idnits 2.17.1 draft-ietf-hip-over-hip-01.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** You're using the IETF Trust Provisions' Section 6.b License Notice from 12 Sep 2009 rather than the newer Notice from 28 Dec 2009. (See https://trustee.ietf.org/license-info/) Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 143 has weird spacing: '... Length leng...' -- The document date (July 12, 2010) is 5036 days in the past. Is this intentional? Checking references for intended status: Experimental ---------------------------------------------------------------------------- ** Obsolete normative reference: RFC 5201 (Obsoleted by RFC 7401) ** Obsolete normative reference: RFC 5202 (Obsoleted by RFC 7402) ** Obsolete normative reference: RFC 5226 (Obsoleted by RFC 8126) -- Obsolete informational reference (is this intentional?): RFC 5204 (Obsoleted by RFC 8004) == Outdated reference: A later version (-12) exists of draft-ietf-hip-cert-03 == Outdated reference: A later version (-05) exists of draft-ietf-hip-hiccups-03 Summary: 4 errors (**), 0 flaws (~~), 4 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 HIP Working Group A. Keranen 3 Internet-Draft Ericsson 4 Intended status: Experimental July 12, 2010 5 Expires: January 13, 2011 7 Host Identity Protocol Signaling Message Transport Modes 8 draft-ietf-hip-over-hip-01 10 Abstract 12 This document specifies two transport modes for Host Identity 13 Protocol signaling messages that allow conveying them over encrypted 14 connections initiated with the Host Identity Protocol. 16 Status of this Memo 18 This Internet-Draft is submitted to IETF in full conformance with the 19 provisions of BCP 78 and BCP 79. 21 Internet-Drafts are working documents of the Internet Engineering 22 Task Force (IETF), its areas, and its working groups. Note that 23 other groups may also distribute working documents as Internet- 24 Drafts. 26 Internet-Drafts are draft documents valid for a maximum of six months 27 and may be updated, replaced, or obsoleted by other documents at any 28 time. It is inappropriate to use Internet-Drafts as reference 29 material or to cite them other than as "work in progress." 31 The list of current Internet-Drafts can be accessed at 32 http://www.ietf.org/ietf/1id-abstracts.txt. 34 The list of Internet-Draft Shadow Directories can be accessed at 35 http://www.ietf.org/shadow.html. 37 This Internet-Draft will expire on January 13, 2011. 39 Copyright Notice 41 Copyright (c) 2010 IETF Trust and the persons identified as the 42 document authors. All rights reserved. 44 This document is subject to BCP 78 and the IETF Trust's Legal 45 Provisions Relating to IETF Documents 46 (http://trustee.ietf.org/license-info) in effect on the date of 47 publication of this document. Please review these documents 48 carefully, as they describe your rights and restrictions with respect 49 to this document. Code Components extracted from this document must 50 include Simplified BSD License text as described in Section 4.e of 51 the Trust Legal Provisions and are provided without warranty as 52 described in the BSD License. 54 Table of Contents 56 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 57 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . 3 58 3. Protocol Extensions . . . . . . . . . . . . . . . . . . . . . . 3 59 3.1. Mode Negotiation in HIP Base Exchange . . . . . . . . . . . 3 60 3.2. Mode Negotiation After HIP Base Exchange . . . . . . . . . 4 61 3.3. HIP Messages on Encrypted Connections . . . . . . . . . . . 5 62 3.3.1. ESP mode . . . . . . . . . . . . . . . . . . . . . . . 5 63 3.3.2. ESP-TCP mode . . . . . . . . . . . . . . . . . . . . . 6 64 3.4. Recovering from Failed Encrypted Connections . . . . . . . 6 65 3.5. Host Mobility . . . . . . . . . . . . . . . . . . . . . . . 6 66 4. Notify Packet Types . . . . . . . . . . . . . . . . . . . . . . 7 67 5. Security Considerations . . . . . . . . . . . . . . . . . . . . 7 68 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 7 69 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 7 70 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 8 71 8.1. Normative References . . . . . . . . . . . . . . . . . . . 8 72 8.2. Informational References . . . . . . . . . . . . . . . . . 