Internet Open Trading Protocol - IOTP Version 1.0
draft-ietf-trade-iotp-v1.0-protocol-07
The information below is for an old version of the document that is already published as an RFC.
Document | Type |
This is an older version of an Internet-Draft that was ultimately published as RFC 2801.
|
|
---|---|---|---|
Author | David Burdett | ||
Last updated | 2013-03-02 (Latest revision 1999-11-12) | ||
RFC stream | Internet Engineering Task Force (IETF) | ||
Intended RFC status | Informational | ||
Formats | |||
Additional resources | Mailing list discussion | ||
Stream | WG state | (None) | |
Document shepherd | (None) | ||
IESG | IESG state | Became RFC 2801 (Informational) | |
Consensus boilerplate | Unknown | ||
Telechat date | (None) | ||
Responsible AD | (None) | ||
Send notices to | (None) |
draft-ietf-trade-iotp-v1.0-protocol-07
IPv6 Maintenance J. Linkova Internet-Draft Google Updates: 4861 (if approved) September 13, 2020 Intended status: Standards Track Expires: March 17, 2021 Gratuitous Neighbor Discovery: Creating Neighbor Cache Entries on First- Hop Routers draft-ietf-6man-grand-02 Abstract Neighbor Discovery (RFC4861) is used by IPv6 nodes to determine the link-layer addresses of neighboring nodes as well as to discover and maintain reachability information. This document updates RFC4861 to allow routers to proactively create a Neighbor Cache entry when a new IPv6 address is assigned to a node. It also updates RFC4861 and recommends nodes to send unsolicited Neighbor Advertisements upon assigning a new IPv6 address. The proposed change will minimize the delay and packet loss when a node initiate connections to off-link destination from a new IPv6 address. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on March 17, 2021. Copyright Notice Copyright (c) 2020 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of Linkova Expires March 17, 2021 [Page 1] Internet-Draft Gratuitous ND September 2020 publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. quot; CurrCodeType "IOTP" New values of CurrCodeType attribute are allocated following review on the IETF Trade mailing list and by the Designated Expert. DeliveryData/ "Post" DelivMethod "Web" "Email" New values of Delivery Method attribute are allocated following review on the IETF Trade mailing list and by the Designated Expert. This may require the publication of additional documentation to describe how the delivery method is used. PackagedContent/ "PCDATA" Content "MIME" "MIME:mimetype" (where mimetype must be the same as content-type as defined by [MIME] ) "XML" If the Content attribute is of the form "MIME"mimetype", then control of new values for "mimetype" is as defined in [MIME]. Otherwise, new values of the Content attribute are allocated following review on the IETF Trade mailing list and by the Designated Expert. This may require the publication of additional documentation to describe how the new attribute is used within a Packaged Content element. RelatedTo/ "IotpTransaction" RelationshipType "Reference" New values of the RelationshipType attribute are allocated following review on the IETF Trade Working Group mailing list and by the Designated Expert. This may require the publication of additional documentation to describe how the David Burdett et al. [Page 223] Internet Draft. IOTP/1.0 October 1999 Element Type/ Attribute Values Attribute Name delivery method is used. Status/ Offer StatusType Payment Delivery Authentication Unidentified New values of the Status Type attribute are allocated following: o publication to the IETF Trade Working Group, of an RFC describing the Trading Exchange, Trading Roles and associated components that relate to the Status, and o review of the document on the IETF Trade mailing list and by the Designated Expert. [Note] The document describing new values for the Status Type attribute may be combined with documents that describe new Trading Roles and types of signatures (see below). [Note End] TradingRole/ "Consumer" TradingRole "Merchant" "PaymentHandler" "DeliveryHandler" "DelivTo" "CustCare" New values of the Trading Role attribute are allocated following: o publication to the IETF Trade Working Group, of an RFC describing the Trading Exchange, Trading Roles and associated components that relate to the Trading Role, and o review of the document on the IETF Trade mailing list and by the Designated Expert. [Note] The document describing new values for the Trading Role attribute may be David Burdett et al. [Page 224] Internet Draft. IOTP/1.0 October 1999 Element Type/ Attribute Values Attribute Name combined with documents that describe new Status Types (see above) and types of signatures (see below). [Note End] TransId/ "BaselineAuthentication" IotpTransType "BaselineDeposit" "BaselinePurchase" "BaselineRefund" "BaselineWithdrawal" "BaselineValueExchange" "BaselineInquiry" "BaselinePing" New values of the IotpTransType attribute are allocated following: o publication to the IETF Trade mailing list, of an RFC describing the new IOTP Transaction, and o review of the document on the IETF Trade Working Group mailing list and by the Designated Expert. Attibute/ Content (see Signature "OfferResponse" Component) "PaymentResponse" "DeliveryResponse" "AuthenticationRequest" "AuthenticationResponse" "PingRequest" "PingResponse" New values of the code that define the type of a signature are allocated following: o publication to the IETF Trade Working Group, of an RFC describing the Trading Exchange where the signature is being used, and o review of the document on the IETF Trade mailing list and by the Designated Expert. David Burdett et al. [Page 225] Internet Draft. IOTP/1.0 October 1999 Element Type/ Attribute Values Attribute Name [Note] The document describing new values for the types of signatures may be combined with documents that describe new Status Types and Trading Roles (see above). [Note End] 12.2 Codes not controlled by IANA In addition to the formal development and registration of codes as described above, there is still a need for developers to experiment using new IOTP codes. For this reason, "user defined codes" may be used to identify additional values for the codes contained within this specification without the need for them to be registered with IANA. The definition of a user defined code is as follows: user_defined_code ::= ( "x-" | "X-" ) NameChar (NameChar)* NameChar NameChar has the same definition as the [XML] definition of NameChar Use of domain names (see [DNS]) to make user defined codes unique is recommended although this method cannot be relied upon. David Burdett et al. [Page 226] Internet Draft. IOTP/1.0 October 1999 13. Internet Open Trading Protocol Data Type Definition This section contains the XML DTD for the Internet Open Trading Protocols. <!-- ****************************************************** * * * INTERNET OPEN TRADING PROTOCOL VERSION 1.0 DTD * * Filename: ietf.org/rfc/rfcxxxx.dtd * * * * Changes from version 06 (iotp-v1.0-protocol-06.dtd)* * 1. Corrected definition of encoding attrubute of * * the Value element in Dsig * * 2. Updated the name space definition on the * * IOTP Message element * * * * Copyright Internet Engineering Task Force 1998,99 * * * ****************************************************** ****************************************************** * IOTP MESSAGE DEFINITION * ****************************************************** --> <!ELEMENT IotpMessage ( TransRefBlk, IotpSignatures?, ErrorBlk?, ( AuthReqBlk | AuthRespBlk | AuthStatusBlk | CancelBlk | DeliveryReqBlk | DeliveryRespBlk | InquiryReqBlk | InquiryRespBlk | OfferRespBlk | PayExchBlk | PayReqBlk | PayRespBlk | PingReqBlk | PingRespBlk | TpoBlk | TpoSelectionBlk )* ) > <!ATTLIST IotpMessage xmlns CDATA 'http://ietf.org/rfc/rfcxxxx.txt' > David Burdett et al. [Page 227] Internet Draft. IOTP/1.0 October 1999 <!