. The data can refer to any valid URL.
inetIpv6Registry inetIpv6Registry
( 1.3.6.1.4.1.7161.1.3.6 NAME 'inetIpv6Registry' DESC ( 1.3.6.1.4.1.7161.1.6.6
'Registry where this IPv6 address block is managed.' NAME 'inetIpv6Registry'
EQUALITY caseIgnoreMatch SYNTAX directoryString ) DESC 'Registry where this IPv6 address block is managed.'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
Hall I-D Expires: December 2003 [page 6]
NOTE: The inetIpv6Registry attribute uses a URL to indicate NOTE: The inetIpv6Registry attribute uses a URL to indicate
the registry who is ultimately responsible for the address the registry who is ultimately responsible for the address
block. The attribute structure is identical to the block. The attribute structure is identical to the
labeledURI attribute, as defined in [RFC2798], including labeledURI attribute, as defined in [RFC2798], including
the URL and textual comments. The data can refer to any the URL and textual comments. The data can refer to any
valid URL. valid URL.
Hall I-D Expires: February 2004 [page 6]
inetIpv6RoutingContacts inetIpv6RoutingContacts
( 1.3.6.1.4.1.7161.1.3.7 NAME 'inetIpv6RoutingContacts' DESC ( 1.3.6.1.4.1.7161.1.6.7
'Contacts for routing-related problems with this IPv4 NAME 'inetIpv6RoutingContacts'
address block.' EQUALITY caseExactMatch SYNTAX DESC 'Contacts for routing-related problems with this IP6
inetContactSyntax ) address block.'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.7161.1.7.1 )
An example of the inetIpv6Network object class is shown in Figure An example of the inetIpv6Network object class is shown in Figure
1 below. The example includes attributes from the inetIpv6Network, 1 below. The example includes attributes from the inetIpv6Network,
inetResources, and inetAssociatedResources object classes. inetResources, and inetAssociatedResources object classes.
cn=3ffe:ffff:0000:0000:0000:0000:0000:0000/32, cn=3ffe:ffff:0000:0000:0000:0000:0000:0000/32,
cn=inetResources,dc=arin,dc=net cn=inetResources,dc=arin,dc=net
[top object class] [top object class]
[inetResources object class] [inetResources object class]
[inetIpv6Network object class] [inetIpv6Network object class]
skipping to change at line 321 skipping to change at line 306
Figure 1: The 3ffe:ffff:0000:0000:0000:0000:0000:0000/32 address Figure 1: The 3ffe:ffff:0000:0000:0000:0000:0000:0000/32 address
block in the dc=arin,dc=net directory partition. block in the dc=arin,dc=net directory partition.
5. Query Processing Rules 5. Query Processing Rules
Queries for IPv6 address blocks have several special requirements, Queries for IPv6 address blocks have several special requirements,
as discussed in the following sections. as discussed in the following sections.
Refer to [FIRS-CORE] for general information about FIRS queries. Refer to [FIRS-CORE] for general information about FIRS queries.
Hall I-D Expires: December 2003 [page 7]
5.1. Query Pre-Processing 5.1. Query Pre-Processing
Clients MUST ensure that the query input is normalized according Clients MUST ensure that the query input is normalized according
to the rules specified in section 3 before the input is used as to the rules specified in section 3 before the input is used as
the assertion value to the resulting LDAP query. the assertion value to the resulting LDAP query.
Hall I-D Expires: February 2004 [page 7]
The authoritative partition for an IPv6 address block is The authoritative partition for an IPv6 address block is
determined by mapping the normalized input to an associated determined by mapping the normalized input to an associated
reverse-lookup DNS domain name (using the process as defined in reverse-lookup DNS domain name (using the process as defined in
RFC 1886 [RFC1886], as amended by RFC 3152 [RFC3152]), and then RFC 1886 [RFC1886], as amended by RFC 3152 [RFC3152]), and then
mapping the resulting DNS domain name to a sequence of mapping the resulting DNS domain name to a sequence of
domainComponent labels. The subnet prefix sequence MUST be domainComponent labels. The subnet prefix sequence MUST be
stripped from the input address block as part of this mapping stripped from the input address block as part of this mapping
process (note that these rules only apply to the mapping process process (note that these rules only apply to the mapping process
by which an authoritative partition is constructed, and does not by which an authoritative partition is constructed, and does not
apply to the process by which the entry-specific relative apply to the process by which the entry-specific relative
skipping to change at line 355 skipping to change at line 340
"3ffe:ffff:0000:0000:0000:0000:0000:0000/32" would be mapped to "3ffe:ffff:0000:0000:0000:0000:0000:0000/32" would be mapped to
the reverse-lookup DNS domain name of the reverse-lookup DNS domain name of
"0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.f.f.f.f.e.f.f.3. "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.f.f.f.f.e.f.f.3.