8 73 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 9 75 1. Introduction 77 Host Identity Protocol (HIP) [RFC5201] signaling messages can be 78 exchanged over plain IP using the protocol number reserved for this 79 purpose, or over UDP using the UDP port reserved for HIP NAT 80 traversal [RFC5770]. When two hosts perform a HIP base exchange, 81 they set up an encrypted connection between them for data traffic, 82 but continue to use plain IP or UDP for HIP signaling messages. 84 This document defines how the encrypted connection can be used also 85 for HIP signaling messages. Two different modes are defined: HIP 86 over Encapsulating Security Payload (ESP) and HIP over TCP. The 87 benefit of sending HIP messages over ESP is that all signaling 88 traffic (including HIP headers) will be encrypted. If HIP messages 89 are sent over TCP (which in turn is transported over ESP), TCP can 90 handle also message fragmentation where needed. 92 2. Terminology 94 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 95 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 96 document are to be interpreted as described in RFC 2119 [RFC2119]. 98 3. Protocol Extensions 100 This section defines how support for different HIP signaling message 101 transport modes is negotiated and the normative behavior required by 102 the extension. 104 3.1. Mode Negotiation in HIP Base Exchange 106 A HIP host implementing this specification SHOULD indicate the modes 107 it supports, and is willing to use, in the base exchange. The HIP 108 signaling message transport mode negotiation is similar to HIP NAT 109 traversal mode negotiation: first the Responder lists the supported 110 modes in a HIP_TRANSPORT_MODE parameter (see Figure 1) in the R1 111 packet. The modes are listed in priority order; the more preferred 112 mode(s) first. If the Initiator supports, and is willing to use, any 113 of the modes proposed by the Responder, it selects one of the modes 114 by adding a HIP_TRANSPORT_MODE parameter containing the selected mode 115 to the I2 packet. Finally, if the Initiator selected one of the 116 modes and the base exchange succeeds, hosts MUST use the selected 117 mode for the following HIP signaling messages sent between them for 118 the duration of the HIP association or until another mode is 119 negotiated. 121 If the Initiator cannot or will not use any of the modes proposed by 122 the Responder, the Initiator SHOULD include an empty 123 HIP_TRANSPORT_MODE parameter to the I2 packet to signal that it 124 support this extension but will not use any of the proposed modes. 125 Depending on local policy, the Responder MAY either abort the base 126 exchange or continue HIP signaling without using an encrypted 127 connection. If the Initiator selects a mode that the Responder does 128 not support (and hence was not included in R1), the Responder SHOULD 129 reply with a NO_VALID_HIP_TRANSPORT_MODE NOTIFY packet (see 130 Section 4) and abort the base exchange. 132 0 1 2 3 133 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 134 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 135 | Type | Length | 136 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 137 | Mode ID #1 | Mode ID #2 | 138 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 139 | Mode ID #n | Padding | 140 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 142 Type [ TBD by IANA; 7680 ] 143 Length length in octets, excluding Type, Length, and Padding 144 Mode ID defines the proposed or selected transport mode(s) 146 The following mode IDs are defined: 148 ID name Value 149 RESERVED 0 150 DEFAULT 1 151 ESP 2 152 ESP-TCP 3 154 Figure 1: Format of the HIP_TRANSPORT_MODE parameter 156 The mode DEFAULT indicates that the same transport mode (e.g., plain 157 IP or UDP) that was used for the base exchange should be used for 158 subsequent HIP signaling messages. In the ESP mode the messages are 159 sent as such on the encrypted ESP connection and in the ESP-TCP mode 160 TCP is used within the ESP tunnel. 