| Internet-Draft | ipn-update | March 2023 |
| Taylor & Birrane | Expires 14 September 2023 | [Page] |
This document updates both the specification of the ipn URI scheme previously defined in [RFC7116] and the rules for encoding of these URIs when used as an Endpoint Identifier (EID) in Bundle Protocol Version 7 (BPv7) as defined in [RFC9171]. These updates update and clarify the structure and behavior of the ipn URI scheme, define encodings of ipn scheme URIs, and establish the registries necessary to manage this scheme.¶
This note is to be removed before publishing as an RFC.¶
The latest revision of this draft can be found at https://ricktaylor.github.io/ipn2/draft-taylor-dtn-ipn-update.html. Status information for this document may be found at https://datatracker.ietf.org/doc/draft-ietf-dtn-ipn-update/.¶
Discussion of this document takes place on the Delay/Disruption Tolerant Networking Working Group mailing list (mailto:dtn@ietf.org), which is archived at https://mailarchive.ietf.org/arch/browse/dtn/. Subscribe at https://www.ietf.org/mailman/listinfo/dtn/.¶
Source for this draft and an issue tracker can be found at https://github.com/ricktaylor/ipn2.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 14 September 2023.¶
Copyright (c) 2023 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
The ipn URI scheme was originally defined in [RFC7116] as a way to identify network nodes and node services using concisely-encoded integers that can be processed faster and with fewer resources than other verbose identifier schemes. The scheme was designed for use with the experimental Bundle Protocol version 6 (BPv6, [RFC5050]) and IPN was defined as an acronym for the term "InterPlanetary Network" in reference to its intended use for deep-space networking. Since then, the efficiency benefit of integer identifiers makes ipn scheme URIs useful for any networks operating with limited power, bandwidth, and/or compute budget. Therefore the term IPN is now used as a non-acronymous name.¶
Similar to the experimental BPv6, the standardized Bundle Protocol version 7 (BPv7, [RFC9171]) codifies support for the use of the ipn URI scheme for the specification of bundle Endpoint Identifiers (EIDs). The publication of BPv7 has resulted in operational deployments of BPv7 nodes for both terrestrial and non-terrestrial use cases. This includes BPv7 networks operating over the terrestrial Internet and BPv7 networks operating in self-contained environments behind a shared administrative domain. The growth in the number and scale of deployments of BPv7 DTNs has been accompanied by a growth in the usage of the ipn URI scheme which has highlighted areas to improve the structure, moderation, and management of this scheme.¶
This document updates the specification of the ipn URI scheme, in a backwards-compatible way, to provide needed improvements both in the scheme itself and its usage to specify EIDs with BPv7. Specifically, this document introduces a hierarchical structure for the assignment of ipn scheme URIs, clarifies the behavior and interpretation of ipn scheme URIs, defines efficient encodings of ipn scheme URIs, and updates/defines the registries associated for this scheme.¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.¶
All ipn scheme URIs comply with [RFC3986], and are therefore represented by scheme identifier, and a scheme-specific part. The scheme identifier is: ipn, and the scheme-specific parts are represented as a sequence of numeric components separated with the '.' character. It is formally defined in Appendix A (Appendix A), and can be informally considered as:¶
ipn:authority-number.node-number.service-number¶
Working from left-to-right, each component has the following definition:¶
authority-number:
The "Authority Number" of the authority that allocated the subsequent Node Number. See Numbering Authorities (Section 3.1).¶
node-number:
The "Node Number" assigned to all ipn scheme URIs for resources co-located on a single node. See Node Numbers (Section 3.2).¶
service-number:
The "Service Number" of a particular type of service for a resource. See Service Numbers (Section 3.3).¶
When considered from the perspective of BPv7, a Node Number is shared by all endpoints co-located on a single bundle processing node, and a Service Number identifies a certain type of bundle processing service.¶
For the remainder of this document the term "ipn URI" is used to refer to a URI that uses the ipn scheme.¶
A "Node Number" identifies a resource in the context of a Numbering Authority. A Node Number is an unsigned integer with a minimum value of zero (0) and a maximum value of 2^32-1.¶
A Node Number is associated with a Numbering Authority when both the Authority Number and Node Number appear together in an ipn URI. If an Authority Number is omitted from an ipn URI then it MUST be assumed that the Node Number has been allocated by the Default Numbering Authority.¶
A single Node Number allocated by a single Numbering Authority MUST refer to a single network node.¶
