Tech-invite3GPPspaceIETFspace
96959493929190898887868584838281807978777675747372717069686766656463626160595857565554535251504948474645444342414039383736353433323130292827262524232221201918171615141312111009080706050403020100
in Index   Prev   Next

RFC 8609

Content-Centric Networking (CCNx) Messages in TLV Format

Pages: 46
Experimental
Updated by:  9510
Part 3 of 3 – Pages 33 to 46
First   Prev   None

Top   ToC   RFC8609 - Page 33   prevText

4. IANA Considerations

This section details each kind of CCNx protocol value that can be registered. Each type registry can be updated by incrementally expanding the type space, i.e., by allocating and reserving new types. As per [RFC8126], this section details the creation of the "Content-Centric Networking (CCNx)" registry and several subregistries.

4.1. Packet Type Registry

IANA has created the "CCNx Packet Types" registry and allocated the packet types described below. The registration procedure is RFC Required. The Type value is 1 octet. The range is 0x00-0xFF. +------+-------------+----------------------------------+ | Type | Name | Reference | +------+-------------+----------------------------------+ | 0x00 | PT_INTEREST | Fixed Header Types (Section 3.2) | | | | | | 0x01 | PT_CONTENT | Fixed Header Types (Section 3.2) | | | | | | 0x02 | PT_RETURN | Fixed Header Types (Section 3.2) | +------+-------------+----------------------------------+ Packet Types
Top   ToC   RFC8609 - Page 34

4.2. Interest Return Code Registry

IANA has created the "CCNx Interest Return Code Types" registry and allocated the Interest Return code types described below. The registration procedure is Specification Required. The Type value is 1 octet. The range is 0x00-0xFF. +------+---------------------------------------+--------------------+ | Type | Name | Reference | +------+---------------------------------------+--------------------+ | 0x00 | Reserved | | | | | | | 0x01 | T_RETURN_NO_ROUTE | Fixed Header Types | | | | (Section 3.2.3.3) | | | | | | 0x02 | T_RETURN_LIMIT_EXCEEDED | Fixed Header Types | | | | (Section 3.2.3.3) | | | | | | 0x03 | T_RETURN_NO_RESOURCES | Fixed Header Types | | | | (Section 3.2.3.3) | | | | | | 0x04 | T_RETURN_PATH_ERROR | Fixed Header Types | | | | (Section 3.2.3.3) | | | | | | 0x05 | T_RETURN_PROHIBITED | Fixed Header Types | | | | (Section 3.2.3.3) | | | | | | 0x06 | T_RETURN_CONGESTED | Fixed Header Types | | | | (Section 3.2.3.3) | | | | | | 0x07 | T_RETURN_MTU_TOO_LARGE | Fixed Header Types | | | | (Section 3.2.3.3) | | | | | | 0x08 | T_RETURN_UNSUPPORTED_HASH_RESTRICTION | Fixed Header Types | | | | (Section 3.2.3.3) | | | | | | 0x09 | T_RETURN_MALFORMED_INTEREST | Fixed Header Types | | | | (Section 3.2.3.3) | +------+---------------------------------------+--------------------+ CCNx Interest Return Types
Top   ToC   RFC8609 - Page 35

4.3. Hop-by-Hop Type Registry

IANA has created the "CCNx Hop-by-Hop Types" registry and allocated the hop-by-hop types described below. The registration procedure is RFC Required. The Type value is 2 octets. The range is 0x0000-0xFFFF. +---------------+-------------+-------------------------------------+ | Type | Name | Reference | +---------------+-------------+-------------------------------------+ | 0x0000 | Reserved | | | | | | | 0x0001 | T_INTLIFE | Hop-by-hop TLV headers (Section | | | | 3.4) | | | | | | 0x0002 | T_CACHETIME | Hop-by-hop TLV headers (Section | | | | 3.4) | | | | | | 0x0003 | T_MSGHASH | Hop-by-hop TLV headers (Section | | | | 3.4) | | | | | | 0x0004 - | Reserved | | | 0x0007 | | | | | | | | 0x0FFE | T_PAD | Pad (Section 3.3.1) | | | | | | 0x0FFF | T_ORG | Organization-Specific TLVs (Section | | | | 3.3.2) | | | | | | 0x1000-0x1FFF | Reserved | Experimental Use (Section 3) | +---------------+-------------+-------------------------------------+ CCNx Hop-by-Hop Types
Top   ToC   RFC8609 - Page 36

