draft-ietf-dime-erp-04.txt   draft-ietf-dime-erp-05.txt 
Network Working Group J. Bournelle Network Working Group J. Bournelle
Internet-Draft L. Morand Internet-Draft L. Morand
Intended status: Standards Track Orange Labs Intended status: Standards Track Orange Labs
Expires: March 10, 2011 S. Decugis, Ed. Expires: April 25, 2011 S. Decugis, Ed.
NICT NICT
Q. Wu Q. Wu
Huawei Huawei
G. Zorn, Ed. G. Zorn, Ed.
Network Zen Network Zen
September 6, 2010 October 22, 2010
Diameter Support for the EAP Re-authentication Protocol (ERP) Diameter Support for the EAP Re-authentication Protocol (ERP)
draft-ietf-dime-erp-04.txt draft-ietf-dime-erp-05.txt
Abstract Abstract
The EAP Re-authentication Protocol (ERP) defines extensions to the The EAP Re-authentication Protocol (ERP) defines extensions to the
Extensible Authentication Protocol (EAP) to support efficient re- Extensible Authentication Protocol (EAP) to support efficient re-
authentication between the peer and an EAP Re-authentication (ER) authentication between the peer and an EAP Re-authentication (ER)
server through a compatible authenticator. This document specifies server through a compatible authenticator. This document specifies
Diameter support for ERP. It defines a new Diameter ERP application Diameter support for ERP. It defines a new Diameter ERP application
to transport ERP messages between an ER authenticator and the ER to transport ERP messages between an ER authenticator and the ER
server, and a set of new AVPs that can be used to transport the server, and a set of new AVPs that can be used to transport the
skipping to change at page 1, line 43 skipping to change at page 1, line 43
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on March 10, 2011. This Internet-Draft will expire on April 25, 2011.
Copyright Notice Copyright Notice
Copyright (c) 2010 IETF Trust and the persons identified as the Copyright (c) 2010 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 22 skipping to change at page 2, line 22
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3
2.1. Requirements Language . . . . . . . . . . . . . . . . . . 3 2.1. Requirements Language . . . . . . . . . . . . . . . . . . 3
3. Assumptions . . . . . . . . . . . . . . . . . . . . . . . . . 4 3. Assumptions . . . . . . . . . . . . . . . . . . . . . . . . . 4
4. Protocol Overview . . . . . . . . . . . . . . . . . . . . . . 4 4. Protocol Overview . . . . . . . . . . . . . . . . . . . . . . 4
5. Bootstrapping the ER Server . . . . . . . . . . . . . . . . . 6 5. Bootstrapping the ER Server . . . . . . . . . . . . . . . . . 5
5.1. Bootstrapping During the Initial EAP authentication . . . 6 5.1. Bootstrapping During the Initial EAP authentication . . . 5
5.2. Bootstrapping During the First Re-authentication . . . . . 8 5.2. Bootstrapping During the First Re-authentication . . . . . 7
6. Re-Authentication . . . . . . . . . . . . . . . . . . . . . . 10 6. Re-Authentication . . . . . . . . . . . . . . . . . . . . . . 9
7. Application Id . . . . . . . . . . . . . . . . . . . . . . . . 13 7. Application Id . . . . . . . . . . . . . . . . . . . . . . . . 11
8. AVPs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 8. AVPs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
8.1. ERP-RK-Request AVP . . . . . . . . . . . . . . . . . . . . 13 8.1. ERP-RK-Request AVP . . . . . . . . . . . . . . . . . . . . 12
8.2. ERP-Realm AVP . . . . . . . . . . . . . . . . . . . . . . 13 8.2. ERP-Realm AVP . . . . . . . . . . . . . . . . . . . . . . 12
8.3. Key AVP . . . . . . . . . . . . . . . . . . . . . . . . . 14 8.3. Key AVP . . . . . . . . . . . . . . . . . . . . . . . . . 12
8.3.1. Key-Type AVP . . . . . . . . . . . . . . . . . . . . . 14 8.3.1. Key-Type AVP . . . . . . . . . . . . . . . . . . . . . 12
8.3.2. Keying-Material AVP . . . . . . . . . . . . . . . . . 14 8.3.2. Keying-Material AVP . . . . . . . . . . . . . . . . . 12
8.3.3. Key-Name AVP . . . . . . . . . . . . . . . . . . . . . 14 8.3.3. Key-Name AVP . . . . . . . . . . . . . . . . . . . . . 12
8.3.4. Key-Lifetime AVP . . . . . . . . . . . . . . . . . . . 14 8.3.4. Key-Lifetime AVP . . . . . . . . . . . . . . . . . . . 13
9. Open issues . . . . . . . . . . . . . . . . . . . . . . . . . 14 9. Open issues . . . . . . . . . . . . . . . . . . . . . . . . . 13
10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 15 10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 14
11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 15 11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 14
11.1. Diameter Application Identifier . . . . . . . . . . . . . 15 11.1. Diameter Application Identifier . . . . . . . . . . . . . 14
11.2. New AVPs . . . . . . . . . . . . . . . . . . . . . . . . . 15 11.2. New AVPs . . . . . . . . . . . . . . . . . . . . . . . . . 14
12. Security Considerations . . . . . . . . . . . . . . . . . . . 16 12. Security Considerations . . . . . . . . . . . . . . . . . . . 14
13. References . . . . . . . . . . . . . . . . . . . . . . . . . . 16 13. References . . . . . . . . . . . . . . . . . . . . . . . . . . 15
13.1. Normative References . . . . . . . . . . . . . . . . . . . 16 13.1. Normative References . . . . . . . . . . . . . . . . . . . 15
13.2. Informative References . . . . . . . . . . . . . . . . . . 17 13.2. Informative References . . . . . . . . . . . . . . . . . . 16
1. Introduction 1. Introduction
RFC 5296 [RFC5296] defines the EAP Re-authentication Protocol (ERP). RFC 5296 [RFC5296] defines the EAP Re-authentication Protocol (ERP).