ip6.arpa." which would in turn be mapped to "dc=0,dc=0,dc=0,dc=0, ip6.arpa." which would in turn be mapped to "dc=0,dc=0,dc=0,dc=0,
dc=0,dc=0,dc=0,dc=0,dc=0,dc=0,dc=0,dc=0,dc=0,dc=0,dc=0,dc=0,dc=0, dc=0,dc=0,dc=0,dc=0,dc=0,dc=0,dc=0,dc=0,dc=0,dc=0,dc=0,dc=0,dc=0,
dc=0,dc=0,dc=0,dc=0,dc=0,dc=0,dc=0,dc=f,dc=f,dc=f,dc=f,dc=e,dc=f, dc=0,dc=0,dc=0,dc=0,dc=0,dc=0,dc=0,dc=f,dc=f,dc=f,dc=f,dc=e,dc=f,
dc=f,dc=3,dc=ip6,dc=arpa". dc=f,dc=3,dc=ip6,dc=arpa".
5.2. Query Bootstrapping 5.2. Query Bootstrapping
FIRS clients MUST use the top-down bootstrap model by default for FIRS clients MUST use the targeted bootstrap model by default for
IPv6 address block queries. As such, the search base for default IPv6 address block queries, using the "ip6.arpa" zone as the seed
queries would be set to "dc=arpa" rather than being set to the domain for the initial query.
fully-qualified distinguished name of the authoritative partition.
FIRS clients MAY use the targeted or bottom-up bootstrap models FIRS clients MAY use the top-down or bottom-up bootstrap models
for queries if necessary or desirable. However, it is not likely for queries if necessary or desirable. However, it is not likely
that entries will be found for all IPv6 address block resources that entries will be found for all IPv6 address block resources
using these models. As such, the top-down bootstrap model will be using these models. As such, the targeted bootstrap model will be
the most useful in most cases, and MUST be used by default. the most useful in most cases, and MUST be used by default.
Hall I-D Expires: December 2003 [page 8]
5.3. LDAP Matching 5.3. LDAP Matching
FIRS clients MUST use the inetIpv6NetworkMatch extensible matching If the server advertises the inetIpv6Network object class in the
filter in LDAP searches for IPv6 address block entries. firsVersion server control, FIRS clients MUST use the
inetIpv6NetworkMatch extensible matching filter in LDAP searches
for Ipv6 network entries.
Hall I-D Expires: February 2004 [page 8]
The inetIpv6NetworkMatch filter provides an identifier and search The inetIpv6NetworkMatch filter provides an identifier and search
string format which collectively inform a queried server that a string format which collectively inform a queried server that a
specific IPv6 address should be searched for, and that any specific IPv6 address should be searched for, and that any
matching inetIpv6network object class entries should be returned. matching inetIpv6network object class entries should be returned.
The inetIpv6NetworkMatch extensibleMatch filter is defined as The inetIpv6NetworkMatch extensibleMatch filter is defined as
follows: follows:
inetIpv6NetworkMatch inetIpv6NetworkMatch
( 1.3.6.1.4.1.7161.1.3.8 NAME 'inetIpv6NetworkMatch' SYNTAX ( 1.3.6.1.4.1.7161.1.0.6 NAME 'inetIpv6NetworkMatch' SYNTAX
inetIpv6NetworkSyntax ) inetIpv6NetworkSyntax )
The assertion value MUST be a normalized IPv6 address, using the The assertion value MUST be a normalized IPv6 address, using the
inetIpv4NetworkSyntax defined in section 3. inetIpv6NetworkSyntax defined in section 3.
A FIRS server MUST compare the assertion value against the RDN of A FIRS server MUST compare the assertion value against the RDN of
all entries in the inetResources container of the partition all entries in the inetResources container of the partition
specified in the search base which have an object class of specified in the search base which have an object class of
inetIpv6Network. Any entry with an object class of inetIpv6Network inetIpv6Network. Any entry with an object class of inetIpv6Network
and with a relative distinguished name which clearly encompasses and with a relative distinguished name which clearly encompasses
the IPv6 address provided in the assertion value MUST be returned. the IPv6 address provided in the assertion value MUST be returned.