4.4. Top-Level Type Registry

IANA has created the "CCNx Top-Level Types" registry and allocated the top-level types described below. The registration procedure is RFC Required. The Type value is 2 octets. The range is 0x0000-0xFFFF. +--------+----------------------+-------------------------------+ | Type | Name | Reference | +--------+----------------------+-------------------------------+ | 0x0000 | Reserved | | | | | | | 0x0001 | T_INTEREST | Top-Level Types (Section 3.5) | | | | | | 0x0002 | T_OBJECT | Top-Level Types (Section 3.5) | | | | | | 0x0003 | T_VALIDATION_ALG | Top-Level Types (Section 3.5) | | | | | | 0x0004 | T_VALIDATION_PAYLOAD | Top-Level Types (Section 3.5) | +--------+----------------------+-------------------------------+ CCNx Top-Level Types
Top   ToC   RFC8609 - Page 37

4.5. Name Segment Type Registry

IANA has created the "CCNx Name Segment Types" registry and allocated the name segment types described below. The registration procedure is Specification Required. The Type value is 2 octets. The range is 0x0000-0xFFFF. +--------------+------------------+---------------------------------+ | Type | Name | Reference | +--------------+------------------+---------------------------------+ | 0x0000 | Reserved | | | | | | | 0x0001 | T_NAMESEGMENT | Name (Section 3.6.1) | | | | | | 0x0002 | T_IPID | Name (Section 3.6.1) | | | | | | 0x0010 - | Reserved | RFC 8609 | | 0x0013 | | | | | | | | 0x0FFF | T_ORG | Organization-Specific TLVs | | | | (Section 3.3.2) | | | | | | 0x1000 - | T_APP:00 - | Application Components (Section | | 0x1FFF | T_APP:4096 | 3.6.1) | +--------------+------------------+---------------------------------+ CCNx Name Segment Types

4.6. Message Type Registry

IANA has created the "CCNx Message Types" registry and registered the message segment types described below. The registration procedure is RFC Required. The Type value is 2 octets. The range is 0x0000-0xFFFF.
Top   ToC   RFC8609 - Page 38
   +---------------+----------------+----------------------------------+
   |      Type     |      Name      |            Reference             |
   +---------------+----------------+----------------------------------+
   |     0x0000    |     T_NAME     |   Message Types (Section 3.6)    |
   |               |                |                                  |
   |     0x0001    |   T_PAYLOAD    |   Message Types (Section 3.6)    |
   |               |                |                                  |
   |     0x0002    |  T_KEYIDRESTR  |   Message Types (Section 3.6)    |
   |               |                |                                  |
   |     0x0003    | T_OBJHASHRESTR |   Message Types (Section 3.6)    |
   |               |                |                                  |
   |     0x0005    |  T_PAYLDTYPE   |   Content Object Message Types   |
   |               |                |        (Section 3.6.2.2)         |
   |               |                |                                  |
   |     0x0006    |    T_EXPIRY    |   Content Object Message Types   |
   |               |                |        (Section 3.6.2.2)         |
   |               |                |                                  |
   |    0x0007 -   |    Reserved    |             RFC 8609             |
   |     0x000C    |                |                                  |
   |               |                |                                  |
   |     0x0FFE    |     T_PAD      |       Pad (Section 3.3.1)        |
   |               |                |                                  |
   |     0x0FFF    |     T_ORG      |    Organization-Specific TLVs    |
   |               |                |         (Section 3.3.2)          |
   |               |                |                                  |
   | 0x1000-0x1FFF |    Reserved    |   Experimental Use (Section 3)   |
   +---------------+----------------+----------------------------------+

