draft-ietf-hip-rfc5202-bis-04.txt   draft-ietf-hip-rfc5202-bis-05.txt 
Network Working Group P. Jokela Network Working Group P. Jokela
Internet-Draft Ericsson Research NomadicLab Internet-Draft Ericsson Research NomadicLab
Obsoletes: 5202 (if approved) R. Moskowitz Obsoletes: 5202 (if approved) R. Moskowitz
Intended status: Standards Track ICSAlabs, An Independent Intended status: Standards Track ICSAlabs, An Independent
Expires: March 8, 2014 Division of Verizon Business Expires: May 22, 2014 Division of Verizon Business
Systems Systems
J. Melen J. Melen
Ericsson Research NomadicLab Ericsson Research NomadicLab
September 4, 2013 November 18, 2013
Using the Encapsulating Security Payload (ESP) Transport Format with the Using the Encapsulating Security Payload (ESP) Transport Format with the
Host Identity Protocol (HIP) Host Identity Protocol (HIP)
draft-ietf-hip-rfc5202-bis-04 draft-ietf-hip-rfc5202-bis-05
Abstract Abstract
This memo specifies an Encapsulated Security Payload (ESP) based This memo specifies an Encapsulated Security Payload (ESP) based
mechanism for transmission of user data packets, to be used with the mechanism for transmission of user data packets, to be used with the
Host Identity Protocol (HIP). This document obsoletes RFC 5202. Host Identity Protocol (HIP). This document obsoletes RFC 5202.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
skipping to change at page 1, line 38 skipping to change at page 1, line 38
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on March 8, 2014. This Internet-Draft will expire on May 22, 2014.
Copyright Notice Copyright Notice
Copyright (c) 2013 IETF Trust and the persons identified as the Copyright (c) 2013 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 45 skipping to change at page 2, line 45
5.1.1. ESP_INFO . . . . . . . . . . . . . . . . . . . . . . . 13 5.1.1. ESP_INFO . . . . . . . . . . . . . . . . . . . . . . . 13
5.1.2. ESP_TRANSFORM . . . . . . . . . . . . . . . . . . . . 15 5.1.2. ESP_TRANSFORM . . . . . . . . . . . . . . . . . . . . 15
5.1.3. NOTIFICATION Parameter . . . . . . . . . . . . . . . . 16 5.1.3. NOTIFICATION Parameter . . . . . . . . . . . . . . . . 16
5.2. HIP ESP Security Association Setup . . . . . . . . . . . . 16 5.2. HIP ESP Security Association Setup . . . . . . . . . . . . 16
5.2.1. Setup During Base Exchange . . . . . . . . . . . . . . 16 5.2.1. Setup During Base Exchange . . . . . . . . . . . . . . 16
5.3. HIP ESP Rekeying . . . . . . . . . . . . . . . . . . . . . 18 5.3. HIP ESP Rekeying . . . . . . . . . . . . . . . . . . . . . 18
5.3.1. Initializing Rekeying . . . . . . . . . . . . . . . . 18 5.3.1. Initializing Rekeying . . . . . . . . . . . . . . . . 18
5.3.2. Responding to the Rekeying Initialization . . . . . . 19 5.3.2. Responding to the Rekeying Initialization . . . . . . 19
5.4. ICMP Messages . . . . . . . . . . . . . . . . . . . . . . 19 5.4. ICMP Messages . . . . . . . . . . . . . . . . . . . . . . 19
5.4.1. Unknown SPI . . . . . . . . . . . . . . . . . . . . . 19 5.4.1. Unknown SPI . . . . . . . . . . . . . . . . . . . . . 19
6. Packet Processing . . . . . . . . . . . . . . . . . . . . . . 19 6. Packet Processing . . . . . . . . . . . . . . . . . . . . . . 20
6.1. Processing Outgoing Application Data . . . . . . . . . . . 20 6.1. Processing Outgoing Application Data . . . . . . . . . . . 20
6.2. Processing Incoming Application Data . . . . . . . . . . . 20 6.2. Processing Incoming Application Data . . . . . . . . . . . 20
6.3. HMAC and SIGNATURE Calculation and Verification . . . . . 21 6.3. HMAC and SIGNATURE Calculation and Verification . . . . . 21
