idnits 2.17.1 draft-barnes-mikey-sakke-mcptt-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (May 26, 2016) is 2885 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- == Missing Reference: 'RFCxxxx' is mentioned on line 208, but not defined Summary: 0 errors (**), 0 flaws (~~), 2 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Internet Engineering Task Force M. Barnes 3 Internet-Draft 4 Intended status: Informational A. Allen 5 Expires: November 27, 2016 Blackberry 6 May 26, 2016 8 Mission Critical Push-to-Talk (MCPTT) Group Key Transport using MIKEY- 9 SAKKE 10 draft-barnes-mikey-sakke-mcptt-00.txt 12 Abstract 14 3GPP TS 33.179 defines the group services and system aspects for the 15 Security of Mission Critical Push-To-Talk (MCPTT) service. To create 16 a group's security association, a Group Master Key (GMK) and 17 associated identifier (GMK-ID) is distributed to MCPTT User Equipment 18 (UE) by a Group Management Server (GMS). The GMK is distributed 19 encrypted specifically to a user and signed using an identity 20 representing the Group Management Server. The GMK is distributed 21 within a Group Key Transport payload, which is a MIKEY-SAKKE 22 I_MESSAGE, as defined in RFC 6509, which ensures the confidentiality, 23 integrity and authenticity of the payload. In order to convey the 24 MCPTT specific service in the MIKEY-SAKKE I_MESSAGE, this document 25 defines new values for the Type field of the General Extensions 26 Payload Field defined for MIKEY in RFC 3830 the ID Role field in RFC 27 6043 and the ID Scheme field in RFC 6509. 29 Status of This Memo 31 This Internet-Draft is submitted in full conformance with the 32 provisions of BCP 78 and BCP 79. 34 Internet-Drafts are working documents of the Internet Engineering 35 Task Force (IETF). Note that other groups may also distribute 36 working documents as Internet-Drafts. The list of current Internet- 37 Drafts is at http://datatracker.ietf.org/drafts/current/. 39 Internet-Drafts are draft documents valid for a maximum of six months 40 and may be updated, replaced, or obsoleted by other documents at any 41 time. It is inappropriate to use Internet-Drafts as reference 42 material or to cite them other than as "work in progress." 44 This Internet-Draft will expire on November 27, 2016. 46 Copyright Notice 48 Copyright (c) 2016 IETF Trust and the persons identified as the 49 document authors. All rights reserved. 51 This document is subject to BCP 78 and the IETF Trust's Legal 52 Provisions Relating to IETF Documents 53 (http://trustee.ietf.org/license-info) in effect on the date of 54 publication of this document. Please review these documents 55 carefully, as they describe your rights and restrictions with respect 56 to this document. Code Components extracted from this document must 57 include Simplified BSD License text as described in Section 4.e of 58 the Trust Legal Provisions and are provided without warranty as 59 described in the Simplified BSD License. 61 Table of Contents 63 1. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . 2 64 2. Group Key Transport Payload . . . . . . . . . . . . . . . . . 3 65 2.1. Type field of the General Extensions Payload Field . . . 3 66 2.2. ID Role Field . . . . . . . . . . . . . . . . . . . . . . 3 67 2.3. ID Scheme Field . . . . . . . . . . . . . . . . . . . . . 4 68 3. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4 69 3.1. Registration of Type field values for MCPTT . . . . . . . 4 70 3.2. Registration of ID Role values for MCPTT . . . . . . . . 4 71 3.3. Registration of ID Scheme values for MCPTT . . . . . . . 5 72 4. Security Considerations . . . . . . . . . . . . . . . . . . . 5 73 5. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 5 74 6. References . . . . . . . . . . . . . . . . . . . . . . . . . 