Entries which do not clearly encompass the queried address MUST Entries which do not clearly encompass the queried address MUST
NOT be returned. Entries which do not have an object class of NOT be returned. Entries which do not have an object class of
inetIpv6Network MUST NOT be returned. inetIpv6Network MUST NOT be returned.
In order to ensure that all of the relevant entries are found In order to ensure that all of the relevant entries are found
(including any referrals), the search filters for these resources (including any referrals), the search filters for these resources
MUST specify the inetIpv6Network object class along with the MUST specify the inetIpv6Network object class along with the
search criteria. For example, "(&(objectclass=inetIpv6Network) search criteria. For example, "(&(objectclass=inetIpv6Network)
(1.3.6.1.4.1.7161.1.3.8:= (1.3.6.1.4.1.7161.1.6.8:=
3ffe:ffff:0000:0000:0000:0000:0000:0000/32))" with a search base 3ffe:ffff:0000:0000:0000:0000:0000:0000/32))" with a search base
of "cn=inetResources,dc=arin,dc=net" would find all of the of "cn=inetResources,dc=arin,dc=net" would find all of the
inetIpv6Network object class entries which were superior to the inetIpv6Network object class entries which were superior to the
"3ffe:ffff:0000:0000:0000:0000:0000:0000/32" address block in the "3ffe:ffff:0000:0000:0000:0000:0000:0000/32" address block in the
"dc=arin,dc=net" partition. "dc=arin,dc=net" partition.
Note that the entry name of Note that the entry name of
"cn=0000:0000:0000:0000:0000:0000:0000:0000/0" encompasses the "cn=0000:0000:0000:0000:0000:0000:0000:0000/0" encompasses the
entire IPv6 address space. When used in conjunction with entire IPv6 address space. When used in conjunction with
referrals, this entry MAY be used to redirect all referrals, this entry MAY be used to redirect all
Hall I-D Expires: December 2003 [page 9]
inetIpv6NetworkMatch queries to another partition for subsequent inetIpv6NetworkMatch queries to another partition for subsequent
processing. processing.
The matching filters defined in this specification MUST be The matching filters defined in this specification MUST be
supported by FIRS clients and servers. FIRS servers MAY support supported by FIRS clients and servers. FIRS servers MAY support
additional sub-string filters, soundex filters, or any other additional sub-string filters, soundex filters, or any other
Hall I-D Expires: February 2004 [page 9]
filters they wish (these may be required to support generic LDAP filters they wish (these may be required to support generic LDAP
clients), although FIRS clients MUST NOT expect any additional clients), although FIRS clients MUST NOT expect any additional
filters to be available. filters to be available.
If the server does not advertise support for the inetIpv6Network
object class in the firsVersion server control, the client MAY
choose to emulate this matching process through the use of
locally-constructed filters. Since the inetIpv6NetworkMatch filter
simply locates all of the entries in the delegation path to the
named network, it is possible that a client could emulate this
query by generating distinct queries for any entries associated
with the parent networks.
For example, if the user asked for information about the
"3ffe:ffff:0000:0000:0000:0000:0000:0000/32" network resource but
the server does not advertise support for the inetIpv6Network
object class, the client could theoretically issue secondary
queries for inetIpv6Network entries with cn attributes that begin
with "3ffe:ffff:0000:0000:" or the like.
Unfortunately, this kind of matching is not guaranteed to work in
most situations, and clients also need to be careful not to issue
overly-broad queries that match all answers. As such, if the
server advertises support for the inetIpv6Network object class in
the firsVersion control, then the client MUST use the
inetIpv6NetworkMatch filter defined above.
5.4. Example Query 5.4. Example Query
The following example assumes that the user has specified The following example assumes that the user has specified
"3ffe:ffff:0000:0000:0000:0000:0000:0000/32" as the query value: "3ffe:ffff:0000:0000:0000:0000:0000:0000/32" as the query value:
a. Normalize the input, which is a. Normalize the input, which is
"3ffe:ffff:0000:0000:0000:0000:0000:0000/32" in this case. "3ffe:ffff:0000:0000:0000:0000:0000:0000/32" in this case.
b. Determine the authoritative partition. b. Determine the canonical authoritative partition.
