| < draft-herberg-manet-rfc6622-bis-01.txt | draft-herberg-manet-rfc6622-bis-02.txt > | |||
|---|---|---|---|---|
| Mobile Ad hoc Networking (MANET) U. Herberg | Mobile Ad hoc Networking (MANET) U. Herberg | |||
| Internet-Draft Fujitsu Laboratories of America | Internet-Draft Fujitsu Laboratories of America | |||
| Obsoletes: 6622 (if approved) T. Clausen | Obsoletes: 6622 (if approved) T. Clausen | |||
| Intended status: Standards Track LIX, Ecole Polytechnique | Intended status: Standards Track LIX, Ecole Polytechnique | |||
| Expires: August 29, 2013 C. Dearlove | Expires: September 19, 2013 C. Dearlove | |||
| BAE Systems ATC | BAE Systems ATC | |||
| February 25, 2013 | March 18, 2013 | |||
| Integrity Check Value and Timestamp TLV Definitions | Integrity Check Value and Timestamp TLV Definitions | |||
| for Mobile Ad Hoc Networks (MANETs) | for Mobile Ad Hoc Networks (MANETs) | |||
| draft-herberg-manet-rfc6622-bis-01 | draft-herberg-manet-rfc6622-bis-02 | |||
| Abstract | Abstract | |||
| This document extends and replaces RFC 6622. It describes general | This document extends and replaces RFC 6622. It describes general | |||
| and flexible TLVs for representing cryptographic Integrity Check | and flexible TLVs for representing cryptographic Integrity Check | |||
| Values (ICVs) (i.e., digital signatures or Message Authentication | Values (ICVs) (i.e., digital signatures or Message Authentication | |||
| Codes (MACs)) as well as timestamps, using the generalized Mobile Ad | Codes (MACs)) as well as timestamps, using the generalized Mobile Ad | |||
| Hoc Network (MANET) packet/message format defined in RFC 5444. It | Hoc Network (MANET) packet/message format defined in RFC 5444. It | |||
| defines two Packet TLVs, two Message TLVs, and two Address Block TLVs | defines two Packet TLVs, two Message TLVs, and two Address Block TLVs | |||
| for affixing ICVs and timestamps to a packet, a message, and an | for affixing ICVs and timestamps to a packet, a message, and an | |||
| skipping to change at page 1, line 41 ¶ | skipping to change at page 1, line 41 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on August 29, 2013. | This Internet-Draft will expire on September 19, 2013. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2013 IETF Trust and the persons identified as the | Copyright (c) 2013 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| carefully, as they describe your rights and restrictions with respect | carefully, as they describe your rights and restrictions with respect | |||
| to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
| include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
| the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
| described in the Simplified BSD License. | described in the Simplified BSD License. | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 1.1. Differences from RFC6622 . . . . . . . . . . . . . . . . . 3 | ||||
| 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 | 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 3. Applicability Statement . . . . . . . . . . . . . . . . . . . 3 | 3. Applicability Statement . . . . . . . . . . . . . . . . . . . 4 | |||
| 4. Security Architecture . . . . . . . . . . . . . . . . . . . . 4 | 4. Security Architecture . . . . . . . . . . . . . . . . . . . . 4 | |||
| 5. Overview and Functioning . . . . . . . . . . . . . . . . . . . 5 | 5. Overview and Functioning . . . . . . . . . . . . . . . . . . . 5 | |||
| 6. General ICV TLV Structure . . . . . . . . . . . . . . . . . . 6 | 6. General ICV TLV Structure . . . . . . . . . . . . . . . . . . 6 | |||
| 7. General Timestamp TLV Structure . . . . . . . . . . . . . . . 6 | 7. General Timestamp TLV Structure . . . . . . . . . . . . . . . 7 | |||
| 8. Packet TLVs . . . . . . . . . . . . . . . . . . . . . . . . . 7 | 8. Packet TLVs . . . . . . . . . . . . . . . . . . . . . . . . . 7 | |||
