idnits 2.17.1 

draft-smyslov-ipsecme-ikev2-null-auth-03.txt:

  Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

     No issues found here.

  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

     No issues found here.

  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

     No issues found here.

  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  == The copyright year in the IETF Trust and authors Copyright Line does not
     match the current year

  -- The document date (September 2, 2014) is 3522 days in the past.  Is this
     intentional?


  Checking references for intended status: Proposed Standard
  ----------------------------------------------------------------------------

     (See RFCs 3967 and 4897 for information about using normative references
     to lower-maturity documents in RFCs)

  -- Possible downref: Normative reference to a draft: ref. 'IKEv2' 


     Summary: 0 errors (**), 0 flaws (~~), 1 warning (==), 2 comments (--).

     Run idnits with the --verbose option for more detailed information about
     the items above.
--------------------------------------------------------------------------------


2	Network Working Group                                         V. Smyslov
3	Internet-Draft                                                ELVIS-PLUS
4	Intended status: Standards Track                       September 2, 2014
5	Expires: March 6, 2015

7	            The NULL Authentication Method in IKEv2 Protocol
8	                draft-smyslov-ipsecme-ikev2-null-auth-03

10	Abstract

12	   This document introduces the NULL Authentication Method for the IKEv2
13	   Protocol.  This method provides a way to omit peer authentication in
14	   the IKEv2.  It may be used to preserve anonymity of or in the
15	   situations, where no trust relationship exists between the parties.

17	Status of this Memo

19	   This Internet-Draft is submitted in full conformance with the
20	   provisions of BCP 78 and BCP 79.

22	   Internet-Drafts are working documents of the Internet Engineering
23	   Task Force (IETF).  Note that other groups may also distribute
24	   working documents as Internet-Drafts.  The list of current Internet-
25	   Drafts is at http://datatracker.ietf.org/drafts/current/.

27	   Internet-Drafts are draft documents valid for a maximum of six months
28	   and may be updated, replaced, or obsoleted by other documents at any
29	   time.  It is inappropriate to use Internet-Drafts as reference
30	   material or to cite them other than as "work in progress."

32	   This Internet-Draft will expire on March 6, 2015.

34	Copyright Notice

36	   Copyright (c) 2014 IETF Trust and the persons identified as the
37	   document authors.  All rights reserved.

39	   This document is subject to BCP 78 and the IETF Trust's Legal
40	   Provisions Relating to IETF Documents
41	   (http://trustee.ietf.org/license-info) in effect on the date of
42	   publication of this document.  Please review these documents
43	   carefully, as they describe your rights and restrictions with respect
44	   to this document.  Code Components extracted from this document must
45	   include Simplified BSD License text as described in Section 4.e of
46	   the Trust Legal Provisions and are provided without warranty as
47	   described in the Simplified BSD License.

49	Table of Contents

51	   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . . . 3
52	     1.1.  Conventions Used in This Document . . . . . . . . . . . . . 3
53	   2.  Using the NULL Authentication Method  . . . . . . . . . . . . . 4
54	     2.1.  Authentication Payload  . . . . . . . . . . . . . . . . . . 4
55	     2.2.  Identity Payload  . . . . . . . . . . . . . . . . . . . . . 4
56	   3.  Security Considerations . . . . . . . . . . . . . . . . . . . . 5
57	   4.  Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . 6
58	   5.  IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 7
59	   6.  Normative References  . . . . . . . . . . . . . . . . . . . . . 8
60	   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . . . 9

62	1.  Introduction

64	   The Internet Key Exchange Protocol version 2 (IKEv2), specified in
65	   [IKEv2], provides a way for two parties to perform authenticated key
66	   exchange.  Mutual authentication is mandatory in the IKEv2, so that
67	   each party must be authenticated by the other.  However the
68	   authentication methods, used by the peers, need not be the same.

70	   In some situations mutual authentication is undesirable, superfluous
71	   or impossible.  For example:

73	   o  User wants to get anonymous access to some server.  In this
74	      situation he/she should be able to authenticate the server, but to
75	      leave out his/her own authentication to preserve anonymity.  In
76	      this case one-way authentication of the responder is desirable.

78	   o  Sensor, that sleeps most of the time, but periodically wakes up,
79	      makes some measurment (e.g. temperature) and sends the results to
80	      some server.  The senser must be authenticated by the server to
81	      ensure authenticity of the measurment, but the server need not be
82	      authenticated by the senser.  In this case one-way authentication
83	      of the initiator is sufficient.

85	   o  Two peers without any trust relationship want to get some level of
86	      security in their communications.  Without trust relationship they
87	      cannot prevent active Man-in-the-Middle attacks, but it is still
88	      possible to prevent passive eavesdropping with opportunistic
89	      encryption.  In this case they can use unauthenticated key
90	      exchange.