6.4. Processing Incoming ESP SA Initialization (R1) . . . . . . 21 6.4. Processing Incoming ESP SA Initialization (R1) . . . . . . 21
6.5. Processing Incoming Initialization Reply (I2) . . . . . . 21 6.5. Processing Incoming Initialization Reply (I2) . . . . . . 22
6.6. Processing Incoming ESP SA Setup Finalization (R2) . . . . 22 6.6. Processing Incoming ESP SA Setup Finalization (R2) . . . . 22
6.7. Dropping HIP Associations . . . . . . . . . . . . . . . . 22 6.7. Dropping HIP Associations . . . . . . . . . . . . . . . . 22
6.8. Initiating ESP SA Rekeying . . . . . . . . . . . . . . . . 22 6.8. Initiating ESP SA Rekeying . . . . . . . . . . . . . . . . 22
6.9. Processing Incoming UPDATE Packets . . . . . . . . . . . . 24 6.9. Processing Incoming UPDATE Packets . . . . . . . . . . . . 24
6.9.1. Processing UPDATE Packet: No Outstanding Rekeying 6.9.1. Processing UPDATE Packet: No Outstanding Rekeying
Request . . . . . . . . . . . . . . . . . . . . . . . 24 Request . . . . . . . . . . . . . . . . . . . . . . . 24
6.10. Finalizing Rekeying . . . . . . . . . . . . . . . . . . . 25 6.10. Finalizing Rekeying . . . . . . . . . . . . . . . . . . . 25
6.11. Processing NOTIFY Packets . . . . . . . . . . . . . . . . 26 6.11. Processing NOTIFY Packets . . . . . . . . . . . . . . . . 26
7. Keying Material . . . . . . . . . . . . . . . . . . . . . . . 26 7. Keying Material . . . . . . . . . . . . . . . . . . . . . . . 26
8. Security Considerations . . . . . . . . . . . . . . . . . . . 26 8. Security Considerations . . . . . . . . . . . . . . . . . . . 26
9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 27 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 27
10. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 27 10. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 27
11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 28 11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 28
11.1. Normative references . . . . . . . . . . . . . . . . . . . 28 11.1. Normative references . . . . . . . . . . . . . . . . . . . 28
11.2. Informative references . . . . . . . . . . . . . . . . . . 28 11.2. Informative references . . . . . . . . . . . . . . . . . . 29
Appendix A. A Note on Implementation Options . . . . . . . . . . 29 Appendix A. A Note on Implementation Options . . . . . . . . . . 30
Appendix B. Bound End-to-End Tunnel mode for ESP . . . . . . . . 30 Appendix B. Bound End-to-End Tunnel mode for ESP . . . . . . . . 30
B.1. Protocol definition . . . . . . . . . . . . . . . . . . . 30 B.1. Protocol definition . . . . . . . . . . . . . . . . . . . 31
B.1.1. Changes to Security Association data structures . . . 30 B.1.1. Changes to Security Association data structures . . . 31
B.1.2. Packet format . . . . . . . . . . . . . . . . . . . . 31 B.1.2. Packet format . . . . . . . . . . . . . . . . . . . . 31
B.1.3. Cryptographic processing . . . . . . . . . . . . . . . 33 B.1.3. Cryptographic processing . . . . . . . . . . . . . . . 33
B.1.4. IP header processing . . . . . . . . . . . . . . . . . 33 B.1.4. IP header processing . . . . . . . . . . . . . . . . . 33
B.1.5. Handling of outgoing packets . . . . . . . . . . . . . 33 B.1.5. Handling of outgoing packets . . . . . . . . . . . . . 34
B.1.6. Handling of incoming packets . . . . . . . . . . . . . 34 B.1.6. Handling of incoming packets . . . . . . . . . . . . . 35
B.1.7. IPv4 options handling . . . . . . . . . . . . . . . . 35 B.1.7. IPv4 options handling . . . . . . . . . . . . . . . . 35
1. Introduction 1. Introduction
In the Host Identity Protocol Architecture In the Host Identity Protocol Architecture
[I-D.ietf-hip-rfc4423-bis], hosts are identified with public keys. [I-D.ietf-hip-rfc4423-bis], hosts are identified with public keys.
