| < draft-smyslov-ipsecme-rfc8229bis-01.txt | draft-smyslov-ipsecme-rfc8229bis-02.txt > | |||
|---|---|---|---|---|
| Network Working Group V. Smyslov | Network Working Group V. Smyslov | |||
| Internet-Draft ELVIS-PLUS | Internet-Draft ELVIS-PLUS | |||
| Obsoletes: 8229 (if approved) T. Pauly | Obsoletes: 8229 (if approved) T. Pauly | |||
| Intended status: Standards Track Apple Inc. | Intended status: Standards Track Apple Inc. | |||
| Expires: November 16, 2020 May 15, 2020 | Expires: May 2, 2021 October 29, 2020 | |||
| TCP Encapsulation of IKE and IPsec Packets | TCP Encapsulation of IKE and IPsec Packets | |||
| draft-smyslov-ipsecme-rfc8229bis-01 | draft-smyslov-ipsecme-rfc8229bis-02 | |||
| Abstract | Abstract | |||
| This document describes a method to transport Internet Key Exchange | This document describes a method to transport Internet Key Exchange | |||
| Protocol (IKE) and IPsec packets over a TCP connection for traversing | Protocol (IKE) and IPsec packets over a TCP connection for traversing | |||
| network middleboxes that may block IKE negotiation over UDP. This | network middleboxes that may block IKE negotiation over UDP. This | |||
| method, referred to as "TCP encapsulation", involves sending both IKE | method, referred to as "TCP encapsulation", involves sending both IKE | |||
| packets for Security Association establishment and Encapsulating | packets for Security Association establishment and Encapsulating | |||
| Security Payload (ESP) packets over a TCP connection. This method is | Security Payload (ESP) packets over a TCP connection. This method is | |||
| intended to be used as a fallback option when IKE cannot be | intended to be used as a fallback option when IKE cannot be | |||
| skipping to change at page 1, line 43 ¶ | skipping to change at page 1, line 43 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on November 16, 2020. | This Internet-Draft will expire on May 2, 2021. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2020 IETF Trust and the persons identified as the | Copyright (c) 2020 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (https://trustee.ietf.org/license-info) in effect on the date of | (https://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 3, line 6 ¶ | skipping to change at page 3, line 6 ¶ | |||
| 10.3. Quality-of-Service Markings . . . . . . . . . . . . . . 18 | 10.3. Quality-of-Service Markings . . . . . . . . . . . . . . 18 | |||
| 10.4. Maximum Segment Size . . . . . . . . . . . . . . . . . . 19 | 10.4. Maximum Segment Size . . . . . . . . . . . . . . . . . . 19 | |||
| 10.5. Tunneling ECN in TCP . . . . . . . . . . . . . . . . . . 19 | 10.5. Tunneling ECN in TCP . . . . . . . . . . . . . . . . . . 19 | |||
| 11. Security Considerations . . . . . . . . . . . . . . . . . . . 19 | 11. Security Considerations . . . . . . . . . . . . . . . . . . . 19 | |||
| 12. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 20 | 12. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 20 | |||
| 13. References . . . . . . . . . . . . . . . . . . . . . . . . . 20 | 13. References . . . . . . . . . . . . . . . . . . . . . . . . . 20 | |||
| 13.1. Normative References . . . . . . . . . . . . . . . . . . 20 | 13.1. Normative References . . . . . . . . . . . . . . . . . . 20 | |||
| 13.2. Informative References . . . . . . . . . . . . . . . . . 21 | 13.2. Informative References . . . . . . . . . . . . . . . . . 21 | |||
| Appendix A. Using TCP Encapsulation with TLS . . . . . . . . . . 23 | Appendix A. Using TCP Encapsulation with TLS . . . . . . . . . . 23 | |||
| Appendix B. Example Exchanges of TCP Encapsulation with TLS 1.2 23 | Appendix B. Example Exchanges of TCP Encapsulation with TLS 1.3 23 | |||
| B.1. Establishing an IKE Session . . . . . . . . . . . . . . . 23 | B.1. Establishing an IKE Session . . . . . . . . . . . . . . . 23 | |||
| B.2. Deleting an IKE Session . . . . . . . . . . . . . . . . . 25 | B.2. Deleting an IKE Session . . . . . . . . . . . . . . . . . 25 | |||
| B.3. Re-establishing an IKE Session . . . . . . . . . . . . . 26 | B.3. Re-establishing an IKE Session . . . . . . . . . . . . . 26 | |||
| B.4. Using MOBIKE between UDP and TCP Encapsulation . . . . . 27 | B.4. Using MOBIKE between UDP and TCP Encapsulation . . . . . 27 | |||
| Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 29 | Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 28 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 29 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 29 | |||
| 1. Introduction | 1. Introduction | |||
| The Internet Key Exchange Protocol version 2 (IKEv2) [RFC7296] is a | The Internet Key Exchange Protocol version 2 (IKEv2) [RFC7296] is a | |||
