--- 1/draft-ietf-dime-erp-05.txt 2011-05-04 14:15:43.000000000 +0200 +++ 2/draft-ietf-dime-erp-06.txt 2011-05-04 14:15:43.000000000 +0200 @@ -1,24 +1,24 @@ Network Working Group J. Bournelle Internet-Draft L. Morand Intended status: Standards Track Orange Labs -Expires: April 25, 2011 S. Decugis, Ed. - NICT +Expires: November 5, 2011 S. Decugis + Free Diameter Q. Wu Huawei - G. Zorn, Ed. + G. Zorn Network Zen - October 22, 2010 + May 4, 2011 - Diameter Support for the EAP Re-authentication Protocol (ERP) - draft-ietf-dime-erp-05.txt + Diameter support for EAP Re-authentication Protocol (ERP) + draft-ietf-dime-erp-06.txt Abstract The EAP Re-authentication Protocol (ERP) defines extensions to the Extensible Authentication Protocol (EAP) to support efficient re- authentication between the peer and an EAP Re-authentication (ER) server through a compatible authenticator. This document specifies Diameter support for ERP. It defines a new Diameter ERP application to transport ERP messages between an ER authenticator and the ER server, and a set of new AVPs that can be used to transport the @@ -32,79 +32,81 @@ Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." - This Internet-Draft will expire on April 25, 2011. + This Internet-Draft will expire on November 5, 2011. Copyright Notice - Copyright (c) 2010 IETF Trust and the persons identified as the + Copyright (c) 2011 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 - 2.1. Requirements Language . . . . . . . . . . . . . . . . . . 3 + 2.1. Requirements Language . . . . . . . . . . . . . . . . . . 4 3. Assumptions . . . . . . . . . . . . . . . . . . . . . . . . . 4 4. Protocol Overview . . . . . . . . . . . . . . . . . . . . . . 4 5. Bootstrapping the ER Server . . . . . . . . . . . . . . . . . 5 - 5.1. Bootstrapping During the Initial EAP authentication . . . 5 + 5.1. Bootstrapping During the Initial EAP authentication . . . 6 5.2. Bootstrapping During the First Re-authentication . . . . . 7 6. Re-Authentication . . . . . . . . . . . . . . . . . . . . . . 9 7. Application Id . . . . . . . . . . . . . . . . . . . . . . . . 11 - 8. AVPs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 - 8.1. ERP-RK-Request AVP . . . . . . . . . . . . . . . . . . . . 12 - 8.2. ERP-Realm AVP . . . . . . . . . . . . . . . . . . . . . . 12 + 8. AVPs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 + 8.1. ERP-RK-Request AVP . . . . . . . . . . . . . . . . . . . . 11 + 8.2. ERP-Realm AVP . . . . . . . . . . . . . . . . . . . . . . 11 8.3. Key AVP . . . . . . . . . . . . . . . . . . . . . . . . . 12 8.3.1. Key-Type AVP . . . . . . . . . . . . . . . . . . . . . 12 8.3.2. Keying-Material AVP . . . . . . . . . . . . . . . . . 12 8.3.3. Key-Name AVP . . . . . . . . . . . . . . . . . . . . . 12 - 8.3.4. Key-Lifetime AVP . . . . . . . . . . . . . . . . . . . 13 - 9. Open issues . . . . . . . . . . . . . . . . . . . . . . . . . 13 - 10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 14 - 11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 14 + 8.3.4. Key-Lifetime AVP . . . . . . . . . . . . . . . . . . . 12 + 9. Open issues . . . . . . . . . . . . . . . . . . . . . . . . . 12 + 10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 13 + 11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13 11.1. Diameter Application Identifier . . . . . . . . . . . . . 14 11.2. New AVPs . . . . . . . . . . . . . . . . . . . . . . . . . 14 12. Security Considerations . . . . . . . . . . . . . . . . . . . 14 13. References . . . . . . . . . . . . . . . . . . . . . . . . . . 15 13.1. Normative References . . . . . . . . . . . . . . . . . . . 15 - 13.2. Informative References . . . . . . . . . . . . . . . . . . 16 + 13.2. Informative References . . . . . . . . . . . . . . . . . . 15 1. Introduction RFC 5296 [RFC5296] defines the EAP Re-authentication Protocol (ERP). It consists of the following steps: Bootstrapping + A root key for re-authentication is derived from the Extended Master Session Key (EMSK) created during EAP authentication [RFC5295]. This root key is transported from the EAP server to the ER server. Re-authentication + A one-round-trip exchange between the peer and the ER server, resulting in mutual authentication. To support the EAP reauthentication functionality, ERP defines two new EAP codes - EAP-Initiate and EAP-Finish. This document defines how Diameter transports the ERP messages during the re-authentication process. For this purpose, we define a new Application Identifier for ERP, and re-use the Diameter EAP commands (DER/DEA). @@ -109,22 +111,22 @@ (DER/DEA). This document also discusses the distribution of the root key during bootstrapping, in conjunction with either the initial EAP authentication (implicit bootstrapping) or the first ERP exchange (explicit bootstrapping). Security considerations for this key distribution are detailed in RFC 5295 [RFC5295]. 