| < draft-kampati-ipsecme-ikev2-sa-ts-payloads-opt-03.txt | draft-kampati-ipsecme-ikev2-sa-ts-payloads-opt-04.txt > | |||
|---|---|---|---|---|
| IPSECME Working Group S. Kampati | IPSECME Working Group S. Kampati | |||
| Internet-Draft M. Bharath | Internet-Draft W. Pan | |||
| Intended status: Standards Track W. Pan | Intended status: Standards Track Huawei | |||
| Expires: September 8, 2021 Huawei | Expires: October 22, 2021 M. Bharath | |||
| March 07, 2021 | Mavenir | |||
| M. Chen | ||||
| CMCC | ||||
| April 20, 2021 | ||||
| IKEv2 Optional SA&TS Payloads in Child Exchange | IKEv2 Optional SA&TS Payloads in Child Exchange | |||
| draft-kampati-ipsecme-ikev2-sa-ts-payloads-opt-03 | draft-kampati-ipsecme-ikev2-sa-ts-payloads-opt-04 | |||
| Abstract | Abstract | |||
| This document describes a method for reducing the size of the | This document describes a method for reducing the size of the | |||
| Internet Key Exchange version 2 (IKEv2) exchanges at time of rekeying | Internet Key Exchange version 2 (IKEv2) exchanges at time of rekeying | |||
| IKE SAs and Child SAs by removing or making optional of SA & TS | IKE SAs and Child SAs by removing or making optional of SA & TS | |||
| payloads. Reducing size of IKEv2 exchanges is desirable for low | payloads. Reducing size of IKEv2 exchanges is desirable for low | |||
| power consumption battery powered devices. It also helps to avoid IP | power consumption battery powered devices. It also helps to avoid IP | |||
| fragmentation of IKEv2 messages. | fragmentation of IKEv2 messages. | |||
| skipping to change at page 1, line 36 ¶ | skipping to change at page 1, line 39 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on September 8, 2021. | This Internet-Draft will expire on October 22, 2021. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2021 IETF Trust and the persons identified as the | Copyright (c) 2021 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (https://trustee.ietf.org/license-info) in effect on the date of | (https://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 2, line 34 ¶ | skipping to change at page 2, line 37 ¶ | |||
| 3.3.2. Rekeying Child SAs When Responder's Cryptographic | 3.3.2. Rekeying Child SAs When Responder's Cryptographic | |||
| Suites or ACL Configuration Changed . . . . . . . . . 8 | Suites or ACL Configuration Changed . . . . . . . . . 8 | |||
| 4. Payload Formats . . . . . . . . . . . . . . . . . . . . . . . 9 | 4. Payload Formats . . . . . . . . . . . . . . . . . . . . . . . 9 | |||
| 4.1. MINIMAL_REKEY_SUPPORTED Notification . . . . . . . . . . 9 | 4.1. MINIMAL_REKEY_SUPPORTED Notification . . . . . . . . . . 9 | |||
| 4.2. SA_UNCHANGED Notification . . . . . . . . . . . . . . . . 10 | 4.2. SA_UNCHANGED Notification . . . . . . . . . . . . . . . . 10 | |||
| 4.3. SA_TS_UNCHANGED Notification . . . . . . . . . . . . . . 10 | 4.3. SA_TS_UNCHANGED Notification . . . . . . . . . . . . . . 10 | |||
| 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11 | 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11 | |||
| 6. Security Considerations . . . . . . . . . . . . . . . . . . . 11 | 6. Security Considerations . . . . . . . . . . . . . . . . . . . 11 | |||
| 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 11 | 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 11 | |||
| 7.1. Normative References . . . . . . . . . . . . . . . . . . 11 | 7.1. Normative References . . . . . . . . . . . . . . . . . . 11 | |||
| 7.2. Informative References . . . . . . . . . . . . . . . . . 11 | 7.2. Informative References . . . . . . . . . . . . . . . . . 12 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 12 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 12 | |||
| 1. Introduction | 1. Introduction | |||
| The Internet Key Exchange protocol version 2 (IKEv2) specified in | The Internet Key Exchange protocol version 2 (IKEv2) specified in | |||