162 3.2. Mode Negotiation After HIP Base Exchange 164 If a HIP hosts wants to change to a different transport mode (or 165 start using a transport mode) some time after the base exchange, it 166 sends a HIP UPDATE packet with a HIP_TRANSPORT_MODE parameter 167 containing the mode(s) it would prefer to use. The host receiving 168 the UPDATE MUST respond with an UPDATE packet containing the mode 169 that is selected as in the negotiation during the base exchange. If 170 the receiving host does not support, or is not willing to use, any of 171 the listed modes, it MUST respond with an UPDATE packet containing 172 only the currently used transport mode (even if one was not included 173 in the previous UPDATE packet) and continue using it. 175 Since the HIP_TRANSPORT_MODE parameter's type is not critical (as 176 defined in Section 5.2.1 of [RFC5201]), a host not supporting this 177 extension would simply acknowledge the UPDATE without responding with 178 an UPDATE containing a HIP_TRANSPORT_MODE parameter. 180 3.3. HIP Messages on Encrypted Connections 182 This specification defines two different transport modes for sending 183 HIP packets over encrypted ESP connections. These modes require that 184 the ESP transport format [RFC5202] is negotiated to be used between 185 the hosts. If the ESP transport format is not used, these modes MUST 186 NOT be offered in the HIP_TRANSPORT_MODE parameter. If a 187 HIP_TRANSPORT_MODE parameter containing an ESP transport mode is 188 received but the ESP transport format is not used, a host MUST NOT 189 select such a mode but act as specified in Section 3.1 (if performing 190 a base exchange) or Section 3.2 (if performing an UPDATE) when no 191 valid mode is offered. 193 The ESP mode provides simple protection for all the signaling traffic 194 and can be used as a generic replacement for the DEFAULT mode in 195 cases where all signaling traffic should be encrypted. If the HIP 196 messages may become so large that they would need to be fragmented, 197 e.g., because of HIP certificates [I-D.ietf-hip-cert] or DATA 198 messages [I-D.ietf-hip-hiccups], it is RECOMMENDED to use the ESP-TCP 199 mode which can handle message fragmentation at TCP level instead of 200 relying on IP level fragmentation. 202 HIP messages that result in changing or generating new keying 203 material, i.e., the base exchange and re-keying UPDATE messages, MUST 204 NOT be sent over an encrypted connection that is created using the 205 keying material that is being changed. 207 3.3.1. ESP mode 209 If the ESP mode is selected in the base exchange, both hosts MUST 210 listen for incoming HIP signaling messages and send outgoing messages 211 on the encrypted connection. The ESP header's next header value for 212 such messages MUST be set to HIP (139). 214 3.3.2. ESP-TCP mode 216 If the ESP-TCP mode is selected, the host with the larger HIT 217 (calculated as defined in Section 6.5 of [RFC5201]) MUST start to 218 listen for an incoming TCP connection on the port 10500 on the 219 encrypted connection and the other host MUST create a TCP connection 220 to that port. The host with the lower HIT SHOULD use port 10500 as 221 the source port for the TCP connection. Once the TCP connection is 222 established, both hosts MUST listen for incoming HIP signaling 223 messages and send the outgoing messages using the TCP connection. 224 The ESP next header value for messages sent using the ESP-TCP mode 225 connections MUST be set to TCP (6). 227 If the hosts are unable to create the TCP connection, the host that 228 initiated the mode negotiation MUST restart the negotiation with 229 UPDATE message and SHOULD NOT propose the ESP-TCP mode. If local 230 policy does not allow using any other mode than ESP-TCP, the HIP 231 association MUST be closed. The UPDATE or CLOSE message MUST be sent 232 using the same transport mode that was used for negotiating the use 233 of the ESP-TCP mode. 235 Since TCP provides reliable transport, the HIP messages sent over TCP 236 MUST NOT be retransmitted for the purpose of achieving reliable 237 transmission. Instead, a host SHOULD wait to detect that the TCP 238 connection has failed to retransmit the packet successfully in a 239 timely manner (such detection is platform- and policy-specific) 240 before concluding that there is no response. 