                            CCNx Message Types

4.7. Payload Type Registry

IANA has created the "CCNx Payload Types" registry and allocated the payload types described below. The registration procedure is Specification Required. The Type value is 1 octet. The range is 0x00-0xFF. +------+--------------------+-----------------------------------+ | Type | Name | Reference | +------+--------------------+-----------------------------------+ | 0x00 | T_PAYLOADTYPE_DATA | Payload Types (Section 3.6.2.2.1) | | | | | | 0x01 | T_PAYLOADTYPE_KEY | Payload Types (Section 3.6.2.2.1) | | | | | | 0x02 | T_PAYLOADTYPE_LINK | Payload Types (Section 3.6.2.2.1) | +------+--------------------+-----------------------------------+ CCNx Payload Types
Top   ToC   RFC8609 - Page 39

4.8. Validation Algorithm Type Registry

IANA has created the "CCNx Validation Algorithm Types" registry and allocated the validation algorithm types described below. The registration procedure is Specification Required. The Type value is 2 octets. The range is 0x0000-0xFFFF. +---------------+-----------------+---------------------------------+ | Type | Name | Reference | +---------------+-----------------+---------------------------------+ | 0x0000 | Reserved | | | | | | | 0x0002 | T_CRC32C | Validation Algorithm (Section | | | | 3.6.4.1) | | | | | | 0x0004 | T_HMAC-SHA256 | Validation Algorithm (Section | | | | 3.6.4.1) | | | | | | 0x0005 | T_RSA-SHA256 | Validation Algorithm (Section | | | | 3.6.4.1) | | | | | | 0x0006 | T_EC-SECP-256K1 | Validation Algorithm (Section | | | | 3.6.4.1) | | | | | | 0x0007 | T_EC-SECP-384R1 | Validation Algorithm (Section | | | | 3.6.4.1) | | | | | | 0x0FFE | T_PAD | Pad (Section 3.3.1) | | | | | | 0x0FFF | T_ORG | Organization-Specific TLVs | | | | (Section 3.3.2) | | | | | | 0x1000-0x1FFF | Reserved | Experimental Use (Section 3) | +---------------+-----------------+---------------------------------+ CCNx Validation Algorithm Types
Top   ToC   RFC8609 - Page 40

4.9. Validation-Dependent Data Type Registry

IANA has created the "CCNx Validation-Dependent Data Types" registry and allocated the validation-dependent data types described below. The registration procedure is RFC Required. The Type value is 2 octets. The range is 0x0000-0xFFFF. +---------------+----------------+----------------------------------+ | Type | Name | Reference | +---------------+----------------+----------------------------------+ | 0x0000 | Reserved | | | | | | | 0x0009 | T_KEYID | Validation-Dependent Data | | | | (Section 3.6.4.1.4) | | | | | | 0x000A | T_PUBLICKEYLOC | Validation-Dependent Data | | | | (Section 3.6.4.1.4) | | | | | | 0x000B | T_PUBLICKEY | Validation-Dependent Data | | | | (Section 3.6.4.1.4) | | | | | | 0x000C | T_CERT | Validation-Dependent Data | | | | (Section 3.6.4.1.4) | | | | | | 0x000D | T_LINK | Validation-Dependent Data | | | | (Section 3.6.4.1.4) | | | | | | 0x000E | T_KEYLINK | Validation-Dependent Data | | | | (Section 3.6.4.1.4) | | | | | | 0x000F | T_SIGTIME | Validation-Dependent Data | | | | (Section 3.6.4.1.4) | | | | | | 0x0FFF | T_ORG | Organization-Specific TLVs | | | | (Section 3.3.2) | | | | | | 0x1000-0x1FFF | Reserved | Experimental Use (Section 3) | +---------------+----------------+----------------------------------+ CCNx Validation-Dependent Data Types