| [RFC7296] is used in the IP Security (IPsec) architecture for the | [RFC7296] is used in the IP Security (IPsec) architecture for the | |||
| purposes of Security Association (SA) parameters negotiation and | purposes of Security Association (SA) parameters negotiation and | |||
| authenticated key exchange. The protocol uses UDP as the transport | authenticated key exchange. The protocol uses UDP as the transport | |||
| for its messages, which size varies from less than one hundred bytes | for its messages, which size varies from less than one hundred bytes | |||
| to several kilobytes. | to several kilobytes. | |||
| skipping to change at page 3, line 50 ¶ | skipping to change at page 4, line 4 ¶ | |||
| capitals, as shown here. | capitals, as shown here. | |||
| 3. Protocol Details | 3. Protocol Details | |||
| This section provides protocol details and contains the normative | This section provides protocol details and contains the normative | |||
| parts. | parts. | |||
| Before using this new optimization, the IPSec implementation who | Before using this new optimization, the IPSec implementation who | |||
| supports it has to know that the peer also supports it. Without the | supports it has to know that the peer also supports it. Without the | |||
| support on both sides, the optimized rekeying messages sent by one | support on both sides, the optimized rekeying messages sent by one | |||
| peer may be unrecognizable for the other peer. To stop this failure | peer may be unrecognizable for the other peer. To prevent this | |||
| from happening, the first step is to negotiate the support of this | failure from happening, the first step is to negotiate the support of | |||
| optimization between the two peers. There are two specific rekeying | this optimization between the two peers. There are two specific | |||
| SAs cases: rekeying IKE SAs and rekeying Child SAs. After the | rekeying SAs cases: rekeying IKE SAs and rekeying Child SAs. After | |||
| negotiation, it's up to the initiator to decide at which case to | the negotiation, the initiator can optimize the rekeying message | |||
| optimize the rekeying messages. The initiator can optimize the | payloads in both cases. In other words, once the negotiation of | |||
| rekeying message payloads in both cases, or just in one case. The | support for optimizing payloads at rekeying IKE SAs and Child SAs is | |||
| responder can react based on the received rekeying message. | complete, both IKE SAs and Child SAs rekeying are supported by the | |||
| two sides. The responder can react based on the received rekeying | ||||
| message. | ||||
| 3.1. Negotiation of Support for Optimizing Optional Payload at Rekeying | 3.1. Negotiation of Support for Optimizing Optional Payload at Rekeying | |||
| IKE SAs and Child SAs | IKE SAs and Child SAs | |||
| The initiator indicates its support for optimizing optional payloads | The initiator indicates its support for optimizing optional payloads | |||
| at rekeying IKE SAs and Child SAs by including a Notify payload of | at rekeying IKE SAs and Child SAs by including a Notify payload of | |||
| type MINIMAL_REKEY_SUPPORTED in the IKE_AUTH request message. By | type MINIMAL_REKEY_SUPPORTED in the IKE_AUTH request message. By | |||
| observing the MINIMAL_REKEY_SUPPORTED notification in the received | observing the MINIMAL_REKEY_SUPPORTED notification in the received | |||
| message, the responder can deduce the initiator's support of this | message, the responder can deduce the initiator's support of this | |||
| extension. If the responder also supports this extension, it | extension. If the responder also supports this extension, it | |||
| skipping to change at page 5, line 14 ¶ | skipping to change at page 5, line 22 ¶ | |||
| 3.2. Payload Optimization at Rekeying IKE SAs | 3.2. Payload Optimization at Rekeying IKE SAs | |||