The Host Identity Protocol [I-D.ietf-hip-rfc5201-bis] base exchange The Host Identity Protocol [I-D.ietf-hip-rfc5201-bis] base exchange
allows any two HIP-supporting hosts to authenticate each other and to allows any two HIP-supporting hosts to authenticate each other and to
create a HIP association between themselves. During the base create a HIP association between themselves. During the base
exchange, the hosts generate a piece of shared keying material using exchange, the hosts generate a piece of shared keying material using
skipping to change at page 15, line 48 skipping to change at page 15, line 48
DEPRECATED 4 DEPRECATED 4
DEPRECATED 5 DEPRECATED 5
DEPRECATED 6 DEPRECATED 6
NULL-ENCRYPT with HMAC-SHA-256 7 [RFC2410], [RFC4868] NULL-ENCRYPT with HMAC-SHA-256 7 [RFC2410], [RFC4868]
AES-128-CBC with HMAC-SHA-256 8 [RFC3602], [RFC4868] AES-128-CBC with HMAC-SHA-256 8 [RFC3602], [RFC4868]
AES-256-CBC with HMAC-SHA-256 9 [RFC3602], [RFC4868] AES-256-CBC with HMAC-SHA-256 9 [RFC3602], [RFC4868]
AES-CCM-8 10 [RFC4309] AES-CCM-8 10 [RFC4309]
AES-CCM-16 11 [RFC4309] AES-CCM-16 11 [RFC4309]
AES-GCM with a 8 octet ICV 12 [RFC4106] AES-GCM with a 8 octet ICV 12 [RFC4106]
AES-GCM with a 16 octet ICV 13 [RFC4106] AES-GCM with a 16 octet ICV 13 [RFC4106]
AES-CMAC-96 14 [RFC4493], [RFC4494]
AES-GMAC 15 [RFC4543]
The sender of an ESP transform parameter MUST make sure that there The sender of an ESP transform parameter MUST make sure that there
are no more than six (6) Suite IDs in one ESP transform parameter. are no more than six (6) Suite IDs in one ESP transform parameter.
Conversely, a recipient MUST be prepared to handle received transform Conversely, a recipient MUST be prepared to handle received transform
parameters that contain more than six Suite IDs. The limited number parameters that contain more than six Suite IDs. The limited number
of Suite IDs sets the maximum size of the ESP_TRANSFORM parameter. of Suite IDs sets the maximum size of the ESP_TRANSFORM parameter.
As the default configuration, the ESP_TRANSFORM parameter MUST As the default configuration, the ESP_TRANSFORM parameter MUST
contain at least one of the mandatory Suite IDs. There MAY be a contain at least one of the mandatory Suite IDs. There MAY be a
configuration option that allows the administrator to override this configuration option that allows the administrator to override this
default. default.
Mandatory implementations: AES-128-CBC with HMAC-SHA-256 and NULL Mandatory implementations: AES-128-CBC with HMAC-SHA-256 and NULL
with HMAC-SHA-256. with HMAC-SHA-256.
skipping to change at page 28, line 12 skipping to change at page 28, line 20
also valid for this document. Many people have given valuable also valid for this document. Many people have given valuable
feedback, and our apologies to anyone whose name is missing. feedback, and our apologies to anyone whose name is missing.
