[Docs] [txt|pdf] [Tracker] [Email] [Diff1] [Diff2] [Nits]

Versions: 00 01 02 03 04 05 RFC 4478

INTERNET DRAFT                                                 Yoav Nir
draft-nir-ikev2-auth-lt-05.txt                              Check Point
Expires: July 2006
Intended status: Informational                          January 9, 2006

                    Repeated Authentication in IKEv2

Status of this Memo

By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware have
been or will be disclosed, and any of which he or she becomes aware
will be disclosed, in accordance with Section 6 of BCP 79.

Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups.  Note that other
groups may also distribute working documents as Internet-Drafts.

Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time.  It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."

The list of current Internet-Drafts can be accessed at
http://www.ietf.org/1id-abstracts.html

The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html

Abstract

This document extends the IKEv2 document [IKEv2]. With some IPsec
peers, particularly in the remote access scenario, it is desirable to
repeat the mutual authentication periodically. The purpose of this is
to limit the time that SAs can be used by a third party who has gained
control of the IPsec peer. This document describes a mechanism
to perform this function.

1. Introduction

In several cases, such as the remote access scenario, policy dictates
that the mututal authentication needs to be repeated periodically.
Repeated authentication can usually be achieved by simply repeating
the Initial exchange by whichever side has a stricter policy.

However, in the remote access scenario it is usually up to a human
user to supply the authentication credentials, and often EAP is used
for authentication, which makes it unreasonable or impossible for the
remote access gateway to initiate the IKEv2 exchange.

This document describes a new notification that the original Responder
can send to the original Initiator with the number of seconds before
the authentication needs to be repeated.  The Initiator SHOULD repeat
the Initial exchange before that time is expired.  If the Initiator
fails to do so, the Responder may close all Security Associations.


Nir                                                            [Page 1]

INTERNET-DRAFT      Repeated Authentication in IKEv2       January 2006

Repeated authentication is not the same as IKE SA rekeying, and need
not be tied to it.The key words "MUST", "MUST NOT", "SHOULD",
"SHOULD NOT", and "MAY" in this document are to be interpreted as
described in [RFC2119].

2. Authentication Lifetime

The Responder in an IKEv2 negotiation MAY be configured to limit the
time that an IKE SA and the associated IPsec SAs may be used before
the peer is required to repeat the authentication, through a new
Initial Exchange.

The Responder MUST send this information to the Initiator in an
AUTH_LIFETIME notification either in the last message of an IKE_AUTH
exchange, or in an INFORMATIONAL request, which may be sent at any
time.

When sent as part of the IKE SA setup, the AUTH_LIFETIME notification
is used as follows:

     Initiator                            Responder
     -------------------------------      -----------------------------
     HDR, SAi1, KEi, Ni              -->
                                     <--  HDR, SAr1, KEr, Nr, [CERTREQ]
     HDR, SK {IDi, [CERT,] [CERTREQ,]
        [IDr,] AUTH, SAi2, TSi, TSr} -->
                                     <--  HDR, SK {IDr, [CERT,] AUTH,
                                                   SAr2, TSi, TSr,
                                                    N(AUTH_LIFETIME)}

The separate Informational exchange is formed as follows:

                                     <--  HDR, SK {N(AUTH_LIFETIME)}
       HDR  SK {}                    -->

The AUTH_LIFETIME notification is described in section 3.

The original Responder that sends the AUTH_LIFETIME notification SHOULD
send a DELETE notification soon after the end of the lifetime period,
unless the IKE SA is deleted before the lifetime period elapses. If
the IKE SA is rekeyed, then the time limit applies to the new SA.

An Initiator that received an AUTH_LIFETIME notification SHOULD repeat
the Initial exchange within the time indicated in the notification. The
time is measured from the time that the original Initiator receives the
notification.

A special case is where the notification is sent in an Informational
exchange, and the lifetime is zero. In that case the original responder
SHOULD allow a reasonable time for the repeated authentication to occur.

The AUTH_LIFETIME notification MUST be protected and MAY be
sent by the original Responder at any time. If the policy changes, the
original Responder MAY send it again in a new Informational.

Nir                                                            [Page 2]

INTERNET-DRAFT      Repeated Authentication in IKEv2       January 2006

The new Initial exchange is not altered. The initiator SHOULD delete
the old IKE SA within a reasonable time of the new Auth exchange.

3. AUTH_LIFETIME Notification

The AUTH_LIFETIME message is a notification payload formatted as follows:

                           1                   2                   3
       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      ! Next Payload  !C!  RESERVED   !         Payload Length        !
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      !  Protocol ID  !   SPI Size    !      Notify Message Type      !
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      !                           Lifetime                            !
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   o  Payload Length is 12.
   o  Protocol ID (1 octet) MUST be 0.
   o  SPI size is 0 (SPI is in message header).
   o  Notify Message type is TBA by IANA
   o  Lifetime is the amount of time in seconds left before the peer
      should repeat the Initial exchange. A zero value signifies
      that the Initial exchange should begin immediately.
      It is usually not reasonable to set this value to less than 300
      (5 minutes) since that is too cumbersome for a user.
      It is also usually not reasonable to set this value to more than
      86400 (1 day) as that would negate the security benefit of
      repeating the authentication.

4. Interoperability with non-supporting IKEv2 implementations

IKEv2 implementations that do not support the AUTH_LIFETIME
notification will ignore it and will not repeat the authentication. In
that case the original Responder will send a Delete notification for
the IKE SA in an Informational exchange.  Such implementations may
be configured manually to repeat the authentication periodically.

Non-supporting Responders are not a problem, because they will simply
not send these notifications.  In that case, there is no requirement
that the original Initiator re-authenticate.

5. Security Considerations

The AUTH_LIFETIME notification sent by the Responder does not override
any security policy on the Initiator.  In particular, the Initiator may
have a different policy regarding re-authentication, requiring more
frequent re-authentication.  Such an Initiator can repeat the
authentication earlier then is required by the notification.

An Initiator MAY set reasonable limits on the amount of time in the
AUTH_LIFETIME notification. For example, an authentication lifetime of
less than 300 seconds from SA initiation may be considered unreasonable.


Nir                                                            [Page 3]

INTERNET-DRAFT      Repeated Authentication in IKEv2       January 2006

6. Normative References

[IKEv2]    C. Kaufman, "Internet Key Exchange (IKEv2) Protocol",
           RFC 4306, 2005.
[RFC2119]  S. Bradner, "RFC2119 Key words for use in RFCs to Indicate
           Requirement Levels.", RFC2119, 1997

7. IANA Considerations

IANA is asked to assign a notification payload type for the
AUTH_LIFETIME notifications from the IKEv2 Notify Message Types
registry. This should be from the STATUS TYPES range.

8. Author's address

Yoav Nir
Check Point Software Technologies
ynir@checkpoint.com

Copyright (C) The Internet Society (2006).  This document is subject
to the rights, licenses and restrictions contained in BCP 78, and
except as set forth therein, the authors retain all their rights.

This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.























Nir                                                            [Page 4]


Html markup produced by rfcmarkup 1.107, available from http://tools.ietf.org/tools/rfcmarkup/