It consists of the following steps: It consists of the following steps:
Bootstrapping Bootstrapping
A root key for re-authentication is derived from the Extended A root key for re-authentication is derived from the Extended
Master Session Key (EMSK) created during EAP authentication Master Session Key (EMSK) created during EAP authentication
[RFC5295]. This root key is transported from the EAP server to [RFC5295]. This root key is transported from the EAP server to
skipping to change at page 4, line 34 skipping to change at page 4, line 34
+-------------+ +-----------+ | server | +-------------+ +-----------+ | server |
+--------+ +--------+
(*) Diameter EAP application, explicit bootstrapping scenario only. (*) Diameter EAP application, explicit bootstrapping scenario only.
Figure 1: Diameter ERP Overview Figure 1: Diameter ERP Overview
The ER server is located either in the home domain (same as EAP The ER server is located either in the home domain (same as EAP
server) or in the visited domain (same as authenticator, when it server) or in the visited domain (same as authenticator, when it
differs from the home domain). differs from the home domain).
QUESTION:
Can the ER server be located in a third domain (ex: broker's)
according to ERP mechanism?
When the peer initiates an ERP exchange, the authenticator creates a When the peer initiates an ERP exchange, the authenticator creates a
Diameter-EAP-Request message [RFC4072]. The Application Id of the Diameter-EAP-Request message [RFC4072]. The Application Id of the
message is set to that of the Diameter ERP application (code: TBD) in message is set to that of the Diameter ERP application (code: TBD) in
the message. The generation of the ERP/DER message is detailed in the message. The generation of the ERP/DER message is detailed in
Section 6. Section 6.
If there is an ER server in the same domain as the authenticator If there is an ER server in the same domain as the authenticator
(local domain), Diameter routing MUST (local domain), Diameter routing must be configured so that this ERP/
DER message reachs this server, even if the Destination-Realm is not
QUESTION: the local domain.
Should this say "SHOULD: instead of "MUST"?
be configured so that this ERP/DER message reachs this server, even
if the Destination-Realm is not the local domain.
If there is no local ER server, the message is routed according to If there is no local ER server, the message is routed according to
its Destination-Realm AVP content, extracted from the realm component its Destination-Realm AVP content, extracted from the realm component
of the keyName-NAI attribute. As specified in RFC 5296 [RFC5296], of the keyName-NAI attribute. As specified in RFC 5296 [RFC5296],
this realm is the home domain of the peer in case of a bootstrapping this realm is the home domain of the peer in case of a bootstrapping
exchange (the 'B' flag is set in the ERP message) or the domain of exchange (the 'B' flag is set in the ERP message) or the domain of
the bootstrapped ER server otherwise. the bootstrapped ER server otherwise.
NOTE:
This actually might allow the ER server to be in a third party
realm.
If no ER server is available in the home domain either, the ERP/DER If no ER server is available in the home domain either, the ERP/DER
message cannot be delivered, and an error DIAMETER_UNABLE_TO_DELIVER message cannot be delivered, and an error DIAMETER_UNABLE_TO_DELIVER
is generated [RFC3588] and returned to the authenticator. The is generated [RFC3588] and returned to the authenticator. The
authenticator may cache this information (with limited duration) to authenticator may cache this information (with limited duration) to
avoid further attempts for ERP with this realm. It may also fallback avoid further attempts for ERP with this realm. It may also fallback
to full EAP authentication to authenticate the peer. to full EAP authentication to authenticate the peer.
When an ER server receives the ERP/DER message, it searches its local When an ER server receives the ERP/DER message, it searches its local
database for a root key database for a root key matching the keyName part of the User-Name
AVP. If such key is found, the ER server processes the ERP message
FFS: as described in RFC 5296 [RFC5296] then creates the ERP/DEA answer as
and authorization state? described in Section 6. The rMSK is included in this answer.
matching the keyName part of the User-Name AVP. If such key is
found, the ER server processes the ERP message as described in RFC
5296 [RFC5296] then creates the ERP/DEA answer as described in
Section 6. The rMSK is included in this answer.