-- ****************************************************** * TRANSACTION REFERENCE BLOCK DEFINITION * ****************************************************** --> <!ELEMENT TransRefBlk (TransId, MsgId, RelatedTo*) > <!ATTLIST TransRefBlk ID ID #REQUIRED > <!ELEMENT TransId EMPTY > <!ATTLIST TransId ID ID #REQUIRED Version NMTOKEN #FIXED '1.0' IotpTransId CDATA #REQUIRED IotpTransType CDATA #REQUIRED TransTimeStamp CDATA #REQUIRED > <!ELEMENT MsgId EMPTY > <!ATTLIST MsgId ID ID #REQUIRED RespIotpMsg NMTOKEN #IMPLIED xml:lang NMTOKEN #REQUIRED LangPrefList NMTOKENS #IMPLIED CharSetPrefList NMTOKENS #IMPLIED SenderTradingRoleRef NMTOKEN #IMPLIED SoftwareId CDATA #REQUIRED TimeStamp CDATA #IMPLIED > <!ELEMENT RelatedTo (PackagedContent) > <!ATTLIST RelatedTo ID ID #REQUIRED xml:lang NMTOKEN #REQUIRED RelationshipType NMTOKEN #REQUIRED Relation CDATA #REQUIRED RelnKeyWords NMTOKENS #IMPLIED > <!-- ****************************************************** * Packaged Content Common Element * ****************************************************** --> <!ELEMENT PackagedContent (#PCDATA) > <!ATTLIST PackagedContent Name CDATA #IMPLIED Content NMTOKEN "PCDATA" David Burdett et al. [Page 228] Internet Draft. IOTP/1.0 October 1999 Transform (NONE|BASE64) "NONE" > <!-- ****************************************************** * TRADING COMPONENTS * ****************************************************** --> <!-- PROTOCOL OPTIONS COMPONENT --> <!ELEMENT ProtocolOptions EMPTY > <!ATTLIST ProtocolOptions ID ID #REQUIRED xml:lang NMTOKEN #REQUIRED ShortDesc CDATA #REQUIRED SenderNetLocn CDATA #IMPLIED SecureSenderNetLocn CDATA #IMPLIED SuccessNetLocn CDATA #REQUIRED > <!-- AUTHENTICATION DATA COMPONENT --> <!ELEMENT AuthReq (Algorithm, PackagedContent*)> <!ATTLIST AuthReq ID ID #REQUIRED AuthenticationId CDATA #REQUIRED ContentSoftwareId CDATA #IMPLIED > <!-- AUTHENTICATION RESPONSE COMPONENT --> <!ELEMENT AuthResp (PackagedContent*) > <!ATTLIST AuthResp ID ID #REQUIRED AuthenticationId CDATA #REQUIRED SelectedAlgorithmRef NMTOKEN #REQUIRED ContentSoftwareId CDATA #IMPLIED > <!-- TRADING ROLE INFO REQUEST COMPONENT --> <!ELEMENT TradingRoleInfoReq EMPTY> <!ATTLIST TradingRoleInfoReq ID ID #REQUIRED TradingRoleList NMTOKENS #REQUIRED > <!-- ORDER COMPONENT --> <!ELEMENT Order (PackagedContent*) > <!ATTLIST Order ID ID #REQUIRED xml:lang NMTOKEN #REQUIRED OrderIdentifier CDATA #REQUIRED ShortDesc CDATA #REQUIRED OkFrom CDATA #REQUIRED OkTo CDATA #REQUIRED ApplicableLaw CDATA #REQUIRED ContentSoftwareId CDATA #IMPLIED > David Burdett et al. [Page 229] Internet Draft. IOTP/1.0 October 1999 <!-- ORGANISATION COMPONENT --> <!ELEMENT Org (TradingRole+, ContactInfo?, PersonName?, PostalAddress?)> <!ATTLIST Org ID ID #REQUIRED xml:lang NMTOKEN #REQUIRED OrgId CDATA #REQUIRED LegalName CDATA #IMPLIED ShortDesc CDATA #IMPLIED LogoNetLocn CDATA #IMPLIED > <!ELEMENT TradingRole EMPTY > <!ATTLIST TradingRole ID ID#REQUIRED TradingRole NMTOKEN #REQUIRED IotpMsgIdPrefix NMTOKEN #REQUIRED CancelNetLocn CDATA #IMPLIED ErrorNetLocn CDATA #IMPLIED ErrorLogNetLocn CDATA #IMPLIED > <!ELEMENT ContactInfo EMPTY > <!ATTLIST ContactInfo xml:lang NMTOKEN #IMPLIED Tel CDATA #IMPLIED Fax CDATA #IMPLIED Email CDATA #IMPLIED NetLocn CDATA #IMPLIED > <!ELEMENT PersonName EMPTY > <!ATTLIST PersonName xml:lang NMTOKEN #IMPLIED Title CDATA #IMPLIED GivenName CDATA #IMPLIED Initials CDATA #IMPLIED FamilyName CDATA #IMPLIED > <!ELEMENT PostalAddress EMPTY > <!ATTLIST PostalAddress xml:lang NMTOKEN #IMPLIED AddressLine1 CDATA #IMPLIED AddressLine2 CDATA #IMPLIED CityOrTown CDATA #IMPLIED StateOrRegion CDATA #IMPLIED PostalCode CDATA #IMPLIED Country CDATA #IMPLIED LegalLocation (True | False) 'False' > David Burdett et al. [Page 230] Internet Draft. IOTP/1.0 October 1999 <!-- BRAND LIST COMPONENT --> <!ELEMENT BrandList (Brand+, ProtocolAmount+, CurrencyAmount+, PayProtocol+) > <!ATTLIST BrandList ID ID #REQUIRED xml:lang NMTOKEN #REQUIRED ShortDesc CDATA #REQUIRED PayDirection (Debit | Credit) #REQUIRED > <!ELEMENT Brand (ProtocolBrand*, PackagedContent*) > &Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 3 1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 2. Problem Statement . . . . . . . . . . . . . . . . . . . . . . 4 3. Solution Requirements . . . . . . . . . . . . . . . . . . . . 5 4. Proposed Changes to Neighbor Discovery . . . . . . . . . . . 6 4.1. Nodes Sending Gratuitous Neighbor Advertisements . . . . 6 4.2. Routers Creating Cache Entries Upon Receiving Unsolicited Neighbor Advertisements . . . . . . . . . . . . . . . . . 7 5. Avoiding Disruption . . . . . . . . . . . . . . . . . . . . . 7 5.1. Neighbor Cache Entry Exists in Any State Other That INCOMPLETE . . . . . . . . . . . . . . . . . . . . . . . 8 5.2. Neighbor Cache Entry is in INCOMPLETE state . . . . . . . 8 5.3. Neighbor Cache Entry Does Not Exist . . . . . . . . . . . 8 5.3.1. The Rightful Owner Is Not Sending Packets From The Address . . . . . . . . . . . . . . . . . . . . . . . 9 5.3.2. The Rightful Owner Has Started Sending Packets From The Address . . . . . . . . . . . . . . . . . . . . . 10 6. Modifications to RFC-Mandated Behavior . . . . . . . . . . . 11 6.1. Modification to RFC4861 Neighbor Discovery for IP version 6 (IPv6) . . . . . . . . . . . . . . . . . . . . . . . . 11 6.1.1. Modification to the section 7.2.5 . . . . . . . . . . 11 6.1.2. Modification to the section 7.2.6 . . . . . . . . . . 12 7. Solutions Considered but Discarded . . . . . . . . . . . . . 12 7.1. Do Nothing . . . . . . . . . . . . . . . . . . . . . . . 13 7.2. Change to the Registration-Based Neighbor Discovery . . . 13 7.3. Host Sending NS to the Router Address from Its GUA . . . 13 7.4. Host Sending Router Solicitation from its GUA . . . . . . 14 7.5. Routers Populating Their Caches by Gleaning From Neighbor Discovery Packets . . . . . . . . . . . . . . . . . . . . 15 7.6. Initiating Hosts-to-Routers Communication . . . . . . . . 15 7.7. Transit Dataplane Traffic From a New Address Triggering Address Resolution . . . . . . . . . . . . . . . . . . . 16 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 16 9. Security Considerations . . . . . . . . . . . . . . . . . . . 16 10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 17 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 17 11.1. Normative References . . . . . . . . . . . . . . . . . . 17 11.2. Informative References . . . . . . . . . . . . . . . . . 