| draft-ietf-csi-proxy-send-00.txt | draft-ietf-csi-proxy-send-01.txt | |||
|---|---|---|---|---|
| Network Working Group S. Krishnan | Network Working Group S. Krishnan | |||
| Internet-Draft Ericsson | Internet-Draft Ericsson | |||
| Intended status: Standards Track J. Laganier | Intended status: Standards Track J. Laganier | |||
| Expires: May 6, 2009 DoCoMo Euro-Labs | Expires: January 14, 2010 DoCoMo Euro-Labs | |||
| M. Bonola | M. Bonola | |||
| Rome Tor Vergata University | Rome Tor Vergata University | |||
| November 2, 2008 | July 13, 2009 | |||
| Secure Proxy ND Support for SEND | Secure Proxy ND Support for SEND | |||
| draft-ietf-csi-proxy-send-00 | draft-ietf-csi-proxy-send-01 | |||
| Status of this Memo | Status of this Memo | |||
| By submitting this Internet-Draft, each author represents that any | This Internet-Draft is submitted to IETF in full conformance with the | |||
| applicable patent or other IPR claims of which he or she is aware | provisions of BCP 78 and BCP 79. This document may contain material | |||
| have been or will be disclosed, and any of which he or she becomes | from IETF Documents or IETF Contributions published or made publicly | |||
| aware will be disclosed, in accordance with Section 6 of BCP 79. | available before November 10, 2008. The person(s) controlling the | |||
| copyright in some of this material may not have granted the IETF | ||||
| Trust the right to allow modifications of such material outside the | ||||
| IETF Standards Process. Without obtaining an adequate license from | ||||
| the person(s) controlling the copyright in such materials, this | ||||
| document may not be modified outside the IETF Standards Process, and | ||||
| derivative works of it may not be created outside the IETF Standards | ||||
| Process, except to format it for publication as an RFC or to | ||||
| translate it into languages other than English. | ||||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF), its areas, and its working groups. Note that | Task Force (IETF), its areas, and its working groups. Note that | |||
| other groups may also distribute working documents as Internet- | other groups may also distribute working documents as Internet- | |||
| Drafts. | Drafts. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| The list of current Internet-Drafts can be accessed at | The list of current Internet-Drafts can be accessed at | |||
| http://www.ietf.org/ietf/1id-abstracts.txt. | http://www.ietf.org/ietf/1id-abstracts.txt. | |||
| The list of Internet-Draft Shadow Directories can be accessed at | The list of Internet-Draft Shadow Directories can be accessed at | |||
| http://www.ietf.org/shadow.html. | http://www.ietf.org/shadow.html. | |||
| This Internet-Draft will expire on May 6, 2009. | This Internet-Draft will expire on January 14, 2010. | |||
| Copyright Notice | ||||
| Copyright (c) 2009 IETF Trust and the persons identified as the | ||||
| document authors. All rights reserved. | ||||
| This document is subject to BCP 78 and the IETF Trust's Legal | ||||
| Provisions Relating to IETF Documents in effect on the date of | ||||
| publication of this document (http://trustee.ietf.org/license-info). | ||||
| Please review these documents carefully, as they describe your rights | ||||
| and restrictions with respect to this document. | ||||
| Abstract | Abstract | |||
| Secure Neighbor Discovery (SEND) specifies a method for securing | Secure Neighbor Discovery (SEND) specifies a method for securing | |||
| Neighbor Discovery (ND) signaling against specific threats. As | Neighbor Discovery (ND) signaling against specific threats. As | |||
| specified today, SEND assumes that the node advertising an address is | specified today, SEND assumes that the node advertising an address is | |||
| the owner of the address and is in possession of the private key used | the owner of the address and is in possession of the private key used | |||