4.10. Hash Function Type Registry

IANA has created the "CCNx Hash Function Types" registry and allocated the hash function types described below. The registration procedure is Specification Required. The Type value is 2 octets. The range is 0x0000-0xFFFF.
Top   ToC   RFC8609 - Page 41
   +---------------+-----------+---------------------------------------+
   |      Type     |    Name   |               Reference               |
   +---------------+-----------+---------------------------------------+
   |     0x0000    |  Reserved |                                       |
   |               |           |                                       |
   |     0x0001    | T_SHA-256 |      Hash Format (Section 3.3.3)      |
   |               |           |                                       |
   |     0x0002    | T_SHA-512 |      Hash Format (Section 3.3.3)      |
   |               |           |                                       |
   |     0x0FFF    |   T_ORG   |  Organization-Specific TLVs (Section  |
   |               |           |                 3.3.2)                |
   |               |           |                                       |
   | 0x1000-0x1FFF |  Reserved |      Experimental Use (Section 3)     |
   +---------------+-----------+---------------------------------------+

                         CCNx Hash Function Types

5. Security Considerations

The CCNx protocol is a Layer 3 network protocol, which may also operate as an overlay using other transports such as UDP or other tunnels. It includes intrinsic support for message authentication via a signature (e.g., RSA or elliptic curve) or Message Authentication Code (e.g., HMAC). In lieu of an authenticator, it may instead use a Message Integrity Check (e.g., SHA or CRC). CCNx does not specify an encryption envelope; that function is left to a high-layer protocol (e.g., Encrypted Sessions in CCNx [esic]). The CCNx Packet format includes the ability to attach MICs (e.g., SHA-256 or CRC), MACs (e.g., HMAC), and Signatures (e.g., RSA or ECDSA) to all packet types. Because Interest packets can be sent at will, an application should carefully select when to use a given ValidationAlgorithm in an Interest to avoid DoS attacks. MICs, for example, are inexpensive and could be used as desired, whereas MACs and Signatures are more expensive and their inappropriate use could open a computational DoS attack surface. Applications should use an explicit protocol to guide their use of packet signatures. As a general guideline, an application might use a MIC on an Interest to detect unintentionally corrupted packets. If one wishes to secure an Interest, one should consider using an encrypted wrapper and a protocol that prevents replay attacks, especially if the Interest is being used as an actuator. Simply using an authentication code or signature does not make an Interest secure. There are several examples in the literature on how to secure ICN-style messaging [mobile] [ace].
Top   ToC   RFC8609 - Page 42
   As a Layer 3 protocol, this document does not describe how one
   arrives at keys or how one trusts keys.  The CCNx content object may
   include a public key embedded in the object or may use the
   PublicKeyLocator field to point to a public key (or public-key
   certificate) that authenticates the message.  One key exchange
   specification is CCNxKE [ccnxke] [mobile], which is similar to the
   TLS 1.3 key exchange except it is over the CCNx Layer 3 messages.
   Trust is beyond the scope of a Layer 3 protocol and is left to
   applications or application frameworks.

   The combination of an ephemeral key exchange (e.g., CCNxKE [ccnxke])
   and an encapsulating encryption (e.g., [esic]) provides the
   equivalent of a TLS tunnel.  Intermediate nodes may forward the
   Interests and Content Objects but have no visibility inside.  It also
   completely hides the internal names in those used by the encryption
   layer.  This type of tunneling encryption is useful for content that
   has little or no cacheability, as it can only be used by someone with
   the ephemeral key.  Short-term caching may help with lossy links or
   mobility, but long-term caching is usually not of interest.

   Broadcast encryption or proxy re-encryption may be useful for content
   with multiple uses over time or many consumers.  There is currently
   no recommendation for this form of encryption.