18 Linkova Expires March 17, 2021 [Page 2] Internet-Draft Gratuitous ND September 2020 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 19 1. Introduction The Neighbor Discovery state machine defined in [RFC4861] assumes that communications between IPv6 nodes are in most cases bi- directional and if a node A is trying to communicate to its neighbor, node B, the return traffic flows could be expected. So when the node A starts the address resolution process, the target node B would also create an entry for A address in its neighbor cache. That entry will be used for sending the return traffic to A. In particular, section 7.2.5 of [RFC4861] states: "When a valid Neighbor Advertisement is received (either solicited or unsolicited), the Neighbor Cache is searched for the target's entry. If no entry exists, the advertisement SHOULD be silently discarded. There is no need to create an entry if none exists, since the recipient has apparently not initiated any communication with the target." While this approach is perfectly suitable for host-to-host on-link communications, it does not work so well when a host sends traffic to off-link destinations. After joining the network and receiving a Router Advertisement the host populates its neighbor cache with the default router IPv6 and link-layer addresses and is able to send traffic to off-link destinations. At the same time the router does not have any cache entries for the host global addresses yet and only starts address resolution upon receiving the first packet of the return traffic flow. While waiting for the resolution to complete routers only keep a very small number of packets in the queue, as recommended in Section 7.2.2 [RFC4861]. All subsequent packets arriving before the resolution process finishes are likely to be dropped. It might cause user-visible packet loss and performance degradation. 1.1. Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. 1.2. Terminology Node: a device that implements IP, [RFC4861]. Host: any node that is not a router, [RFC4861]. Linkova Expires March 17, 2021 [Page 3] Internet-Draft Gratuitous ND September 2020 ND: Neighbor Discovery, [RFC4861]. SLAAC: IPv6 Stateless Address Autoconfiguration, [RFC4862]. NS: Neighbor Solicitation, [RFC4861]. NA: Neighbor Advertisement, [RFC4861]. RS: Router Solicitation, [RFC4861]. RA: Router Advertisement, [RFC4861]. SLLA: Source link-layer Address, an option in the ND packets containing the link-layer address of the sender of the packet [RFC4861]. TLLA: Target link-layer Address, an option in the ND packets containing the link-layer address of the target [RFC4861]. GUA: Global Unicast Address [RFC4291]. DAD: Duplicate Address Detection, [RFC4862]. Optimistic DAD: a modification of DAD, [RFC4429]. 2. Problem Statement The most typical scenario when the problem may arise is a host joining the network, forming a new address and using that address for accessing the Internet: 1. A host joins the network and receives a Router Advertisement (RA) packet from the first-hop router (either a periodic unsolicited RA or a response to a Router Solicitation sent by the host). The RA contains information the host needs to perform SLAAC and to configure its network stack. As in most cases the RA also contains the link-layer address of the router, the host can populate its Neighbor Cache with the router's link-local and link-layer addresses. 2. The host starts opening connections to off-link destinations. A very common use case is a mobile device sending probes to detect the Internet connectivity and/or the presence of a captive portal on the network. To speed up that process many implementations use Optimistic DAD which allows them to send probes before the DAD process is completed. At that moment the device neighbor cache contains all information required to send those probes (such as the default router link-local the link-layer addresses). Linkova Expires March 17, 2021 [Page 4] Internet-Draft Gratuitous ND September 2020 The router neighbor cache, however, might contain an entry for the device link-local address (if the device has been performing the address resolution for the router link-local address), but there are no entries for the device global addresses. 3. Return traffic is received by the first-hop router. As the router does not have any cache entry for the host global address yet, the router starts the neighbor discovery process by creating an INCOMPLETE cache entry and then sending a Neighbor Solicitation to the Solicited Node Multicast Address. Most router implementations buffer only one data packet while resolving the packet destination address, so it would drop all subsequent packets for the host global address, until the address resolution process is completed. 4. If the host sends multiple probes in parallel, it would consider all but one of them failed. That leads to user-visible delay in connecting to the network, especially if the host implements some form of backoff mechanism and does not retransmit the probes as soon as possible. This scenario illustrates the problem occurring when the device connects to the network for the first time or after a timeout long enough for the device address to be removed from the router's neighbor cache. However, the same sequence of events happen when the host starts using a new global address previously unseen by the router, such as a new privacy address [RFC4941] or if the router's Neighbor Cache has been flushed. While in dual-stack networks this problem might be hidden by Happy Eyeballs [RFC8305] it manifests quite clearly in IPv6-only environments, especially wireless ones, leading to poor user experience and contributing to a negative perception of IPv6-only solutions as unstable and non-deployable. 3. Solution Requirements It would be highly desirable to improve the Neighbor Discovery mechanics so routers have a usable cache entry for a host address by the time the router receives the first packet for that address. In particular: o If the router does not have a Neighbor Cache entry for the address, a STALE entry needs to be created. o The solution needs to work for Optimistic addresses as well. Devices implementing the Optimistic DAD usually attempt to minimize the delay in connecting to the network and therefore are Linkova Expires March 17, 2021 [Page 5] Internet-Draft Gratuitous ND September 2020 lt;!ATTLIST Brand ID ID #REQUIRED xml:lang NMTOKEN #IMPLIED BrandId CDATA #REQUIRED BrandName CDATA #REQUIRED BrandLogoNetLocn CDATA #REQUIRED BrandNarrative CDATA #IMPLIED ProtocolAmountRefs IDREFS #REQUIRED ContentSoftwareId CDATA #IMPLIED > <!ELEMENT ProtocolBrand (PackagedContent*) > <!ATTLIST ProtocolBrand ProtocolId CDATA #REQUIRED ProtocolBrandId CDATA #REQUIRED > <!ELEMENT ProtocolAmount (PackagedContent*) > <!ATTLIST ProtocolAmount ID ID #REQUIRED PayProtocolRef IDREF #REQUIRED CurrencyAmountRefs IDREFS #REQUIRED ContentSoftwareId CDATA #IMPLIED > <!ELEMENT CurrencyAmount EMPTY > <!ATTLIST CurrencyAmount ID ID #REQUIRED Amount CDATA #REQUIRED CurrCodeType NMTOKEN 'ISO4217-A' CurrCode CDATA #REQUIRED > <!ELEMENT PayProtocol (PackagedContent*) > <!ATTLIST PayProtocol ID ID #REQUIRED xml:lang NMTOKEN #IMPLIED ProtocolId NMTOKEN #REQUIRED ProtocolName CDATA #REQUIRED ActionOrgRef NMTOKEN #REQUIRED PayReqNetLocn CDATA #IMPLIED SecPayReqNetLocn CDATA #IMPLIED ContentSoftwareId CDATA #IMPLIED > David Burdett et al. [Page 231] Internet Draft. IOTP/1.0 October 1999 <!-- BRAND SELECTION COMPONENT --> <!ELEMENT BrandSelection (BrandSelBrandInfo?, BrandSelProtocolAmountInfo?, BrandSelCurrencyAmountInfo?) > <!ATTLIST BrandSelection ID ID #REQUIRED BrandListRef NMTOKEN #REQUIRED BrandRef NMTOKEN #REQUIRED ProtocolAmountRef NMTOKEN #REQUIRED CurrencyAmountRef NMTOKEN #REQUIRED > <!ELEMENT BrandSelBrandInfo (PackagedContent+) > <!ATTLIST BrandSelBrandInfo ID ID #REQUIRED ContentSoftwareId CDATA #IMPLIED > <!ELEMENT BrandSelProtocolAmountInfo (PackagedContent+) > <!ATTLIST BrandSelProtocolAmountInfo ID ID #REQUIRED ContentSoftwareId CDATA #IMPLIED > <!ELEMENT BrandSelCurrencyAmountInfo (PackagedContent+) > <!ATTLIST BrandSelCurrencyAmountInfo ID ID #REQUIRED ContentSoftwareId CDATA #IMPLIED > <!