| The payload optimization at rekeying IKE SAs MUST NOT be used unless | The payload optimization at rekeying IKE SAs MUST NOT be used unless | |||
| both peers have indicated their support of this extension by using | both peers have indicated their support of this extension by using | |||
| the negotiation method described in Section 3.1. If the initiator | the negotiation method described in Section 3.1. If the initiator | |||
| decides to optimize the payloads at the time of rekeying IKE SAs, | decides to optimize the payloads at the time of rekeying IKE SAs, | |||
| then it includes the SA_UNCHANGED notification in its CREATE_CHILD_SA | then it includes the SA_UNCHANGED notification in its CREATE_CHILD_SA | |||
| exchange message. If the initiator decides not to do the | exchange message. If the initiator decides not to do the | |||
| optimization, then it just sends the rekeying request message as the | optimization, then it just sends the rekeying request message as the | |||
| original way, the rekeying is conducted as [RFC7296] defined. | original way, the rekeying is conducted as [RFC7296] defined. If the | |||
| initiator and responder decides to do the optimization, then the IKE | ||||
| SA rekeying uses PFS by default. | ||||
| 3.2.1. Rekeying IKE SAs When No Change of Initiator and Responder's | 3.2.1. Rekeying IKE SAs When No Change of Initiator and Responder's | |||
| Cryptographic Suites | Cryptographic Suites | |||
| At the time of rekeying an IKE SA, when the initiator determines | At the time of rekeying an IKE SA, when the initiator determines | |||
| there is no change on its cryptographic suites since this IKE SA was | there is no change on its cryptographic suites since this IKE SA was | |||
| created or last rekeyed, it MAY send the SA_UNCHANGED notification | created or last rekeyed, it MAY send the SA_UNCHANGED notification | |||
| payload instead of the SA payloads in the rekeying request message. | payload instead of the SA payloads in the rekeying request message. | |||
| In this SA_UNCHANGED notification, it contains the initiator's new | In this SA_UNCHANGED notification, it contains the initiator's new | |||
| Security Parameter Index (SPI) used for creating the new IKE SA. | Security Parameter Index (SPI) used for creating the new IKE SA. | |||
| skipping to change at page 5, line 48 ¶ | skipping to change at page 6, line 13 ¶ | |||
| The CREATE_CHILD_SA message exchange in this case is shown below: | The CREATE_CHILD_SA message exchange in this case is shown below: | |||
| Initiator Responder | Initiator Responder | |||
| -------------------------------------------------------------------- | -------------------------------------------------------------------- | |||
| HDR, SK {N(SA_UNCHANGED), Ni, KEi} --> | HDR, SK {N(SA_UNCHANGED), Ni, KEi} --> | |||
| <-- HDR, SK {N(SA_UNCHANGED), Nr, KEr} | <-- HDR, SK {N(SA_UNCHANGED), Nr, KEr} | |||
| The initiator sends a SA_UNCHANGED notification payload, a Nonce | The initiator sends a SA_UNCHANGED notification payload, a Nonce | |||
| payload and a Diffie-Hellman value in the KEi payload. A new | payload and a Diffie-Hellman value in the KEi payload. A new | |||
| initiator SPI is supplied in the SPI field of the SA_UNCHANGED | initiator SPI is supplied in the SPI field of the SA_UNCHANGED | |||
| notification payload. | notification payload. These messages also follow the original PFS | |||
| with the signature and encryption algorithms used as last message. | ||||
| The responder replies (using the same Message ID to respond) with a | The responder replies (using the same Message ID to respond) with a | |||
| SA_UNCHANGED notification payload, a Nonce payload and a Diffie- | SA_UNCHANGED notification payload, a Nonce payload and a Diffie- | |||
| Hellman value in the KEr payload. A new responder SPI is supplied in | Hellman value in the KEr payload. A new responder SPI is supplied in | |||
