Network Working Group E. Lear Internet-Draft Cisco Systems GmbH Expires: August 31, 2006 P. Eggert UCLA February 27, 2006 A Timezone Option for DHCP draft-lear-dhc-timezone-option-02.txt Status of this Memo By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on August 31, 2006. Copyright Notice Copyright (C) The Internet Society (2006). Abstract DHCP defines an option for a server to deliver to a client offset from UTC. This information in and of itself is not sufficient for devices to portray local time both accurately and consistently. This memo specifies a new option for both DHCPv4 and DHCPv6 to do so. Lear & Eggert Expires August 31, 2006 [Page 1]
Internet-Draft A Timezone option for DHCP February 2006 1. Introduction Dynamic Host Configuration Protocol (DHCP) [2] provides a means for hosts to receive configuration information relating to their current location within an IP version 4 network. [4] similarly does so for IP version 6 networks. RFC2132 [3] specifies an option to provide a client timezone information in the form of an offset in seconds from UTC. The information provided in this option is insufficient for the client to determine whether it is in daylight saving time and when to change into and out of daylight saving time (DST). In order for the client to properly represent local wall clock time in a consistent and accurate fashion the DHCP server would have to time lease expirations of affected clients to the beginning or end of DST, thus effecting a self stress test (to say the least) at the appointed hour. This memo specifies a means to provide hosts with more accurate timezone information than was previously available. There are currently three well known means to configure timezones: o POSIX TZ strings o Reference to the TZ Database o Microsoft's timezone.xml POSIX [1] provides a standard for how to express timezone information in a character string. Use of such a string can provide accuracy for at least one transition into and out of daylight saving time, and possibly for more transitions if the transitions are regular enough (e.g., "second Sunday in March at 02:00 local time"). However, for accuracy over longer periods, that involve daylight-saving rule changes or other irregular changes, a more detailed mechanism is necessary. The so-called "TZ Database" [6] that is used in many operating systems provides backwards consistency and accuracy for almost all real-world locations since 1970. The TZ database also attempts to provide a stable set of human readable timezone identifiers. In addition, many systems already make use of the TZ database, and so the names used are a defacto standard. The Microsoft TimeZone element conveys information similar to the POSIX string, but with an additional (presumably localized) display string. 1.1. What about VTIMEZONE elements from iCalendar? VTIMEZONE elements are defined in the iCalendar specification.[8] Fully specified they provide a level of accuracy similar to the TZ database. However, because there is currently no global registry of Lear & Eggert Expires August 31, 2006 [Page 2]
Internet-Draft A Timezone option for DHCP February 2006 VTIMEZONE TZIDs (although one has been proposed; see [9]), complete accuracy requires that a full entry must be specified. To achieve the same information would range from 300 octets upwards with no particular bound. Furthermore, at the time of this writing the author is aware of no operating system that natively takes advantage of VTIMEZONE entries. It might be possible to include an option for a TZURL. However, in a cold start environment, it will be bad enough that devices are stressing the DHCP server, and perhaps unwise to similarly afflict other components. 2. New Timezone Option for DHCPv4 Code Len TZ Option 1 TZ Option N +-----+-----+------------+-...-+-----------+ | TBD | N | . . | +-----+-----+------------+-...-+-----------+ Code is TBD and will be allocated by IANA according to RFC-2939 [5]. Len is the two-octet sum of the size of all following TZ options. Suboptions are described later in this document. 3. New Timezone Option for DHCPv6 The semantics and content of the DHCPv6 encoding of this option are exactly the same as the encoding described in the previous section, other than necessary differences between the way options are encoded in DHCPv4 and DHCPv6. Specifically, the DHCPv6 new timezone option has the following format: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | OPTION_NEW_TIMEZONE | option-length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | New Timezone Suboptions | | ... | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Lear & Eggert Expires August 31, 2006 [Page 3]
Internet-Draft A Timezone option for DHCP February 2006 option-code: OPTION_NEW_TIMEZONE(TBD) option-length: variable based on the number and value of suboptions. 4. The POSIX Suboption String Suboption number Len POSIX String +---------+-----+--------------+ | 1 | N | | +---------+-----+--------------+ Suboption number is an octet with a value of 1. Len is a single octet that contains the number of octets of the following string. POSIX string is a string suitable for the TZ variable as specified by [1] in Section 8.3, with the exception that a string may not begin with a colon (":"). An example might be as follows: "EST5EDT4,M3.2.0/02:00,M11.1.0/02:00" In this case, the string is interpreted as a timezone that is normally five hours behind UTC, and four hours behind UTC during DST, which runs from the second Sunday in March at 02:00 local time through the first Sunday in November at 02:00 local time. Normally the timezone is abbreviated "EST" but during DST it is abbreviated "EDT". Clients and servers implementing the timezone option MUST support this suboption. 5. The TZ Database Suboption Suboption number Len TZ Name +---------+-----+--------------+ | 2 | N | | +---------+-----+--------------+ Suboption number is an octet with a value of 2. Lear & Eggert Expires August 31, 2006 [Page 4]