-- PAYMENT COMPONENT --> <!ELEMENT Payment EMPTY > <!ATTLIST Payment ID ID #REQUIRED OkFrom CDATA #REQUIRED OkTo CDATA #REQUIRED BrandListRef NMTOKEN #REQUIRED SignedPayReceipt (True | False) #REQUIRED StartAfterRefs NMTOKENS #IMPLIED > <!-- PAYMENT SCHEME COMPONENT --> <!ELEMENT PaySchemeData (PackagedContent+) > <!ATTLIST PaySchemeData ID ID #REQUIRED PaymentRef NMTOKEN #IMPLIED ConsumerPaymentId CDATA #IMPLIED PaymentHandlerPayId CDATA #IMPLIED ContentSoftwareId CDATA #IMPLIED > <!-- PAYMENT RECEIPT COMPONENT --> <!ELEMENT PayReceipt (PackagedContent*) > <!ATTLIST PayReceipt ID ID #REQUIRED PaymentRef NMTOKEN #REQUIRED David Burdett et al. [Page 232] Internet Draft. IOTP/1.0 October 1999 PayReceiptNameRefs NMTOKENS #IMPLIED ContentSoftwareId CDATA #IMPLIED > <!-- PAYMENT NOTE COMPONENT --> <!ELEMENT PaymentNote (PackagedContent+) > <!ATTLIST PaymentNote ID ID #REQUIRED ContentSoftwareId CDATA #IMPLIED > <!-- DELIVERY COMPONENT --> <!ELEMENT Delivery (DeliveryData?, PackagedContent*) > <!ATTLIST Delivery ID ID #REQUIRED xml:lang NMTOKEN #REQUIRED DelivExch (True | False) #REQUIRED DelivAndPayResp (True | False) #REQUIRED ActionOrgRef NMTOKEN #IMPLIED > <!ELEMENT DeliveryData (PackagedContent*) > <!ATTLIST DeliveryData xml:lang NMTOKEN #IMPLIED OkFrom CDATA #REQUIRED OkTo CDATA #REQUIRED DelivMethod NMTOKEN #REQUIRED DelivToRef NMTOKEN #REQUIRED DelivReqNetLocn CDATA #IMPLIED SecDelivReqNetLocn CDATA #IMPLIED ContentSoftwareId CDATA #IMPLIED > <!-- CONSUMER DELIVERY DATA COMPONENT --> <!ELEMENT ConsumerDeliveryData EMPTY > <!ATTLIST ConsumerDeliveryData ID ID #REQUIRED ConsumerDeliveryId CDATA #REQUIRED > <!-- DELIVERY NOTE COMPONENT --> <!ELEMENT DeliveryNote (PackagedContent+) > <!ATTLIST DeliveryNote ID ID #REQUIRED xml:lang NMTOKEN #REQUIRED DelivHandlerDelivId CDATA #IMPLIED ContentSoftwareId CDATA #IMPLIED > <!-- STATUS COMPONENT --> <!ELEMENT Status EMPTY > <!ATTLIST Status ID ID #REQUIRED xml:lang NMTOKEN #REQUIRED StatusType NMTOKEN #REQUIRED David Burdett et al. [Page 233] Internet Draft. IOTP/1.0 October 1999 ElRef NMTOKEN #IMPLIED ProcessState (NotYetStarted | InProgress | CompletedOk | Failed | ProcessError) #REQUIRED CompletionCode NMTOKEN #IMPLIED ProcessReference CDATA #IMPLIED StatusDesc CDATA #IMPLIED > <!-- TRADING ROLE DATA COMPONENT --> <!ELEMENT TradingRoleData (PackagedContent+) > <!ATTLIST TradingRoleData ID ID #REQUIRED OriginatorElRef NMTOKEN #REQUIRED DestinationElRefs NMTOKENS #REQUIRED > <!-- INQUIRY TYPE COMPONENT --> <!ELEMENT InquiryType EMPTY > <!ATTLIST InquiryType ID ID #REQUIRED Type NMTOKEN #REQUIRED ElRef NMTOKEN #IMPLIED ProcessReference CDATA #IMPLIED > <!-- ERROR COMPONENT --> <!ELEMENT ErrorComp (ErrorLocation+, PackagedContent*) > <!ATTLIST ErrorComp ID NMTOKEN #REQUIRED xml:lang NMTOKEN #REQUIRED ErrorCode NMTOKEN #REQUIRED ErrorDesc CDATA #REQUIRED Severity (Warning|TransientError|HardError) #REQUIRED MinRetrySecs CDATA #IMPLIED SwVendorErrorRef CDATA #IMPLIED > <!ELEMENT ErrorLocation EMPTY > <!ATTLIST ErrorLocation ElementType NMTOKEN #REQUIRED IotpMsgRef NMTOKEN #IMPLIED BlkRef NMTOKEN #IMPLIED CompRef NMTOKEN #IMPLIED ElementRef NMTOKEN #IMPLIED AttName NMTOKEN #IMPLIED > <!-- ****************************************************** * TRADING BLOCKS * ****************************************************** --> <!-- TRADING PROTOCOL OPTIONS BLOCK --> &more likely to be affected by the problem described in this document. o In case of duplicate addresses present in the network, the proposed solution MUST NOT override the existing entry. o In topologies with multiple first-hop routers the cache needs to be updated on all of them, as traffic might be asymmetric: outgoing flows leaving the network via one router while the return traffic enters the segment via another one. In addition the solution MUST NOT exacerbate issues described in [RFC6583] and MUST be compatible with the recommendations provided in [RFC6583]. 4. Proposed Changes to Neighbor Discovery The following changes are proposed to minimize the delay in creating new entries in a router neighbor cache o A node sends unsolicited NAs upon assigning a new IPv6 address to its interface. o A router creates a new cache entry upon receiving an unsolicited NA from a host. The following sections discuss these changes in more detail. 4.1. Nodes Sending Gratuitous Neighbor Advertisements The section 7.2.6 of [RFC4861] discusses using unsolicited Neighbor Advertisement to inform node neighbors of the new link-layer address quickly. The same mechanism could be used to notify the node neighbors about the new network-layer address as well: the node can send gratuitous unsolicited Neighbor Advertisements upon assigning a new IPv6 address to its interface. To minimize the potential disruption in case of duplicate addresses the node should not set the Override flag for a preferred address and must not set the Override flag if the address is in Optimistic [RFC4429] state. As the main purpose of sending unsolicited NAs upon configuring a new address is to proactively create a Neighbor Cache entry on the first- hop routers, the gratuitous NAs are sent to all-routers multicast address (ff02::2). Limiting the recipients to routers only would help reduce the multicast noise level. If the link-layer devices are Linkova Expires March 17, 2021 [Page 6] Internet-Draft Gratuitous ND September 2020 performing MLD snooping [RFC4541] then those unsolicited NAs will be only sent to onlink routers instead of being flooded to all nodes. It should be noted that the proposed mechanism does not cause any significant increase in the multicast traffic. The additional multicast unsolicited NA would proactively create a STALE cache entry on routers as discussed below. When the router receives the return traffic flows it does not need to send multicast NSes to the solicited node multicast address but would be sending unicast NSes instead. Therefore total amount of multicast traffic should not increase. 4.2. Routers Creating Cache Entries Upon Receiving Unsolicited Neighbor Advertisements The section 7.2.5 of [RFC4861] states: "When a valid Neighbor Advertisement is received (either solicited or unsolicited), the Neighbor Cache is searched for the target's entry. If no entry exists, the advertisement SHOULD be silently discarded. There is no need to create an entry if none exists, since the recipient has apparently not initiated any communication with the target". The reasoning behind dropping unsolicited Neighbor Advertisements ("the recipient has apparently not initiated any communication with the target") is valid for onlink host-to-host communication but, as discussed above, it does not really apply for the scenario when the host is announcing its address to routers. Therefore it would be beneficial to allow routers creating new entries upon receiving an unsolicited Neighbor Advertisement. This document updates [RFC4861] so that routers create a new Neighbor Cache entry upon receiving an unsolicited Neighbor Advertisement. The proposed changes do not modify routers behaviour specified in [RFC4861] for the scenario when the corresponding Neighbor Cache entry already exists. 