Network Working Group V. Kalusivalingam Request for Comments: 4075 Cisco Systems (India) Private Limited Category: Standards Track May 2005
Network Working Group V. Kalusivalingam Request for Comments: 4075 Cisco Systems (India) Private Limited Category: Standards Track May 2005
Simple Network Time Protocol (SNTP) Configuration Option for DHCPv6
DHCPv6的简单网络时间协议(SNTP)配置选项
Status of This Memo
关于下段备忘
This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.
本文件规定了互联网社区的互联网标准跟踪协议,并要求进行讨论和提出改进建议。有关本协议的标准化状态和状态,请参考当前版本的“互联网官方协议标准”(STD 1)。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (C) The Internet Society (2005).
版权所有(C)互联网协会(2005年)。
Abstract
摘要
This document describes a new DHCPv6 option for passing a list of Simple Network Time Protocol (SNTP) server addresses to a client.
本文档描述了一个新的DHCPv6选项,用于将简单网络时间协议(SNTP)服务器地址列表传递给客户端。
This document describes a new option, called the SNTP [3] servers option, for passing information about SNTP servers in DHCPv6 [1].
本文档描述了一个称为SNTP[3]服务器选项的新选项,用于在DHCPv6[1]中传递有关SNTP服务器的信息。
The keywords MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD, SHOULD NOT, RECOMMENDED, MAY, and OPTIONAL, when they appear in this document, are to be interpreted as described in RFC 2119 [2].
本文件中出现的关键词必须、不得、必需、应、不应、应、不应、建议、可和可选时,应按照RFC 2119[2]中的说明进行解释。
This document uses terminology specific to IPv6 and DHCPv6 as defined in the "Terminology" section of the DHCPv6 specification [1].
本文档使用特定于IPv6和DHCPv6的术语,如DHCPv6规范[1]的“术语”部分所定义。
The Simple Network Time Protocol servers option provides a list of one or more IPv6 addresses of SNTP [3] servers available to the client for synchronization. The clients use these SNTP servers to synchronize their system time to that of the standard time servers. Clients MUST treat the list of SNTP servers as an ordered list. The server MAY list the SNTP servers in decreasing order of preference.
Simple Network Time Protocol servers(简单网络时间协议服务器)选项提供了客户端可用于同步的SNTP[3]服务器的一个或多个IPv6地址列表。客户端使用这些SNTP服务器将其系统时间与标准时间服务器的系统时间同步。客户端必须将SNTP服务器列表视为有序列表。服务器可以按偏好的降序列出SNTP服务器。
The option defined in this document can only be used to configure information about SNTP servers that can be reached using IPv6. The DHCP option to configure information about IPv4 SNTP servers can be found in RFC 2132 [4]. Mechanisms for configuring IPv4/IPv6 dual-stack applications are being considered, but are not specified in this document.
本文档中定义的选项只能用于配置有关使用IPv6可以访问的SNTP服务器的信息。配置IPv4 SNTP服务器信息的DHCP选项可在RFC 2132[4]中找到。正在考虑配置IPv4/IPv6双栈应用程序的机制,但本文档中未指定。
The format of the Simple Network Time Protocol servers option is as shown below:
简单网络时间协议服务器选项的格式如下所示:
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | OPTION_SNTP_SERVERS | option-len | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | SNTP server (IPv6 address) | | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | SNTP server (IPv6 address) | | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ... | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | OPTION_SNTP_SERVERS | option-len | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | SNTP server (IPv6 address) | | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | SNTP server (IPv6 address) | | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ... | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
option-code: OPTION_SNTP_SERVERS (31)
选项代码:选项\u SNTP\u服务器(31)
option-len: Length of the 'SNTP server' fields, in octets; it must be a multiple of 16
选项len:“SNTP服务器”字段的长度,以八位字节为单位;它必须是16的倍数
SNTP server: IPv6 address of SNTP server
SNTP服务器:SNTP服务器的IPv6地址
The SNTP servers option MUST NOT appear in messages other than the following: Solicit, Advertise, Request, Renew, Rebind, Information-Request, and Reply. If this option appears in messages other than those specified above, the receiver SHOULD ignore it.
SNTP服务器选项不得出现在以下消息之外的消息中:请求、播发、请求、续订、重新绑定、信息请求和回复。如果此选项出现在除上述指定之外的消息中,则接收方应忽略它。
The option number for this option MAY appear in the Option Request Option [1] in the following messages: Solicit, Request, Renew, Rebind, Information-Request, and Reconfigure. If this option number appears in the Option Request Option in messages other than those specified above, the receiver SHOULD ignore it.
此选项的选项号可能出现在以下消息的选项请求选项[1]中:请求、请求、续订、重新绑定、信息请求和重新配置。如果此选项号出现在选项请求选项中,而不是出现在上述指定的消息中,则接收方应忽略它。
The SNTP servers option may be used by an intruder DHCPv6 server to cause DHCPv6 clients to contact a rogue SNTP server, resulting in invalid synchronization of time in the client, finally leading to time-critical applications running inaccurately in the client machine. Time accuracy can be crucial to some security algorithms. For example, expired certificates may gain a new life, making the applications running on the client machine less secure. The inaccuracy can even cause clients to set their time incorrectly, making them vulnerable to replay attacks in protocols that use time stamps to detect replays.