Finally, the authenticator extracts the rMSK from the ERP/DEA as Finally, the authenticator extracts the rMSK from the ERP/DEA as
described in RFC 5296 [RFC5296], and forwards the content of the EAP- described in RFC 5296 [RFC5296], and forwards the content of the EAP-
Payload AVP, the EAP-Finish/Re-Auth message, to the peer. Payload AVP, the EAP-Finish/Re-Auth message, to the peer.
If the EAP-Initiate/Re-Auth message has its 'B' flag set If the EAP-Initiate/Re-Auth message has its 'B' flag set
(Bootstrapping exchange), the ER server should not possess the root (Bootstrapping exchange), the ER server should not possess the root
key in its local database key in its local database. In this case, the ER server acts as a
proxy, and forwards the message to the home EAP server after changing
COMMENT: its Application Id to Diameter EAP and adding the ERP-RK-Request AVP
This may not be true in future RFC5296bis? to request the root key. See Section 5 for more detail on this
process.
In this case, the ER server acts as a proxy, and forwards the message
to the home EAP server after changing its Application Id to Diameter
EAP and adding an AVP to request the root key. See Section 5 for
more detail on this process.
5. Bootstrapping the ER Server 5. Bootstrapping the ER Server
The bootstrapping process involves the home EAP server and the ER The bootstrapping process involves the home EAP server and the ER
server, but also impacts the peer and the authenticator. In ERP, the server, but also impacts the peer and the authenticator. In ERP, the
peer must derive the same keying material as the ER server. To peer must derive the same keying material as the ER server. To
achieve this, it must learn the domain name of the ER server. How achieve this, it must learn the domain name of the ER server. How
this information is acquired is outside the scope of this this information is acquired is outside the scope of this
specification, but it may involves that the authenticator is specification, but it may involves that the authenticator is
configured to advertize this domain name, especially in the case of configured to advertize this domain name, especially in the case of
skipping to change at page 6, line 32 skipping to change at page 6, line 8
5.1. Bootstrapping During the Initial EAP authentication 5.1. Bootstrapping During the Initial EAP authentication
Bootstrapping the ER server during the initial EAP authentication Bootstrapping the ER server during the initial EAP authentication
(also known as implicit bootstrapping) offers the advantage that the (also known as implicit bootstrapping) offers the advantage that the
server is immediatly available for re-authentication of the peer, server is immediatly available for re-authentication of the peer,
thus minimizing re-authentication delay. On the other hand, it is thus minimizing re-authentication delay. On the other hand, it is
possible that only a small number of peers will use re-authentication possible that only a small number of peers will use re-authentication
in the visited domain. Deriving and caching key material for all the in the visited domain. Deriving and caching key material for all the
peers (for example, for the peers that do not support ERP) is a waste peers (for example, for the peers that do not support ERP) is a waste
of resources and SHOULD be avoided. of resources and should be avoided.
To achieve implicit bootstrapping, the ER server must act as a To achieve implicit bootstrapping, the ER server acts as a Diameter
Diameter EAP Proxy as defined in the Diameter Base Protocol EAP Proxy, and Diameter routing must be configured so that Diameter
[RFC3588], and routing must be configured so that Diameter messages EAP application messages are routed through this proxy. The figure
of a full EAP authentication are routed through this proxy. The bellow illustrates this mechanism.
figure bellow illustrates this mechanism.
ER server & ER server &
Authenticator EAP Proxy Home EAP server Authenticator EAP Proxy Home EAP server
============= =========== =============== ============= =========== ===============
-------------------------> ------------------------->
Diameter EAP/DER Diameter EAP/DER
(EAP-Response) (EAP-Response)
-------------------------> ------------------------->
Diameter EAP/DER Diameter EAP/DER
(EAP-Response) (EAP-Response)
skipping to change at page 7, line 28 skipping to change at page 6, line 38
<------------------------- <-------------------------
Diameter EAP/DEA Diameter EAP/DEA
(EAP-Success) (EAP-Success)
(MSK) (MSK)
(Key AVP (rRK)) (Key AVP (rRK))
<------------------------- <-------------------------
Diameter EAP/DEA Diameter EAP/DEA
(EAP-Success) (EAP-Success)
(MSK) (MSK)
[ERP-Realm] [ ERP-Realm ]
Figure 2: ERP Bootstrapping During Full EAP Authentication Figure 2: ERP Bootstrapping During Full EAP Authentication
The ER server proxies the first DER of the full EAP authentication The ER server proxies the first DER of the full EAP authentication
and adds the ERP-RK-Request AVP inside, if this AVP is not already in and adds the ERP-RK-Request AVP inside, if this AVP is not already in
the message (which might happen if there are ER servers in the the message (which might happen if there are several ER servers on
visited and the home domains), then forwards the request. the path), then forwards the request.
