[Docs] [txt|pdf] [Tracker] [WG] [Email] [Diff1] [Diff2] [Nits]

Versions: 00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 RFC 6942

Network Working Group                                       J. Bournelle
Internet-Draft                                                 L. Morand
Intended status: Standards Track                             Orange Labs
Expires: April 25, 2011                                  S. Decugis, Ed.
                                                                    NICT
                                                                   Q. Wu
                                                                  Huawei
                                                            G. Zorn, Ed.
                                                             Network Zen
                                                        October 22, 2010


     Diameter Support for the EAP Re-authentication Protocol (ERP)
                       draft-ietf-dime-erp-05.txt

Abstract

   The EAP Re-authentication Protocol (ERP) defines extensions to the
   Extensible Authentication Protocol (EAP) to support efficient re-
   authentication between the peer and an EAP Re-authentication (ER)
   server through a compatible authenticator.  This document specifies
   Diameter support for ERP.  It defines a new Diameter ERP application
   to transport ERP messages between an ER authenticator and the ER
   server, and a set of new AVPs that can be used to transport the
   cryptographic material needed by the re-authentication server.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on April 25, 2011.

Copyright Notice

   Copyright (c) 2010 IETF Trust and the persons identified as the
   document authors.  All rights reserved.




Bournelle, et al.        Expires April 25, 2011                 [Page 1]


Internet-Draft          Diameter ERP Application            October 2010


   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
   2.  Terminology  . . . . . . . . . . . . . . . . . . . . . . . . .  3
     2.1.  Requirements Language  . . . . . . . . . . . . . . . . . .  3
   3.  Assumptions  . . . . . . . . . . . . . . . . . . . . . . . . .  4
   4.  Protocol Overview  . . . . . . . . . . . . . . . . . . . . . .  4
   5.  Bootstrapping the ER Server  . . . . . . . . . . . . . . . . .  5
     5.1.  Bootstrapping During the Initial EAP authentication  . . .  5
     5.2.  Bootstrapping During the First Re-authentication . . . . .  7
   6.  Re-Authentication  . . . . . . . . . . . . . . . . . . . . . .  9
   7.  Application Id . . . . . . . . . . . . . . . . . . . . . . . . 11
   8.  AVPs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
     8.1.  ERP-RK-Request AVP . . . . . . . . . . . . . . . . . . . . 12
     8.2.  ERP-Realm AVP  . . . . . . . . . . . . . . . . . . . . . . 12
     8.3.  Key AVP  . . . . . . . . . . . . . . . . . . . . . . . . . 12
       8.3.1.  Key-Type AVP . . . . . . . . . . . . . . . . . . . . . 12
       8.3.2.  Keying-Material AVP  . . . . . . . . . . . . . . . . . 12
       8.3.3.  Key-Name AVP . . . . . . . . . . . . . . . . . . . . . 12
       8.3.4.  Key-Lifetime AVP . . . . . . . . . . . . . . . . . . . 13
   9.  Open issues  . . . . . . . . . . . . . . . . . . . . . . . . . 13
   10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 14
   11. IANA Considerations  . . . . . . . . . . . . . . . . . . . . . 14
     11.1. Diameter Application Identifier  . . . . . . . . . . . . . 14
     11.2. New AVPs . . . . . . . . . . . . . . . . . . . . . . . . . 14
   12. Security Considerations  . . . . . . . . . . . . . . . . . . . 14
   13. References . . . . . . . . . . . . . . . . . . . . . . . . . . 15
     13.1. Normative References . . . . . . . . . . . . . . . . . . . 15
     13.2. Informative References . . . . . . . . . . . . . . . . . . 16












Bournelle, et al.        Expires April 25, 2011                 [Page 2]


Internet-Draft          Diameter ERP Application            October 2010


1.  Introduction

   RFC 5296 [RFC5296] defines the EAP Re-authentication Protocol (ERP).
   It consists of the following steps:

   Bootstrapping
      A root key for re-authentication is derived from the Extended
      Master Session Key (EMSK) created during EAP authentication
      [RFC5295].  This root key is transported from the EAP server to
      the ER server.

   Re-authentication
      A one-round-trip exchange between the peer and the ER server,
      resulting in mutual authentication.  To support the EAP
      reauthentication functionality, ERP defines two new EAP codes -
      EAP-Initiate and EAP-Finish.