| protocol for establishing IPsec Security Associations (SAs), using | protocol for establishing IPsec Security Associations (SAs), using | |||
| IKE messages over UDP for control traffic, and using Encapsulating | IKE messages over UDP for control traffic, and using Encapsulating | |||
| Security Payload (ESP) [RFC4303] messages for encrypted data traffic. | Security Payload (ESP) [RFC4303] messages for encrypted data traffic. | |||
| Many network middleboxes that filter traffic on public hotspots block | Many network middleboxes that filter traffic on public hotspots block | |||
| all UDP traffic, including IKE and IPsec, but allow TCP connections | all UDP traffic, including IKE and IPsec, but allow TCP connections | |||
| skipping to change at page 23, line 46 ¶ | skipping to change at page 23, line 46 ¶ | |||
| algorithms and at the time of writing this document there was no | algorithms and at the time of writing this document there was no | |||
| recommended cipher suite for TLS 1.3 with the NULL cipher. | recommended cipher suite for TLS 1.3 with the NULL cipher. | |||
| Implementations should be aware that the use of TLS introduces | Implementations should be aware that the use of TLS introduces | |||
| another layer of overhead requiring more bytes to transmit a given | another layer of overhead requiring more bytes to transmit a given | |||
| IKE and IPsec packet. For this reason, direct ESP, UDP | IKE and IPsec packet. For this reason, direct ESP, UDP | |||
| encapsulation, or TCP encapsulation without TLS should be preferred | encapsulation, or TCP encapsulation without TLS should be preferred | |||
| in situations in which TLS is not required in order to traverse | in situations in which TLS is not required in order to traverse | |||
| middleboxes. | middleboxes. | |||
| Appendix B. Example Exchanges of TCP Encapsulation with TLS 1.2 | Appendix B. Example Exchanges of TCP Encapsulation with TLS 1.3 | |||
| B.1. Establishing an IKE Session | B.1. Establishing an IKE Session | |||
| Client Server | Client Server | |||
| ---------- ---------- | ---------- ---------- | |||
| 1) -------------------- TCP Connection ------------------- | 1) -------------------- TCP Connection ------------------- | |||
| (IP_I:Port_I -> IP_R:Port_R) | (IP_I:Port_I -> IP_R:Port_R) | |||
| TcpSyn ----------> | TcpSyn ----------> | |||
| <---------- TcpSyn,Ack | <---------- TcpSyn,Ack | |||
| TcpAck ----------> | TcpAck ----------> | |||
| 2) --------------------- TLS Session --------------------- | 2) --------------------- TLS Session --------------------- | |||
| ClientHello ----------> | ClientHello ----------> | |||
| ServerHello | ServerHello | |||
| Certificate* | {EncryptedExtensions} | |||
| ServerKeyExchange* | {Certificate*} | |||
| <---------- ServerHelloDone | {CertificateVerify*} | |||
| ClientKeyExchange | <---------- {Finished} | |||
| CertificateVerify* | {Finished} ----------> | |||
| [ChangeCipherSpec] | ||||
| Finished ----------> | ||||
| [ChangeCipherSpec] | ||||
| <---------- Finished | ||||
| 3) ---------------------- Stream Prefix -------------------- | 3) ---------------------- Stream Prefix -------------------- | |||
| "IKETCP" ----------> | "IKETCP" ----------> | |||
| 4) ----------------------- IKE Session --------------------- | 4) ----------------------- IKE Session --------------------- | |||
| Length + Non-ESP Marker ----------> | Length + Non-ESP Marker ----------> | |||
| IKE_SA_INIT | IKE_SA_INIT | |||
| HDR, SAi1, KEi, Ni, | HDR, SAi1, KEi, Ni, | |||
| [N(NAT_DETECTION_*_IP)] | [N(NAT_DETECTION_*_IP)] | |||
| <------ Length + Non-ESP Marker | <------ Length + Non-ESP Marker | |||
| IKE_SA_INIT | IKE_SA_INIT | |||
| skipping to change at page 27, line 4 ¶ | skipping to change at page 26, line 14 ¶ | |||
| 2. The client and server negotiate TLS session deletion using TLS | 2. The client and server negotiate TLS session deletion using TLS | |||
| CLOSE_NOTIFY. | CLOSE_NOTIFY. | |||
| 3. The TCP connection is torn down. | 3. The TCP connection is torn down. | |||
| The deletion of the IKE SA should lead to the disposal of the | The deletion of the IKE SA should lead to the disposal of the | |||
| underlying TLS and TCP state. | underlying TLS and TCP state. | |||
| B.3. Re-establishing an IKE Session | B.3. Re-establishing an IKE Session | |||
| Client Server | Client Server | |||
| ---------- ---------- | ---------- ---------- | |||
| 1) -------------------- TCP Connection ------------------- | 1) -------------------- TCP Connection ------------------- | |||
| (IP_I:Port_I -> IP_R:Port_R) | (IP_I:Port_I -> IP_R:Port_R) | |||