92	   To meet these needs the document introduces the NULL Authentication
93	   Method, which is a "dummy" method, that provides no authentication.
94	   This allows peer to explicitly indicate to the other side that it is
95	   unwilling or unable to certify its identity.

97	1.1.  Conventions Used in This Document

99	   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
100	   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
101	   document are to be interpreted as described in [RFC2119].

103	2.  Using the NULL Authentication Method

105	   In IKEv2 each peer independently selects the method to authenticate
106	   itself to the other side.  It means that any of the peers may choose
107	   to omit its authentication by using the NULL Authentication Method.
108	   If it is not acceptable for the other peer, it MUST return
109	   AUTHENTICATION_FAILED Notification.  Note, that when the Initiator
110	   uses EAP, the Responder MUST NOT use the NULL Authentication Method
111	   (in conformance with the section 2.16 of [IKEv2]).

113	   The NULL Authentication Method affects how the Authentication and the
114	   Identity payloads are formed in the IKE_AUTH Exchange.

116	2.1.  Authentication Payload

118	   Despite the fact that the NULL Authentication Method provides no
119	   authentication, the AUTH Payload must still be present in the
120	   IKE_AUTH Exchange messages and must be properly formed, as it
121	   cryptographically links the IKE_SA_INIT Exchange messages with the
122	   other messages sent over the IKE SA.

124	   With the NULL Authentication Method the content of the AUTH Payload
125	   MUST be computed using the syntax for pre-shared secret
126	   authentication, described in Section 2.15 of [IKEv2].  The values
127	   SK_pi and SK_pr MUST be used as shared secrets for the content of the
128	   AUTH Payloads generated by Initiator and Responder respectively.
129	   Note, that this is exactly how the content of the two last AUTH
130	   Payloads is calculated for non-key generating EAP Method (see Section
131	   2.16 of [IKEv2] for details).  The value for the the NULL
132	   Authentication Method is <TBA by IANA>.

134	2.2.  Identity Payload

136	   The NULL Authentication Method provides no authentication of the
137	   party using it.  For that reason the Identity Payload content cannot
138	   be verified by the peer and MUST be ignored by the IKE.

140	   This specification defines new ID Type - ID_NULL, which is intended
141	   to be used with the NULL Authentication Method to explicitely
142	   indicate anonymity of the peer.  This ID Type SHOULD NOT be used with
143	   other authentication methods.  The Identification Data in Identity
144	   Payload for the ID_NULL type MUST be absent and the ID Type is set to
145	   <TBA by IANA>.

147	3.  Security Considerations

149	   IKEv2 protocol provides mutual authentication of the peers.  If one
150	   peer uses the NULL Authentication Method, then this peer cannot be
151	   authenticated by the other side, and it makes authentication in IKEv2
152	   to be one-way.  If both peers use the NULL Authentication method, key
153	   exchange becomes unauthenticated, that makes it subject to the Man-
154	   in-the-Middle attack.

156	   The identity of the peer using the NULL Authenticated Method cannot
157	   be verified by the other side and, therefore, MUST NOT be used
158	   neither for authorization purposes, nor for policy decisions.  All
159	   peers who use the NULL Authenticated Method should be considered by
160	   the other party as "guests" and get the least possible privileges.

162	   If endpoint receives a request to create an unauthenticated IKE SA
163	   from the IP address, which is configured on the endpoint to be
164	   authenticated, the request SHOULD be rejected.

166	   If the peer uses the NULL Authenticated Method, then the content of
167	   its Traffic Selector Payloads must be treated with care.  In
168	   particular, implementations are advised not to trust blindly that the
169	   public IP addresses the peer put into TS Payload are really belong to
170	   it.  It is RECOMMENDED for security gateways to always assign
171	   internal IP addresses to unauthenticated clients as described in
172	   Section 2.19 of [IKEv2].

174	4.  Acknowledgments

176	   The author would like to thank Paul Wouters, Yaron Sheffer and Tero
177	   Kivinen for their reviews and valuable comments.

179	5.  IANA Considerations

181	   This document defines new value in the "IKEv2 Authentication Method"
182	   registry:

184	     <TBA>       NULL Authentication Method

186	   It also defines new value in the "IKEv2 Identification Payload ID
187	   Types" registry:

189	     <TBA>       ID_NULL

191	6.  Normative References

193	   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
194	              Requirement Levels", BCP 14, RFC 2119, March 1997.

196	   [IKEv2]    Kaufman, C., Hoffman, P., Nir, Y., Eronen, P., and T.
197	              Kivinen, "Internet Key Exchange Protocol Version 2
198	              (IKEv2)", draft-kivinen-ipsecme-ikev2-rfc5996bis-04 (work
199	              in progress), June 2014.

201	Author's Address

203	   Valery Smyslov
204	   ELVIS-PLUS
205	   PO Box 81
206	   Moscow (Zelenograd)  124460
207	   Russian Federation

209	   Phone: +7 495 276 0211
210	   Email: svan@elvis.ru