   This document defines how Diameter transports the ERP messages during
   the re-authentication process.  For this purpose, we define a new
   Application Identifier for ERP, and re-use the Diameter EAP commands
   (DER/DEA).

   This document also discusses the distribution of the root key during
   bootstrapping, in conjunction with either the initial EAP
   authentication (implicit bootstrapping) or the first ERP exchange
   (explicit bootstrapping).  Security considerations for this key
   distribution are detailed in RFC 5295 [RFC5295].

2.  Terminology

   This document uses terminology defined in RFC 3748 [RFC3748], RFC
   5295 [RFC5295], RFC 5296 [RFC5296], and RFC 4072 [RFC4072].

   "Root key" (RK) or "bootstrapping material" refer to the rRK or rDSRK
   derived from an EMSK, depending on the location of the ER server in
   home or foreign domain.

   We use the notation "ERP/DER" and "ERP/DEA" in this document to refer
   to Diameter-EAP-Request and Diameter-EAP-Answer commands with the
   Application Id set to "Diameter ERP Application" Section 11.1; the
   same commands are denoted "EAP/DER" and "EAP/DEA" when the
   Application Id in the message is set to "Diameter EAP Application"
   [RFC4072].

2.1.  Requirements Language

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this



Bournelle, et al.        Expires April 25, 2011                 [Page 3]


Internet-Draft          Diameter ERP Application            October 2010


   document are to be interpreted as described in [RFC2119].

3.  Assumptions

   This document assumes the existence of at most one logical ER server
   entity in a domain.  If several physical servers are deployed for
   robustness, a replication mechanism must be deployed to synchronize
   the ERP states (root keys) between these servers.  This replication
   mechanism is out of the scope of this document.  If multiple ER
   servers are deployed in the domain, we assume that they can be used
   interchangeably.

4.  Protocol Overview

   The following figure shows the components involved in ERP, and their
   interactions.

                            Diameter                    +--------+
            +-------------+   ERP   +-----------+  (*)  |  Home  |
    Peer <->|Authenticator|<=======>| ER server | <---> |  EAP   |
            +-------------+         +-----------+       | server |
                                                        +--------+
    (*) Diameter EAP application, explicit bootstrapping scenario only.

                      Figure 1: Diameter ERP Overview

   The ER server is located either in the home domain (same as EAP
   server) or in the visited domain (same as authenticator, when it
   differs from the home domain).

   When the peer initiates an ERP exchange, the authenticator creates a
   Diameter-EAP-Request message [RFC4072].  The Application Id of the
   message is set to that of the Diameter ERP application (code: TBD) in
   the message.  The generation of the ERP/DER message is detailed in
   Section 6.

   If there is an ER server in the same domain as the authenticator
   (local domain), Diameter routing must be configured so that this ERP/
   DER message reachs this server, even if the Destination-Realm is not
   the local domain.

   If there is no local ER server, the message is routed according to
   its Destination-Realm AVP content, extracted from the realm component
   of the keyName-NAI attribute.  As specified in RFC 5296 [RFC5296],
   this realm is the home domain of the peer in case of a bootstrapping
   exchange (the 'B' flag is set in the ERP message) or the domain of
   the bootstrapped ER server otherwise.




Bournelle, et al.        Expires April 25, 2011                 [Page 4]


Internet-Draft          Diameter ERP Application            October 2010


   If no ER server is available in the home domain either, the ERP/DER
   message cannot be delivered, and an error DIAMETER_UNABLE_TO_DELIVER
   is generated [RFC3588] and returned to the authenticator.  The
   authenticator may cache this information (with limited duration) to
   avoid further attempts for ERP with this realm.  It may also fallback
   to full EAP authentication to authenticate the peer.

   When an ER server receives the ERP/DER message, it searches its local
   database for a root key matching the keyName part of the User-Name
   AVP.  If such key is found, the ER server processes the ERP message
   as described in RFC 5296 [RFC5296] then creates the ERP/DEA answer as
   described in Section 6.  The rMSK is included in this answer.

   Finally, the authenticator extracts the rMSK from the ERP/DEA as
   described in RFC 5296 [RFC5296], and forwards the content of the EAP-
   Payload AVP, the EAP-Finish/Re-Auth message, to the peer.