| 8.1. Packet ICV TLV . . . . . . . . . . . . . . . . . . . . . . 7 | 8.1. Packet ICV TLV . . . . . . . . . . . . . . . . . . . . . . 7 | |||
| 8.2. Packet TIMESTAMP TLV . . . . . . . . . . . . . . . . . . . 7 | 8.2. Packet TIMESTAMP TLV . . . . . . . . . . . . . . . . . . . 8 | |||
| 9. Message TLVs . . . . . . . . . . . . . . . . . . . . . . . . . 7 | 9. Message TLVs . . . . . . . . . . . . . . . . . . . . . . . . . 8 | |||
| 9.1. Message ICV TLV . . . . . . . . . . . . . . . . . . . . . 8 | 9.1. Message ICV TLV . . . . . . . . . . . . . . . . . . . . . 8 | |||
| 9.2. Message TIMESTAMP TLV . . . . . . . . . . . . . . . . . . 8 | 9.2. Message TIMESTAMP TLV . . . . . . . . . . . . . . . . . . 8 | |||
| 10. Address Block TLVs . . . . . . . . . . . . . . . . . . . . . . 8 | 10. Address Block TLVs . . . . . . . . . . . . . . . . . . . . . . 8 | |||
| 10.1. Address Block ICV TLV . . . . . . . . . . . . . . . . . . 8 | 10.1. Address Block ICV TLV . . . . . . . . . . . . . . . . . . 9 | |||
| 10.2. Address Block TIMESTAMP TLV . . . . . . . . . . . . . . . 9 | 10.2. Address Block TIMESTAMP TLV . . . . . . . . . . . . . . . 9 | |||
| 11. ICV: Basic . . . . . . . . . . . . . . . . . . . . . . . . . . 9 | 11. ICV: Basic . . . . . . . . . . . . . . . . . . . . . . . . . . 9 | |||
| 12. ICV: Hash Function and Cryptographic Function . . . . . . . . 9 | 12. ICV: Hash Function and Cryptographic Function . . . . . . . . 10 | |||
| 12.1. General ICV TLV Structure . . . . . . . . . . . . . . . . 9 | 12.1. General ICV TLV Structure . . . . . . . . . . . . . . . . 10 | |||
| 12.1.1. Rationale . . . . . . . . . . . . . . . . . . . . . . 10 | 12.1.1. Rationale . . . . . . . . . . . . . . . . . . . . . . 11 | |||
| 12.2. Considerations for Calculating the ICV . . . . . . . . . . 11 | 12.2. Considerations for Calculating the ICV . . . . . . . . . . 11 | |||
| 12.2.1. Packet ICV TLV . . . . . . . . . . . . . . . . . . . 11 | 12.2.1. Packet ICV TLV . . . . . . . . . . . . . . . . . . . 11 | |||
| 12.2.2. Message ICV TLV . . . . . . . . . . . . . . . . . . . 11 | 12.2.2. Message ICV TLV . . . . . . . . . . . . . . . . . . . 12 | |||
| 12.2.3. Address Block ICV TLV . . . . . . . . . . . . . . . . 11 | 12.2.3. Address Block ICV TLV . . . . . . . . . . . . . . . . 12 | |||
| 12.3. Example of a Message Including an ICV . . . . . . . . . . 12 | 12.3. Example of a Message Including an ICV . . . . . . . . . . 12 | |||
| 13. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13 | 13. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13 | |||
| 13.1. Expert Review: Evaluation Guidelines . . . . . . . . . . . 13 | 13.1. Expert Review: Evaluation Guidelines . . . . . . . . . . . 14 | |||
| 13.2. Packet TLV Type Registrations . . . . . . . . . . . . . . 13 | 13.2. Packet TLV Type Registrations . . . . . . . . . . . . . . 14 | |||
| 13.3. Message TLV Type Registrations . . . . . . . . . . . . . . 14 | 13.3. Message TLV Type Registrations . . . . . . . . . . . . . . 15 | |||
| 13.4. Address Block TLV Type Registrations . . . . . . . . . . . 15 | 13.4. Address Block TLV Type Registrations . . . . . . . . . . . 16 | |||
| 13.5. Hash Functions . . . . . . . . . . . . . . . . . . . . . . 16 | 13.5. Hash Functions . . . . . . . . . . . . . . . . . . . . . . 17 | |||
| 13.6. Cryptographic Functions . . . . . . . . . . . . . . . . . 17 | 13.6. Cryptographic Functions . . . . . . . . . . . . . . . . . 18 | |||
| 14. Security Considerations . . . . . . . . . . . . . . . . . . . 18 | 14. Security Considerations . . . . . . . . . . . . . . . . . . . 19 | |||
| 15. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 18 | 15. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 19 | |||
| 16. References . . . . . . . . . . . . . . . . . . . . . . . . . . 18 | 16. References . . . . . . . . . . . . . . . . . . . . . . . . . . 19 | |||
