2.2.1.2 DHCPv6 Vendor Specific Information Option Structure

An NKPU client and server that are using DHCPv6 exchange information in the form of a vendor-specific information option, as specified in [RFC3315] section 22.17. The DHCPv6 Vendor Specific Information Option structure consists of the following fields.


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

Option Code

Option Length

Enterprise Number

Option Data (variable)

...

...

Option Code (2 bytes): As specified in [RFC3315] section 22.17, this field is used to indicate the DHCPv6 Vendor Specific Information Option. The value of this field MUST be 0x0011.

Option Length (2 bytes): This field is set to the size of Option Data field, in bytes, plus 4.

Enterprise Number (4 bytes): This field MUST be set to 0x00000137 (decimal 311), which is the Microsoft Enterprise number [IANA-ENT] assigned by the Internet Assigned Numbers Authority (IANA).

Option Data (variable): This field contains the values of the Thumbprint and KP ADM elements (section 3.1.1) data as suboptions, as described in [RFC3315] section 22.17. It has the following two possible NKPU suboptions:

Certificate Thumbprint Suboption: This suboption MUST only be used in the client request.

Opt-Code (2 bytes): This field MUST be set to 1 (0x0001).

Option-Len (2 bytes): This field MUST be set to 20 (0x0014).

Option-Data: This field contains the SHA1 hash [FIPS180] of the encryption certificate that protects the KP ADM element data.

Encrypted Buffer Suboption:  Opt-Code (2 bytes): This field MUST be set to 2 (0x0002).

Option-Len (2 bytes): In the client request, this field MUST be set to 256 (0x0100), which is the length of the KP ADM element data as specified in section 3.1.1. In the server response, this field MUST be set to the length of the KPR ADM element as specified in section 3.2.1.

Option-Data: In a client request, this field contains the KP ADM element data. In a server response, this field contains the KPR ADM element.

When both suboptions are present, the Certificate Thumbprint Suboption MUST come before the Encrypted Buffer Suboption.