| the SPI field of the SA_UNCHANGED notification payload. | the SPI field of the SA_UNCHANGED notification payload. | |||
| This SA_UNCHANGED notification MUST be included in a CREATE_CHILD_SA | This SA_UNCHANGED notification MUST be included in a CREATE_CHILD_SA | |||
| exchange message when there is no SA payloads included. When the | exchange message when there is no SA payloads included. When the | |||
| SA_UNCHANGED notification payload is included, the SA payload MUST | SA_UNCHANGED notification payload is included, the SA payload MUST | |||
| NOT be included. | NOT be included. | |||
| skipping to change at page 10, line 37 ¶ | skipping to change at page 10, line 43 ¶ | |||
| IANA>, the value assigned for the SA_UNCHANGED notification. | IANA>, the value assigned for the SA_UNCHANGED notification. | |||
| o SPI (8 octets) - Security Parameter Index. The initiator sends | o SPI (8 octets) - Security Parameter Index. The initiator sends | |||
| initiator SPI. The responder sends responder SPI. | initiator SPI. The responder sends responder SPI. | |||
| 4.3. SA_TS_UNCHANGED Notification | 4.3. SA_TS_UNCHANGED Notification | |||
| The SA_TS_UNCHANGED notification is used to replace the SA payloads | The SA_TS_UNCHANGED notification is used to replace the SA payloads | |||
| and TS payloads at the time of rekeying Child SAs when there is no | and TS payloads at the time of rekeying Child SAs when there is no | |||
| change of cryptographic suites and ACL configuration in initiator or | change of cryptographic suites and ACL configuration in initiator or | |||
| responder. It is formatted as follows: | responder. The SPI of the new Child SA is included in this payload, | |||
| and the SPI of the old Child SA is in the REKEY_SA notification | ||||
| payload. The SA_TS_UNCHANGED notification is formatted as follows: | ||||
| 0 1 2 3 | 0 1 2 3 | |||
| 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| | Next Payload |C| RESERVED | Payload Length | | | Next Payload |C| RESERVED | Payload Length | | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| |Protocol ID | SPI Size (=4) | Notify Message Type | | |Protocol ID | SPI Size (=4) | Notify Message Type | | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| | Security Parameter Index (SPI) | | | Security Parameter Index (SPI) | | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| skipping to change at page 12, line 15 ¶ | skipping to change at page 12, line 32 ¶ | |||
| Authors' Addresses | Authors' Addresses | |||
| Sandeep Kampati | Sandeep Kampati | |||
| Huawei Technologies | Huawei Technologies | |||
| Divyashree Techno Park, Whitefield | Divyashree Techno Park, Whitefield | |||
| Bangalore, Karnataka 560066 | Bangalore, Karnataka 560066 | |||
| India | India | |||
| Email: sandeepkampati@huawei.com | Email: sandeepkampati@huawei.com | |||
| Meduri S S Bharath | ||||
| Huawei Technologies | ||||
| Divyashree Techno Park, Whitefield | ||||
| Bangalore, Karnataka 560066 | ||||
| India | ||||
| Email: MeduriS.Bharath@huawei.com | ||||
| Wei Pan | Wei Pan | |||
| Huawei Technologies | Huawei Technologies | |||
| 101 Software Avenue, Yuhuatai District | 101 Software Avenue, Yuhuatai District | |||
| Nanjing, Jiangsu | Nanjing, Jiangsu | |||
| China | China | |||
| Email: william.panwei@huawei.com | Email: william.panwei@huawei.com | |||
| Meduri S S Bharath | ||||
| Mavenir Systems Pvt Ltd | ||||
| Manyata Tech Park | ||||
| Bangalore, Karnataka | ||||
| India | ||||
| Email: bharath.meduri@mavenir.com | ||||
| Meiling Chen | ||||
| China Mobile | ||||
| 32 Xuanwumen West Street, West District | ||||
| Beijing, Beijing 100053 | ||||
| Email: chenmeiling@chinamobile.com | ||||
| End of changes. 10 change blocks. | ||||
| 26 lines changed or deleted | 28 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||