| 16.1. Normative References . . . . . . . . . . . . . . . . . . . 18 | 16.1. Normative References . . . . . . . . . . . . . . . . . . . 19 | |||
| 16.2. Informative References . . . . . . . . . . . . . . . . . . 20 | 16.2. Informative References . . . . . . . . . . . . . . . . . . 21 | |||
| 1. Introduction | 1. Introduction | |||
| This document, which extends and replaces [RFC6622], specifies: | This document, which extends and replaces [RFC6622], specifies: | |||
| o Two TLVs for carrying Integrity Check Values (ICVs) and timestamps | o Two TLVs for carrying Integrity Check Values (ICVs) and timestamps | |||
| in packets, messages, and address blocks as defined by [RFC5444]. | in packets, messages, and address blocks as defined by [RFC5444]. | |||
| o A generic framework for ICVs, accounting (for Message TLVs) for | o A generic framework for ICVs, accounting (for Message TLVs) for | |||
| mutable message header fields (<msg-hop-limit> and | mutable message header fields (<msg-hop-limit> and | |||
| skipping to change at page 3, line 26 ¶ | skipping to change at page 3, line 26 ¶ | |||
| This document retains the IANA registries, defined in [RFC6622], for | This document retains the IANA registries, defined in [RFC6622], for | |||
| recording code points for hash-functions, cryptographic functions, | recording code points for hash-functions, cryptographic functions, | |||
| and ICV calculations. This document requests additional allocations | and ICV calculations. This document requests additional allocations | |||
| from these registries. | from these registries. | |||
| Moreover, in Section 12, this document defines the following: | Moreover, in Section 12, this document defines the following: | |||
| o A method for generating ICVs using a combination of a | o A method for generating ICVs using a combination of a | |||
| cryptographic function and a hash function. | cryptographic function and a hash function. | |||
| 1.1. Differences from RFC6622 | ||||
| This document obsoletes [RFC6622]. The changes introduced by this | ||||
| document are, however, small. In addition to editorial updates, this | ||||
| document adds a new type extension for the ICV TLV that is specified | ||||
| in Section 12 of this document. The TLV value of TLV with this type | ||||
| extension has the same internal structure as A TLV with type | ||||
| extension 1, but is calculated also over the source address of the IP | ||||
| datagram carrying the packet, message, or address block. | ||||
| The rationale for adding this type extension is that some MANET | ||||
| protocols, such as [RFC6130] and [OLSRv2], use the IP source address | ||||
| of the IP datagram carrying the packet, message or address block, | ||||
| e.g., to identify links with neighbor routers. If this address is | ||||
| not otherwise contained in the packet, message, or address block | ||||
| payload (which is permitted, e.g., in [RFC6130]), the address is not | ||||
| protected against tampering. | ||||
| 2. Terminology | 2. Terminology | |||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and | "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and | |||
| "OPTIONAL" in this document are to be interpreted as described in | "OPTIONAL" in this document are to be interpreted as described in | |||
| [RFC2119]. | [RFC2119]. | |||
| This document uses the terminology and notation defined in [RFC5444]. | This document uses the terminology and notation defined in [RFC5444]. | |||
| In particular, the following TLV fields from [RFC5444] are used in | In particular, the following TLV fields from [RFC5444] are used in | |||
| this specification: | this specification: | |||
| End of changes. 13 change blocks. | ||||
| 25 lines changed or deleted | 44 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||