   If the EAP-Initiate/Re-Auth message has its 'B' flag set
   (Bootstrapping exchange), the ER server should not possess the root
   key in its local database.  In this case, the ER server acts as a
   proxy, and forwards the message to the home EAP server after changing
   its Application Id to Diameter EAP and adding the ERP-RK-Request AVP
   to request the root key.  See Section 5 for more detail on this
   process.

5.  Bootstrapping the ER Server

   The bootstrapping process involves the home EAP server and the ER
   server, but also impacts the peer and the authenticator.  In ERP, the
   peer must derive the same keying material as the ER server.  To
   achieve this, it must learn the domain name of the ER server.  How
   this information is acquired is outside the scope of this
   specification, but it may involves that the authenticator is
   configured to advertize this domain name, especially in the case of
   re-authentication after a handover.

   The bootstrapping of an ER server with a given root key happens
   either during the initial EAP authentication of the peer when the
   EMSK -- from which the root key is derived -- is created, during the
   first re-authentication, or sometime between those events.  We only
   consider the first two possibilities in this specification, in the
   following sub-sections.

5.1.  Bootstrapping During the Initial EAP authentication

   Bootstrapping the ER server during the initial EAP authentication
   (also known as implicit bootstrapping) offers the advantage that the
   server is immediatly available for re-authentication of the peer,



Bournelle, et al.        Expires April 25, 2011                 [Page 5]


Internet-Draft          Diameter ERP Application            October 2010


   thus minimizing re-authentication delay.  On the other hand, it is
   possible that only a small number of peers will use re-authentication
   in the visited domain.  Deriving and caching key material for all the
   peers (for example, for the peers that do not support ERP) is a waste
   of resources and should be avoided.

   To achieve implicit bootstrapping, the ER server acts as a Diameter
   EAP Proxy, and Diameter routing must be configured so that Diameter
   EAP application messages are routed through this proxy.  The figure
   bellow illustrates this mechanism.

                              ER server &
     Authenticator             EAP Proxy               Home EAP server
     =============            ===========              ===============
          ------------------------->
              Diameter EAP/DER
               (EAP-Response)
                                    ------------------------->
                                       Diameter EAP/DER
                                        (EAP-Response)
                                       (ERP-RK-Request)

          <==================================================>
             Multi-round Diameter EAP exchanges, unmodified

                                    <-------------------------
                                        Diameter EAP/DEA
                                         (EAP-Success)
                                             (MSK)
                                        (Key AVP (rRK))
          <-------------------------
              Diameter EAP/DEA
                (EAP-Success)
                    (MSK)
                [ ERP-Realm ]

        Figure 2: ERP Bootstrapping During Full EAP Authentication

   The ER server proxies the first DER of the full EAP authentication
   and adds the ERP-RK-Request AVP inside, if this AVP is not already in
   the message (which might happen if there are several ER servers on
   the path), then forwards the request.

   If the EAP server does not support the ERP extensions, it simply
   ignores the ERP-RK-Request AVP and continues as specified in RFC 4072
   [RFC4072].  If the server supports the ERP extensions, it saves the
   value of the ERP-Realm AVP found inside the ERP-RK-Request AVP, and
   continues with the EAP authentication.  When the authentication



Bournelle, et al.        Expires April 25, 2011                 [Page 6]


Internet-Draft          Diameter ERP Application            October 2010


   completes, if it is successful and the EAP method has generated an
   EMSK, the server MUST derive the rRK as specified in RFC 5296
   [RFC5296], using the saved domain name.  It then includes the rRK
   inside a Key AVP Section 8.3 with the Key-Type AVP set to rRK, before
   sending the DEA as usual.

   When the ER server proxies a Diameter-EAP-Answer message with a
   Session-Id corresponding to a message to which it added an ERP-RK-
   Request AVP, and the Result-Code is DIAMETER_SUCCESS, it MUST examine
   the message and save and remove any Key AVP Section 8.3 with Key-Type
   AVP set to rRK.  If the message does not contain such Key AVP, the ER
   server may cache the information that ERP is not possible for this
   session to avoid possible subsequent attempts.  In any case, the
   information stored in ER server concerning a session should not have
   a lifetime greater than the EMSK for this session.