5. Avoiding Disruption If nodes following the recommendations in this document are using the DAD mechanism defined in [RFC4862], they would send unsolicited NA as soon as the address changes the state from tentative to preferred (after its uniqueness has been verified). However nodes willing to minimize network stack configuration delays might be using optimistic addresses, which means there is a possibility of the address not being unique on the link. The section 2.2 of [RFC4429] discusses measures to ensure that ND packets from the optimistic address do not override any existing neighbor cache entries as it would cause traffic interruption of the rightful address owner in case of address Linkova Expires March 17, 2021 [Page 7] Internet-Draft Gratuitous ND September 2020 conflict. As nodes willing to speed up their network stack configuration are most likely to be affected by the problem outlined in this document it seems reasonable for such hosts to advertise their optimistic addresses by sending unsolicited NAs. The main question to consider is the potential risk of overriding the cache entry for the rightful address owner if the optimistic address happens to be duplicated. The following sections are discussing the address collision scenario when a node sends an unsolicited NA for an address in the Optimistic state, while another node has the same address assigned already. 5.1. Neighbor Cache Entry Exists in Any State Other That INCOMPLETE If the router Neighbor Cache entry for the target address already exists in any state other than INCOMPLETE, then as per section 7.2.5 of [RFC4861] an unsolicited NA with the Override flag cleared would change the entry state from REACHABLE to STALE but would not update the entry in any other way. Therefore even if the host sends an unsolicited NA from the its Optimistic address the router cache entry would not be updated with the new Link-Layer address and no impact to the traffic for the rightful address owner is expected. 5.2. Neighbor Cache Entry is in INCOMPLETE state Another corner case is the INCOMPLETE cache entry for the address. If the host sends an unsolicited NA from the Optimistic address it would update the entry with the host link-layer address and set the entry to the STALE state. As the INCOMPLETE entry means that the router has started the ND process for the address and the multicast NS has been sent, the rightful owner is expected to reply with solicited NA with the Override flag set. Upon receiving a solicited NA with the Override flag the cache entry will be updated with the TLLA supplied and (as the NA has the Solicited flag set), the entry state will be set to REACHABLE. It would recover the cache entry and set the link-layer address to the one of the rightful owner. The only potential impact would be for packets arriving to the router after the unsolicited NA from the host but before the rightful owner responded with the solicited NA. Those packets would be sent to the host with the optimistic address instead of its rightful owner. However those packets would have been dropped anyway as until the solicited NA is received the router can not send the traffic. 5.3. Neighbor Cache Entry Does Not Exist There are two distinct scenarios which can lead to the situation when the router does not have a NC entry for the IPv6 address: lt;!ELEMENT TpoBlk ( ProtocolOptions, BrandList*, Org* ) > David Burdett et al. [Page 234] Internet Draft. IOTP/1.0 October 1999 <!ATTLIST TpoBlk ID ID #REQUIRED > <!-- TPO SELECTION BLOCK --> <!ELEMENT TpoSelectionBlk (BrandSelection+) > <!ATTLIST TpoSelectionBlk ID ID #REQUIRED > <!-- OFFER RESPONSE BLOCK --> <!ELEMENT OfferRespBlk (Status, Order?, Payment*, Delivery?, TradingRoleData*) > <!ATTLIST OfferRespBlk ID ID #REQUIRED > <!-- AUTHENTICATION REQUEST BLOCK --> <!ELEMENT AuthReqBlk (AuthReq*, TradingRoleInfoReq?) > <!ATTLIST AuthReqBlk ID ID #REQUIRED > <!-- AUTHENTICATION RESPONSE BLOCK --> <!ELEMENT AuthRespBlk (AuthResp?, Org*) > <!ATTLIST AuthRespBlk ID ID #REQUIRED > <!-- AUTHENTICATION STATUS BLOCK --> <!ELEMENT AuthStatusBlk (Status) > <!ATTLIST AuthStatusBlk ID ID #REQUIRED > <!-- PAYMENT REQUEST BLOCK --> <!ELEMENT PayReqBlk (Status+, BrandList, BrandSelection, Payment, PaySchemeData?, Org*, TradingRoleData*) > <!ATTLIST PayReqBlk ID ID #REQUIRED > <!-- PAYMENT EXCHANGE BLOCK --> <!ELEMENT PayExchBlk (PaySchemeData) > <!ATTLIST PayExchBlk ID ID #REQUIRED > <!-- PAYMENT RESPONSE BLOCK --> <!ELEMENT PayRespBlk (Status, PayReceipt?, PaySchemeData?, PaymentNote?, TradingRoleData*) > <!ATTLIST PayRespBlk ID ID #REQUIRED > David Burdett et al. [Page 235] Internet Draft. IOTP/1.0 October 1999 <!-- DELIVERY REQUEST BLOCK --> <!ELEMENT DeliveryReqBlk (Status+, Order, Org*, Delivery, ConsumerDeliveryData?, TradingRoleData*) > <!ATTLIST DeliveryReqBlk ID ID #REQUIRED > <!-- DELIVERY RESPONSE BLOCK --> <!ELEMENT DeliveryRespBlk (Status, DeliveryNote) > <!ATTLIST DeliveryRespBlk ID ID #REQUIRED > <!-- INQUIRY REQUEST BLOCK --> <!ELEMENT InquiryReqBlk ( InquiryType, PaySchemeData? ) > <!ATTLIST InquiryReqBlk ID ID #REQUIRED > <!-- INQUIRY RESPONSE BLOCK --> <!ELEMENT InquiryRespBlk (Status, PaySchemeData?) > <!ATTLIST InquiryRespBlk ID ID #REQUIRED LastReceivedIotpMsgRef NMTOKEN #IMPLIED LastSentIotpMsgRef NMTOKEN #IMPLIED > <!-- PING REQUEST BLOCK --> <!ELEMENT PingReqBlk (Org*)> <!ATTLIST PingReqBlk ID ID #REQUIRED> <!-- PING RESPONSE BLOCK --> <!ELEMENT PingRespBlk (Org+)> <!ATTLIST PingRespBlk ID ID #REQUIRED PingStatusCode (Ok | Busy | Down) #REQUIRED SigVerifyStatusCode (Ok | NotSupported | Fail) #IMPLIED xml:lang NMTOKEN #IMPLIED PingStatusDesc CDATA #IMPLIED> <!-- ERROR BLOCK --> <!ELEMENT ErrorBlk (ErrorComp+, PaySchemeData*) > <!ATTLIST ErrorBlk ID ID #REQUIRED > <!-- CANCEL BLOCK --> <!ELEMENT CancelBlk (Status) > <!ATTLIST CancelBlk ID ID #REQUIRED > David Burdett et al. [Page 236] Internet Draft. IOTP/1.0 October 1999 <!-- ****************************************************** * IOTP SIGNATURES BLOCK DEFINITION * ****************************************************** --> <!ELEMENT IotpSignatures (Signature+ ,Certificate*) > <!ATTLIST IotpSignatures ID ID #IMPLIED > <!-- ****************************************************** * IOTP SIGNATURE COMPONENT DEFINITION * ****************************************************** --> <!ELEMENT Signature (Manifest, Value+) > <!ATTLIST Signature ID ID #IMPLIED > <!ELEMENT Manifest ( Algorithm+, Digest+, Attribute*, OriginatorInfo, RecipientInfo+ ) > <!ATTLIST Manifest LocatorHRefBase CDATA #IMPLIED > <!ELEMENT Algorithm (Parameter*) > <!ATTLIST Algorithm ID ID #REQUIRED type (digest|signature) #IMPLIED name NMTOKEN #REQUIRED > <!ELEMENT Digest (Locator, Value) > <!ATTLIST Digest DigestAlgorithmRef IDREF #REQUIRED > <!ELEMENT Attribute ( ANY ) > <!ATTLIST Attribute type NMTOKEN #REQUIRED critical ( true | false ) #REQUIRED David Burdett et al. [Page 237] Internet Draft. IOTP/1.0 October 1999 > <!ELEMENT OriginatorInfo ANY > <!ATTLIST OriginatorInfo OriginatorRef NMTOKEN #IMPLIED > <!ELEMENT RecipientInfo ANY > <!ATTLIST RecipientInfo SignatureAlgorithmRef IDREF #REQUIRED SignatureValueRef IDREF #IMPLIED SignatureCertRef IDREF #IMPLIED RecipientRefs NMTOKENS #IMPLIED > <!ELEMENT KeyIdentifier EMPTY> <!ATTLIST KeyIdentifier value CDATA #REQUIRED > <!ELEMENT Parameter ANY > <!ATTLIST Parameter type CDATA #REQUIRED > <!