242 3.4. Recovering from Failed Encrypted Connections 244 If the encrypted connection fails for some reason, it can no longer 245 be used for HIP signaling and the hosts SHOULD re-establish the 246 connection using HIP messages that are sent outside of the encrypted 247 connection. Hence, while listening for incoming HIP messages on the 248 encrypted connection, hosts MUST still accept incoming HIP messages 249 using the same transport method (e.g., UDP or plain IP) that was used 250 for the base exchange. When responding to a HIP message sent outside 251 of encrypted connection, the response MUST be sent using the same 252 transport method as the original message used. 254 The UPDATE messages used for re-establishing the encrypted connection 255 MUST contain a HIP_TRANSPORT_MODE parameter and the negotiation 256 proceeds as described in Section 3.2. 258 3.5. Host Mobility 260 If the host's address changes, it may not be able to send the 261 mobility UPDATE messages using the encrypted connection before it 262 breaks. This results in a similar situation as if the encrypted 263 connection had failed and the hosts need to re-negotiate the new 264 addresses using un-encrypted UPDATE messages and possibly rendezvous 265 [RFC5204] or HIP relay [RFC5770] servers. Also these UPDATE messages 266 MUST contain the HIP_TRANSPORT_MODE parameter and perform the 267 transport mode negotiation. 269 4. Notify Packet Types 271 The new Notify Packet Type [RFC5201] defined in this document is 272 shown below. The Notification Data field for the error notifications 273 SHOULD contain the HIP header of the rejected packet. 275 NOTIFICATION PARAMETER - ERROR TYPES Value 276 ------------------------------------ ----- 278 NO_VALID_HIP_TRANSPORT_MODE 70 280 If a host sends UPDATE message that does not have any transport 281 mode the receiving host is willing to use, it sends back a NOTIFY 282 error packet with this type. 284 5. Security Considerations 286 By exchanging the HIP messages over ESP connection, all HIP signaling 287 data (after the base exchange) will be encrypted, but only if NULL 288 encryption is not used. Thus, host requiring confidentiality for the 289 HIP signaling messages must check that encryption is negotiated to be 290 used on the ESP connection. 292 6. Acknowledgements 294 Thanks to Gonzalo Camarillo, Kristian Slavov, Tom Henderson, Miika 295 Komu, and Jan Melen for comments on the draft. 297 7. IANA Considerations 299 This section is to be interpreted according to [RFC5226]. 301 This document updates the IANA Registry for HIP Parameter Types 302 [RFC5201] by assigning new HIP Parameter Type value for the 303 HIP_TRANSPORT_MODE parameter (defined in Section 3.1). 305 The HIP_TRANSPORT_MODE parameter has 16-bit unsigned integer fields 306 for different modes, for which IANA is to create and maintain a new 307 sub-registry entitled "HIP Transport Modes" under the "Host Identity 308 Protocol (HIP) Parameters" registry. Initial values for the 309 transport mode registry are given in Section 3.1; future assignments 310 are to be made through IETF Review [RFC5226]. Assignments consist of 311 a transport mode identifier name and its associated value. 313 8. References 315 8.1. Normative References 317 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 318 Requirement Levels", BCP 14, RFC 2119, March 1997. 320 [RFC5201] Moskowitz, R., Nikander, P., Jokela, P., and T. Henderson, 321 "Host Identity Protocol", RFC 5201, April 2008. 323 [RFC5202] Jokela, P., Moskowitz, R., and P. Nikander, "Using the 324 Encapsulating Security Payload (ESP) Transport Format with 325 the Host Identity Protocol (HIP)", RFC 5202, April 2008. 327 [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an 328 IANA Considerations Section in RFCs", BCP 26, RFC 5226, 329 May 2008. 331 8.2. Informational References 333 [RFC5204] Laganier, J. and L. Eggert, "Host Identity Protocol (HIP) 334 Rendezvous Extension", RFC 5204, April 2008. 336 [RFC5770] Komu, M., Henderson, T., Tschofenig, H., Melen, J., and A. 337 Keranen, "Basic Host Identity Protocol (HIP) Extensions 338 for Traversal of Network Address Translators", RFC 5770, 339 April 2010. 341 [I-D.ietf-hip-cert] 342 Heer, T. and S. Varjonen, "HIP Certificates", 343 draft-ietf-hip-cert-03 (work in progress), April 2010. 345 [I-D.ietf-hip-hiccups] 346 Camarillo, G. and J. Melen, "HIP (Host Identity Protocol) 347 Immediate Carriage and Conveyance of Upper- layer Protocol 348 Signaling (HICCUPS)", draft-ietf-hip-hiccups-03 (work in 349 progress), July 2010. 351 Author's Address 353 Ari Keranen 354 Ericsson 355 Hirsalantie 11 356 02420 Jorvas 357 Finland 359 Email: Ari.Keranen@ericsson.com