   If the ER server is successfully bootstrapped, it should also add the
   ERP-Realm AVP after removing the Key AVP with Key-Type of rRK in the
   EAP/DEA message.  This ERP-Realm information can be used by the
   authenticator to notify the peer that ER server is bootstrapped, and
   for which domain.  How this information can be transmitted to the
   peer is outside the scope of this document.  This information needs
   to be sent to the peer if both implicit and explicit bootstrapping
   mechanisms are possible, because the ERP message and the root key
   used for protecting this message are different in bootstrapping
   exchanges and non-bootstrapping exchanges.

5.2.  Bootstrapping During the First Re-authentication

   Bootstrapping the ER server during the first re-authentication (also
   known as explicit bootstrapping) is less resource-consuming, since
   root keys are generated and cached only when needed.  On the other
   hand, in that case first re-authentication requires a one-round-trip
   exchange with the home EAP server, which is less efficient than the
   implicit bootstrapping scenario.

   The ER server receives the ERP/DER message containing the EAP-
   Initiate/Re-Auth message with the 'B' flag set.  It proxies this
   message, and performs the following processing in addition to
   standard proxy operations:

      Changes the Application Id in the header of the message to
      Diameter EAP Application (code 5).

      Change the content of Application-Auth-Id accordingly.






Bournelle, et al.        Expires April 25, 2011                 [Page 7]


Internet-Draft          Diameter ERP Application            October 2010


      QUESTION:
         Is it better to leave it unmodified, so that the server can
         easily differenciate between ERP and standard EAP message ?

      Add the ERP-RK-Request AVP, which contains the name of the domain
      where the ER server is located.



      PROBLEM:
         Add the Destination-Host AVP to reach the appropriate Diameter
         EAP server in case there is more than one in destination
         domain, the one with the EMSK.  How does the ER server know
         this information?  Or can we require that all Diameter EAP
         servers can be used interchangeably for this purpose?

   Then the proxied EAP/DER request is sent and routed to the home
   Diameter EAP server.

   If the home EAP server does not support the ERP extensions, it
   replies with an error since the encapsulated EAP-Initiate/Re-auth
   command is not understood.  Otherwise, it processes the ERP request
   as described in [RFC5296].  In particular, it includes the Domain-
   Name TLV attribute with the content from the ERP-Realm AVP.  It
   creates the EAP/DEA reply message [RFC4072]. including an instance of
   the Key AVP Section 8.3 with Key-Type AVP set to rRK.

   The ER server receives this EAP/DEA and proxies it as follows, in
   addition to standard proxy operations:

      Set the Application Id back to Diameter ERP application Id (code
      TBD)

      Extract and cache the content of the Key AVP with Key-Type set to
      rRK, as described in implicit scenario.

   The ERP/DEA message is then forwarded to the authenticator, that can
   use the rMSK as described in RFC 5296 [RFC5296].

   The figure below captures this proxy behavior:











Bournelle, et al.        Expires April 25, 2011                 [Page 8]


Internet-Draft          Diameter ERP Application            October 2010


       Authenticator            ER server             Home EAP server
       =============            =========             ===============
             ----------------------->
                 Diameter ERP/DER
                  (EAP-Initiate)
                                     ------------------------>
                                           Diameter EAP/DER
                                            (EAP-Initiate)
                                           (ERP-RK-Request)

                                     <------------------------
                                           Diameter EAP/DEA
                                             (EAP-Finish)
                                           (Key AVP (rRK))
                                           (Key AVP (rMSK))
             <----------------------
                 Diameter ERP/DEA
                   (EAP-Finish)
                 (Key AVP (rMSK))

             Figure 3: ERP Explicit Bootstrapping Message Flow

6.  Re-Authentication

   This section describes in detail a re-authentication exchange with an
   ER server that was previously bootstrapped.  The following figure
   summarizes the re-authentication exchange.
























