< draft-smyslov-ipsecme-ikev2-compact-04.txt   draft-smyslov-ipsecme-ikev2-compact-05.txt >
Network Working Group V. Smyslov Network Working Group V. Smyslov
Internet-Draft ELVIS-PLUS Internet-Draft ELVIS-PLUS
Intended status: Standards Track October 2, 2018 Intended status: Standards Track April 3, 2019
Expires: April 5, 2019 Expires: October 5, 2019
Compact Format of IKEv2 Payloads Compact Format of IKEv2 Payloads
draft-smyslov-ipsecme-ikev2-compact-04 draft-smyslov-ipsecme-ikev2-compact-05
Abstract Abstract
This document describes a method for reducing the size of the This document describes a method for reducing the size of the
Internet Key Exchange version 2 (IKEv2) messages by using an Internet Key Exchange version 2 (IKEv2) messages by using an
alternative format for IKE payloads. Standard format of many IKE alternative format for IKE payloads. Standard format of many IKE
payloads contains a lot of redundancy. This document takes advantage payloads contains a lot of redundancy. This document takes advantage
of this fact and specifies a way to eliminate some redundancy by of this fact and specifies a way to eliminate some redundancy by
using denser encoding. Reducing size of IKEv2 messages is desirable using denser encoding. Reducing size of IKEv2 messages is desirable
for low power consumption battery powered devices. It also helps to for low power consumption battery powered devices. It also helps to
skipping to change at page 1, line 37 skipping to change at page 1, line 37
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on April 5, 2019. This Internet-Draft will expire on October 5, 2019.
Copyright Notice Copyright Notice
Copyright (c) 2018 IETF Trust and the persons identified as the Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
skipping to change at page 2, line 19 skipping to change at page 2, line 19
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Requirements Language . . . . . . . . . . . . . . . . . . . . 3 2. Requirements Language . . . . . . . . . . . . . . . . . . . . 3
3. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . 3
4. Compact Representation of IKEv2 Payloads . . . . . . . . . . 4 4. Compact Representation of IKEv2 Payloads . . . . . . . . . . 4
4.1. Compact Generic Payload . . . . . . . . . . . . . . . . . 5 4.1. Compact Generic Payload . . . . . . . . . . . . . . . . . 5
4.2. Compact SA Payload . . . . . . . . . . . . . . . . . . . 8 4.2. Compact SA Payload . . . . . . . . . . . . . . . . . . . 8
4.2.1. Compact Proposal Substructure . . . . . . . . . . . . 9 4.2.1. Compact Proposal Substructure . . . . . . . . . . . . 9
4.2.2. Compact Transform Substructures . . . . . . . . . . . 10 4.2.2. Compact Transform Substructures . . . . . . . . . . . 10
4.3. Compact Notify Payload . . . . . . . . . . . . . . . . . 15 4.3. Compact Notify Payload . . . . . . . . . . . . . . . . . 15
5. Compact Format Negotiation . . . . . . . . . . . . . . . . . 17 5. Compact Format Negotiation . . . . . . . . . . . . . . . . . 16
6. Interaction with other IKEv2 Extensions . . . . . . . . . . . 18 6. Interaction with other IKEv2 Extensions . . . . . . . . . . . 17
7. Security Considerations . . . . . . . . . . . . . . . . . . . 18 7. Security Considerations . . . . . . . . . . . . . . . . . . . 18
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 18 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 18
9. References . . . . . . . . . . . . . . . . . . . . . . . . . 18 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 18
9.1. Normative References . . . . . . . . . . . . . . . . . . 18 9.1. Normative References . . . . . . . . . . . . . . . . . . 18
9.2. Informative References . . . . . . . . . . . . . . . . . 19 9.2. Informative References . . . . . . . . . . . . . . . . . 18
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 19 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 19
1. Introduction 1. Introduction
The Internet Key Exchange protocol version 2 (IKEv2) specified in The Internet Key Exchange protocol version 2 (IKEv2) specified in
[RFC7296] is used in the IP Security (IPsec) architecture for the [RFC7296] is used in the IP Security (IPsec) architecture for the
purposes of Security Association (SA) parameters negotiation and purposes of Security Association (SA) parameters negotiation and
authenticated key exchange. The protocol uses UDP as the transport authenticated key exchange. The protocol uses UDP as the transport
for its messages, which size varies from less than one hundred bytes for its messages, which size varies from less than one hundred bytes
to several kBytes. to several kBytes.
skipping to change at page 11, line 5 skipping to change at page 11, line 5
4.2.2. Compact Transform Substructures 4.2.2. Compact Transform Substructures
Compact Transform substructures are encoded differently depending on Compact Transform substructures are encoded differently depending on
Transform Type, Transform ID and presence of attributes to get most Transform Type, Transform ID and presence of attributes to get most
effective encoding for common use cases. The leftmost bits of the effective encoding for common use cases. The leftmost bits of the
first octet of the Compact Transform substructure are used to first octet of the Compact Transform substructure are used to
distinguish between different formats. These bits are called Tag. distinguish between different formats. These bits are called Tag.
