idnits 2.17.1 draft-ietf-ipsec-skip-adp-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Cannot find the required boilerplate sections (Copyright, IPR, etc.) in this document. Expected boilerplate is as follows today (2024-04-18) according to https://trustee.ietf.org/license-info : IETF Trust Legal Provisions of 28-dec-2009, Section 6.a: This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. IETF Trust Legal Provisions of 28-dec-2009, Section 6.b(i), paragraph 2: Copyright (c) 2024 IETF Trust and the persons identified as the document authors. All rights reserved. IETF Trust Legal Provisions of 28-dec-2009, Section 6.b(i), paragraph 3: This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** Missing expiration date. The document expiration date should appear on the first and last page. ** The document seems to lack a 1id_guidelines paragraph about Internet-Drafts being working documents. ** The document seems to lack a 1id_guidelines paragraph about 6 months document validity. ** The document seems to lack a 1id_guidelines paragraph about the list of current Internet-Drafts. ** The document seems to lack a 1id_guidelines paragraph about the list of Shadow Directories. == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an Introduction section. ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. ** There are 3 instances of too long lines in the document, the longest one being 4 characters in excess of 72. ** The abstract seems to contain references ([1]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. ** The document seems to lack a both a reference to RFC 2119 and the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. RFC 2119 keyword, line 92: '...ery ICMP message MUST be authenticated...' RFC 2119 keyword, line 93: '...SKIP [1], AH [3] and Keyed-MD5 [5], which MUST be supported by all SKIP...' RFC 2119 keyword, line 97: '...support (or prefer), it SHOULD send an...' RFC 2119 keyword, line 99: '... The ICMP Packet MUST be encapsulated ...' RFC 2119 keyword, line 101: '...sage that is not authenticated MUST be...' (11 more instances...) Miscellaneous warnings: ---------------------------------------------------------------------------- -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (December 21, 1995) is 10346 days in the past. Is this intentional? -- Found something which looks like a code comment -- if you have code sections in the document, please surround them with '' and '' lines. Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: '2' is defined on line 224, but no explicit reference was found in the text == Unused Reference: '4' is defined on line 229, but no explicit reference was found in the text -- Possible downref: Normative reference to a draft: ref. '1' ** Obsolete normative reference: RFC 1825 (ref. '2') (Obsoleted by RFC 2401) ** Obsolete normative reference: RFC 1826 (ref. '3') (Obsoleted by RFC 2402) ** Downref: Normative reference to an Informational RFC: RFC 1321 (ref. '4') ** Downref: Normative reference to an Historic RFC: RFC 1828 (ref. '5') Summary: 16 errors (**), 0 flaws (~~), 3 warnings (==), 4 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 IPSEC Working Group Ashar Aziz 2 INTERNET-DRAFT Tom Markson 3 Hemma Prafullchandra 4 Sun Microsystems, Inc. 6 Expires in six months December 21, 1995 8 SKIP Algorithm Discovery Protocol 9 11 Status of this Memo 13 This document is a submission to the IETF Internet Protocol Security 14 (IPSEC) Working Group. Comments are solicited and should be addressed to 15 to the working group mailing list (ipsec@ans.net) or to the authors. 17 This document is an Internet-Draft. Internet Drafts are working 18 documents of the Internet Engineering Task Force (IETF), its areas, and 19 its working Groups. Note that other groups may also distribute working 20 documents as Internet Drafts. 22 Internet-Drafts draft documents are valid for a maximum of six months 23 and may be updated, replaced, or obsoleted by other documents at any 24 time. It is inappropriate to use Internet-Drafts as reference material 25 or to cite them other than as "work in progress." 27 To learn the current status of any Internet-Draft, please check the 28 "1id-abstracts.txt" listing contained in the Internet-Drafts Shadow 29 Directories on ftp.is.co.za (Africa), nic.nordu.net (Europe), 30 munnari.oz.au (Pacific Rim), ds.internic.net (US East Coast), or 31 ftp.isi.edu (US West Coast). Distribution of this memo is unlimited. 