Bournelle, et al.        Expires April 25, 2011                 [Page 9]


Internet-Draft          Diameter ERP Application            October 2010


                                                         ER server
    Peer                 Authenticator                (bootstrapped)
    ====                 =============            ======================
    [ <------------------------          ]
    [optional EAP-Initiate/Re-auth-start,]
    [  possibly with ERP domain name     ]

      ----------------------->
        EAP-Initiate/Re-auth
                              ===============================>
                                 Diameter ERP, cmd code DER
                                   User-Name: Keyname-NAI
                              EAP-Payload: EAP-Initiate/Re-auth

                              <===============================
                                 Diameter ERP, cmd code DEA
                               EAP-Payload: EAP-Finish/Re-auth
                                        Key AVP: rMSK
       <----------------------
         EAP-Finish/Re-auth

             Figure 4: Diameter ERP Re-authentication Exchange

   The peer sends an EAP-Initiate/Re-auth message to the ER server via
   the authenticator.  Alternatively, the authenticator may send an EAP-
   Initiate/Re-auth-Start message to the peer to trigger the mechanism.
   In this case, the peer responds with an EAP-Initiate/Re-auth message.

   If the authenticator does not support ERP (pure Diameter EAP
   [RFC4072] support), it discards the EAP packets with an unknown ERP-
   specific code (EAP-Initiate).  The peer should fallback to full EAP
   authentication in this case.

   When the authenticator receives an EAP-Initiate/Re-auth message from
   the peer, it processes as described in [RFC5296] with regards to the
   EAP state machine.  It creates a Diameter EAP Request message
   following the general process of Diameter EAP [RFC4072], with the
   following differences:

      The Application Id in the header is set to Diameter ERP (code
      TBD).

      The value in Auth-Application-Id AVP is also set to Diameter ERP
      Application.

      The keyName-NAI attribute from ERP message is used to create the
      content of User-Name AVP and Destination-Realm AVP.




Bournelle, et al.        Expires April 25, 2011                [Page 10]


Internet-Draft          Diameter ERP Application            October 2010




      FFS:
         What about Session-ID AVP ?

      The Auth-Request-Type AVP content is set to [Editor's note: FFS --
      cf. open issues].

      The EAP-Payload AVP contains the EAP-Initiate/Re-Auth message.

   Then this ERP/DER message is sent as described in Section 4.

   The ER server receives and processes this request as described in
   Section 4.  It then creates an ERP/DEA message following the general
   processing described in RFC 4072 [RFC4072], with the following
   differences:

      The Application Id in the header is set to Diameter ERP (code
      TBD).

      The value of the Auth-Application-Id AVP is also set to Diameter
      ERP Application.

      The EAP-Payload AVP contains the EAP-Finish/Re-auth message.

      In case of successful authentication, an instance of the Key AVP
      containing the Re-authentication Master Session Key (rMSK) derived
      by ERP is included.

   When the authenticator receives this ERP/DEA answer, it processes it
   as described in Diameter EAP [RFC4072] and RFC 5296 [RFC5296]: the
   content of EAP-Payload AVP content is forwarded to the peer, and the
   contents of the Keying-Material AVP [I-D.ietf-dime-local-keytran] is
   used as a shared secret for Secure Association Protocol.

7.  Application Id

   We define a new Diameter application in this document, Diameter ERP
   Application, with an Application Id value of TBD.  Diameter nodes
   conforming to this specification in the role of ER server MUST
   advertise support by including an Auth-Application-Id AVP with a
   value of Diameter ERP Application in the of the Capabilities-
   Exchange-Request and Capabilities-Exchange-Answer commands [RFC3588].

   The primary use of the Diameter ERP Application Id is to ensure
   proper routing of the messages, and that the nodes that advertise the
   support for this application do understand the new AVPs defined in
   Section 8, although these AVP have the 'M' flag cleared.



Bournelle, et al.        Expires April 25, 2011                [Page 11]


Internet-Draft          Diameter ERP Application            October 2010


8.  AVPs

   This section discusses the AVPs used by the Diameter ERP application.

8.1.  ERP-RK-Request AVP

   The ERP-RK-Request AVP (AVP Code TBD) is of type grouped AVP.  This
   AVP is used by the ER server to indicate its willingness to act as ER
   server for a particular session.

   This AVP has the M and V bits cleared.

                         ERP-RK-Request ::= < AVP Header: TBD >
                                            { ERP-Realm }
                                          * [ AVP ]

                       Figure 5: ERP-RK-Request ABNF

8.2.  ERP-Realm AVP

   The ERP-Realm AVP (AVP Code TBD) is of type DiameterIdentity.  It
   contains the name of the realm in which the ER server is located.

   This AVP has the M and V bits cleared.