11. References 11. References
11.1. Normative references 11.1. Normative references
[I-D.ietf-hip-rfc5201-bis] Moskowitz, R., Heer, T., Jokela, P., and [I-D.ietf-hip-rfc5201-bis] Moskowitz, R., Heer, T., Jokela, P., and
T. Henderson, "Host Identity Protocol T. Henderson, "Host Identity Protocol
Version 2 (HIPv2)", Version 2 (HIPv2)",
draft-ietf-hip-rfc5201-bis-12 (work in draft-ietf-hip-rfc5201-bis-14 (work in
progress), June 2013. progress), October 2013.
[RFC2119] Bradner, S., "Key words for use in RFCs [RFC2119] Bradner, S., "Key words for use in RFCs
to Indicate Requirement Levels", BCP 14, to Indicate Requirement Levels", BCP 14,
RFC 2119, March 1997. RFC 2119, March 1997.
[RFC2404] Madson, C. and R. Glenn, "The Use of [RFC2404] Madson, C. and R. Glenn, "The Use of
HMAC-SHA-1-96 within ESP and AH", HMAC-SHA-1-96 within ESP and AH",
RFC 2404, November 1998. RFC 2404, November 1998.
[RFC2410] Glenn, R. and S. Kent, "The NULL [RFC2410] Glenn, R. and S. Kent, "The NULL
skipping to change at page 28, line 44 skipping to change at page 29, line 5
RFC 4106, June 2005. RFC 4106, June 2005.
[RFC4303] Kent, S., "IP Encapsulating Security [RFC4303] Kent, S., "IP Encapsulating Security
Payload (ESP)", RFC 4303, December 2005. Payload (ESP)", RFC 4303, December 2005.
[RFC4309] Housley, R., "Using Advanced Encryption [RFC4309] Housley, R., "Using Advanced Encryption
Standard (AES) CCM Mode with IPsec Standard (AES) CCM Mode with IPsec
Encapsulating Security Payload (ESP)", Encapsulating Security Payload (ESP)",
RFC 4309, December 2005. RFC 4309, December 2005.
[RFC4493] Song, JH., Poovendran, R., Lee, J., and
T. Iwata, "The AES-CMAC Algorithm",
RFC 4493, June 2006.
[RFC4494] Song, JH., Poovendran, R., and J. Lee,
"The AES-CMAC-96 Algorithm and Its Use
with IPsec", RFC 4494, June 2006.
[RFC4543] McGrew, D. and J. Viega, "The Use of
Galois Message Authentication Code (GMAC)
in IPsec ESP and AH", RFC 4543, May 2006.
[RFC4868] Kelly, S. and S. Frankel, "Using HMAC- [RFC4868] Kelly, S. and S. Frankel, "Using HMAC-
SHA-256, HMAC-SHA-384, and HMAC-SHA-512 SHA-256, HMAC-SHA-384, and HMAC-SHA-512
with IPsec", RFC 4868, May 2007. with IPsec", RFC 4868, May 2007.
11.2. Informative references 11.2. Informative references
[I-D.ietf-hip-rfc4423-bis] Moskowitz, R., "Host Identity Protocol [I-D.ietf-hip-rfc4423-bis] Moskowitz, R. and M. Komu, "Host Identity
Architecture", Protocol Architecture",
draft-ietf-hip-rfc4423-bis-05 (work in draft-ietf-hip-rfc4423-bis-06 (work in
progress), September 2012. progress), November 2013.
[RFC0791] Postel, J., "Internet Protocol", STD 5, [RFC0791] Postel, J., "Internet Protocol", STD 5,
RFC 791, September 1981. RFC 791, September 1981.
[RFC4301] Kent, S. and K. Seo, "Security [RFC4301] Kent, S. and K. Seo, "Security
Architecture for the Internet Protocol", Architecture for the Internet Protocol",
RFC 4301, December 2005. RFC 4301, December 2005.
[RFC5206] Henderson, T., Ed., "End-Host Mobility [RFC5206] Henderson, T., Ed., "End-Host Mobility
and Multihoming with the Host Identity and Multihoming with the Host Identity
 End of changes. 14 change blocks. 
18 lines changed or deleted 33 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/