入侵者DHCPv6服务器可能会使用SNTP服务器选项导致DHCPv6客户端联系恶意SNTP服务器,从而导致客户端中的时间同步无效,最终导致时间关键型应用程序在客户端计算机中不准确地运行。时间准确性对于某些安全算法来说是至关重要的。例如,过期证书可能会获得新的生命,使客户端计算机上运行的应用程序不那么安全。这种不准确甚至会导致客户端错误地设置时间,使它们容易受到使用时间戳检测重播的协议中的重播攻击。
To avoid attacks through these options, the DHCPv6 client SHOULD use authenticated DHCPv6 (see the "Authentication of DHCP messages" section in the DHCPv6 specification [1]).
为了避免通过这些选项进行攻击,DHCPv6客户端应该使用经过身份验证的DHCPv6(请参阅DHCPv6规范[1]中的“DHCP消息的身份验证”部分)。
The IANA has assigned an option code to the following from the option-code space defined in the "DHCPv6 Options" section of the DHCPv6 specification [1].
IANA已从DHCPv6规范[1]的“DHCPv6选项”部分中定义的选项代码空间为以下各项分配了选项代码。
Option Name Value Described in OPTION_SNTP_SERVERS 31 Section 4.
选项名称值在选项SNTP服务器31第4节中描述。
Thanks to the DHC Working Group for their time and input on the specification. In particular, thanks to (in alphabetical order) Bernie Volz, Jim Bound, Margaret Wasserman, Pekka Savola, Ralph Droms, Robert Elz, and Thomas Narten for their thorough review.
感谢DHC工作组的时间和对规范的投入。特别要感谢(按字母顺序排列)伯尼·沃尔兹、吉姆·邦德、玛格丽特·沃瑟曼、佩卡·萨沃拉、拉尔夫·德罗姆斯、罗伯特·埃尔兹和托马斯·纳滕的全面审查。
[1] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., and M. Carney, "Dynamic Host Configuration Protocol for IPv6 (DHCPv6)", RFC 3315, July 2003.
[1] Droms,R.,Bound,J.,Volz,B.,Lemon,T.,Perkins,C.,和M.Carney,“IPv6的动态主机配置协议(DHCPv6)”,RFC3315,2003年7月。
[2] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
[2] Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。
[3] Mills, D., "Simple Network Time Protocol (SNTP) Version 4 for IPv4, IPv6 and OSI", RFC 2030, October 1996.
[3] Mills,D.,“IPv4、IPv6和OSI的简单网络时间协议(SNTP)第4版”,RFC 2030,1996年10月。
[4] Alexander, S. and R. Droms, "DHCP Options and BOOTP Vendor Extensions", RFC 2132, March 1997.
[4] Alexander,S.和R.Droms,“DHCP选项和BOOTP供应商扩展”,RFC 21321997年3月。
Author's Address
Author's Addresstranslate error, please retry
Vijayabhaskar A. Kalusivalingam Cisco Systems (India) Private Limited, No: 9, Brunton Road, Bangalore - 560025 India
Vijayabhaskar A.Kalusialingam思科系统(印度)私人有限公司,地址:印度班加罗尔布伦顿路9号,邮编:560025
Phone: +91-80-51036615 EMail: vibhaska@cisco.com
Phone: +91-80-51036615 EMail: vibhaska@cisco.com
Full Copyright Statement
完整版权声明
Copyright (C) The Internet Society (2005).
版权所有(C)互联网协会(2005年)。
This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights.
本文件受BCP 78中包含的权利、许可和限制的约束,除其中规定外,作者保留其所有权利。
This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
本文件及其包含的信息是按“原样”提供的,贡献者、他/她所代表或赞助的组织(如有)、互联网协会和互联网工程任务组不承担任何明示或暗示的担保,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。
Intellectual Property
知识产权
The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79.
IETF对可能声称与本文件所述技术的实施或使用有关的任何知识产权或其他权利的有效性或范围,或此类权利下的任何许可可能或可能不可用的程度,不采取任何立场;它也不表示它已作出任何独立努力来确定任何此类权利。有关RFC文件中权利的程序信息,请参见BCP 78和BCP 79。
Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr.
向IETF秘书处披露的知识产权副本和任何许可证保证,或本规范实施者或用户试图获得使用此类专有权利的一般许可证或许可的结果,可从IETF在线知识产权存储库获取,网址为http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org.
IETF邀请任何相关方提请其注意任何版权、专利或专利申请,或其他可能涵盖实施本标准所需技术的专有权利。请将信息发送至IETF的IETF-ipr@ietf.org.
Acknowledgement
确认
Funding for the RFC Editor function is currently provided by the Internet Society.
RFC编辑功能的资金目前由互联网协会提供。