5 75 6.1. Normative References . . . . . . . . . . . . . . . . . . 5 76 6.2. Informative References . . . . . . . . . . . . . . . . . 6 77 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 6 79 1. Overview 81 Multimedia Internet KEYing-Sakai-Kasahara Key Encryption (MIKEY- 82 SAKKE) defines a method of key exchange that uses Identity-based 83 Public Key Cryptography (IDPKC) to establish a shared secret value 84 and certificateless signatures to provide source authentication. 85 This scheme makes use of a Key Management Service (KMS) as a root of 86 trust and distributor of key material. 88 3GPP TS 33.179 [TS33179] defines the Group Services and System 89 Aspects for the Security of Mission Critical Push-To-Talk (MCPTT). 90 To create a group's security association, a Group Master Key (GMK) 91 and associated identifier (GMK-ID) is distributed to MCPTT User 92 Equipment (UE) by a Group Management Server (GMS). The GMK is 93 distributed encrypted specifically to a user and signed using an 94 identity representing the Group Management Server. The GMK is 95 distributed within a Group Key Transport payload. This payload is a 96 MIKEY-SAKKE I_MESSAGE, as defined in RFC 6509 [RFC6509], which 97 ensures the confidentiality, integrity and authenticity of the 98 payload. 100 2. Group Key Transport Payload 102 3GPP TS 24.381 [TS24381] details the procedures for composing the 103 MIKEY-SAKKE I_MESSAGE for the Group Key Transport payload. These 104 procedures require the definition of new values for the Type field of 105 the General Extensions Payload Field in RFC 3830 [RFC3830], the ID 106 Role field in RFC 6043 [RFC6043] and the ID Scheme field in RFC 6509 107 [RFC6509]. 109 2.1. Type field of the General Extensions Payload Field 111 RFC 3830 [RFC3830] defines the Type field as a General Extensions 112 Payload Field Name. Two new values are defined to indicate the 113 general payload types specific to MCPTT. The following describes the 114 two new values, to be assigned by IANA: 116 o "SAKKE-to-self (value TBD1):" Indicates that the Data field of a 117 General Extension Payload contains a SAKKE Payload as specified in 118 RFC 6509 [RFC6509] 120 o "GMK associated parameters (value TBD2):" Indicates that the Data 121 field of a General Extension Payload contains the associated 122 parameters of GMK as specified in 3GPP TS 33.179 [TS33179] figure 123 E.6.1-1. 125 2.2. ID Role Field 127 The MIKEY-SAKKE I_MESSAGE contains an IDR Payload as defined in 128 [RFC6043]. The IDR payload uses all the fields from the standard 129 Identity (ID) payload but expands it with a field describing the role 130 of the ID payload. The ID Role describes the meaning of the identity 131 itself. The following describes the two new values, to be assigned 132 by IANA, of the ID Role field specific to MCPTT: 134 o "IDRuidr (value TBD3):" Indicates that the ID Data field of an ID 135 Payload contains a User Identity (UID) generated from the MCPTT ID 136 of an MCPTT user or a UID generated from the MCPTT Group ID of an 137 MCPTT group, as specified in 3GPP TS 33.179 [TS33179]. 139 o "IDRuidi (value TBD4):" Indicates that the ID Data field of an ID 140 Payload contains a UID generated from the GMS's URI as specified 141 in 3GPP TS 33.179 [TS33179]. 143 2.3. ID Scheme Field 145 RFC 6509 [RFC6509] defines the ID Scheme field of the SAKKE Payload. 146 The following describes the two new values, to be assigned by IANA, 147 for the ID Scheme field for usage in MCPTT: 149 o "MCPTT ID scheme (value TBD5):" Indicates that the The SAKKE Data 150 field of a SAKKE Payload contains the GMK encapsulated to the UID 151 generated from the IDRr payload or extracted from the IDRuidr 152 payload according to 3GPP TS 33.179 [TS33179] subclause F.2.1. 