Internet-Draft A Timezone option for DHCP February 2006 Len is a single octet that contains the number of octets of the following string. TZ Name is the name of a Zone entry in the database commonly referred to as the TZ database. In order for this option to be useful, the client must already have a copy of the database. An example string would be "Europe/Zurich". If a client understands this option but does not recognize the TZ Name returned, it MUST ignore this option and MAY make use of the POSIX string. 6. The Microsoft TZ Suboption Suboption number TZ ID +---------+-------------------+ | 3 | NNNN | +---------+-------------------+ Suboption number is an octet with a value of 3. TZ ID is a four-octet integer in network byte order that references the timezone ID as defined in the TimeZone element, as specified by Microsoft [7]. If a client does not have an entry corresponding to the TZ ID returned by the server, the client MUST ignore this sub-option, and MAY instead make use of the POSIX option. 7. Use of the timezone string returned from the server This specification presumes the DHCP server has some means of identifying which timezone the client is in. One obvious approach would be to associate a subnet or group of subnets with a timezone, and respond with this option accordingly. The client uses this information at its discretion to configure the current timezone in which it resides. This memo does not define client behavior, particularly whether it should request and receive a response with this option from multiple subnets where the timezone information conflicts. It will periodically be necessary for a DHCP server to update the Lear & Eggert Expires August 31, 2006 [Page 5]
Internet-Draft A Timezone option for DHCP February 2006 timezone string, based on administrative changes made by local jurisdictions (say, for instance, counties in Indiana). While the authors do not expect this to be a lower bound on a lease time in the vast majority of cases, there may be times when anticipation of a change dictates prudence, as certain governments give little if any notification. 8. The New Timezone Option and Lease times When a lease has expired and new information is not forthcoming, the client MAY continue to use timezone information returned by the server. This follows the principle of least astonishment. 9. Security Considerations An attacker could provide erroneous information to a client. It is possible that someone might miss a meeting or otherwise show up early. If clients have job processing tools such as cron that operate on wall clock time it is possible that certain jobs could be triggered either earlier or later, or even repeated or skipped entirely if scheduled during a DST transition. In such cases, the client operating system might do well to confirm timezone changes with a human. Clients using the POSIX option should beware of any time zone setting specifying unusual characters (e.g., control characters) in the standard or daylight-saving abbreviations, as this might well trigger security-relevant bugs in applications. Clients using the POSIX option should also be suspicious of any time zone setting whose UTC offset exceeds 25 hours (the POSIX limit, if the default daylight-saving offset is used). As of this writing, the maximum UTC offset is 14 hours in practice, but governments may extend this somewhat in the future. 10. IANA Considerations The IANA is requested to allocate both DHCPv4 and DHCPv6 option codes for this purpose and reference this document in that allocation for both DHCPv4 and DHCPv6. The IANA need not and should not retain a list of suboptions. Any new suboptions require further standards action. Lear & Eggert Expires August 31, 2006 [Page 6]
Internet-Draft A Timezone option for DHCP February 2006 11. Acknowledgments This document specifies a means to exchange timezone information. The hard part is actually collecting changes to the various databases from scattered sources around the world. The many volunteers on the mailing list tz@elsie.nci.nih.gov have done this nearly thankless task for many years. Thanks also go to Ralph Droms, Bernie Volz, Ted Lemon, Lisa Dusseault,and Simon Vaillancourt for their attempts to improve this work. 12. References 12.1. Normative References [1] "Standard for Information Technology - Portable Operating System Interface (POSIX) - Base Definitions", IEEE Std 1003.1-2004, December 2004. [2] Droms, R., "Dynamic Host Configuration Protocol", RFC 2131, March 1997. [3] Alexander, S. and R. Droms, "DHCP Options and BOOTP Vendor Extensions", RFC 2132, March 1997. [4] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., and M. Carney, "Dynamic Host Configuration Protocol for IPv6 (DHCPv6)", RFC 3315, July 2003. [5] Droms, R., "Procedures and IANA Guidelines for Definition of New DHCP Options and Message Types", BCP 43, RFC 2939, September 2000. [6] Eggert, P. and A. Olson, "Sources for Time Zone and Daylight Saving Time Data", <http://www.twinsun.com/tz/tz-link.htm>. [7] "The Microsoft TimeZone Element", <http://msdn.microsoft.com/library/>. 12.2. Informational References [8] Dawson, F. and Stenerson, D., "Internet Calendaring and Scheduling Core Object Specification (iCalendar)", RFC 2445, November 1998. [9] Royer, D., "Time Zone Registry", draft-royer-timezone-registry-03 (work in progress), August 2005. Lear & Eggert Expires August 31, 2006 [Page 7]
Internet-Draft A Timezone option for DHCP February 2006 Appendix A. Changes [The RFC Editor is requested to remove this section at publication.] o -02; fix references to the TZ database; add additional security considerations; clarify POSIX example; reference Doug Royer registry draft; add Paul Eggert as co-author(who did all the above) o -01; clarify uses of each suboption; reset suboption sizes; add explanation for not using VTIMEZONEs; add acknowlegments. o initial revision Lear & Eggert Expires August 31, 2006 [Page 8]
Internet-Draft A Timezone option for DHCP February 2006 Authors' Addresses Eliot Lear Cisco Systems GmbH Glatt-com Glattzentrum, ZH CH-8301 Switzerland Phone: +41 1 878 9200 Email: lear@cisco.com Paul Eggert UCLA Computer Science Department 4532J Boelter Hall Los Angeles, CA 90095 USA Phone: +1 310 825 3886 Email: eggert@cs.ucla.edu Lear & Eggert Expires August 31, 2006 [Page 9]
Internet-Draft A Timezone option for DHCP February 2006 Intellectual Property Statement The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org. Disclaimer of Validity This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Copyright Statement Copyright (C) The Internet Society (2006). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. Acknowledgment Funding for the RFC Editor function is currently provided by the Internet Society. Lear & Eggert Expires August 31, 2006 [Page 10]