IKEv2 support for specifying a Delete notify reason

Internet-Draft	IKEv2 support for specifying a Delete no	October 2023
Antony, et al.	Expires 25 April 2024	[Page]

Abstract

This document defines the DELETE_REASON Notify Message Status Type Payload for the Internet Key Exchange Protocol Version 2 (IKEv2) to support adding a reason for the deletion of the IKE or Child SA(s).¶

Status of This Memo

This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶

This Internet-Draft will expire on 25 April 2024.¶

Copyright Notice

This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶

1. Introduction

The IKEv2 [RFC7296] protocol supports sending a Delete Notify message, but this message cannot convey the reason why a particular Child SA or IKE SA is being deleted. It can be useful to know why a certain IPsec IKE SA or Child SA was deleted by the peer. Sometimes, when the peer's operator notices a specific SA is down, they have no idea whether this is permanent or temporary problem, and have no idea how long an outage might last. The DELETE_REASON Notify message can be added to any exchange that contains a Delete (42) payload specifying an estimated duration and reason. Example reasons are specified in Section 5.¶

1.1. Requirements Language

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.¶

1.2. Payload Format

All multi-octet fields representing integers are laid out in big endian order (also known as "most significant byte first", or "network byte order").¶

2. DELETE_REASON Notify Status Message Payload

                    1                   2                   3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-----------------------------+-------------------------------+
! Next Payload  !C!  RESERVED   !         Payload Length        !
+---------------+---------------+-------------------------------+
!  Protocol ID  !   SPI Size    !      Notify Message Type      !
+---------------+---------------+-------------------------------+
!            Downtime           !                               !
+-------------------------------+  Reason Message               ~
~                                                               !
+-------------------------------+-------------------------------+

Protocol ID (1 octet) - MUST be 0. MUST be ignored if not 0.¶
SPI Size (1 octet) - MUST be 0. MUST be ignored if not 0.¶
Notify Status Message Type (2 octets) - set to [TBD1]¶
Downtime. A value in seconds for the expected downtime. 0 means unspecified.¶
Reason Message. May be empty. Otherwise a non-NULL terminated UTF-8 or ASCII text.¶

3. Operational Considerations

A DELETE_REASON payload MUST be ignored if the exchange does not contain a Delete payload. If multiple Delete payloads are present, the DELETE_REASON message applies to all of these. If separate different reasons should be conveyed for different Child SAs or IKE SA, those Delete messages and their accompanied DELETE_REASON messages should be sent in separate Informational Exchange messages.¶

4. Security Considerations

Any timing information and reason should be treated as an informational "best effort" message from the peer's operator. A DELETE_REASON message SHOULD NOT change the behaviour of the IKE implementation other than logging the message or triggering an informational or alert message.¶

As with all received free-form text data, the receiver MUST treat the DELETE_REASON notify data as untrusted. It SHOULD strip or replace any characters not deemd regular text, for example the dollar sign ($), braces, backticks and backslashes. The Reason Message MUST NOT be assumed to be safe to display. It MUST NOT be assumed to be NULL terminated, which means common string operations such as strlen() MUST NOT be used without precautions. After the data has been processed and confirmed safe, it can be used for logging or as messages in notification systems.¶

5. Example Messages

This section specifies short example messages that could be used to convey common reasons that implementations might have for deleting SAs.¶

Reason Message: Meaning of the Reason Message¶
"SERVICE_SHUTDOWN": The IKE service is being shut down¶
"SERVICE_RESTART": The IKE service is being restarted¶
"HOST_SHUTDOWN": The host running the IKE service is being shut down¶
"HOST_RESTART": The host running the IKE service is being restarted¶
"CONFIGURATION_CHILD_REMOVED": The Child SA was removed from the peer's configuration¶
"CONFIGURATION_IKE_REMOVED": The IKE SA was removed from the peer's configuration¶
"ADMINISTRATIVELY_DOWN": The SA was brought down by the operator¶
"IDLE_TIMEOUT": The SA was inactive and brought down automatically by the system¶
"INITIAL_CONTACT_REPLACED": A new IKE SA with this peer was established that signaled INITIAL_CONTACT¶
"SIMULTANEOUS_REKEY": The peers ended up rekeying at once, and this SA lost in favour of the other¶
"RE_AUTHENTICATED": A new IKE SA with this peer was established for re-authentication purposes¶
"REDIRECTION_ACCEPTED": The redirection request was accepted and established, obsoleting this old SA¶
"LIFETIME_EXCEEDED": The SA reached its local lifetime counter (bytes or seconds or packets) and was not rekeyed in time¶

6. Implementation Status

[Note to RFC Editor: Please remove this section and the reference to [RFC6982] before publication.]¶

This section records the status of known implementations of the protocol defined by this specification at the time of posting of this Internet-Draft, and is based on a proposal described in [RFC7942]. The description of implementations in this section is intended to assist the IETF in its decision processes in progressing drafts to RFCs. Please note that the listing of any individual implementation here does not imply endorsement by the IETF. Furthermore, no effort has been spent to verify the information presented here that was supplied by IETF contributors. This is not intended as, and must not be construed to be, a catalog of available implementations or their features. Readers are advised to note that other implementations may exist.¶

According to [RFC7942], "this will allow reviewers and working groups to assign due consideration to documents that have the benefit of running code, which may serve as evidence of valuable experimentation and feedback that have made the implemented protocols more mature. It is up to the individual working groups to use this information as they see fit".¶

Authors are requested to add a note to the RFC Editor at the top of this section, advising the Editor to remove the entire section before publication, as well as the reference to [RFC7942].¶

6.1. Libreswan

Organization:: The Libreswan Project¶
Name:: https://libreswan.org/¶
Description:: An initial IKE implementation using the Private Use value 40960 for the Notify payload¶
Level of maturity:: Beta¶
Coverage:: Implements the draft's example reasons¶
Licensing:: GPLv2¶
Implementation experience:: TBD¶
Contact:: Libreswan Development: swan-dev@libreswan.org¶

7. IANA Considerations

This document defines one new IKEv2 Notify Message Type payload for the IANA "IKEv2 Notify Message Types - Status Types" registry.¶

      Value   Notify Type Messages - Status Types    Reference
      -----   ------------------------------    ---------------
      [TBD1]   DELETE_REASON                    [this document]

Figure 1

8. References

8.1. Normative References

[RFC2119]: Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, <https://www.rfc-editor.org/info/rfc2119>.
[RFC7296]: Kaufman, C., Hoffman, P., Nir, Y., Eronen, P., and T. Kivinen, "Internet Key Exchange Protocol Version 2 (IKEv2)", STD 79, RFC 7296, DOI 10.17487/RFC7296, October 2014, <https://www.rfc-editor.org/info/rfc7296>.
[RFC8174]: Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, <https://www.rfc-editor.org/info/rfc8174>.

8.2. Informative References

[RFC6982]: Sheffer, Y. and A. Farrel, "Improving Awareness of Running Code: The Implementation Status Section", RFC 6982, DOI 10.17487/RFC6982, July 2013, <https://www.rfc-editor.org/info/rfc6982>.
[RFC7942]: Sheffer, Y. and A. Farrel, "Improving Awareness of Running Code: The Implementation Status Section", BCP 205, RFC 7942, DOI 10.17487/RFC7942, July 2016, <https://www.rfc-editor.org/info/rfc7942>.