-- ****************************************************** * IOTP CERTIFICATE COMPONENT DEFINITION * ****************************************************** --> <!ELEMENT Certificate ( IssuerAndSerialNumber, ( Value | Locator ) ) > <!ATTLIST Certificate ID ID #IMPLIED type NMTOKEN #REQUIRED > <!ELEMENT IssuerAndSerialNumber EMPTY > <!ATTLIST IssuerAndSerialNumber issuer CDATA #REQUIRED number CDATA #REQUIRED > <!-- ****************************************************** * IOTP SHARED COMPONENT DEFINITION * ****************************************************** --> <!ELEMENT Value ( #PCDATA ) > <!ATTLIST Value David Burdett et al. [Page 238] Internet Draft. IOTP/1.0 October 1999 ID ID #IMPLIED encoding (base64|none) 'base64' > <!ELEMENT Locator EMPTY> <!ATTLIST Locator xml:link CDATA #FIXED 'simple' href CDATA #REQUIRED > David Burdett et al. [Page 239] Internet Draft. IOTP/1.0 October 1999 14. Glossary This section contains a glossary of some of the terms used within this specification in alphabetical order. NAME DESCRIPTION Authenticator The Organisation which is requesting the authentication of another Organisation, and Authenticatee The Organisation being authenticated by an Authenticator Business Error See Status Component. Brand A Brand is the mark which identifies a particular type of Payment Instrument. A list of Brands are the payment options which are presented by the Merchant to the Consumer and from which the Consumer makes a selection. Each Brand may have a different Payment Handler. Examples of Brands include: o payment association and proprietary Brands, for example MasterCard, Visa, American Express, Diners Club, American Express, Mondex, GeldKarte, CyberCash, etc. o Promotional Brands (see below). These include: o store Brands, where the Payment Instrument is issued to a Consumer by a particular Merchant, for example Walmart, Sears, or Marks and Spencer (UK) o coBrands, for example American Advantage Visa, where an a company uses their own Brand in conjunction with, typically, a payment association Brand. Consumer The Organisation which is to receive the benefit of and typically pay for the goods or services. ContentSoftwareId This contains information which identifies the software which generated the content of the element. Its purpose is to help resolve interoperability problems that might occur as a result of incompatibilities between messages produced by different software. It is a single text string in the language defined by xml:lang. It must contain, as a minimum: o the name of the software manufacturer o the name of the software o the version of the software, and o the build of the software David Burdett et al. [Page 240] Internet Draft. IOTP/1.0 October 1999 NAME DESCRIPTION It is recommended that this attribute is included whenever the software which generated the content cannot be identified from the SoftwareId attribute on the Message Id Component (see section 3.3.2) Customer Care An Organisation that is providing customer care Provider typically on behalf of a Merchant. Examples of customer care include, responding to problems raised by a Consumer arising from an IOTP Transaction that the Consumer took part in. Delivery Handler The Organisation that directly delivers the goods or services to the Consumer on behalf of the Merchant. Delivery can be in the form of either digital goods (e.g. a [MIME] message), or physically delivered using the post or a courier. Document Exchange A Document Exchange consists of a set of IOTP Messages exchanged between two parties that implement part or all of two Trading Exchanges simultaneously in order to minimise the number of actual IOTP Messages which must be sent over the Internet. Document Exchanges are combined together in sequence to implement a particular IOTP Transaction. Dual Brand A Dual Brand means that a single Payment Instrument may be used as if it were two separate Brands. For example there could be a single Japanese "UC" MasterCard which can be used as either a UC card or a regular MasterCard. The UC card Brand and the MasterCard Brand could each have their own separate Payment Handlers. This means that: o the Merchant treats, for example "UC" and "MasterCard" as two separate Brands when offering a list of Brands to the Consumer, o the Consumer chooses a Brand, for example either "UC" or "MasterCard, o the Consumer IOTP aware application determines which Payment Instrument(s) match the chosen Brand, and selects, perhaps with user assistance, the correct Payment Instrument to use. Error Block An Error Block reports that a Technical Error was found in an IOTP Message that was previously received. Typically Technical Errors are caused by errors in the XML which has been received or some David Burdett et al. [Page 241] Internet Draft. IOTP/1.0 October 1999 NAME DESCRIPTION technical failure of the processing of the IOTP Message. Frequently the generation or receipt of an Error Block will result in failure of the IOTP Transaction. They are distinct from Business Errors, reported in a Status Component, which can also cause failure of an IOTP Transaction. Exchange Block An Exchange Block is sent between the two Trading Roles involved in a Trading Exchange. It contains one or more Trading Components. Exchange Blocks are always sent after a Request Block and before a Response Block in a Trading Exchange. The content of an Exchange Block is dependent on the type of Trading Exchange being carried out. IOTP Message An IOTP Message is the outermost wrapper for the document(s) which are sent between Trading Roles that are taking part in a trade. It is a well formed XML document. The documents it contains consist of: o a Transaction Reference Block to uniquely identify the IOTP Transaction of which the IOTP Message is part, o an optional Signature Block to digitally sign the Trading Blocks or Trading Components associated with the IOTP Transaction o an optional Error Block to report on technical errors contained in a previously received IOTP Message, and o a collection of IOTP Trading Blocks which carries the data required to carry out an IOTP Transaction. IOTP Transaction An instance of an Internet Open Trading Protocol Transaction consists of a set of IOTP Messages transferred between Trading Roles. The rules for what may be contained in the IOTP Messages is defined by the Transaction Type of the IOTP Transaction. IOTP Transaction A Transaction Type identifies the type an of IOTP Type Transaction. Examples of Transaction Type include: Purchase, Refund, Authentication, Withdrawal, Deposit (of electronic cash). The Transaction Type specifies for an IOTP Transaction: o the Trading Exchanges which may be included in the transaction, o how those Trading Exchanges may be combined to meet the business needs of the transaction o which Trading Blocks may be included in the IOTP Messages that make up the transaction o Consult this specification for the rules that David Burdett et al. [Page 242] Internet Draft. IOTP/1.0 October 1999 NAME DESCRIPTION apply for each Transaction Type. Merchant The Organisation from whom the service or goods are being obtained, who is legally responsible for providing the goods or services and receives the benefit of any payment made Merchant Customer The Organisation that is involved with customer Care Provider dispute negotiation and resolution on behalf of the Merchant Organisation A company or individual that takes part in a Trade as a Trading Role. The Organisations may take one or more of the roles involved in the Trade Payment Handler The Organisation that physically receives