draft-ietf-hip-native-nat-traversal-01.txt   draft-ietf-hip-native-nat-traversal-02.txt 
HIP Working Group A. Keranen HIP Working Group A. Keranen
Internet-Draft J. Melen Internet-Draft J. Melen
Intended status: Standards Track Ericsson Intended status: Standards Track Ericsson
Expires: August 1, 2011 January 28, 2011 Expires: June 24, 2012 December 22, 2011
Native NAT Traversal Mode for the Host Identity Protocol Native NAT Traversal Mode for the Host Identity Protocol
draft-ietf-hip-native-nat-traversal-01 draft-ietf-hip-native-nat-traversal-02
Abstract Abstract
This document specifies a new Network Address Translator (NAT) This document specifies a new Network Address Translator (NAT)
traversal mode for the Host Identity Protocol (HIP). The new mode is traversal mode for the Host Identity Protocol (HIP). The new mode is
based on the Interactive Connectivity Establishment (ICE) methodology based on the Interactive Connectivity Establishment (ICE) methodology
and UDP encapsulation of data and signaling traffic. The main and UDP encapsulation of data and signaling traffic. The main
difference from the previously specified modes is the use of HIP difference from the previously specified modes is the use of HIP
messages for all NAT traversal procedures. messages for all NAT traversal procedures.
skipping to change at page 1, line 35 skipping to change at page 1, line 35
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on August 1, 2011. This Internet-Draft will expire on June 24, 2012.
Copyright Notice Copyright Notice
Copyright (c) 2011 IETF Trust and the persons identified as the Copyright (c) 2011 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 5, line 11 skipping to change at page 5, line 11
The data relay MAY use the same relayed address and port for multiple The data relay MAY use the same relayed address and port for multiple
registered hosts, but since this can cause problems with stateful registered hosts, but since this can cause problems with stateful
firewalls (see Section 5) it is NOT RECOMMENDED. firewalls (see Section 5) it is NOT RECOMMENDED.
3.2. Registration Authentication 3.2. Registration Authentication
If the HIP data relay knows the Host Identities (HIs) of all the If the HIP data relay knows the Host Identities (HIs) of all the
hosts that are allowed to use the relaying service, it SHOULD reject hosts that are allowed to use the relaying service, it SHOULD reject
registrations from unknown hosts. However, since it may be registrations from unknown hosts. However, since it may be
unfeasible to pre-configure the relay with all the HIs, the relay unfeasible to pre-configure the relay with all the HIs, the relay
SHOULD also support HIP certificates [I-D.ietf-hip-cert] to allow for SHOULD also support HIP certificates [RFC6253] to allow for
certificate based authentication. certificate based authentication.
When a host wants to register with a HIP data relay, it SHOULD check When a host wants to register with a HIP data relay, it SHOULD check
if it has a suitable certificate for authenticating with the relay. if it has a suitable certificate for authenticating with the relay.
How the suitability is determined and how the certificates are How the suitability is determined and how the certificates are
obtained is out of scope for this document. If the host has one or obtained is out of scope for this document. If the host has one or
more suitable certificates, the host SHOULD include them (or just the more suitable certificates, the host SHOULD include them (or just the
most suitable one) in a CERT parameter to the HIP packet along with most suitable one) in a CERT parameter to the HIP packet along with
the REG_REQUEST parameter. If the host does not have any suitable the REG_REQUEST parameter. If the host does not have any suitable
certificates, it SHOULD send the registration request without the certificates, it SHOULD send the registration request without the
skipping to change at page 13, line 29 skipping to change at page 13, line 29
and "Invalid certificate" (defined in Section 3.2). and "Invalid certificate" (defined in Section 3.2).
8. References 8. References
8.1. Normative References 8.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[I-D.ietf-hip-rfc5201-bis] [I-D.ietf-hip-rfc5201-bis]
Moskowitz, R., Jokela, P., Henderson, T., and T. Heer, Moskowitz, R., Heer, T., Jokela, P., and T. Henderson,
"Host Identity Protocol", draft-ietf-hip-rfc5201-bis-04 "Host Identity Protocol Version 2 (HIPv2)",
(work in progress), January 2011. draft-ietf-hip-rfc5201-bis-07 (work in progress),
October 2011.
[I-D.ietf-hip-rfc5202-bis] [I-D.ietf-hip-rfc5202-bis]
Jokela, P., Moskowitz, R., Nikander, P., and J. Melen, Jokela, P., Moskowitz, R., Nikander, P., and J. Melen,
"Using the Encapsulating Security Payload (ESP) Transport "Using the Encapsulating Security Payload (ESP) Transport
Format with the Host Identity Protocol (HIP)", Format with the Host Identity Protocol (HIP)",
draft-ietf-hip-rfc5202-bis-00 (work in progress), draft-ietf-hip-rfc5202-bis-00 (work in progress),
September 2010. September 2010.
[I-D.ietf-hip-rfc5203-bis] [I-D.ietf-hip-rfc5203-bis]
Laganier, J., Koponen, T., and L. Eggert, "Host Identity Laganier, J., Koponen, T., and L. Eggert, "Host Identity
Protocol (HIP) Registration Extension", Protocol (HIP) Registration Extension",
draft-ietf-hip-rfc5203-bis-00 (work in progress), draft-ietf-hip-rfc5203-bis-01 (work in progress),
August 2010. March 2011.
[RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an
IANA Considerations Section in RFCs", BCP 26, RFC 5226, IANA Considerations Section in RFCs", BCP 26, RFC 5226,
May 2008. May 2008.
[RFC5245] Rosenberg, J., "Interactive Connectivity Establishment [RFC5245] Rosenberg, J., "Interactive Connectivity Establishment
(ICE): A Protocol for Network Address Translator (NAT) (ICE): A Protocol for Network Address Translator (NAT)
Traversal for Offer/Answer Protocols", RFC 5245, Traversal for Offer/Answer Protocols", RFC 5245,
April 2010. April 2010.
[RFC5770] Komu, M., Henderson, T., Tschofenig, H., Melen, J., and A. [RFC5770] Komu, M., Henderson, T., Tschofenig, H., Melen, J., and A.
Keranen, "Basic Host Identity Protocol (HIP) Extensions Keranen, "Basic Host Identity Protocol (HIP) Extensions
for Traversal of Network Address Translators", RFC 5770, for Traversal of Network Address Translators", RFC 5770,
April 2010. April 2010.
[I-D.ietf-hip-cert] [RFC6253] Heer, T. and S. Varjonen, "Host Identity Protocol
Heer, T. and S. Varjonen, "Host Identity Protocol Certificates", RFC 6253, May 2011.
Certificates", draft-ietf-hip-cert-09 (work in progress),
January 2011.
8.2. Informative References 8.2. Informative References
[RFC5201] Moskowitz, R., Nikander, P., Jokela, P., and T. Henderson, [RFC5201] Moskowitz, R., Nikander, P., Jokela, P., and T. Henderson,
"Host Identity Protocol", RFC 5201, April 2008. "Host Identity Protocol", RFC 5201, April 2008.
[RFC5207] Stiemerling, M., Quittek, J., and L. Eggert, "NAT and [RFC5207] Stiemerling, M., Quittek, J., and L. Eggert, "NAT and
Firewall Traversal Issues of Host Identity Protocol (HIP) Firewall Traversal Issues of Host Identity Protocol (HIP)
Communication", RFC 5207, April 2008. Communication", RFC 5207, April 2008.
 End of changes. 7 change blocks. 
13 lines changed or deleted 12 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/