| to generate the digital signature on the message. This means that | to generate the digital signature on the message. This means that | |||
| the Proxy ND signaling initiated by nodes that do not possess | the Proxy ND signaling initiated by nodes that do not possess | |||
| knowledge of the address owner's private key cannot be secured using | knowledge of the address owner's private key cannot be secured using | |||
| SEND. This document extends the current SEND specification with | SEND. This document extends the current SEND specification with | |||
| support for Proxy ND, the Secure Proxy ND Support for SEND. | support for Proxy ND, the Secure Proxy ND Support for SEND. | |||
| Table of Contents | Table of Contents | |||
| 1. Requirements notation . . . . . . . . . . . . . . . . . . . . 3 | 1. Requirements notation . . . . . . . . . . . . . . . . . . . . 4 | |||
| 2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 | 2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 5 | |||
| 3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5 | 3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 6 | |||
| 4. Application Scenarios . . . . . . . . . . . . . . . . . . . . 6 | 4. Application Scenarios . . . . . . . . . . . . . . . . . . . . 7 | |||
| 4.1. Scenario 1: RFC 4389 Neighbor Discovery Proxy . . . . . . 6 | 4.1. Scenario 1: RFC 4389 Neighbor Discovery Proxy . . . . . . 7 | |||
| 4.2. Scenario 2: Mobile IPv6 . . . . . . . . . . . . . . . . . 7 | 4.2. Scenario 2: Mobile IPv6 . . . . . . . . . . . . . . . . . 8 | |||
| 4.3. Scenario 3: Proxy Mobile IPv6 . . . . . . . . . . . . . . 9 | 4.3. Scenario 3: Proxy Mobile IPv6 . . . . . . . . . . . . . . 10 | |||
| 5. Secure Proxy ND Overview . . . . . . . . . . . . . . . . . . . 11 | 5. Secure Proxy ND Overview . . . . . . . . . . . . . . . . . . . 12 | |||
| 6. Secure Proxy ND Specification . . . . . . . . . . . . . . . . 13 | 6. Secure Proxy ND Specification . . . . . . . . . . . . . . . . 14 | |||
| 6.1. Proxy Signature Option . . . . . . . . . . . . . . . . . . 13 | 6.1. Proxy Signature Option . . . . . . . . . . . . . . . . . . 14 | |||
| 6.2. Modified SEND processing rules . . . . . . . . . . . . . . 15 | 6.2. Modified SEND processing rules . . . . . . . . . . . . . . 16 | |||
| 6.2.1. Processing rules for senders . . . . . . . . . . . . . 15 | 6.2.1. Processing rules for senders . . . . . . . . . . . . . 16 | |||
| 6.2.2. Processing rules for receivers . . . . . . . . . . . . 16 | 6.2.2. Processing rules for receivers . . . . . . . . . . . . 17 | |||
| 7. Backward Compatibility with legacy SEND nodes . . . . . . . . 17 | 7. Backward Compatibility with legacy SEND nodes . . . . . . . . 18 | |||
| 8. Security Considerations . . . . . . . . . . . . . . . . . . . 18 | 8. Security Considerations . . . . . . . . . . . . . . . . . . . 19 | |||
| 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 19 | 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 20 | |||
| 10. Normative References . . . . . . . . . . . . . . . . . . . . . 20 | 10. Normative References . . . . . . . . . . . . . . . . . . . . . 21 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 21 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 22 | |||
| Intellectual Property and Copyright Statements . . . . . . . . . . 22 | ||||
| 1. Requirements notation | 1. Requirements notation | |||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | |||
| document are to be interpreted as described in [RFC2119]. | document are to be interpreted as described in [RFC2119]. | |||
| 2. Introduction | 2. Introduction | |||
| Secure Neighbor Discovery [RFC3971] specifies a method for securing | Secure Neighbor Discovery [RFC3971] specifies a method for securing | |||
| skipping to change at page 20, line 15 | skipping to change at page 21, line 15 | |||
| 10. Normative References | 10. Normative References | |||
| [I-D.ietf-netlmm-proxymip6] | [I-D.ietf-netlmm-proxymip6] | |||
| Gundavelli, S., Leung, K., Devarapalli, V., Chowdhury, K., | Gundavelli, S., Leung, K., Devarapalli, V., Chowdhury, K., | |||