the payment from the Consumer on behalf of the Merchant Payment A Payment Instrument is the means by which Instrument Consumer pays for goods or services offered by a Merchant. It can be, for example: o a credit card such as MasterCard or Visa; o a debit card such as MasterCard's Maestro; o a smart card based electronic cash Payment Instrument such as a Mondex Card, a GeldKarte card or a Visa Cash card o a software based electronic payment account such as a CyberCash's CyberCoin or DigiCash account. All Payment Instruments have a number, typically an account number, by which the Payment Instrument can be identified. Promotional Brand A Promotional Brand means that, if the Consumer pays with that Brand, then the Consumer will receive some additional benefit which can be received in two ways: o at the time of purchase. For example if a Consumer pays with a "Walmart MasterCard" at a Walmart web site, then a 5% discount might apply, which means the Consumer actually pays less, o from their Payment Instrument (card) issuer when the payment appears on their statement. For example loyalty points in a frequent flyer scheme could be awarded based on the total payments made with the Payment Instrument since the last statement was issued. Each Promotional Brand should be identified as a David Burdett et al. [Page 243] Internet Draft. IOTP/1.0 October 1999 NAME DESCRIPTION separate Brand in the list of Brands offered by the Merchant. Receipt Component A Receipt Component is a record of the successful completion of a Trading Exchange. Examples of Receipt Components include: Payment Receipts, and Delivery Notes. It's content may dependent on the technology used to perform the Trading Exchange. For example a Secure Electronic Transaction (SET) payment receipt consists of SET payment messages which record the result of the payment. Request Block A Request Block is Trading Block that contains a request for a Trading Exchange to start. The Trading Components in a Request Block may be signed by a Signature Block so that their authenticity may be checked and to determine that the Trading Exchange being requested is authorised. Authorisation for a Trading Exchange to start can be provided by the signatures contained on Receipt Components contained in Response Blocks resulting from previously completed Trading Exchanges. Examples of Request Blocks are Payment Request and Delivery Request Response Block A Response Block is a Trading Block that indicates that a Trading Exchange is complete. It is sent by the Trading Role that received a Request Block to the Trading Role that sent the Request Block. The Response Block contains a Status Component that contains information about the completion of the Trading Exchange, for example it indicates whether or not the Trading Exchange completed successfully. For some Trading Exchanges the Response Block contains a Receipt Component that forms a record of the Trading Exchange. Receipt Components may be digitally signed using a Signature Block to make completion non-refutable. Examples of Response Blocks include Offer Response, Payment Response and Delivery Response. Signature Block A Signature Block is a Trading Block that contains one or more digital signatures in the form of Signature Components. A Signature Component may digitally sign any Block or Component in any IOTP Message in the same IOTP Transaction. Status Component A Status Component contains information that describes the state of a Trading Exchange. Before the Trading Exchange is complete the Status Component can indicate information about how the David Burdett et al. [Page 244] Internet Draft. IOTP/1.0 October 1999 NAME DESCRIPTION Trading Exchange is progressing. Once a Trading Exchange is complete the Status Component can only indicate the success of the Trading Exchange or that a Business Error has occurred. A Business Error indicates that continuation with the Trading Exchange was not possible because of some business rule or logic, for example, "insufficient funds available", rather than any Technical Error associated with the content or format of the IOTP Messages in the IOTP Transaction. Technical Error See Error Block. Trading Block A Trading Block consists of one or more Trading Components. One or more Trading Blocks may be contained within the IOTP Messages which are physically sent in the form of [XML] documents between the different Trading Roles that are taking part in a trade. Trading Blocks are of three main types: o a Request Block, o an Exchange Block, or a o a Response Block Trading Component A Trading Component is a collection of XML elements and attributes. Trading Components are the child elements of the Trading Blocks. Examples of Trading Components are: Offer, Brand List, Payment Receipt, Delivery [information], Payment Amount [information] Trading Exchange A Trading Exchange consists of the exchange, between two Trading Roles, of a sequence of documents. The documents may be in the form of Trading Blocks or they may be transferred by some other means, for example through entering data into a web page. Each Trading Exchange consists of three main parts: o the sending of a Request Block by one Trading Role (the initiator) to another Trading Role (the recipient), o the optional exchange of one or more Exchange Blocks between the recipient and the initiator, until eventually, o the Trading Role that received the Request Block sends a Response Block to the initiator. A Trading Exchange is designed to implement a David Burdett et al. [Page 245] Internet Draft. IOTP/1.0 October 1999 NAME DESCRIPTION useful service of some kind. Examples of Trading Exchanges/services are: o Offer, which results in a Consumer receiving an offer from a Merchant to carry out a business transaction of some kind, o Payment, where a Consumer makes a payment to a Payment Handler, o Delivery, where a Consumer requests, and optionally obtains, delivery of goods or services from a Delivery Handler, and o Authentication, where any Trading Role may request and receive information about another Trading Role. Trading Role A Trading Role identifies the different ways in which Organisations can participate in a trade. There are five Trading Roles: Consumer, Merchant, Payment Handler, Delivery Handler, and Merchant Customer Care Provider. Transaction A Transaction Reference Block identifies an IOTP Reference Block Transaction. It contains data that identifies: o the Transaction Type, o the IOTP Transaction uniquely, through a globally unique transaction identifier o the IOTP Message uniquely within the IOTP Transaction, through a message identifier The Transaction Reference Block may also contain references to other transactions which may or may not be IOTP Transactions David Burdett et al. [Page 246] Internet Draft. IOTP/1.0 October 1999 15. Copyrights Copyright (C) The Internet Society (1998). All Rights Reserved. This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organisations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English. The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns. This document and the information contained herein is provided on an AS IS basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. David Burdett et al. [Page 247] Internet Draft. IOTP/1.0 October 1999 16. References This section contains references to related documents identified in this specification. [Base64] Base64 Content-Transfer-Encoding. A