If the EAP server does not support the ERP extensions, it will simply If the EAP server does not support the ERP extensions, it simply
ignore this grouped AVP and continue as specified in RFC 4072 ignores the ERP-RK-Request AVP and continues as specified in RFC 4072
[RFC4072]. If the server supports the ERP extensions, it caches the [RFC4072]. If the server supports the ERP extensions, it saves the
ERP-Realm value with the session data, and continues the EAP value of the ERP-Realm AVP found inside the ERP-RK-Request AVP, and
authentication. When the authentication is complete, if it is continues with the EAP authentication. When the authentication
successful and the EAP method generated an EMSK, the server MUST completes, if it is successful and the EAP method has generated an
derive the rRK as specified in RFC 5296 [RFC5296], and include an EMSK, the server MUST derive the rRK as specified in RFC 5296
instance of the Key AVP Section 8.3 in the Diameter-EAP-Answer [RFC5296], using the saved domain name. It then includes the rRK
message. inside a Key AVP Section 8.3 with the Key-Type AVP set to rRK, before
sending the DEA as usual.
When the ER server proxies a Diameter-EAP-Answer message with a When the ER server proxies a Diameter-EAP-Answer message with a
Session-Id corresponding to a message to which it added an ERP-RK- Session-Id corresponding to a message to which it added an ERP-RK-
Answer, and the Result-Code is DIAMETER_SUCCESS, it MUST examine the Request AVP, and the Result-Code is DIAMETER_SUCCESS, it MUST examine
message, extract and remove any Key AVP Section 8.3 from the message, the message and save and remove any Key AVP Section 8.3 with Key-Type
and save its content. If the message does not contain an ERP-RK- AVP set to rRK. If the message does not contain such Key AVP, the ER
Answer AVP, the ER server MAY cache this information to avoid server may cache the information that ERP is not possible for this
possible subsequent re-authentication attempts for this session. In session to avoid possible subsequent attempts. In any case, the
any case, the information stored SHOULD NOT have a lifetime greater information stored in ER server concerning a session should not have
than the EMSK lifetime a lifetime greater than the EMSK for this session.
QUESTION:
How does the ER server knows the EMSK lifetime, if there is no
ERP-RK-Answer? What is the lifetime of the MSK for example?
If the ER server is successfully bootstrapped, it MAY also add the
ERP-Realm AVP after removing the ERP-RK-Answer AVP in the EAP/DEA
message. This could be used by the authenticator to notify the peer
that ERP is bootstrapped, with the ER domain information. How this
information can be transmitted to the peer is outside the scope of
this document.
QUESTION: If the ER server is successfully bootstrapped, it should also add the
Is this possible? It might be useful... ERP-Realm AVP after removing the Key AVP with Key-Type of rRK in the
EAP/DEA message. This ERP-Realm information can be used by the
authenticator to notify the peer that ER server is bootstrapped, and
for which domain. How this information can be transmitted to the
peer is outside the scope of this document. This information needs
to be sent to the peer if both implicit and explicit bootstrapping
mechanisms are possible, because the ERP message and the root key
used for protecting this message are different in bootstrapping
exchanges and non-bootstrapping exchanges.
5.2. Bootstrapping During the First Re-authentication 5.2. Bootstrapping During the First Re-authentication
Bootstrapping the ER server during the first re-authentication (also Bootstrapping the ER server during the first re-authentication (also
known as explicit bootstrapping) offers several advantages: it saves known as explicit bootstrapping) is less resource-consuming, since
resources, since we generate and cache only root keys that we root keys are generated and cached only when needed. On the other
actually need, and it can accomodate inter-domain handovers or ER hand, in that case first re-authentication requires a one-round-trip
servers that lose their state (for example after reboot). exchange with the home EAP server, which is less efficient than the
implicit bootstrapping scenario.
COMMENT:
This last point might not be true currently, since the peer would
not issue a bootstrapping exchange... But this might change also
with RFC5296bis AFAIU
On the other hand, the first re-authentication with the ER server
requires a one-round-trip exchange with the home EAP server, which
adds some delay to the process (but it is more efficient than a full
EAP authentication in any case). It also requires some
synchronization between the peer and the visited domain: since the
ERP message used is different
QUESTION:
and the root key used also?
for the explicit bootstrapping exchange than for normal re-
authentication; explicit bootstrapping should not be used if implicit
bootstrapping was already performed.
QUESTION:
What should we do if the ER server receives an explicit
bootstrapping request but already possess the rDSRK? Can it
answer without going to the home server? That would be simpler --
planned in rfc5296bis ?