   The specific encoding of messages will have security implications.
   This document uses a Type-Length-Value (TLV) encoding.  We chose to
   compromise between extensibility and unambiguous encodings of types
   and lengths.  Some TLV encodings use variable-length T and variable-
   length L fields to accommodate a wide gamut of values while trying to
   be byte efficient.  Our TLV encoding uses a fixed length 2-byte T and
   2-byte L.  Using fixed-length T and L fields solves two problems.
   The first is aliases.  If one is able to encode the same value, such
   as 0x02 and 0x0002, in different byte lengths, then one must decide
   if they mean the same thing, if they are different, or if one is
   illegal.  If they are different, then one must always compare on the
   buffers not the integer equivalents.  If one is illegal, then one
   must validate the TLV encoding -- every field of every packet at
   every hop.  If they are the same, then one has the second problem:
   how to specify packet filters.  For example, if a name has 6 name
   components, then there are 7 T fields and 7 L fields, each of which
   might have up to 4 representations of the same value.  That would be
   14 fields with 4 encodings each, or 1001 combinations.  It also means
   that one cannot compare, for example, a name via a memory function,
   as one needs to consider that any embedded T or L might have a
   different format.
Top   ToC   RFC8609 - Page 43
   The Interest Return message has no authenticator from the previous
   hop.  Therefore, the payload of the Interest Return should only be
   used locally to match an Interest.  A node should never forward that
   Interest payload as an Interest.  It should also verify that it sent
   the Interest in the Interest Return to that node and not allow anyone
   to negate Interest messages.

   Caching nodes must take caution when processing content objects.  It
   is essential that the Content Store obey the rules outlined in
   [RFC8569] to avoid certain types of attacks.  CCNx 1.0 has no
   mechanism to work around an undesired result from the network (there
   are no "excludes"), so if a cache becomes poisoned with bad content
   it might cause problems retrieving content.  There are three types of
   access to content from a Content Store: unrestricted, signature
   restricted, and hash restricted.  If an Interest has no restrictions,
   then the requester is not particular about what they get back, so any
   matching cached object is OK.  In the hash restricted case, the
   requester is very specific about what they want, and the Content
   Store (and every forward hop) can easily verify that the content
   matches the request.  In the signature restricted case (which is
   often used for initial manifest discovery), the requester only knows
   the KeyId that signed the content.  This case requires the closest
   attention in the Content Store to avoid amplifying bad data.  The
   Content Store must only respond with a content object if it can
   verify the signature -- this means either the content object carries
   the public key inside it or the Interest carries the public key in
   addition to the KeyId.  If that is not the case, then the Content
   Store should treat the Interest as a cache miss and let an endpoint
   respond.

   A user-level cache could perform full signature verification by
   fetching a public key according to the PublicKeyLocator.  However,
   that is not a burden we wish to impose on the forwarder.  A user-
   level cache could also rely on out-of-band attestation, such as the
   cache operator only inserting content that it knows has the correct
   signature.

   The CCNx grammar allows for hash algorithm agility via the HashType.
   It specifies a short list of acceptable hash algorithms that should
   be implemented at each forwarder.  Some hash values only apply to end
   systems, so updating the hash algorithm does not affect forwarders --
   they would simply match the buffer that includes the type-length-hash
   buffer.  Some fields, such as the ConObjHash, must be verified at
   each hop, so a forwarder (or related system) must know the hash
   algorithm, and it could cause backward compatibility problems if the
   hash type is updated.
Top   ToC   RFC8609 - Page 44
   A CCNx name uses binary matching, whereas a URI uses a case-
   insensitive hostname.  Some systems may also use case-insensitive
   matching of the URI path to a resource.  An implication of this is
   that human-entered CCNx names will likely have case or non-ASCII
   symbol mismatches unless one uses a consistent URI normalization for
   the CCNx name.  It also means that an entity that registers a CCNx-
   routable prefix -- say, "ccnx:/example.com" -- would need separate
   registrations for simple variations like "ccnx:/Example.com".  Unless
   this is addressed in URI normalization and routing protocol
   conventions, there could be phishing attacks.

   For a more general introduction to ICN-related security concerns and
   approaches, see [RFC7927] and [RFC7945].

6. References

6.1. Normative References

[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, <https://www.rfc-editor.org/info/rfc2119>. [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, <https://www.rfc-editor.org/info/rfc8174>.