1. Map the input sequence to the reverse-lookup domain 1. Map the input sequence to the reverse-lookup domain
name, which is "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0. name, which is "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.f.f.f.f.e.f.f.3.ip6.arpa." in this case. 0.0.0.0.0.0.f.f.f.f.e.f.f.3.ip6.arpa." in this case.
2. Map the domain name to an authoritative partition, 2. Determine the domain name which is appropriate for the
which is "dc=0,dc=0,dc=0,dc=0,dc=0,dc=0,dc=0,dc=0, bootstrap model in use. In the default case of a
dc=0,dc=0,dc=0,dc=0,dc=0,dc=0,dc=0,dc=0,dc=0,dc=0, targeted query, use the label sequence of "ip6.arpa".
dc=0,dc=0,dc=0,dc=0,dc=0,dc=0,dc=f,dc=f,dc=f,dc=f, In the case of a bottom-up query, use the label
dc=e,dc=f,dc=f,dc=3,dc=ip6,dc=arpa" in this case. By
default, queries for IPv6 address blocks use the top- Hall I-D Expires: February 2004 [page 10]
down model, meaning that the right-most relative sequence determined in step 5.4.b.1. In the case of a
distinguished name of "dc=arpa" will be used as the top-down query, set the domain name to "arpa".
authoritative partition.
3. Map the domain name to an authoritative partition,
which would be "dc=ip6,dc=arpa" if the default
bootstrap model were in use.
c. Determine the search base for the query, which will be c. Determine the search base for the query, which will be
"cn=inetResources,dc=arpa" if the defaults are used. "cn=inetResources,dc=ip6,dc=arpa" if the defaults are used.
d. Initiate a DNS lookup for the SRV resource records d. Initiate a DNS lookup for the SRV resource records
associated with "_ldap._tcp.arpa." For the purpose of this associated with "_ldap._tcp.ip6.arpa." For the purpose of
example, assume that this lookup succeeds, with the DNS this example, assume that this lookup succeeds, with the
response message indicating that "firs.iana.org" is the DNS response message indicating that "firs.iana.org" is the
preferred LDAP server. preferred LDAP server.
e. Submit an LDAPv3 query to the specified server, using e. Submit an LDAPv3 query to the specified server, using
"(&(objectClass=inetIpv6Network)(1.3.6.1.4.1.7161.1.3.8:= "(&(objectClass=inetIpv6Network)(1.3.6.1.4.1.7161.1.6.8:=
3ffe:ffff:0000:0000:0000:0000:0000:0000/32)" as the 3ffe:ffff:0000:0000:0000:0000:0000:0000/32)" as the
matching filter, "cn=inetResources,dc=ip6,dc=arpa" as the
Hall I-D Expires: December 2003 [page 10] search base, and the global query defaults defined in
matching filter, "cn=inetResources,dc=arpa" as the search [FIRS-CORE].
base, and the global query defaults defined in [FIRS-CORE].
f. Assume that no referrals are received. Display the answer f. Assume that no referrals are received. Display the answer
data which has been received and exit the query. data which has been received and exit the query.
6. Security Considerations 6. Security Considerations
Security considerations are discussed in [FIRS-ARCH]. Security considerations are discussed in [FIRS-ARCH].
7. IANA Considerations 7. IANA Considerations
IANA considerations are discussed in [FIRS-ARCH]. This specification uses the "dc=ip6,dc=arpa" directory partition
by default. It is expected that authoritative LDAP partitions will
be mapped to that zone, and that FIRS-capable LDAP servers will be
established to service this partition, with this partition
containing IPv6-specific entries which will provide referrals to
the appropriate RIR partitions. It is further expected that IANA
will oversee the creation and management of the ip6.arpa domain's
LDAP SRV resource records, the "dc=ip6,dc=arpa" LDAP partition,
and the necessary LDAP servers.
8. Author's Addresses The inetIpv6DelegationStatus attribute uses numeric code values.
It is expected that IANA will manage the assignment of these
values.
Eric A. Hall Hall I-D Expires: February 2004 [page 11]
ehall@ehsco.com Additional IANA considerations are discussed in [FIRS-ARCH].
9. Normative References 8. Normative References
[RFC1886] Thomson, S., and Huitema, C. "DNS Extensions [RFC1886] Thomson, S., and Huitema, C. "DNS Extensions
to support IP version 6", RFC 1886, December to support IP version 6", RFC 1886, December
1995. 1995.