The ER server receives the ERP/DER message containing the EAP- The ER server receives the ERP/DER message containing the EAP-
Initiate/Re-Auth message with the 'B' flag set. It proxies this Initiate/Re-Auth message with the 'B' flag set. It proxies this
message, and performs the following processing in addition to message, and performs the following processing in addition to
standard proxy operations: standard proxy operations:
Changes the Application Id in the header of the message to Changes the Application Id in the header of the message to
Diameter EAP Application (code 5). Diameter EAP Application (code 5).
Change the content of Application-Auth-Id accordingly. Change the content of Application-Auth-Id accordingly.
QUESTION: QUESTION:
Is t better to leave it unmodified? Is it better to leave it unmodified, so that the server can
easily differenciate between ERP and standard EAP message ?
Add the ERP-RK-Request AVP, which contains the name of the domain Add the ERP-RK-Request AVP, which contains the name of the domain
where the ER server is located. where the ER server is located.
QUESTION: PROBLEM:
Add the Destination-Host to reach the appropriate EAP server, Add the Destination-Host AVP to reach the appropriate Diameter
the one with the EMSK. How does the ER server know this EAP server in case there is more than one in destination
information? domain, the one with the EMSK. How does the ER server know
this information? Or can we require that all Diameter EAP
servers can be used interchangeably for this purpose?
Then the server forwards the EAP/DER request, which is routed to the Then the proxied EAP/DER request is sent and routed to the home
home EAP server. Diameter EAP server.
If the home EAP server does not support the ERP extensions, it If the home EAP server does not support the ERP extensions, it
replies with an error since the encapsulated EAP-Initiate/Re-auth replies with an error since the encapsulated EAP-Initiate/Re-auth
command is not understood. Otherwise, it processes the ERP request command is not understood. Otherwise, it processes the ERP request
as described in [RFC5296]. In particular, it includes the Domain- as described in [RFC5296]. In particular, it includes the Domain-
Name TLV attribute with the content from the ERP-Realm AVP. It Name TLV attribute with the content from the ERP-Realm AVP. It
creates the EAP/DEA reply message [RFC4072]. including an instance of creates the EAP/DEA reply message [RFC4072]. including an instance of
the Key AVP Section 8.3. the Key AVP Section 8.3 with Key-Type AVP set to rRK.
QUESTION:
What about authorization AVPs?
The ER server receives this EAP/DEA and proxies it as follows, in The ER server receives this EAP/DEA and proxies it as follows, in
addition to standard proxy operations: addition to standard proxy operations:
Set the Application Id back to Diameter ERP (code TBD) Set the Application Id back to Diameter ERP application Id (code
TBD)
Extract and cache the content of the Key AVP.
QUESTION: Extract and cache the content of the Key AVP with Key-Type set to
And authorization AVPs ? rRK, as described in implicit scenario.
The DEA is then forwarded to the authenticator, that can use the rMSK The ERP/DEA message is then forwarded to the authenticator, that can
as described in RFC 5296 [RFC5296]. use the rMSK as described in RFC 5296 [RFC5296].
The figure below captures this proxy behavior: The figure below captures this proxy behavior:
Authenticator ER server Home EAP server Authenticator ER server Home EAP server
============= ========= =============== ============= ========= ===============
-----------------------> ----------------------->
Diameter ERP/DER Diameter ERP/DER
(EAP-Initiate) (EAP-Initiate)
------------------------> ------------------------>
Diameter EAP/DER Diameter EAP/DER
(EAP-Initiate) (EAP-Initiate)
(ERP-RK-Request) (ERP-RK-Request)
<------------------------ <------------------------
Diameter EAP/DEA Diameter EAP/DEA
(EAP-Finish) (EAP-Finish)
(Key AVP) (Key AVP (rRK))
(Key AVP (rMSK))
<---------------------- <----------------------
Diameter ERP/DEA Diameter ERP/DEA
(EAP-Finish) (EAP-Finish)
(Key AVP) (Key AVP (rMSK))
Figure 3: ERP Explicit Bootstrapping Message Flow Figure 3: ERP Explicit Bootstrapping Message Flow
6. Re-Authentication 6. Re-Authentication
This section describes in detail a re-authentication exchange with a This section describes in detail a re-authentication exchange with an
(bootstrapped) ER server. The following figure summarizes the re- ER server that was previously bootstrapped. The following figure
authentication exchange. summarizes the re-authentication exchange.