method of transporting binary data defined by MIME. See: RFC 2045: Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies. N. Freed & N. Borenstein. November 1996. [DOM-HASH] A method for generating hashes of all or part of an XML tree based on the DOM of that tree. See, currently, http://www.ietf.org/internet-drafts/draft-ietf-trade- hiroshi-dom-hash-*.txt [DNS] See RFC 1034: Domain names - concepts and facilities. P.V. Mockapetris. Nov-01-1987, and RFC 1035: Domain names - implementation and specification. P.V. Mockapetris. Nov-01-1987. [DSA] The Digital Signature Algorithm (DSA) published by the National Institute of Standards and Technology (NIST) in the Digital Signature Standard (DSS), which is a part of the US government's Capstone project. [ECCDSA] Elliptic Curve Cryptosystems Digital Signature Algorithm (ECCDSA). Elliptic curve cryptosystems are analogues of public-key cryptosystems such as RSA in which modular multiplication is replaced by the elliptic curve addition operation. See: V. S. Miller. Use of elliptic curves in cryptography. In Advances in Cryptology - Crypto '85, pages 417-426, Springer-Verlag, 1986. [HMAC] See RFC 2104 HMAC: Keyed-Hashing for Message Authentication. H. Krawczyk, M. Bellare, R. Canetti. February 1997 [HTML] Hyper Text Mark Up Language. The Hypertext Mark-up Language (HTML) is a simple mark-up language used to create hypertext documents that are platform independent. See RFC 1866 and the World Wide Web (W3C) consortium web site at: http://www.w3.org/MarkUp/ [HTTP] Hyper Text Transfer Protocol versions 1.0 and 1.1. See RFC 1945: Hypertext Transfer Protocol -- HTTP/1.0. T. Berners-Lee, R. Fielding & H. Frystyk. May 1996. and RFC 2068: Hypertext Transfer Protocol -- HTTP/1.1. R. Fielding, J. Gettys, J. Mogul, H. Frystyk, T. Berners- Lee. January 1997. David Burdett et al. [Page 248] Internet Draft. IOTP/1.0 October 1999 [IANA] The Internet Assigned Numbers Authority. The organisation responsible for co-ordinating the names and numbers associated with the Internet. See http://www.iana.org/. [ISO4217] ISO 4217: Codes for the Representation of Currencies. Available from ANSI or ISO. [IOTPDSIG] A document that describes how data contained in IOTP messages may be digitally signed. See, currently, http://www.ietf.org/internet-drafts/draft-ietf-trade- iotp-v1.0-dsig-*.txt. [MD5] R.L. Rivest. RFC 1321: The MD5 Message-Digest Algorithm. [MIME] Multipurpose Internet Mail Extensions. See RFC822, RFC2045, RFC2046, RFC2047, RFC2048 and RFC2049. [OPS] Open Profiling Standard. A proposed standard which provides a framework with built-in privacy safeguards for the trusted exchange of profile information between individuals and web sites. Being developed by Netscape and Microsoft amongst others. [RFC822] See RFC 822: The Standard for the Format of ARPA Internet Messages. 13 August 1982, David H Crocker. 13 August 1982. [RFC1738] See RFC 1738: Uniform Resource Locators (URL), ed. T. Berners-Lee, L. Masinter, M. McCahill. 1994. [RFC2434] See RFC 2434. Guidelines for Writing an IANA Considerations Section in RFCs. T. Narten and H. Alvestrand [RSA] RSA is a public-key cryptosystem for both encryption and authentication supported by RSA Data Security Inc. See: R. L. Rivest, A. Shamir, and L.M. Adleman. A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 21(2): 120-126, February 1978. [SCCD] Secure Channel Credit Debit. A method of conducting a credit or debit card payment where unauthorised access to account information is prevented through use of secure channel transport mechanisms such as SSL/TLS. An IOTP supplement describing how SCCD works is under development. [SET] Secure Electronic Transaction Specification, Version 1.0, May 31, 1997. Supports credit and debit card payments using certificates at the Consumer and Merchant to help ensure authenticity. Download from: <http://www.setco.org>. David Burdett et al. [Page 249] Internet Draft. IOTP/1.0 October 1999 [SSL/TLS] SSL is a standard developed by Netscape for encrypting data over IP networks. See http://home.netscape.com/eng/ssl3/index.html. TLS is the likely successor to SSL being developed by the IETF. See http://www.ietf.org/internet-drafts/draft-ietf-tls- protocol-05.txt [SHA1] [FIPS-180-1]"Secure Hash Standard", National Institute of Standards and Technology, US Department Of Commerce, April 1995. Also known as: 59 Fed Reg. 35317 (1994). See http://www.itl.nist.gov/div897/pubs/fip180-1.htm [UTC] Universal Time Co-ordinated. A method of defining time absolutely relative to Greenwich Mean Time (GMT). Typically of the form: "CCYY-MM-DDTHH:MM:SS.sssZ+n" where the "+n" defines the number of hours from GMT. See ISO DIS8601. [UTF16] The Unicode Standard, Version 2.0. The Unicode Consortium, Reading, Massachusetts. See ISO/IEC 10646 1 Proposed Draft Amendment 1 [X.509] ITU Recommendation X.509 1993 | ISO/IEC 9594-8: 1995, Including Draft Amendment 1: Certificate Extensions (Version 3 Certificate) [XML Recommendation for Namespaces in XML, World Wide Web Namespace] Consortium, 14 January 1999, "http://www.w3.org/TR/REC- xml-names" [XML] Extensible Mark Up Language. A W3C recommendation. See http://www.w3.org/TR/1998/REC-xml-19980210 for the 10 February 1998 version. David Burdett et al. [Page 250] Internet Draft. IOTP/1.0 October 1999 17. Author's Address The author of this document is: David Burdett Commerce One 1600 Riviera Ave, Suite 200 Walnut Creek California 94596 USA Tel: +1 (925) 941 4422 Email: david.burdett@commerceone.com The author of this document particularly wants to thank Mondex International Limited (www.mondex.com) for the tremendous support provided in the formative stages of the development of this specification. In addition the author appreciates the following contributors to this protocol (in alphabetic order of company) without which it could not have been developed. - Phillip Mullarkey, British Telecom plc - Andrew Marchewka, Canadian Imperial Bank of Commerce - Brian Boesch, CyberCash Inc. - Tom Arnold, CyberSource - Terry Allen, Commerce One (formally Veo Systems) - Richard Brown, GlobeSet Inc. - Peter Chang, Hewlett Packard - Masaaki Hiroya, Hitachi Ltd - Yoshiaki Kawatsura, Hitachi Ltd - Donald Eastlake 3rd, International Business Machines (formerly CyberCash Inc). - Mark Linehan, International Business Machines - Jonathan Sowler, JCP Computer Services Ltd - John Wankmueller, MasterCard International - Steve Fabes, Mondex International Ltd - Surendra Reddy, Oracle Corporation - Akihiro Nakano, Plat Home, Inc. (ex Hitachi Ltd) - Chris Smith, Royal Bank of Canada - Hans Bernhard-Beykirch, SIZ (IT Development and Coordination Centre of the German Savings Banks Organisation) - W. Reid Carlisle, Spyrus (ex Citibank Universal Card Services, formally AT&T Universal Card Services) - Efrem Lipkin, Sun Microsystems - Tony Lewis, Visa International The author would also like to thank the following organisations for their support: - Amino Communications - DigiCash David Burdett et al. [Page 251] Internet Draft. IOTP/1.0 October 1999 - Fujitsu - General Information Systems - Globe Id Software - Hyperion - InterTrader - Nobil I T Corp - Mercantec - Netscape - Nippon Telegraph and Telephone Corporation - Oracle Corporation - Smart Card Integrations Ltd. - Spyrus - Verifone - Unisource nv - Wells Fargo Bank File name: [draft-ietf-trade-iotp-v1.0-protocol-07.txt] Expires: April 2000 David Burdett et al. [Page 252]