A "Service Number" identifies a network service operating on a network node. The purpose of the Service Number is to provide unique, numeric identifiers for types of service in a network. A Service Number is an unsigned integer with a minimum value of zero (0) and a maximum value of 2^64-1.¶
A new IANA "'ipn' Scheme URI Service Numbers" registry is defined for the registration of Service Numbers, see IANA Considerations (Section 8). This registry defines standardized Service Numbers for services such as an administrative or well-known protocol service endpoints. This registry also defines ranges explicitly reserved for both experimentation and ad-hoc service identification.¶
From the earliest days of experimentation with the Bundle Protocol there has been a need to identify the source and destination of a bundle. The IRTF standardisation of the experimental BPv6 termed the logical source or destination of a bundle as an "Endpoint" identified by an "Endpoint Identifier" (EID). BPv6 EIDs are formatted as URIs. This definition and representation of EIDs was carried from the IRTF BPv6 specification to the IETF BPv7 specification. BPv7 additionally defined an IANA registry called the "Bundle Protocol URI Scheme Types" registry which identifies those URI schemes than might be used to represent EIDs. The ipn URI scheme is one such URI scheme.¶
This section identifies the behavior and interpretation of ipn URI schemes that MUST be followed when using this URI scheme to represent EIDs in BPv7. An ipn URI used as a BPv7 or BPv6 EID is termed an "ipn EID".¶
An ipn EID MUST identify a singleton endpoint. The bundle processing node that is the sole member of that endpoint MUST be the node identified by the combination of the Authority Number and Node Number.¶
A single bundle processing node MAY have multiple ipn EIDs associated with it. However, every ipn EID that shares the combination of Authority Number and Node Number MUST refer to the same bundle processing node.¶
For example, "ipn:1.100.1", "ipn:1.100.2", and "ipn:1.100.3" MUST all be registered on the bundle processing node identified by "1.100". None of these EIDs could be registered on any other bundle processing node.¶
Section 4.2.5.3 of [RFC9171] introduces the concept of a "Node ID" that uniquely identifies a bundle processing node. Any EID that can be used to unambiguously identify a bundle processing node can be used as a "Node ID".¶
As all ipn EIDs must be singleton endpoints, any ipn EID MAY serve as a "Node ID".¶
Some special-case Node Numbers and EIDs are required for the correct behaviour of BPv7, and these numbers are taken from the ANR of the Default Numbering Authority, as defined in the 'ipn' Scheme URI Default Authority Node Numbers registry (Section 8.2).¶
Section 3.2 of [RFC9171] defines the concept of the 'null' endpoint, which is an endpoint that has no members and which is identified by a special 'null' EID.¶
Within the ipn URI scheme, the 'null' EID is defined by the Default Numbering Authority and has the value zero (0) for the 'node-number' component and the value zero (0) for the 'service-number' component. The textual expression of this EID is "ipn:0.0".¶
The Default Numbering Authority reserves the use of Node Number zero (0) solely for identifying the 'null' EID. This means that any other ipn EID which uses the Default Numbering Authority, and has the value zero (0) for the node-number component but a non-zero service-number component MUST be considered malformed and MUST NOT be used to represent any BPv7 EID.¶
The Default Numbering Authority reserves Node Number one (1) to specify endpoints on the local node, rather than on any specific individual node. This means that any ipn EID of the form "ipn:1.X" refers to service X on the local bundle node. EIDs of this form are termed "localnode EIDs".¶
Because a localnode EID only has meaning on the local bundle node, any such EID MUST be considered 'non-routeable'. This means that any bundle using a localnode EID as a bundle source or bundle destination MUST NOT be allowed to leave the local node. Similarly, localnode EIDs SHOULD NOT be present in any other part of a bundle that is transmitted off of the local node. For example, a localnode EID SHOULD NOT be used as a Bundle Protocol Security [RFC9172] security source EID for a bundle transmitted off of the local bundle node, because such a source EID would have no meaning at a downstream bundle node.¶
The Default Numbering Authority provides a range of Node Numbers that are reserved for "Private Use".¶
Any ipn EID whose Node Number is one reserved for "Private Use" is not guaranteed to be unique. Bundles destined for such EIDs must be considered 'non-routeable' to the extent that they MUST NOT be permitted to exit a single administrative domain. They can be considered to be equivalent to "Private Address Space" IPv4 addresses, as defined in [RFC1918]. An administrative domain, as used here, is defined as the set of nodes that share a unique allocation of Node Numbers from the "Private Use" range.¶