ER server ER server
(bootstrapped) Peer Authenticator (bootstrapped)
Peer Authenticator (local or home domain)
==== ============= ====================== ==== ============= ======================
[ <------------------------ ] [ <------------------------ ]
[optional EAP-Initiate/Re-auth-start] [optional EAP-Initiate/Re-auth-start,]
[ possibly with ERP domain name ]
-----------------------> ----------------------->
EAP-Initiate/Re-auth EAP-Initiate/Re-auth
===============================> ===============================>
Diameter ERP, cmd code DER Diameter ERP, cmd code DER
User-Name: Keyname-NAI User-Name: Keyname-NAI
EAP-Payload: EAP-Initiate/Re-auth EAP-Payload: EAP-Initiate/Re-auth
<=============================== <===============================
Diameter ERP, cmd code DEA Diameter ERP, cmd code DEA
EAP-Payload: EAP-Finish/Re-auth EAP-Payload: EAP-Finish/Re-auth
Key AVP: rMSK Key AVP: rMSK
<---------------------- <----------------------
EAP-Finish/Re-auth EAP-Finish/Re-auth
Figure 4: Diameter ERP Re-authentication Exchange Figure 4: Diameter ERP Re-authentication Exchange
In ERP, the peer sends an EAP-Initiate/Re-auth message to the ER The peer sends an EAP-Initiate/Re-auth message to the ER server via
server via the authenticator. Alternatively, the authenticator may the authenticator. Alternatively, the authenticator may send an EAP-
send an EAP-Initiate/Re-auth-Start message to the peer to trigger the Initiate/Re-auth-Start message to the peer to trigger the mechanism.
start of ERP. In this case, the peer responds with an EAP-Initiate/ In this case, the peer responds with an EAP-Initiate/Re-auth message.
Re-auth message.
If the authenticator does not support ERP (pure [RFC4072] support), If the authenticator does not support ERP (pure Diameter EAP
it discards the EAP packets with an unknown ERP-specific code (EAP- [RFC4072] support), it discards the EAP packets with an unknown ERP-
Initiate). The peer may fallback to full EAP authentication in this specific code (EAP-Initiate). The peer should fallback to full EAP
case. authentication in this case.
When the authenticator receives an EAP-Initiate/Re-auth message from When the authenticator receives an EAP-Initiate/Re-auth message from
the peer, it process as described in [RFC5296] with regards to the the peer, it processes as described in [RFC5296] with regards to the
EAP state machine. It creates a Diameter EAP Request message EAP state machine. It creates a Diameter EAP Request message
following the general process of DiameterEAP [RFC4072], with the following the general process of Diameter EAP [RFC4072], with the
following differences: following differences:
The Application Id in the header is set to Diameter ERP (code The Application Id in the header is set to Diameter ERP (code
TBD). TBD).
The value in Auth-Application-Id AVP is also set to Diameter ERP The value in Auth-Application-Id AVP is also set to Diameter ERP
Application. Application.
The keyName-NAI attribute from ERP message is used to create the The keyName-NAI attribute from ERP message is used to create the
content of User-Name AVP and Destination-Realm AVP. content of User-Name AVP and Destination-Realm AVP.
FFS: FFS:
What about Session-ID AVP -- in case of re-auth at the same What about Session-ID AVP ?
place, and in case of handover?
The Auth-Request-Type AVP content is set to [Editor's note: FFS].
QUESTION: The Auth-Request-Type AVP content is set to [Editor's note: FFS --
Do we really do authorization with Diameter ERP ? -- need to cf. open issues].
pass the authorization attrs to the ER server in that case.
Idea FFS: we do authorization only for explicit bootstrapping
exchanges...
The EAP-Payload AVP contains the ERP message, EAP-Initiate/ The EAP-Payload AVP contains the EAP-Initiate/Re-Auth message.
Re-Auth.
Then this ERP/DER message is sent as described in Section 4. Then this ERP/DER message is sent as described in Section 4.
The ER server receives and processes this request as described in The ER server receives and processes this request as described in
Section 4. It then creates an ERP/DEA message following the general Section 4. It then creates an ERP/DEA message following the general
processing described in RFC 4072 [RFC4072], with the following processing described in RFC 4072 [RFC4072], with the following
differences: differences:
The Application Id in the header is set to Diameter ERP (code The Application Id in the header is set to Diameter ERP (code
TBD). TBD).
The value of the Auth-Application-Id AVP is also set to Diameter The value of the Auth-Application-Id AVP is also set to Diameter
ERP Application. ERP Application.
The EAP-Payload AVP contains the ERP message, EAP-Finish/Re-auth. The EAP-Payload AVP contains the EAP-Finish/Re-auth message.
In case of successful authentication, an instance of the Key AVP In case of successful authentication, an instance of the Key AVP
containing the Re-authentication Master Session Key (rMSK) derived containing the Re-authentication Master Session Key (rMSK) derived
by ERP is included. by ERP is included.
QUESTION:
What about all the authorization attributes? If we want to
include them, they have to be present on the ER server...
When the authenticator receives this ERP/DEA answer, it processes it When the authenticator receives this ERP/DEA answer, it processes it
as described in Diameter EAP [RFC4072] and RFC 5296 [RFC5296]: the as described in Diameter EAP [RFC4072] and RFC 5296 [RFC5296]: the
content of EAP-Payload AVP content is forwarded to the peer, and the content of EAP-Payload AVP content is forwarded to the peer, and the
contents of the Keying-Material AVP [I-D.ietf-dime-local-keytran] is contents of the Keying-Material AVP [I-D.ietf-dime-local-keytran] is
used as a shared secret for Secure Association Protocol. used as a shared secret for Secure Association Protocol.