8.3.  Key AVP

   The Key AVP [I-D.ietf-dime-local-keytran] is of type "Grouped" and is
   used to carry the rRK or rMSK and associated attributes.  The usage
   of the Key AVP and its constituent AVPs in this application is
   specified in the following sub-sections.

8.3.1.  Key-Type AVP

   The value of the Key-Type AVP MUST be set to 2 for rRK or 3 for rMSK.

8.3.2.  Keying-Material AVP

   The Keying-Material AVP contains rRK sent by the home EAP server to
   the ER server, in answer to a request containing an ERP-RK-Request
   AVP, or the rMSK sent by ER server to authenticator.  How this
   material is derived and used is specified in RFC 5296 [RFC5296].

8.3.3.  Key-Name AVP

   This AVP contains the EMSKname which identifies the keying material.
   The derivation of this name is specified in RGC 5296 [RFC5296].




Bournelle, et al.        Expires April 25, 2011                [Page 12]


Internet-Draft          Diameter ERP Application            October 2010


8.3.4.  Key-Lifetime AVP

   The Key-Lifetime AVP contains the lifetime of the keying material in
   seconds.  It MUST NOT be greater than the remaining lifetime of the
   EMSK from which the material was derived.

9.  Open issues

   This document does not address some known issues in Diameter ERP
   mechanism.  The authors would like to hear ideas about how to address
   them.

   The main issue is the use of ERP for authentication after a handover
   of the peer to a new authenticator (or different authenticator port).
   Diameter ERP is not meant to be a mobility application.  A number of
   issues appear when we try to do handover while using Diameter ERP:

      how to manage the Session-Id AVP -- is it a new session each time,
      or do we try to reuse the same Diameter session?;

      how does the ER authenticator acquire the Authorization AVPs?  Is
      it cached in the Diameter ER server (received during
      bootstrapping) or do we use first Authenticate-Only with ER
      server, then Authorize-Only with home domain (and in that case how
      does the ER authenticator learn what the home domain is?)

      how does the peer learn the ERP domain of the new authenticator --
      this is being addressed in HOKEY architecture draft;

      how does the home server reachs the peer to for example terminate
      the session if there is no notification sent to the home domain;


   Another issue concerns the case where the home realm contains several
   EAP servers.  In multi rounds full EAP authentication, the
   Destination-Host AVP provides the solution to reach the same server
   across the exchanges.  Only this server possess the EMSK for the
   session.  In case of explicit bootstrapping, the ER server must
   therefore be able to reach the correct server to request the DSRK.  A
   solution might consist in saving the Origin-Host AVP of all
   successful EAP/DEA in the ER server, which is a bit similar to the
   implicit bootstrapping scenario described here -- only we save the
   server name instead of the root key, and we must then be able to
   match the DSRK with the user name.

   In roaming environments, it might be useful that a broker provides
   ERP services.  The security implications of storing the DSRK
   generated for the visited domain into the broker's server should be



Bournelle, et al.        Expires April 25, 2011                [Page 13]


Internet-Draft          Diameter ERP Application            October 2010


   studied.

   Finally, this document currently lacks a description of what happens
   when a Re-Auth-Request is received for a peer on the authenticator.

10.  Acknowledgements

   Hannes Tschofenig wrote the initial draft for this document and
   provided useful reviews.

   Vidya Narayanan reviewed a rough draft version of the document and
   found some errors.

   Lakshminath Dondeti contributed to the early versions of the
   document.

   Many thanks to these people!

11.  IANA Considerations

   This document requires IANA registration of the following new
   elements in the Authentication, Authorization, and Accounting (AAA)
   Parameters [1] registries.

11.1.  Diameter Application Identifier

   This specification requires IANA to allocate a new value "Diameter
   ERP" in the "Application IDs" registry using the policy specified in
   Section 11.3 of RFC 3588 [RFC3588].

11.2.  New AVPs

   This specification requires IANA to allocate new values from the "AVP
   Codes" registry according to the policy specified in Section 11.1 of
   RFC 3588 [RFC3588] for the following AVPs:

      ERP-RK-Request

      ERP-Realm

   These AVPs are defined in Section 8.