6.2. Informative References

[ace] Shang, W., Yu, Y., Liang, T., Zhang, B., and L. Zhang, "NDN-ACE: Access control for constrained environments over named data networking", NDN Technical Report NDN-0036, 2015, <http://new.named-data.net/wp-content/uploads/2015/ 12/ndn-0036-1-ndn-ace.pdf>. [ccnxke] Mosko, M., Uzun, E., and C. Wood, "CCNx Key Exchange Protocol Version 1.0", Work in Progress, draft-wood-icnrg- ccnxkeyexchange-02, March 2017. [CCNxURI] Mosko, M. and C. Wood, "The CCNx URI Scheme", Work in Progress, draft-mosko-icnrg-ccnxurischeme-01, April 2016. [CCNxz] Mosko, M., "CCNxz TLV Header Compression Experimental Code", commit f1093a2, March 2018, <https://github.com/PARC/CCNxz>.
Top   ToC   RFC8609 - Page 45
   [compress] Mosko, M., "Header Compression for TLV-based Packets",
              ICNRG Interim Meeting, 2016,
              <https://datatracker.ietf.org/meeting/interim-2016-icnrg-
              02/materials/slides-interim-2016-icnrg-2-7>.

   [ECC]      Certicom Research, "SEC 2: Recommended Elliptic Curve
              Domain Parameters", 2010,
              <http://www.secg.org/sec2-v2.pdf>.

   [esic]     Mosko, M. and C. Wood, "Encrypted Sessions In CCNx
              (ESIC)", Work in Progress, draft-wood-icnrg-esic-01,
              September 2017.

   [IANA-PEN] IANA, "Private Enterprise Numbers",
              <http://www.iana.org/assignments/enterprise-numbers>.

   [mobile]   Mosko, M., Uzun, E., and C. Wood, "Mobile Sessions in
              Content-Centric Networks", IFIP Networking, 2017,
              <http://dl.ifip.org/db/conf/networking/
              networking2017/1570334964.pdf>.

   [nnc]      Jacobson, V., Smetters, D., Thornton, J., Plass, M.,
              Briggs, N., and R. Braynard, "Networking Named Content",
              Proceedings of the 5th international conference on
              Emerging networking experiments and technologies (CoNEXT
              '09), 2009, <http://dx.doi.org/10.1145/1658939.1658941>.

   [RFC5280]  Cooper, D., Santesson, S., Farrell, S., Boeyen, S.,
              Housley, R., and W. Polk, "Internet X.509 Public Key
              Infrastructure Certificate and Certificate Revocation List
              (CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008,
              <https://www.rfc-editor.org/info/rfc5280>.

   [RFC7927]  Kutscher, D., Ed., Eum, S., Pentikousis, K., Psaras, I.,
              Corujo, D., Saucez, D., Schmidt, T., and M. Waehlisch,
              "Information-Centric Networking (ICN) Research
              Challenges", RFC 7927, DOI 10.17487/RFC7927, July 2016,
              <https://www.rfc-editor.org/info/rfc7927>.

   [RFC7945]  Pentikousis, K., Ed., Ohlman, B., Davies, E., Spirou, S.,
              and G. Boggia, "Information-Centric Networking: Evaluation
              and Security Considerations", RFC 7945,
              DOI 10.17487/RFC7945, September 2016,
              <https://www.rfc-editor.org/info/rfc7945>.
Top   ToC   RFC8609 - Page 46
   [RFC8126]  Cotton, M., Leiba, B., and T. Narten, "Guidelines for
              Writing an IANA Considerations Section in RFCs", BCP 26,
              RFC 8126, DOI 10.17487/RFC8126, June 2017,
              <https://www.rfc-editor.org/info/rfc8126>.

   [RFC8569]  Mosko, M., Solis, I., and C. Wood, "Content-Centric
              Networking (CCNx) Semantics", RFC 8569,
              DOI 10.17487/RFC8569, July 2019,
              <https://www.rfc-editor.org/info/rfc8569>.

Authors' Addresses

Marc Mosko PARC, Inc. Palo Alto, California 94304 United States of America Phone: +01 650-812-4405 Email: mmosko@parc.com Ignacio Solis LinkedIn Mountain View, California 94043 United States of America Email: nsolis@linkedin.com Christopher A. Wood University of California, Irvine Irvine, California 92697 United States of America Phone: +01 315-806-5939 Email: woodc1@uci.edu