7. Application Id 7. Application Id
We define a new Diameter application in this document, Diameter ERP We define a new Diameter application in this document, Diameter ERP
Application, with an Application Id value of TBD. Diameter nodes Application, with an Application Id value of TBD. Diameter nodes
skipping to change at page 13, line 42 skipping to change at page 12, line 28
{ ERP-Realm } { ERP-Realm }
* [ AVP ] * [ AVP ]
Figure 5: ERP-RK-Request ABNF Figure 5: ERP-RK-Request ABNF
8.2. ERP-Realm AVP 8.2. ERP-Realm AVP
The ERP-Realm AVP (AVP Code TBD) is of type DiameterIdentity. It The ERP-Realm AVP (AVP Code TBD) is of type DiameterIdentity. It
contains the name of the realm in which the ER server is located. contains the name of the realm in which the ER server is located.
FFS:
We may re-use Origin-Realm here instead? On the other hand, ERP-
Realm may be useful if the ER server is in a third-party realm, if
this is possible.
This AVP has the M and V bits cleared. This AVP has the M and V bits cleared.
8.3. Key AVP 8.3. Key AVP
The Key AVP [I-D.ietf-dime-local-keytran] is of type "Grouped" and is The Key AVP [I-D.ietf-dime-local-keytran] is of type "Grouped" and is
used to carry the rMSK and associated attributes. The usage of the used to carry the rRK or rMSK and associated attributes. The usage
Key AVP and its constituent AVPs in this application is specified in of the Key AVP and its constituent AVPs in this application is
the following sub-sections. specified in the following sub-sections.
8.3.1. Key-Type AVP 8.3.1. Key-Type AVP
The value of the Key-Type AVP MUST be set to 3 for rRK. The value of the Key-Type AVP MUST be set to 2 for rRK or 3 for rMSK.
8.3.2. Keying-Material AVP 8.3.2. Keying-Material AVP
The Keying-Material AVP contains rRK sent by the home EAP server to The Keying-Material AVP contains rRK sent by the home EAP server to
the ER server, in answer to a request containing an ERP-RK-Request the ER server, in answer to a request containing an ERP-RK-Request
AVP. How this material is derived and used is specified in RFC 5296 AVP, or the rMSK sent by ER server to authenticator. How this
[RFC5296]. material is derived and used is specified in RFC 5296 [RFC5296].
8.3.3. Key-Name AVP 8.3.3. Key-Name AVP
This AVP contains the EMSKname which identifies the keying material. This AVP contains the EMSKname which identifies the keying material.
The derivation of this name is specified in RGC 5296 [RFC5296]. The derivation of this name is specified in RGC 5296 [RFC5296].
8.3.4. Key-Lifetime AVP 8.3.4. Key-Lifetime AVP
The Key-Lifetime AVP contains the lifetime of the keying material in The Key-Lifetime AVP contains the lifetime of the keying material in
seconds. It MUST NOT be greater than the remaining lifetime of the seconds. It MUST NOT be greater than the remaining lifetime of the
EMSK from which the material was derived. EMSK from which the material was derived.
9. Open issues 9. Open issues
This document does not address some known issues in Diameter ERP This document does not address some known issues in Diameter ERP
mechanism. The authors would like to hear ideas about how to address mechanism. The authors would like to hear ideas about how to address
them. them.
The main issue is the use of ERP for authentication after a handover The main issue is the use of ERP for authentication after a handover
of the peer to a new authenticator (or different authenticator port). of the peer to a new authenticator (or different authenticator port).
Diameter ERP is not meant to be a mobility protocol. A number of Diameter ERP is not meant to be a mobility application. A number of
issues appear when we try to do handover in Diameter ERP (alone): how issues appear when we try to do handover while using Diameter ERP:
to manage the Session-Id AVP; how does the ER server provide the
Authorization AVPs; how does the peer learn the ERP domain of the new how to manage the Session-Id AVP -- is it a new session each time,
authenticator; how does the home server reachs the peer to for or do we try to reuse the same Diameter session?;
example terminate the session; and so on... Therefore, the
management of the session for a mobile peer is not (yet) addressed in how does the ER authenticator acquire the Authorization AVPs? Is
this document. It must be studied how Diameter ERP can be for it cached in the Diameter ER server (received during
example used in conjunction with a mobility application (Diameter bootstrapping) or do we use first Authenticate-Only with ER
MIP4, Diameter MIP6) to support the optimized re-authentication in server, then Authorize-Only with home domain (and in that case how
such situation. does the ER authenticator learn what the home domain is?)