2. Terminology - This document uses terminology defined in RFC 3748 [RFC3748], RFC - 5295 [RFC5295], RFC 5296 [RFC5296], and RFC 4072 [RFC4072]. + This document uses terminology defined in RFC3748 [RFC3748], RFC5295 + [RFC5295], RFC5296 [RFC5296], and RFC4072 [RFC4072]. "Root key" (RK) or "bootstrapping material" refer to the rRK or rDSRK derived from an EMSK, depending on the location of the ER server in home or foreign domain. We use the notation "ERP/DER" and "ERP/DEA" in this document to refer to Diameter-EAP-Request and Diameter-EAP-Answer commands with the Application Id set to "Diameter ERP Application" Section 11.1; the same commands are denoted "EAP/DER" and "EAP/DEA" when the Application Id in the message is set to "Diameter EAP Application" @@ -151,68 +153,69 @@ The following figure shows the components involved in ERP, and their interactions. Diameter +--------+ +-------------+ ERP +-----------+ (*) | Home | Peer <->|Authenticator|<=======>| ER server | <---> | EAP | +-------------+ +-----------+ | server | +--------+ (*) Diameter EAP application, explicit bootstrapping scenario only. - Figure 1: Diameter ERP Overview + Figure 1. Diameter ERP Overview. The ER server is located either in the home domain (same as EAP server) or in the visited domain (same as authenticator, when it differs from the home domain). When the peer initiates an ERP exchange, the authenticator creates a Diameter-EAP-Request message [RFC4072]. The Application Id of the message is set to that of the Diameter ERP application (code: TBD) in the message. The generation of the ERP/DER message is detailed in Section 6. If there is an ER server in the same domain as the authenticator (local domain), Diameter routing must be configured so that this ERP/ DER message reachs this server, even if the Destination-Realm is not the local domain. If there is no local ER server, the message is routed according to its Destination-Realm AVP content, extracted from the realm component of the keyName-NAI attribute. As specified in RFC 5296 [RFC5296], - this realm is the home domain of the peer in case of a bootstrapping - exchange (the 'B' flag is set in the ERP message) or the domain of - the bootstrapped ER server otherwise. + this realm is the home domain of the peer in case of bootstrapping + exchange ('B' flag is set in ERP message) or the domain of the + bootstrapped ER server otherwise . If no ER server is available in the home domain either, the ERP/DER message cannot be delivered, and an error DIAMETER_UNABLE_TO_DELIVER - is generated [RFC3588] and returned to the authenticator. The - authenticator may cache this information (with limited duration) to - avoid further attempts for ERP with this realm. It may also fallback - to full EAP authentication to authenticate the peer. + is generated as specified in [RFC3588] and returned to the + authenticator. The authenticator may cache this information (with + limited duration) to avoid further attempts for ERP with this realm. + It may also fallback to full EAP authentication to authenticate the + peer. When an ER server receives the ERP/DER message, it searches its local database for a root key matching the keyName part of the User-Name AVP. If such key is found, the ER server processes the ERP message - as described in RFC 5296 [RFC5296] then creates the ERP/DEA answer as + as described in [RFC5296] then creates the ERP/DEA answer as described in Section 6. The rMSK is included in this answer. Finally, the authenticator extracts the rMSK from the ERP/DEA as described in RFC 5296 [RFC5296], and forwards the content of the EAP- Payload AVP, the EAP-Finish/Re-Auth message, to the peer. If the EAP-Initiate/Re-Auth message has its 'B' flag set (Bootstrapping exchange), the ER server should not possess the root key in its local database. In this case, the ER server acts as a proxy, and forwards the message to the home EAP server after changing its Application Id to Diameter EAP and adding the ERP-RK-Request AVP - to request the root key. See Section 5 for more detail on this - process. + to request the root key. See section Section 5 for more detail on + this process. 5. Bootstrapping the ER Server The bootstrapping process involves the home EAP server and the ER server, but also impacts the peer and the authenticator. In ERP, the peer must derive the same keying material as the ER server. To achieve this, it must learn the domain name of the ER server. How this information is acquired is outside the scope of this specification, but it may involves that the authenticator is configured to advertize this domain name, especially in the case of @@ -223,25 +226,25 @@ EMSK -- from which the root key is derived -- is created, during the first re-authentication, or sometime between those events. We only consider the first two possibilities in this specification, in the following sub-sections. 