The following constraints are placed on the Service Numbers used with ipn EIDs. These constraints are imposed independent of the Numbering Authority or Node Number of an ipn EID.¶
The service type identified by a Service Number of zero (0) MUST be interpreted as the administrative endpoint of the node, as defined in Section 3.2 of [RFC9171].¶
Non-zero Service Numbers MUST NOT be used to identify the administrative endpoint of a bundle node in an ipn EID.¶
Section 4.2.5.1 of [RFC9171] requires that any URI scheme used to represent BPv7 EIDs MUST define how the scheme-specific part of the URI scheme is CBOR encoded. To meet this requirement, this section describes the CBOR encoding and decoding approach for ipn EIDs. The formal definition of these encodings is presented in Appendix B (Appendix B).¶
While there is a single, canonical, textual representation of an ipn URI, there may exist multiple encodings for that URI. For example, Section 2.1 of [RFC3986] defines a percent-encoding mechanism for a URI text string. Alternatively, Section 3.4.5.3 of [RFC8949] allows for the encoding of URIs as CBOR text strings identified with a CBOR tag value of 32.¶
Generic URI approaches to encoding ipn EIDs are unlikely to be efficient because they do not consider the underlying structure of the ipn URI scheme. Since the creation of the ipn URI scheme was motivated by the need for concise identification and rapid processing, the encoding of ipn EIDs should maintain these properties.¶
Fundamentally, [RFC9171] ipn EIDs are represented as a sequence of identifiers. In the text syntax, the numbers are separated with the '.' delimiter; in CBOR, this ordered series of numbers can be represented by an array. Therefore, when encoding ipn EIDs for use with BPv7, the scheme-specific part of an ipn URI MUST be represented as a CBOR array of either two (2) or three (3) elements. Each element of the array MUST be encoded as a single CBOR unsigned integer.¶
The structure and mechanisms of the two-element and three-element encodings are described below, and examples of the different encodings are provided in Appendix C (Appendix C).¶
In the two-element scheme-specific encoding of an ipn EID, the first element of the array is a numeric representation of the concatenation of the Authority Number and the Node Number of the ipn EID and the second element of the array is the ipn EID Service Number.¶
The first array element for this encoding MUST be a 64 bit unsigned integer constructed in the following way: 1. The least significant 32 bits MUST represent the Node Number associated with the ipn EID. 1. The most significant 32 bits MUST represent the Authority Number associated with the ipn EID.¶
For example the ipn EID of "ipn:1.100.1" would compute the first array element value as 0x0100000064. The resulting two-element array [0x0100000064, 0x01] would be encoded in CBOR as the 11 octet value 0x821B000000010000006401.¶
The two-element scheme-specific encoding provides for backwards compatibility with the encoding provided in Section 4.2.5.1.2 of [RFC9171]. When used in this way, the numeric representation of the concatenation of the Authority Number and the Node Number defined in this document replaces the use of the "Node Number" that was specified in RFC9171. When the Node Number is allocated by the Default Numbering Authority, then the numeric representation and the use of the "Node Number" in RFC9171 are identical.¶
This encoding scheme MUST be implemented by any BPv7 bundle processing node that supports ipn URIs for the specification of BPv7 EIDs.¶
In the three-element scheme-specific encoding of an ipn EID, the first element of the array is the Authority Number, the second element of the array is Node Number, and the third element of the array is the Service Number.¶
For example, the ipn EID of "ipn:1.100.1" would result in the three-element array of [1,100,1] which would be encoded in CBOR as the 5 octet value 0x8301186401.¶
The three-element scheme-specific encoding allows for a more efficient representation of ipn EIDs using smaller Authority Numbers. In the examples in Appendix C (Appendix C), the two-element encoding of "ipn:1.100.1" was more then double the size of the three-element encoding.¶
When encoding an ipn EID using the Default Numbering Authority with this encoding scheme, the first element of the array MUST be the value zero (0). In this case using the two-element encoding will result in a more concise CBOR representation, and it is RECOMMENDED that implementations do so.¶
The presence of different scheme-specific encodings does not introduce any decoding ambiguity.¶
An ipn EID CBOR decoder can reconstruct an ipn EID using the following logic. In this description, the term "enc_eid" refers to the CBOR encoded ipn EID, and the term "ipn_eid" refers to the decoded ipn EID.¶
if enc_eid.len() == 3
{
ipn_eid.authority-number := enc_eid[0];
ipn_eid.node-number := enc_eid[1];
ipn_eid.service-number := enc_eid[2];
}