33 Abstract 35 SKIP [1] provides privacy and authentication with Internet Protocols. It 36 does not define a method by which two entities may mutually agree on 37 encryption, authentication and compression algorithms. We describe a 38 protocol which will allow one SKIP entity to inform another entity of 39 the capabilities it supports. 41 CONTENTS 43 Status of this Memo.................................. 1 45 Abstract............................................. 2 47 1. SKIP Algorithm Discovery............................. 3 49 2. Assigned Numbers..................................... 5 51 2.1 SKIP ICMP message (SKIP_ICMP)................... 5 53 3. Security Considerations.............................. 6 55 Acknowledgements..................................... 6 57 References........................................... 6 59 Author's Address(es)................................. 7 61 - i - 62 1. SKIP Algorithm Discovery 64 SKIP [1] allows two entities to communicate securely with no bilateral 65 state other than the other party's public key. However, different 66 entities may have different encryption, authentication or compression 67 capabilities. The SKIP protocol does not define a method for 68 discovering the algorithms that another entity supports. SKIP Algorithm 69 Discovery enables one entity to inform another of the capabilities it 70 supports. 72 SKIP Algorithm Discovery is in many ways analogous to algorithm 73 negotiation in conventional session oriented key management schemes. 74 However, "negotiation" is a misnomer as applied to most existing 75 protocols that accommodate this feature. This is because in essence 76 there is no negotiation, simply a statement of capabilities on both 77 sides. The sides agree to pick a common subset of their capabilities. 79 SKIP Algorithm Discovery allows the same statement of capabilities to 80 occur in a stateless manner, entirely analogous to how the IP protocol 81 performs path MTU discovery. A SKIP implementation is free to choose a 82 set of algorithms with a particular node. If it chooses incorrectly, it 83 will discover this through an authenticated ICMP message, which is in 84 effect a statement of capabilities and preferences for that node. 86 For instance, host A attempts to talk to host B with an encryption 87 algorithm. Host B, however, does not support this algorithm. Host B 88 will send an ICMP message indicating it does not support this algorithm 89 and include the algorithms it does support. 91 RFC 1825 defines Keyed MD5 as mandatory to implement for Authentication. 92 The SKIP Algorithm Discovery ICMP message MUST be authenticated using 93 SKIP [1], AH [3] and Keyed-MD5 [5], which MUST be supported by all SKIP 94 nodes that support this ICMP protocol. 96 If a node (or communications end point) receives a SKIP packet which 97 specifies algorithms it does not support (or prefer), it SHOULD send an 98 authenticated ICMP message indicating this failure and specifying which 99 algorithms it supports. The ICMP Packet MUST be encapsulated using SKIP 100 and AH with keyed MD5 used as the authentication algorithm. Any received 101 algorithm discovery ICMP message that is not authenticated MUST be 102 ignored and SHOULD be recorded in the system log or audit log. 104 The ICMP message SHOULD always specify the complete set of Kij, Crypt, 105 MAC and compression algorithms the host supports. 107 The SKIP Algorithm discovery ICMP message: 109 0 1 2 3 110 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 111 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 112 | TYPE=SKIP_ICMP| CODE | CHECKSUM | 113 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 114 | VER | RESRVD| Protocol | Port Number | 115 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 116 | nKij | Kij Algorithms (0-255), 1 byte each ~ 117 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 118 | nCrypt | Crypt Algorithms (0-255), 1 byte each ~ 119 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 120 | nmac | MAC Algorithms (0-255), 1 byte each ~ 121 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 122 | ncomp | Compression Algorithms (0-255), 1 byte each ~ 123 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 125 CODE should be interpreted as a bit field in the following way: 127 7 6 5 4 3 2 1 0 128 +-+-+-+-+-+-+-+-+ 129 |I|P|M|C|R| | | | 130 +-+-+-+-+-+-+-+-+ 132 I is set if the Kij algorithm in the SKIP packet is unsupported. 133 P is set if the Crypt algorithm in the SKIP packet is unsupported. 134 M is set if the MAC algorithm in the SKIP packet is unsupported. 135 C is set if the compression algorithm in the SKIP packet is 136 unsupported. 137 R is set if replay protection is required but was not used 138 in the SKIP packet. In case a replay protection mechanism 139 is defined, this bit MAY be used to request replay protection. 