[RFC2247] Kille, S., Wahl, M., Grimstad, A., Huber, R., [RFC2247] Kille, S., Wahl, M., Grimstad, A., Huber, R.,
and Sataluri, S. "Using Domains in LDAP/X.500 and Sataluri, S. "Using Domains in LDAP/X.500
DNs", RFC 2247, January 1998. DNs", RFC 2247, January 1998.
[RFC2251] Wahl, M., Howes, T., and Kille, S. [RFC2251] Wahl, M., Howes, T., and Kille, S.
skipping to change at line 508 skipping to change at line 529
December 1997. December 1997.
[RFC2254] Howes, T. "The String Representation of LDAP [RFC2254] Howes, T. "The String Representation of LDAP
Search Filters", RFC 2254, December 1997. Search Filters", RFC 2254, December 1997.
[RFC3152] Bush, R. "Delegation of IP6.ARPA", RFC 3152, [RFC3152] Bush, R. "Delegation of IP6.ARPA", RFC 3152,
August 2001. August 2001.
[FIRS-ARCH] Hall, E. "The Federated Internet Registry [FIRS-ARCH] Hall, E. "The Federated Internet Registry
Service: Architecture and Implementation Service: Architecture and Implementation
Guide", draft-ietf-crisp-firs-arch-01, May Guide", draft-ietf-crisp-firs-arch-02, July
2003. 2003.
Hall I-D Expires: December 2003 [page 11]
[FIRS-ASN] Hall, E. "Defining and Locating Autonomous [FIRS-ASN] Hall, E. "Defining and Locating Autonomous
System Numbers in the Federated Internet System Numbers in the Federated Internet
Registry Service", draft-ietf-crisp-firs-asn- Registry Service", draft-ietf-crisp-firs-asn-
01, May 2003. 02, July 2003.
[FIRS-CONTCT] Hall, E. "Defining and Locating Contact [FIRS-CONTCT] Hall, E. "Defining and Locating Contact
Persons in the Federated Internet Registry Persons in the Federated Internet Registry
Service", draft-ietf-crisp-firs-contact-01, Service", draft-ietf-crisp-firs-contact-02,
May 2003. July 2003.
[FIRS-CORE] Hall, E. "The Federated Internet Registry [FIRS-CORE] Hall, E. "The Federated Internet Registry
Service: Core Elements", draft-ietf-crisp- Service: Core Elements", draft-ietf-crisp-
firs-core-01, May 2003. firs-core-02, July 2003.
[FIRS-DNS] Hall, E. "Defining and Locating DNS Domains in [FIRS-DNS] Hall, E. "Defining and Locating DNS Domains in
the Federated Internet Registry Service", the Federated Internet Registry Service",
draft-ietf-crisp-firs-dns-01, May 2003. draft-ietf-crisp-firs-dns-02, July 2003.
Hall I-D Expires: February 2004 [page 12]
[FIRS-DNSRR] Hall, E. "Defining and Locating DNS Resource [FIRS-DNSRR] Hall, E. "Defining and Locating DNS Resource
Records in the Federated Internet Registry Records in the Federated Internet Registry
Service", draft-ietf-crisp-firs-dnsrr-01, May Service", draft-ietf-crisp-firs-dnsrr-02, July
2003. 2003.
[FIRS-IPV4] Hall, E. "Defining and Locating IPv4 Address [FIRS-IPV4] Hall, E. "Defining and Locating IPv4 Address
Blocks in the Federated Internet Registry Blocks in the Federated Internet Registry
Service", draft-ietf-crisp-firs-ipv4-01, May Service", draft-ietf-crisp-firs-ipv4-02, July
2003. 2003.
[FIRS-IPV6] Hall, E. "Defining and Locating IPv6 Address [FIRS-IPV6] Hall, E. "Defining and Locating IPv6 Address
Blocks in the Federated Internet Registry Blocks in the Federated Internet Registry
Service", draft-ietf-crisp-firs-ipv6-01, May Service", draft-ietf-crisp-firs-ipv6-02, July
2003. 2003.
10. Acknowledgments 9. Changes from Previous Versions
Funding for the RFC editor function is currently provided by the draft-ietf-crisp-firs-ipv6-02:
Internet Society.
Portions of this document were funded by Verisign Labs. * Several clarifications and corrections have been made.