else if enc_eid.len() == 2
{
N = enc_eid[0];
ipn_eid.service-number := enc_eid[1];
if N >= 2^32
{
ipn_eid.authority-number := N >> 32;
ipn_eid.node-number := N & (2^32-1);
}
else
{
ipn_eid.authority-number := 0;
ipn_eid.node-number := N;
}
}
¶
Regardless of whether the two-element or three-element scheme-specific encoding is used, ipn EID matching MUST be performed on the decoded EID information itself. Different encodings of the same ipn EID MUST be treated as equivalent when performing EID-specific functions.¶
For example, the ipn EID of "ipn:1.100.1" can be represented as either the two-element encoding of 0x821B000000010000006401 or the three-element encoding of 0x8301186401. While message integrity and other syntax-based checks may treat these values differently, any EID-based comparisons MUST treat these values the same - as representing the ipn EID "ipn:1.100.1".¶
The ipn URI scheme provides a compact and hierarchical mechanism for identifying services on network nodes. There is a significant amount of utility in the ipn URI scheme approach to identification. However, implementers should take into consideration the following observations on the use of the ipn URI scheme.¶
The ipn scheme update that has been presented in this document preserves backwards compatibility with any ipn URI scheme going back to the provisional definition of the ipn scheme in the experimental Compressed Bundle Header Encoding [RFC6260] in 2011. This means that ipn URI that was valid prior to the publication of this update remains a valid ipn URI.¶
Similarly, the two-element scheme-specific encoding (Section 5.1.1) is also backwards compatible with the encoding of ipn URIs provided in [RFC9171]. Any existing BPv7-compliant implementation will produce an ipn URI encoding in compliant with this specification.¶
The introduction of optional non-default numbering authorities and a three-element scheme-specific encoding make this ipn URI scheme update not forwards compatible. Existing software MUST be updated to be able to process non-default numbering authorities and three-element scheme-specific encodings. It is RECOMMENDED that BP implementations upgrade to process these new features to benefit from the scalability provided by numbering authorities and the encoding efficiencies provided by the three-element encoding.¶
[RFC9171] mandates the concept of "late binding" of an EID, where-by the address of the destination of a bundle is resolved from its identifier hop by hop as it transits a DTN. This per-hop binding of identifiers to addresses underlines the fact that EIDs are purely names, and should not carry any implicit or explicit information concerning the current location or reachability of an identified node and service. This removes the need to rename a node as its location changes.¶
The concept of "late binding" is preserved in this ipn URI scheme. Elements of an ipn URI SHOULD NOT be regarded as carrying information relating to location, reachability, or other addressing/routing concern.¶
An example of incorrect behaviour would be to assume that a given Numbering Authority always allocated Node Numbers as link-layer addresses and to then use the node-number component of an ipn URI directly as a link-layer address. No matter the mechanism a Numbering Authority uses for the allocation of Node Numbers, they remain just numbers, without additional meaning.¶
This update to the IPN URI scheme does not change the security considerations for this scheme presented in [RFC9171]. This section repeats the security considerations from Section 4.2.5.1.2 of [RFC9171] here for completeness.¶
None of the BP endpoints identified by ipn EIDs are guaranteed to be reachable at any time, and the identity of the processing entities operating on those endpoints is never guaranteed by the Bundle Protocol itself. Verification of the signature provided by the Block Integrity Block targeting the bundle's primary block, as defined by Bundle Protocol Security [RFC9172], is required for this purpose.¶
Malicious construction of a conformant ipn URI is limited to the malicious selection of Node Numbers and the malicious selection of Service Numbers. That is, a maliciously constructed ipn URI could be used to direct a bundle to an endpoint that might be damaged by the arrival of that bundle or, alternatively, to declare a false source for a bundle and thereby cause incorrect processing at a node that receives the bundle. In both cases (and indeed in all bundle processing), the node that receives a bundle should verify its authenticity and validity before operating on it in any way.¶
The limited expressiveness of URIs of the ipn scheme effectively eliminates the possibility of threat due to errors in back-end transcoding.¶
Not relevant, as IP addresses do not appear anywhere in conformant ipn URIs.¶