141 bits 0-2 are reserved and MUST be set to 0 by the sender and ignored 142 by the receiver. 144 The ICMP type field SKIP_ICMP is specified later in this document. 146 The first field "VER" specifies the version of the ICMP message. The 147 Version of the protocol described here is 1. 149 RESRVD specifies a reserved field. This field MUST be set to zero (0) 150 by the sender and ignored by the receiver. 152 The next two fields "Protocol" and "Port Number", indicate if this 153 algorithm discovery is to be applied only for a particular protocol/port 154 # pair. This allows different communication end-points on an IP node to 155 use different algorithms. An example of the protocol field could be the 156 TCP protocol, followed by the port # which would identify a TCP end- 157 point. If the Protocol field is non-zero, then the algorithm discovery 158 packet MUST be applied ONLY for the specified communications end-point, 159 as identified by the (Protocol, Port Number) fields. 161 If the algorithms are to be used on a per Master Key-ID, rather than a 162 per communications end-point basis, then the "Protocol" field MUST be 163 zero. If the "Protocol" field is zero, the Port Number field MUST be 164 ignored. In this case, the algorithms SHOULD be used on a per Master 165 Key-ID basis, where the Master Key-ID is the Source Master Key-ID in the 166 SKIP_ICMP SKIP header. If the source Master Key-ID is absent from the 167 SKIP header, then the algorithms SHOULD be used on a per node basis, 168 using the source IP address of SKIP_ICMP message as the node identifier. 170 The nKij, ncrypt, nmac and ncomp fields should be filled in with the 171 number of Kij, Crypt, MAC and Compression algorithms the system 172 supports, respectively. If the system does not support a particular 173 class of algorithms, the field should be set to 0. For example, if a 174 system does not support compression, it would set ncomp to 0. 176 The Kij, Crypt, MAC and Compression algorithms fields should be filled 177 in sequentially with the one byte identifiers for each of the algorithms 178 that the system supports. The algorithms should be an ordered list with 179 the most desirable algorithms first and the least desirable last. 181 For example, if the system supports 5 Kij algorithms, nKij would be set 182 to 5 and the Kij Algorithms field would be 5 bytes long (one byte for 183 each algorithm supported). 185 A host may elicit a SKIP_ICMP message by sending a SKIP packet to the 186 remote host with Kij Alg set to zero. 188 2. Assigned Numbers 190 2.1 SKIP ICMP message (SKIP_ICMP) 192 The SKIP algorithm discovery ICMP message has been assigned the type 39 193 (SKIP_ICMP) by the Internet Assigned Numbers Authority (IANA). 195 3. Security Considerations 197 Security issues are the primary topic of this memo. 199 Unauthenticated SKIP Algorithm Discovery messages or messages which fail 200 authentication MUST be discarded. 202 Acknowledgements 204 We would like to thank all of the people who helped make this draft 205 possible. 207 Martin Patterson and Joseph Reveane for their help in the design of this 208 protocol. 210 Germano Caronni for his help in reviewing this protocol. 212 Ran Atkinson for suggesting this protocol be independent of the primary 213 SKIP document. 215 Bill Danielson, Marc Dye, Colin Plumb, Rich Skrenta and Ben Stoltz for 216 reviewing this draft and providing constructive suggestions. 218 References 220 [1] Aziz, A., Markson, T., Prafullchandra, H., "Simple Key Management 221 for Internet Protocols", (I-D draft-ietf-ipsec-skip-06.txt), Work In 222 Progress 224 [2] Atkinson, R., "Security Architecture for the Internet Protocol", RFC 225 1825, August 1995 227 [3] Atkinson, R., "IP Authentication Header", RFC 1826, August 1995 229 [4] Rivest, R., "The MD5 Message Digest Algorithm", RFC 1321, April 1992 231 [5] Metzger, P., Simpson, W., "IP Authentication using Keyed MD5", RFC 232 1828, August 1995 234 Author's Address(es) 236 Ashar Aziz 237 Sun Microsystems, Inc. 238 M/S PAL1-550 239 2550 Garcia Avenue 240 Mountain View, CA 94043 242 Email: ashar.aziz@eng.sun.com 243 Alternate email address: ashar@incog.com 245 Tom Markson 246 Sun Microsystems, Inc. 247 M/S PAL1-550 248 2550 Garcia Avenue 249 Mountain View, CA 94043 251 Email: markson@incog.com 252 Alternate email address: markson@eng.sun.com 254 Hemma Prafullchandra 255 Sun Microsystems, Inc. 256 M/S PAL1-550 257 2550 Garcia Avenue 258 Mountain View, CA 94043 260 Email: hemma@eng.sun.com 261 Alternate email address: hemma@incog.com