The table below shows how Tag value correlates with Compact Transform The table below shows how Tag value correlates with Compact Transform
substructure format. substructure format.
+----------+--------------------+-----+----------+---------+--------+ +----------+-----------------------+-----+-------+---------+--------+
| Tag | Compact Transform | Len | Trans | Trans | Format | | Tag | Compact Transform | Len | Trans | Trans | Format |
| | Format | | Types | IDs | | | | Format | | Types | IDs | |
+----------+--------------------+-----+----------+---------+--------+ +----------+-----------------------+-----+-------+---------+--------+
| 00tttvvv | Short: Generic | 1 | 5-12 | 0-7 | Figure | | 0tttvvvv | Short: Generic | 1 | 6-13 | 0-15 | Figure |
| | | | | | 5 | | | | | | | 5 |
| | | | | | | | | | | | | |
| 010vvvvv | Short: Encryption | 1 | 1 | 11-42 | Figure | | 100vvvvv | Short: Encryption (no | 1 | 1 | 11-42 | Figure |
| | | | | | 6 | | | Key Length attribute | | | | 6 |
| | | | | | | | | or 128-bit key) | | | | |
| 011vvvvv | Short: Encryption | 1 | 1 | 11-42 | Figure | | | | | | | |
| | (128-bit key) | | | | 6 | | 101vvvvv | Short: Encryption | 1 | 1 | 11-42 | Figure |
| | | | | | | | | (256-bit key) | | | | 6 |
| 100vvvvv | Short: Encryption | 1 | 1 | 11-42 | Figure | | | | | | | |
| | (256-bit key) | | | | 6 | | 110vvvvv | Short: Diffie-Hellman | 1 | 4 | 0, | Figure |
| | | | | | | | | Group | | | 14-44 | 7 |
| 101vvvvv | Short: Diffie- | 1 | 4 | 14-45 | Figure | | | | | | | |
| | Hellman Group | | | | 7 | | 1110vvvv | Short: PRF | 1 | 2 | 2-15 | Figure |
| | | | | | | | | | | | | 8 |
| 110vvvvv | Short: Integrity | 1 | 3 | 2-33 | Figure | | | | | | | |
| | | | | | 8 | | 1110000v | Short: ESN | 1 | 5 | 0-1 | Figure |
| | | | | | | | | | | | | 9 |
| 1110vvvv | Short: PRF | 1 | 2 | 2-17 | Figure | | | | | | | |
| | | | | | 9 | | 1111tttt | Long 1 | 2 | 1-15 | 0-127 | Figure |
| | | | | | | | | | | | | 10 |
| 1111tttt | Long 1 | 2 | 1-15 | 0-127 | Figure | | | | | | | |
| | | | | | 10 | | 1111tttt | Long 2 | 3 | 1-15 | 0-32767 | Figure |
| | | | | | | | | | | | | 11 |
| 1111tttt | Long 2 | 3 | 1-15 | 0-32767 | Figure | | | | | | | |
| | | | | | 11 | | 11110000 | Full | 6+ | 0-255 | 0-65535 | Figure |
| | | | | | | | | | | | | 12 |
| 11110000 | Full | 6+ | 0-255 | 0-65535 | Figure | +----------+-----------------------+-----+-------+---------+--------+
| | | | | | 12 |
+----------+--------------------+-----+----------+---------+--------+
Table 1: Tag values and corresponding Compact Transform formats Table 1: Tag values and corresponding Compact Transform formats
Short formats are the most efficient Compact Transform formats, they Short formats are the most efficient Compact Transform formats, they
occupy only one octet; long format occupies either two or three occupy only one octet; long format occupies either two or three
octets depending on the Transform ID value. Both short and long octets depending on the Transform ID value. Both short and long
formats can be used only for some Transform Types and can represent formats can be used only for some Transform Types and can represent
only limited number of Transform IDs. Moreover, both short and long only limited number of Transform IDs. Moreover, both short and long
formats cannot be used if Transform contains any attributes, except formats cannot be used if Transform contains any attributes, except
if it is the Encryption Transform and it contains the Key Length if it is the Encryption Transform and it contains the Key Length
skipping to change at page 12, line 16 skipping to change at page 12, line 13
Transform ID, as well on the attributes the transform could contain. Transform ID, as well on the attributes the transform could contain.