| and B. Patil, "Proxy Mobile IPv6", | and B. Patil, "Proxy Mobile IPv6", | |||
| draft-ietf-netlmm-proxymip6-18 (work in progress), | draft-ietf-netlmm-proxymip6-18 (work in progress), | |||
| May 2008. | May 2008. | |||
| [I-D.krishnan-cgaext-send-cert-eku] | [I-D.krishnan-cgaext-send-cert-eku] | |||
| Krishnan, S., Kukec, A., and K. Ahmed, "Certificate | Krishnan, S., Kukec, A., and K. Ahmed, "Certificate | |||
| Profile for SEND", draft-krishnan-cgaext-send-cert-eku-01 | profile and certificate management for SEND", | |||
| (work in progress), July 2008. | draft-krishnan-cgaext-send-cert-eku-03 (work in progress), | |||
| March 2009. | ||||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, March 1997. | Requirement Levels", BCP 14, RFC 2119, March 1997. | |||
| [RFC3775] Johnson, D., Perkins, C., and J. Arkko, "Mobility Support | [RFC3775] Johnson, D., Perkins, C., and J. Arkko, "Mobility Support | |||
| in IPv6", RFC 3775, June 2004. | in IPv6", RFC 3775, June 2004. | |||
| [RFC3971] Arkko, J., Kempf, J., Zill, B., and P. Nikander, "SEcure | [RFC3971] Arkko, J., Kempf, J., Zill, B., and P. Nikander, "SEcure | |||
| Neighbor Discovery (SEND)", RFC 3971, March 2005. | Neighbor Discovery (SEND)", RFC 3971, March 2005. | |||
| skipping to change at page 22, line 4 | skipping to change at line 659 | |||
| URI: http://www.docomolab-euro.com/ | URI: http://www.docomolab-euro.com/ | |||
| Marco Bonola | Marco Bonola | |||
| Rome Tor Vergata University | Rome Tor Vergata University | |||
| Via del Politecnico, 1 | Via del Politecnico, 1 | |||
| Rome I-00133 | Rome I-00133 | |||
| Italy | Italy | |||
| Phone: | Phone: | |||
| Email: marco.bonola@gmail.com | Email: marco.bonola@gmail.com | |||
| Full Copyright Statement | ||||
| Copyright (C) The IETF Trust (2008). | ||||
| This document is subject to the rights, licenses and restrictions | ||||
| contained in BCP 78, and except as set forth therein, the authors | ||||
| retain all their rights. | ||||
| This document and the information contained herein are provided on an | ||||
| "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS | ||||
| OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND | ||||
| THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS | ||||
| OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF | ||||
| THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED | ||||
| WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. | ||||
| Intellectual Property | ||||
| The IETF takes no position regarding the validity or scope of any | ||||
| Intellectual Property Rights or other rights that might be claimed to | ||||
| pertain to the implementation or use of the technology described in | ||||
| this document or the extent to which any license under such rights | ||||
| might or might not be available; nor does it represent that it has | ||||
| made any independent effort to identify any such rights. Information | ||||
| on the procedures with respect to rights in RFC documents can be | ||||
| found in BCP 78 and BCP 79. | ||||
| Copies of IPR disclosures made to the IETF Secretariat and any | ||||
| assurances of licenses to be made available, or the result of an | ||||
| attempt made to obtain a general license or permission for the use of | ||||
| such proprietary rights by implementers or users of this | ||||
| specification can be obtained from the IETF on-line IPR repository at | ||||
| http://www.ietf.org/ipr. | ||||
| The IETF invites any interested party to bring to its attention any | ||||
| copyrights, patents or patent applications, or other proprietary | ||||
| rights that may cover technology that may be required to implement | ||||
| this standard. Please address the information to the IETF at | ||||
| ietf-ipr@ietf.org. | ||||
| End of changes. 8 change blocks. | ||||
| 29 lines changed or deleted | 48 lines changed or added | |||
This html diff was produced by rfcdiff 1.35. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||