154 o "MCPTT SAKKE-to-self (value TBD6):" Indicates that the SAKKE Data 155 field of a SAKKE Payload contains the GMK encapsulated to the UID 156 generated from the IDRi payload or extracted from the IDRuidi 157 payload according to 3GPP TS 33.179 [TS33179] subclause F.2.1. 159 3. IANA Considerations 161 This document defines new values for registration of the Type field 162 of the General Extensions Payload Field in RFC 3830 [RFC3830], the ID 163 Role field in RFC 6043 [RFC6043] and the ID Scheme field in RFC 6509 164 [RFC6509] required to support MCPTT, are detailed. The IANA 165 registrations for these new values are described in the following 166 sections. 168 3.1. Registration of Type field values for MCPTT 170 This document defines two new Type field values to support MCPTT as 171 described in section Section 2.1. The following changes have been 172 made to the Type field in the General Extensions Payload registry of 173 the MIKEY Payload Name Spaces: 175 Value ID Role Reference 176 ------ --------------------------- -------------- 177 TBD1 SAKKE-to-self [RFCxxxx] 178 TBD2 GMK associated parameters [RFCxxxx] 180 Note to RFC Editor: Please replace RFC XXXX with the RFC number of 181 this specification. 183 3.2. Registration of ID Role values for MCPTT 185 This document defines two new ID Role values to support MCPTT, 186 indicating the generator of the UID as described in section 187 Section 2.2. The following changes have been made to the ID Role 188 registry of the MIKEY Payload Name Spaces: 190 Value ID Role Reference 191 ------ --------------------------- -------------- 192 TBD3 MCPTT user/group (IDRuidr) [RFCxxxx] 193 TBD4 GMS URI (IDRuidi) [RFCxxxx] 195 Note to RFC Editor: Please replace RFC XXXX with the RFC number of 196 this specification. 198 3.3. Registration of ID Scheme values for MCPTT 200 This document defines two new ID Scheme values to support MCPTT, 201 indicating the scheme of the SAKKE Payload, as described in section 202 Section 2.3. The following changes have been made to the ID Scheme 203 registry of the MIKEY Payload Name Spaces: 205 Value ID Role Reference 206 ----- --------------------------- -------------- 207 TBD5 MCPTT ID scheme [RFCxxxx] 208 TBD6 MCPTT SAKKE-to-self [RFCxxxx] 210 Note to RFC Editor: Please replace RFC XXXX with the RFC number of 211 this specification. 213 4. Security Considerations 215 3GPP TS 33.179 [TS33179] defines the Group Services and System 216 Aspects for the Security of Mission Critical Push-To-Talk (MCPTT). 217 This document introduces no new security considerations beyond those 218 defined in RFC 6509 [RFC6509]. 220 5. Acknowledgements 222 Ivo Sedlacek provided input and feedback on the details around the 223 definition of the new values for these fields. 225 6. References 227 6.1. Normative References 229 [RFC3830] Arkko, J., Carrara, E., Lindholm, F., Naslund, M., and K. 230 Norrman, "MIKEY: Multimedia Internet KEYing", RFC 3830, 231 DOI 10.17487/RFC3830, August 2004, 232 . 234 [RFC6043] Mattsson, J. and T. Tian, "MIKEY-TICKET: Ticket-Based 235 Modes of Key Distribution in Multimedia Internet KEYing 236 (MIKEY)", RFC 6043, DOI 10.17487/RFC6043, March 2011, 237 . 239 [RFC6509] Groves, M., "MIKEY-SAKKE: Sakai-Kasahara Key Encryption in 240 Multimedia Internet KEYing (MIKEY)", RFC 6509, 241 DOI 10.17487/RFC6509, February 2012, 242 . 244 6.2. Informative References 246 [TS24381] 3GPP TS 24.381, "Mission Critical Push-To-Talk (MCPTT) 247 Group Management", March 2016. 249 [TS33179] 3GPP TS 33.178, "Security of Mission Critical Push-To-Talk 250 (MCPTT)", March 2016. 252 Authors' Addresses 254 Mary Barnes 255 TX 256 US 258 Email: mary.ietf.barnes@gmail.com 260 Andrew Allen 261 Blackberry 262 1200 Sawgrass Corporate Parkway 263 Sunrise, FL 33323 264 US 266 Email: aallen@blackberry.com