5.1. Bootstrapping During the Initial EAP authentication Bootstrapping the ER server during the initial EAP authentication (also known as implicit bootstrapping) offers the advantage that the server is immediatly available for re-authentication of the peer, - thus minimizing re-authentication delay. On the other hand, it is - possible that only a small number of peers will use re-authentication - in the visited domain. Deriving and caching key material for all the - peers (for example, for the peers that do not support ERP) is a waste - of resources and should be avoided. + thus minimizing the re-authentication delay. On the other hand, it + is possible that only a small number of peers will use re- + authentication in the visited domain. Deriving and caching key + material for all the peers (for example, for the peers that do not + support ERP) is a waste of resources and should be avoided. To achieve implicit bootstrapping, the ER server acts as a Diameter EAP Proxy, and Diameter routing must be configured so that Diameter EAP application messages are routed through this proxy. The figure bellow illustrates this mechanism. ER server & Authenticator EAP Proxy Home EAP server ============= =========== =============== -------------------------> @@ -317,49 +320,47 @@ The ER server receives the ERP/DER message containing the EAP- Initiate/Re-Auth message with the 'B' flag set. It proxies this message, and performs the following processing in addition to standard proxy operations: Changes the Application Id in the header of the message to Diameter EAP Application (code 5). Change the content of Application-Auth-Id accordingly. - QUESTION: - Is it better to leave it unmodified, so that the server can - easily differenciate between ERP and standard EAP message ? + QUESTION: Is it better to leave it unmodified, so that the server + can easily differenciate between ERP and standard EAP message? Add the ERP-RK-Request AVP, which contains the name of the domain where the ER server is located. - PROBLEM: - Add the Destination-Host AVP to reach the appropriate Diameter - EAP server in case there is more than one in destination - domain, the one with the EMSK. How does the ER server know - this information? Or can we require that all Diameter EAP - servers can be used interchangeably for this purpose? + PROBLEM: Add the Destination-Host AVP to reach the appropriate + Diameter EAP server in case there is more than one in destination + domain, the one with the EMSK. How does the ER server know this + information? Or can we require that all Diameter EAP servers can + be used interchangeably for this purpose? Then the proxied EAP/DER request is sent and routed to the home Diameter EAP server. - If the home EAP server does not support the ERP extensions, it - replies with an error since the encapsulated EAP-Initiate/Re-auth - command is not understood. Otherwise, it processes the ERP request - as described in [RFC5296]. In particular, it includes the Domain- - Name TLV attribute with the content from the ERP-Realm AVP. It - creates the EAP/DEA reply message [RFC4072]. including an instance of - the Key AVP Section 8.3 with Key-Type AVP set to rRK. + If the home EAP server does not support ERP extensions, it replies + with an error since the encapsulated EAP-Initiate/Re-auth command is + not understood. Otherwise, it processes the ERP request as described + in [RFC5296]. In particular, it includes the Domain- Name TLV + attribute with the content from the ERP-Realm AVP. It creates the + EAP/DEA reply message [RFC4072]. including an instance of the Key AVP + Section 8.3 with Key-Type AVP set to rRK. The ER server receives this EAP/DEA and proxies it as follows, in addition to standard proxy operations: - Set the Application Id back to Diameter ERP application Id (code + Set the Application Id back to Diameter ERPApplication Id (code TBD) Extract and cache the content of the Key AVP with Key-Type set to rRK, as described in implicit scenario. The ERP/DEA message is then forwarded to the authenticator, that can use the rMSK as described in RFC 5296 [RFC5296]. The figure below captures this proxy behavior: @@ -418,41 +418,37 @@ the authenticator. Alternatively, the authenticator may send an EAP- Initiate/Re-auth-Start message to the peer to trigger the mechanism. In this case, the peer