Because ipn URIs are used only to represent the identities of Bundle Protocol endpoints, the risk of disclosure of sensitive information due to interception of these URIs is minimal. Examination of ipn URIs could be used to support traffic analysis; where traffic analysis is a plausible danger, bundles should be conveyed by secure convergence-layer protocols that do not expose endpoint IDs.¶
The simplicity of ipn URI scheme syntax minimizes the possibility of misinterpretation of a URI by a human user.¶
The following sections detail requests to IANA for the creation of a new registry, and the renaming of two existing registries.¶
IANA is requested to create a new registry entitled "'ipn' Scheme URI Numbering Authority Identifiers"¶
The registration policy for this registry is:¶
Values may be allocated in blocks. Any values allocated in blocks MUST have the first number of the block be a power of 2 and the number of allocations in the block MUST also be a power of 2.¶
The initial values for the registry are:¶
New assignments within this registry require review by a Designated Expert (DE). This section provides guidance to the DE when performing their reviews. Specifically, a DE is expected to perform the following activities.¶
IANA is request to rename the "CBHE Node Numbers" registry defined in Section 3.2.1 of [RFC7116] to the "'ipn' Scheme URI Default Numbering Authority Node Numbers" registry.¶
The registration policy for this registry is updated to be:¶
| Range | Registration Policy |
|---|---|
| 0 | Reserved for Null Endpoint |
| 1 | Reserved for Localnode |
| 2 .. 2^14-1 | Private Use |
| 2^14 .. 2^32-1 | Expert Review |
| >= 2^32 | Reserved |
The initial values for the registry remain as is, namely:¶
| Value | Hex | Description | Reference |
|---|---|---|---|
| 16384-2097151 | 0x4000-0x1FFFFF | Allocated to the Space Assigned Numbers Authority (SANA) for use by Consultative Committee for Space Data Systems (CCSDS) missions. | Inherited from [RFC7116] |
| 268435456-268451839 | 0x10000000-0x10003FFF | Allocated to Spacely Packets, LLC to provide IPN/IP Gateway services to private sector stakeholders. | Scott Johnson - see existing allocation in CBHE Node Numbers registry. |
| 268451840-268468223 | 0x10004000-0x10007FFF | Allocated to SPATIAM CORPORATION to provide DTN services to organizations. | Alberto Montilla - see existing allocation in CBHE Node Numbers registry. |
IANA is requested to rename the "CBHE Service Numbers" registry defined in Section 3.2.2 of [RFC7116] to the "'ipn' Scheme URI Service Numbers" registry.¶
The registration policy for this registry is updated to be:¶
| Range | Registration Policy |
|---|---|
| 0 .. 23 | RFC Required |
| 24 .. 4095 | Specification Required |
| 4096 .. 2^64-1 | Private Use |
| >= 2^64 | Reserved |
The current values for the registry remain, and are rewritten as:¶
| Value | Version | Description | Reference |
|---|---|---|---|
| 0 | BPv6, BPv7 | The Administrative Endpoint | [RFC7116], This document |
| 1 | BPv6 | CCSDS File Delivery Service | CCSDS 727.0-B-4 |
| 2 | BPv6 | Reserved | [RFC7116] |
| 2 | BPv7 | Unassigned | |
| 3 .. 63 | BPv6, BPv7 | Unassigned | |
| 64 .. 1023 | BPv6 | Allocated to the Space Assigned Numbers Authority (SANA) for use by Consultative Committee for Space Data Systems (CCSDS) missions | [RFC7116] |
| 64 .. 1023 | BPv7 | Unassigned |
The text syntax of an ipn URI MUST comply with the following ABNF [RFC5234] syntax, including the core ABNF syntax rule for DIGIT defined by that specification:¶
ipn-uri = "ipn:" ipn-hier-part ipn-hier-part = auth-part? node-number "." service-number auth-part = authority-number "." authority-number = non-zero-number node-number = number service-number = number number = "0" \ non-zero-number non-zero-number = (%x31-39 *DIGIT)¶
The ABNF above explicitly states:¶
A BPv7 endpoint identified by an ipn URI, when encoded in Concise Binary Object Representation (CBOR) [RFC8949], MUST comply with the following Concise Data Definition Language (CDDL) [RFC8610] specification:¶
eid = $eid .within eid-structure
eid-structure = [
uri-code: uint,
SSP: any
]
; ... Syntax for other uri-code values defined in RFC9171 ...
$eid /= [
uri-code: 2,
SSP: [
? authority-number: uint,
node-numeral: uint,
service-number: uint
]
]
¶
Note: The node-numeral component will be the numeric representation of the concatenation of the Authority Number and Node Number when the 2-element encoding scheme has been used.¶
This section provides some example encodings of ipn EIDs.¶
The 'null' EID of "ipn:0.0" can be encoded in the following ways:¶
The complete five octet encoding of the 'null' ipn EID using the two-element scheme-specific encoding would be as follows.¶
82 # 2-Element Endpoint Encoding
02 # uri-code: 2 (IPN URI scheme)
82 # 2 Element ipn EID scheme-specific encoding
00 # Node Number
00 # Service Number
¶
The complete six octet encoding of the 'null'' ipn EID using the three-element scheme-specific encoding would be as follows.¶
82 # 2-Element Endpoint Encoding
02 # uri-code: 2 (IPN URI scheme)
83 # 3 Element ipn EID scheme-specific encoding
00 # Default Numbering Authority
00 # Node Number
00 # Service Number
¶
Add here!!¶
Keith Scott Scott Burleigh¶