The first version of this specification was co-authored by Andrew * Changed the default bootstrap model to use targeted
Newton of Verisign Labs, and subsequent versions continue to be queries, with "ip6.arpa" as the default zone and
developed with his active participation. "dc=ip6,dc=arpa" as the default partition.
11. Changes from Previous Versions * Several attributes had their OIDs changed. NOTE THAT THIS
IS AN INTERNET DRAFT, AND THAT THE OIDS ARE SUBJECT TO
ADDITIONAL CHANGES AS THIS DOCUMENT IS EDITED.
draft-ietf-crisp-firs-ipv6-01: draft-ietf-crisp-firs-ipv6-01:
* Several clarifications and corrections have been made. * Several clarifications and corrections have been made.
Hall I-D Expires: December 2003 [page 12]
draft-ietf-crisp-firs-ipv6-00: draft-ietf-crisp-firs-ipv6-00:
* Restructured the document set. * Restructured the document set.
* "Attribute references" have been eliminated from the * "Attribute references" have been eliminated from the
specification. All referential attributes now provide specification. All referential attributes now provide
actual data instead of URL pointers to data. Clients that actual data instead of URL pointers to data. Clients that
wish to retrieve these values will need to start new wish to retrieve these values will need to start new
queries using the data values instead of URLs. queries using the data values instead of URLs.
* The attribute-specific operational attributes have been * The attribute-specific operational attributes have been
eliminated as unnecessary. eliminated as unnecessary.
* The inetIpv6Registrar and inetIpv6Registry attributes were * The inetIpv6Registrar and inetIpv6Registry attributes were
added. added.
Hall I-D Expires: February 2004 [page 13]
* Several attributes had their OIDs changed. NOTE THAT THIS * Several attributes had their OIDs changed. NOTE THAT THIS
IS AN INTERNET DRAFT, AND THAT THE OIDS ARE SUBJECT TO IS AN INTERNET DRAFT, AND THAT THE OIDS ARE SUBJECT TO
ADDITIONAL CHANGES AS THIS DOCUMENT IS EDITED. ADDITIONAL CHANGES AS THIS DOCUMENT IS EDITED.
* Several typographical errors have been fixed. * Several typographical errors have been fixed.
* Some unnecessary text has been removed. * Some unnecessary text has been removed.
10. Author's Address
Eric A. Hall
ehall@ehsco.com
11. Acknowledgments
Funding for the RFC editor function is currently provided by the
Internet Society.
Portions of this document were funded by VeriSign Labs.
The first version of this specification was co-authored by Andrew
Newton of VeriSign Labs, and subsequent versions continue to be
developed with his active participation. Edward Lewis also
contributed significant feedback to this specification in the
later stages of its developments.
12. Full Copyright Statement 12. Full Copyright Statement
Copyright (C) The Internet Society (2003). All Rights Reserved. Copyright (C) The Internet Society (2003). All Rights Reserved.
This document and translations of it may be copied and furnished This document and translations of it may be copied and furnished
to others, and derivative works that comment on or otherwise to others, and derivative works that comment on or otherwise
explain it or assist in its implementation may be prepared, explain it or assist in its implementation may be prepared,
copied, published and distributed, in whole or in part, without copied, published and distributed, in whole or in part, without
restriction of any kind, provided that the above copyright notice restriction of any kind, provided that the above copyright notice
and this paragraph are included on all such copies and derivative and this paragraph are included on all such copies and derivative
works. However, this document itself may not be modified in any works. However, this document itself may not be modified in any
way, such as by removing the copyright notice or references to the way, such as by removing the copyright notice or references to the
Internet Society or other Internet organizations, except as needed Internet Society or other Internet organizations, except as needed
for the purpose of developing Internet standards in which case the for the purpose of developing Internet standards in which case the
procedures for copyrights defined in the Internet Standards procedures for copyrights defined in the Internet Standards
process must be followed, or as required to translate it into process must be followed, or as required to translate it into
languages other than English. languages other than English.
Hall I-D Expires: February 2004 [page 14]
The limited permissions granted above are perpetual and will not The limited permissions granted above are perpetual and will not
be revoked by the Internet Society or its successors or assigns. be revoked by the Internet Society or its successors or assigns.
Hall I-D Expires: December 2003 [page 13]
This document and the information contained herein is provided on This document and the information contained herein is provided on
an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Hall I-D Expires: December 2003 [page 14] Hall I-D Expires: February 2004 [page 15]
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/