| TcpSyn ----------> | TcpSyn ----------> | |||
| <---------- TcpSyn,Ack | <---------- TcpSyn,Ack | |||
| TcpAck ----------> | TcpAck ----------> | |||
| 2) --------------------- TLS Session --------------------- | 2) --------------------- TLS Session --------------------- | |||
| ClientHello ----------> | ClientHello ----------> | |||
| <---------- ServerHello | ServerHello | |||
| [ChangeCipherSpec] | {EncryptedExtensions} | |||
| Finished | <---------- {Finished} | |||
| [ChangeCipherSpec] ----------> | {Finished} ----------> | |||
| Finished | ||||
| 3) ---------------------- Stream Prefix -------------------- | 3) ---------------------- Stream Prefix -------------------- | |||
| "IKETCP" ----------> | "IKETCP" ----------> | |||
| 4) <---------------------> IKE/ESP Flow <------------------> | 4) <---------------------> IKE/ESP Flow <------------------> | |||
| Length + ESP Frame ----------> | Length + ESP Frame ----------> | |||
| Figure 7 | Figure 7 | |||
| 1. If a previous TCP connection was broken (for example, due to a | 1. If a previous TCP connection was broken (for example, due to a | |||
| TCP Reset), the client is responsible for re-initiating the TCP | TCP Reset), the client is responsible for re-initiating the TCP | |||
| connection. The TCP Originator's address and port (IP_I and | connection. The TCP Originator's address and port (IP_I and | |||
| Port_I) may be different from the previous connection's address | Port_I) may be different from the previous connection's address | |||
| and port. | and port. | |||
| 2. In the ClientHello TLS message, the client SHOULD send the | 2. The client SHOULD attempt TLS session resumption if it has | |||
| session ID it received in the previous TLS handshake if | previously established a session with the server. | |||
| available. It is up to the server to perform either an | ||||
| abbreviated handshake or a full handshake based on the session ID | ||||
| match. | ||||
| 3. After TCP and TLS are complete, the client sends the stream | 3. After TCP and TLS are complete, the client sends the stream | |||
| prefix for TCP-encapsulated IKE traffic (Section 5). | prefix for TCP-encapsulated IKE traffic (Section 5). | |||
| 4. The IKE and ESP packet flow can resume. If MOBIKE is being used, | 4. The IKE and ESP packet flow can resume. If MOBIKE is being used, | |||
| the Initiator SHOULD send an UPDATE_SA_ADDRESSES message. | the Initiator SHOULD send an UPDATE_SA_ADDRESSES message. | |||
| B.4. Using MOBIKE between UDP and TCP Encapsulation | B.4. Using MOBIKE between UDP and TCP Encapsulation | |||
| Client Server | Client Server | |||
| skipping to change at page 28, line 30 ¶ | skipping to change at page 27, line 40 ¶ | |||
| N(NAT_DETECTION_SOURCE_IP), | N(NAT_DETECTION_SOURCE_IP), | |||
| N(NAT_DETECTION_DESTINATION_IP) } | N(NAT_DETECTION_DESTINATION_IP) } | |||
| 3) -------------------- TCP Connection ------------------- | 3) -------------------- TCP Connection ------------------- | |||
| (IP_I2:Port_I -> IP_R:Port_R) | (IP_I2:Port_I -> IP_R:Port_R) | |||
| TcpSyn -----------> | TcpSyn -----------> | |||
| <----------- TcpSyn,Ack | <----------- TcpSyn,Ack | |||
| TcpAck -----------> | TcpAck -----------> | |||
| 4) --------------------- TLS Session --------------------- | 4) --------------------- TLS Session --------------------- | |||
| ClientHello -----------> | ClientHello ----------> | |||
| ServerHello | ServerHello | |||
| Certificate* | {EncryptedExtensions} | |||
| ServerKeyExchange* | {Certificate*} | |||
| <----------- ServerHelloDone | {CertificateVerify*} | |||
| ClientKeyExchange | <---------- {Finished} | |||
| CertificateVerify* | {Finished} ----------> | |||
| [ChangeCipherSpec] | ||||
| Finished -----------> | ||||
| [ChangeCipherSpec] | ||||
| <----------- Finished | ||||
| 5) ---------------------- Stream Prefix -------------------- | 5) ---------------------- Stream Prefix -------------------- | |||
| "IKETCP" ----------> | "IKETCP" ----------> | |||
| 6) ----------------------- IKE Session --------------------- | 6) ----------------------- IKE Session --------------------- | |||
| Length + Non-ESP Marker -----------> | Length + Non-ESP Marker -----------> | |||
| INFORMATIONAL (Same as step 2) | INFORMATIONAL (Same as step 2) | |||
| HDR, SK { N(UPDATE_SA_ADDRESSES), | HDR, SK { N(UPDATE_SA_ADDRESSES), | |||
| N(NAT_DETECTION_SOURCE_IP), | N(NAT_DETECTION_SOURCE_IP), | |||
| N(NAT_DETECTION_DESTINATION_IP) } | N(NAT_DETECTION_DESTINATION_IP) } | |||
| End of changes. 12 change blocks. | ||||
| 35 lines changed or deleted | 24 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||