12.  Security Considerations

   The security considerations from the following documents also apply
   here:





Bournelle, et al.        Expires April 25, 2011                [Page 14]


Internet-Draft          Diameter ERP Application            October 2010


   o  RFC 3588 [RFC3588]

   o  RFC 4072 [RFC4072]

   o  RFC 5247 [RFC5247]

   o  RFC 5295 [RFC5295]

   o  [RFC5296]

   FFS:
      Do we really respect these security considerations with the
      mechanism we describe here?  Is it safe to use ERP-RK-Request &
      Key AVPs?  What is the worst case?  For example if a domain tricks
      the peer into beliving it is located in a different domain?

   EAP channel bindings may be necessary to ensure that the Diameter
   client and the server are in sync regarding the key Requesting
   Entity's Identity.  Specifically, the Requesting Entity advertises
   its identity through the EAP lower layer, and the user or the EAP
   peer communicates that identity to the EAP server (and the EAP server
   communicates that identity to the Diameter server) via the EAP method
   for user/peer to server verification of the Requesting Entity's
   Identity.

   QUESTION:
      What does this paragraph actually mean?

13.  References

13.1.  Normative References

   [I-D.ietf-dime-local-keytran]  Zorn, G., Wu, W., and V. Cakulev,
                                  "Diameter Attribute-Value Pairs for
                                  Cryptographic Key Transport",
                                  draft-ietf-dime-local-keytran-08 (work
                                  in progress), October 2010.

   [RFC2119]                      Bradner, S., "Key words for use in
                                  RFCs to Indicate Requirement Levels",
                                  BCP 14, RFC 2119, March 1997.

   [RFC3588]                      Calhoun, P., Loughney, J., Guttman,
                                  E., Zorn, G., and J. Arkko, "Diameter
                                  Base Protocol", RFC 3588,
                                  September 2003.

   [RFC3748]                      Aboba, B., Blunk, L., Vollbrecht, J.,



Bournelle, et al.        Expires April 25, 2011                [Page 15]


Internet-Draft          Diameter ERP Application            October 2010


                                  Carlson, J., and H. Levkowetz,
                                  "Extensible Authentication Protocol
                                  (EAP)", RFC 3748, June 2004.

   [RFC4072]                      Eronen, P., Hiller, T., and G. Zorn,
                                  "Diameter Extensible Authentication
                                  Protocol (EAP) Application", RFC 4072,
                                  August 2005.

   [RFC5295]                      Salowey, J., Dondeti, L., Narayanan,
                                  V., and M. Nakhjiri, "Specification
                                  for the Derivation of Root Keys from
                                  an Extended Master Session Key
                                  (EMSK)", RFC 5295, August 2008.

   [RFC5296]                      Narayanan, V. and L. Dondeti, "EAP
                                  Extensions for EAP Re-authentication
                                  Protocol (ERP)", RFC 5296,
                                  August 2008.

13.2.  Informative References

   [RFC5247]                      Aboba, B., Simon, D., and P. Eronen,
                                  "Extensible Authentication Protocol
                                  (EAP) Key Management Framework",
                                  RFC 5247, August 2008.

URIs

   [1]  <http://www.iana.org/assignments/aaa-parameters/>

Authors' Addresses

   Julien Bournelle
   Orange Labs
   38-40 rue du general Leclerc
   Issy-Les-Moulineaux  92794
   France

   EMail: julien.bournelle@orange-ftgroup.com











Bournelle, et al.        Expires April 25, 2011                [Page 16]


Internet-Draft          Diameter ERP Application            October 2010


   Lionel Morand
   Orange Labs
   38-40 rue du general Leclerc
   Issy-Les-Moulineaux  92794
   France

   EMail: lionel.morand@orange-ftgroup.com


   Sebastien Decugis (editor)
   NICT
   4-2-1 Nukui-Kitamachi
   Tokyo  184-8795
   Koganei, Japan

   EMail: sdecugis@nict.go.jp


   Qin Wu
   Huawei Technologies Co., Ltd
   Site B, Floor 12F, Huihong Mansion, No.91 Baixia Rd.
   Nanjing  210001
   China

   EMail: sunseawq@huawei.com


   Glen Zorn (editor)
   Network Zen
   1463 East Republican Street
   Seattle, Washington  98112
   USA

   Phone: +1 206 931 0768
   EMail: gwz@net-zen.net
















Bournelle, et al.        Expires April 25, 2011                [Page 17]


Html markup produced by rfcmarkup 1.129d, available from https://tools.ietf.org/tools/rfcmarkup/