| RFC 9371 | PEN Registration | March 2023 |
| Baber & Hoffman | Informational | [Page] |
This document describes how Private Enterprise Numbers (PENs) are registered by IANA. Itshows how to request a new PEN and how to modify a current PEN. It also givesa brief overview of PEN uses.¶
This document is not an Internet Standards Track specification; it is published for informational purposes.¶
This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Not all documents approved by the IESG are candidates for any level of Internet Standard; see Section 2 of RFC 7841.¶
Information about the current status of this document, any errata, and how to provide feedback on it may be obtained athttps://www.rfc-editor.org/info/rfc9371.¶
Copyright (c) 2023 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
Private Enterprise Numbers (PENs) are identifiers that can be used anywhere that an ASN.1object identifier (OID)[ASN1] can be used. Originally, PENs were developedso that organizations that needed to identify themselves in Simple Network ManagementProtocol (SNMP)[RFC3411] Management Information Base (MIB) configurationscould do so easily. PENs are also useful in any application or configuration language thatneeds OIDs to identify organizations.¶
The IANA Functions Operator, referred to in this document as "IANA",manages and maintains the PEN registry in consultation with the IESG.PENs are issued from an OID prefix that was assigned to IANA. That OIDprefix is 1.3.6.1.4.1. Using the (now archaic) notation of ownership names in the OIDtree, that corresponds to:¶
1 3 6 1 4 1iso.org.dod.internet.private.enterprise¶
A PEN is an OID that begins with the PEN prefix. Thus, the OID 1.3.6.1.4.1.32473 is aPEN.¶
Once a PEN has been assigned to an organization, individual, or other entity, that assignee can use thePEN by itself (possibly to represent the assignee) or as the root of other OIDsassociated with the assignee. For example, if an assignee is assigned the PEN1.3.6.1.4.1.32473, it might use 1.3.6.1.4.1.32473.7 to identify a protocol extensionand use 1.3.6.1.4.1.32473.12.3 to identify a set of algorithms that it supports in aprotocol.¶
Neither IANA nor the IETF can control how an assignee usesits PEN. In fact, no one can exert such control: that is the meaning of "private"in "private enterprise number". Similarly, no one can prevent an assignee thatis not the registered owner of a PEN from using that PEN, or any PEN, however they want.¶
A very common use of PENs is to give unique identifiers in IETF protocols. SNMP MIBconfiguration files use PENs for identifying the origin of values. Protocols that usePENs as identifiers of extension mechanisms includeRADIUS[RFC2865],Diameter[RFC6733],Syslog[RFC5424],RSVP[RFC5284],and vCard[RFC6350].¶
PENs are assigned by IANA. The registry is located at<https://www.iana.org/assignments/enterprise-numbers>, and requests for new assignments or the modification of existing assignments can also be submitted at that URL.¶
IANA maintains the PEN registry in accordance with the "First Come FirstServed" registration policy described in[RFC8126]. Values are assigned sequentially.¶
Requests for assignment must provide the name of the assignee, the name of a public contact who can respond to questions about the assignment, and contact information that can be used to verify change requests. The contact's name andemail address will be included in the public registry.¶
A prospective assignee may request multiple PENs, but obtaining one PEN and making internal sub-assignments is typically more appropriate. (Sub-assignments should not be reported to IANA.)¶
IANA may refuse to process abusive requests.¶
Any of the information associatedwith a registered value can be modified, including the name of the assignee.¶
Modification requests require authorization by a representative of the assignee. Authorization will be validated either with information kept on file with IANA or with other identifying documentation, if necessary.¶
Although such requests are rare, registrations can be deleted. When a registration is deleted, all identifying information is removed from the registry, and the value is marked as "returned." Returned values will not be made available for reassignment until all other unassigned values have been exhausted; as can be seen inSection 3, the unassigned valuesare unlikely to ever run out.¶
The range for values after the PEN prefix is 0 to 2**32-1. The values 0 and 4294967295(2**32-1) are reserved. Note that while the original PEN definition had no upper bound forthe value after the PEN prefix, there is now an upper bound due to some IETFprotocols limiting the size of that value. For example, Diameter[RFC6733]limits the value to 2**32-1.¶
There is a PEN number, 32473, reserved for use as an example in documentation. Thisreservation is described in[RFC5612].¶
Values in the registry that have unclear ownership are marked "Reserved". These valueswill not be reassigned to a new company or individual without consulting the IESG.¶
Per this document, IANA has made the following changes to the PEN registry:¶
Registering PENs does not introduce any significant security considerations.¶
There is no cryptographic binding of a registrant in the PEN registry and the PEN(s)assigned to them. Thus, the entries in the PEN registry cannot be used to validate theownership of a PEN in use. For example, if the PEN 1.3.6.1.4.1.32473 is seen in a protocolas indicating the owner of some data, there is no way to securely correlate that use withthe name and assignee of the owner listed in the PEN registry.¶
An earlier draft version of this document was authored byPearl Liang andAlexey Melnikov. Additional significant contributions have come fromDan Romascanu,Bert Wijnen,David Conrad,Michelle Cotton, andBenoit Claise.¶