responds with an EAP-Initiate/Re-auth message. If the authenticator does not support ERP (pure Diameter EAP [RFC4072] support), it discards the EAP packets with an unknown ERP- specific code (EAP-Initiate). The peer should fallback to full EAP authentication in this case. When the authenticator receives an EAP-Initiate/Re-auth message from - the peer, it processes as described in [RFC5296] with regards to the + the peer, it process as described in [RFC5296] with regards to the EAP state machine. It creates a Diameter EAP Request message following the general process of Diameter EAP [RFC4072], with the following differences: - The Application Id in the header is set to Diameter ERP (code - TBD). + The Application Id in the header is set to Diameter ERP (code TBD + ). The value in Auth-Application-Id AVP is also set to Diameter ERP Application. The keyName-NAI attribute from ERP message is used to create the content of User-Name AVP and Destination-Realm AVP. - FFS: - What about Session-ID AVP ? - - The Auth-Request-Type AVP content is set to [Editor's note: FFS -- - cf. open issues]. + The Auth-Request-Type AVP content is set to [Editor's note: FFS]. - The EAP-Payload AVP contains the EAP-Initiate/Re-Auth message. + The EAP-Payload AVP contains the EAP-Initiate/Re-Auth. Then this ERP/DER message is sent as described in Section 4. The ER server receives and processes this request as described in Section 4. It then creates an ERP/DEA message following the general processing described in RFC 4072 [RFC4072], with the following differences: The Application Id in the header is set to Diameter ERP (code TBD). @@ -618,60 +613,58 @@ RFC 3588 [RFC3588] for the following AVPs: ERP-RK-Request ERP-Realm These AVPs are defined in Section 8. 12. Security Considerations - The security considerations from the following documents also apply - here: + The security considerations from the following documents apply here: o RFC 3588 [RFC3588] o RFC 4072 [RFC4072] o RFC 5247 [RFC5247] o RFC 5295 [RFC5295] - o [RFC5296] + o RFC5296 [RFC5296] - FFS: - Do we really respect these security considerations with the - mechanism we describe here? Is it safe to use ERP-RK-Request & - Key AVPs? What is the worst case? For example if a domain tricks - the peer into beliving it is located in a different domain? + FFS: Do we really respect these security considerations with the + mechanism we describe here? Is it safe to use ERP-RK-Request & Key + AVPs? What is the worst case? For example if a domain tricks the + peer into beliving it is located in a different domain? EAP channel bindings may be necessary to ensure that the Diameter client and the server are in sync regarding the key Requesting Entity's Identity. Specifically, the Requesting Entity advertises its identity through the EAP lower layer, and the user or the EAP peer communicates that identity to the EAP server (and the EAP server communicates that identity to the Diameter server) via the EAP method for user/peer to server verification of the Requesting Entity's Identity. - QUESTION: - What does this paragraph actually mean? + QUESTION: What does this paragraph actually mean? 13. References 13.1. Normative References - [I-D.ietf-dime-local-keytran] Zorn, G., Wu, W., and V. Cakulev, - "Diameter Attribute-Value Pairs for - Cryptographic Key Transport", - draft-ietf-dime-local-keytran-08 (work - in progress), October 2010. + [I-D.ietf-dime-local-keytran] Wu, Q., Zorn, G., and V. Cakulev, + "Diameter support for local key + transport protocol between local + server and home AAA server", + draft-ietf-dime-local-keytran-09 (work + in progress), April 2011. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC3588] Calhoun, P., Loughney, J., Guttman, E., Zorn, G., and J. Arkko, "Diameter Base Protocol", RFC 3588, September 2003. @@ -709,42 +702,41 @@ Authors' Addresses Julien Bournelle Orange Labs 38-40 rue du general Leclerc Issy-Les-Moulineaux 92794 France EMail: julien.bournelle@orange-ftgroup.com + Lionel Morand Orange Labs 38-40 rue du general Leclerc Issy-Les-Moulineaux 92794 France EMail: lionel.morand@orange-ftgroup.com - Sebastien Decugis (editor) - NICT + Sebastien Decugis + Free Diameter 4-2-1 Nukui-Kitamachi - Tokyo 184-8795 - Koganei, Japan + Tokyo, Koganei 184-8795 + Japan - EMail: sdecugis@nict.go.jp + EMail: sdecugis@freediameter.net Qin Wu Huawei Technologies Co., Ltd Site B, Floor 12F, Huihong Mansion, No.91 Baixia Rd. Nanjing 210001 China EMail: sunseawq@huawei.com - - Glen Zorn (editor) + Glen Zorn Network Zen - 1463 East Republican Street - Seattle, Washington 98112 - USA + 227/358 Thanon Sanphawut + Bang Na, Bangkok 10260 + Thailand - Phone: +1 206 931 0768 EMail: gwz@net-zen.net