how does the peer learn the ERP domain of the new authenticator --
this is being addressed in HOKEY architecture draft;
how does the home server reachs the peer to for example terminate
the session if there is no notification sent to the home domain;
Another issue concerns the case where the home realm contains several Another issue concerns the case where the home realm contains several
EAP servers. In multi rounds full EAP authentication, the EAP servers. In multi rounds full EAP authentication, the
Destination-Host AVP provides the solution to reach the same server Destination-Host AVP provides the solution to reach the same server
across the exchanges. Only this server possess the EMSK for the across the exchanges. Only this server possess the EMSK for the
session. In case of explicit bootstrapping, the ER server must session. In case of explicit bootstrapping, the ER server must
therefore be able to reach the correct server to request the DSRK. A therefore be able to reach the correct server to request the DSRK. A
solution might consist in saving the Origin-Host AVP of all solution might consist in saving the Origin-Host AVP of all
successful EAP/DEA in the ER server, which is a bit similar to the successful EAP/DEA in the ER server, which is a bit similar to the
implicit bootstrapping scenario described here -- only we save the implicit bootstrapping scenario described here -- only we save the
server name instead of the root key, and we must then be able to server name instead of the root key, and we must then be able to
match the DSRK with the user name. match the DSRK with the user name.
In roaming environments, it might be useful that a broker provides
ERP services. The security implications of storing the DSRK
generated for the visited domain into the broker's server should be
studied.
Finally, this document currently lacks a description of what happens Finally, this document currently lacks a description of what happens
when a Re-Auth-Request is received for a peer on the authenticator. when a Re-Auth-Request is received for a peer on the authenticator.
10. Acknowledgements 10. Acknowledgements
Hannes Tschofenig wrote the initial draft for this document and Hannes Tschofenig wrote the initial draft for this document and
provided useful reviews. provided useful reviews.
Vidya Narayanan reviewed a rough draft version of the document and Vidya Narayanan reviewed a rough draft version of the document and
found some errors. found some errors.
skipping to change at page 16, line 25 skipping to change at page 15, line 17
o RFC 4072 [RFC4072] o RFC 4072 [RFC4072]
o RFC 5247 [RFC5247] o RFC 5247 [RFC5247]
o RFC 5295 [RFC5295] o RFC 5295 [RFC5295]
o [RFC5296] o [RFC5296]
FFS: FFS:
Do we really respect these security considerations with the Do we really respect these security considerations with the
mechanism we describe here? Is it safe to use ERP-RK-Request / mechanism we describe here? Is it safe to use ERP-RK-Request &
Answer AVPs? What is the worst case? Key AVPs? What is the worst case? For example if a domain tricks
the peer into beliving it is located in a different domain?
EAP channel bindings may be necessary to ensure that the Diameter EAP channel bindings may be necessary to ensure that the Diameter
client and the server are in sync regarding the key Requesting client and the server are in sync regarding the key Requesting
Entity's Identity. Specifically, the Requesting Entity advertises Entity's Identity. Specifically, the Requesting Entity advertises
its identity through the EAP lower layer, and the user or the EAP its identity through the EAP lower layer, and the user or the EAP
peer communicates that identity to the EAP server (and the EAP server peer communicates that identity to the EAP server (and the EAP server
communicates that identity to the Diameter server) via the EAP method communicates that identity to the Diameter server) via the EAP method
for user/peer to server verification of the Requesting Entity's for user/peer to server verification of the Requesting Entity's
Identity. Identity.
QUESTION: QUESTION:
What does this paragraph actually mean? What does this paragraph actually mean?
13. References 13. References
13.1. Normative References 13.1. Normative References
[I-D.ietf-dime-local-keytran] Zorn, G., Wu, W., and V. Cakulev, [I-D.ietf-dime-local-keytran] Zorn, G., Wu, W., and V. Cakulev,
"Diameter Attribute-Value Pairs for "Diameter Attribute-Value Pairs for
Cryptographic Key Transport", Cryptographic Key Transport",
draft-ietf-dime-local-keytran-07 (work draft-ietf-dime-local-keytran-08 (work
in progress), June 2010. in progress), October 2010.
[RFC2119] Bradner, S., "Key words for use in [RFC2119] Bradner, S., "Key words for use in
RFCs to Indicate Requirement Levels", RFCs to Indicate Requirement Levels",
BCP 14, RFC 2119, March 1997. BCP 14, RFC 2119, March 1997.
[RFC3588] Calhoun, P., Loughney, J., Guttman, [RFC3588] Calhoun, P., Loughney, J., Guttman,
E., Zorn, G., and J. Arkko, "Diameter E., Zorn, G., and J. Arkko, "Diameter
Base Protocol", RFC 3588, Base Protocol", RFC 3588,
September 2003. September 2003.
 End of changes. 47 change blocks. 
207 lines changed or deleted 154 lines changed or added

This html diff was produced by rfcdiff 1.40. The latest version is available from http://tools.ietf.org/tools/rfcdiff/