4.2.2.1. Short Format 4.2.2.1. Short Format
Short format allows encoding both Transform Type and Transform ID Short format allows encoding both Transform Type and Transform ID
using single octet. It has several variations - a generic short using single octet. It has several variations - a generic short
format and a number of specific formats for different Transform Types format and a number of specific formats for different Transform Types
that take advantage of the concrete Transform IDs defined in that take advantage of the concrete Transform IDs defined in
[IKEV2-IANA] for these Transform Types. [IKEV2-IANA] for these Transform Types.
Figures 5-9 show short format encodings for different Transform Figures 5-8 show short format encodings for different Transform
Types. Types.
0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7
+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+
|Tag|Type | ID | |T| Type| ID |
+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+
Figure 5: Generic Short Format Figure 5: Generic Short Format
o Tag (2 bits) - MUST be 00. o T(ag) (1 bit) - MUST be 0.
o Type (3 bits) - Transform Type minus 5. This allows Transform o Type (3 bits) - Transform Type minus 6. This allows Transform
Types from 5 to 12 to be encoded using this format. Types from 6 to 13 to be encoded using this format.
o ID (3 bits) - Transform ID. o ID (4 bits) - Transform ID.
0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7
+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+
| Tag | ENCR ID | | Tag | ENCR ID |
+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+
Figure 6: Short Format for Encryption Figure 6: Short Format for Encryption
o Tag (3 bits) - MUST be either 010 or 011 or 100. Tag value 010 o Tag (3 bits) - MUST be either 100 or 101. Tag value 100 indicates
indicates that no Key Length attribute is present in the original that either no Key Length attribute is present in the original
Transform. Tag values 011 and 100 indicate that Key Length Transform or it is present and its value is 128. Tag values 101
attribute containing value 128 (tag 011) or 256 (tag 100) is indicates that Key Length attribute containing value 256 is
present in the original Transform. present in the original Transform.
o ENCR ID (5 bits) - Encryption Algorithm Transform ID minus 11. o ENCR ID (5 bits) - Encryption Algorithm Transform ID minus 11.
0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7
+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+
| Tag | GRP ID | | Tag | GRP ID |
+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+
Figure 7: Short Format for Diffie-Hellman Group Figure 7: Short Format for Diffie-Hellman Group
o Tag (3 bits) - MUST be 101. o Tag (3 bits) - MUST be 110.
o GRP ID (5 bits) - Diffie-Hellman Group Transform ID minus 14. o GRP ID (5 bits) - Value 0 indicates NONE, other values are treated
as Diffie-Hellman Group Transform ID minus 14.
0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7
+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+
| Tag | INTG ID | | Tag | PRFID |
+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+
Figure 8: Short Format for Integrity Figure 8: Short Format for PRF
o Tag (3 bits) - MUST be 110. o Tag (4 bits) - MUST be 1110.
o INTG ID (5 bits) - Integrity Algorithm Transform ID minus 2. o PRFID (4 bits) - Pseudo-random Function Transform ID. This value
MUST never be 0 and 1.
0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7
+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+
| Tag | PRFID | | Tag |E|
+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+
Figure 9: Short Format for PRF Figure 9: Short Format for ESN
o Tag (4 bits) - MUST be 1110. o Tag (7 bits) - MUST be 1110000.
o PRFID (4 bits) - Pseudo-random Function Transform ID minus 2. o E ( bit) - Extended Sequence Numbers Transform ID (either 0 or 1).
4.2.2.2. Long Format 4.2.2.2. Long Format
Long format (Figures 10 and 11) is used when Transform doesn't meet Long format (Figures 10 and 11) is used when Transform doesn't meet
requirements for short format encoding, but still meets the following requirements for short format encoding, but still meets the following
requirements: requirements:
1. Transform Type is between 1 and 15. At the time this document 1. Transform Type is between 1 and 15. At the time this document
was written only Transform Types 1 to 5 were defined (see was written only Transform Types 1 to 5 were defined (see
[IKEV2-IANA]). [IKEV2-IANA]).
 End of changes. 24 change blocks. 
63 lines changed or deleted 63 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/