draft-ietf-dime-erp-10.txt   draft-ietf-dime-erp-11.txt 
Network Working Group J. Bournelle Network Working Group J. Bournelle
Internet-Draft L. Morand Internet-Draft L. Morand
Intended status: Standards Track Orange Labs Intended status: Standards Track Orange Labs
Expires: December 5, 2012 S. Decugis Expires: February 1, 2013 S. Decugis
INSIDE Secure INSIDE Secure
Q. Wu Q. Wu
Huawei Huawei
G. Zorn G. Zorn
Network Zen Network Zen
June 3, 2012 July 31, 2012
Diameter Support for the EAP Re-authentication Protocol (ERP) Diameter Support for the EAP Re-authentication Protocol (ERP)
draft-ietf-dime-erp-10.txt draft-ietf-dime-erp-11 .txt
Abstract Abstract
The EAP Re-authentication Protocol (ERP) defines extensions to the The EAP Re-authentication Protocol (ERP) defines extensions to the
Extensible Authentication Protocol (EAP) to support efficient re- Extensible Authentication Protocol (EAP) to support efficient re-
authentication between the peer and an EAP Re-authentication (ER) authentication between the peer and an EAP Re-authentication (ER)
server through a compatible authenticator. This document specifies server through a compatible authenticator. This document specifies
Diameter support for ERP. It defines a new Diameter ERP application Diameter support for ERP. It defines a new Diameter ERP application
to transport ERP messages between an ER authenticator and the ER to transport ERP messages between an ER authenticator and the ER
server, and a set of new AVPs that can be used to transport the server, and a set of new AVPs that can be used to transport the
skipping to change at page 1, line 43 skipping to change at page 1, line 43
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on December 5, 2012. This Internet-Draft will expire on February 1, 2013.
Copyright Notice Copyright Notice
Copyright (c) 2012 IETF Trust and the persons identified as the Copyright (c) 2012 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 8, line 27 skipping to change at page 8, line 27
EAP Application> [RFC4072] EAP Application> [RFC4072]
Extract the ERP-RK-Request AVP from the ERP/DER message, which Extract the ERP-RK-Request AVP from the ERP/DER message, which
contains the name of the domain where the ER server is located and contains the name of the domain where the ER server is located and
add it to the newly created ERP/DER message. add it to the newly created ERP/DER message.
Then the newly created EAP/DER is sent and routed to the home Then the newly created EAP/DER is sent and routed to the home
Diameter EAP application server. Diameter EAP application server.
If the home Diameter EAP server does not support ERP extensions, EAP If the home Diameter EAP server does not support ERP extensions, EAP
packets with an unknown ERP-specific code (EAP-Initiate) are not packets with an unknown ERP-specific code (EAP-Initiate) will not be
understood. In such a case, the home Diameter EAP server MUST send understood. In such a case, the home Diameter EAP server MUST send
an EAP/DEA with a Result-Code set to DIAMETER_ERROR_EAP_CODE_UNKNOWN. an EAP/DEA with a Result-Code indicating a Permanent Failure (for
The Failed-AVP AVP MUST be included and contain a copy of the EAP- example, DIAMETER_ERROR_EAP_CODE_UNKNOWN or
Payload AVP. Otherwise, it processes the DSRK request as described DIAMETER_UNABLE_TO_COMPLY). The Failed-AVP AVP MUST be included and
in [RFC5296]. In particular, it includes the Domain- Name TLV contain a copy of the EAP-Payload AVP. Otherwise, it processes the
attribute with the content from the ERP-Realm AVP. The server DSRK request as described in [RFC5296]. In particular, it includes
creates the EAP/DEA reply message [RFC4072] including an instance of the Domain- Name TLV attribute with the content from the ERP-Realm
the Key AVP (Section 8.3) with Key-Type AVP set to rRK and an AVP. The server creates the EAP/DEA reply message [RFC4072]
instance of the Domain-Name TLV attribute with the content from the including an instance of the Key AVP (Section 8.3) with Key-Type AVP
ERP-Realm AVP. set to rRK and an instance of the Domain-Name TLV attribute with the
content from the ERP-Realm AVP.
The ER server receives this EAP/DEA and proxies it as follows, in The ER server receives this EAP/DEA and proxies it as follows, in
addition to standard proxy operations: addition to standard proxy operations:
Set the Application Id back to Diameter ERP Application Id Set the Application Id back to Diameter ERP Application Id
(Section 12.1 ) (Section 12.1 )
Extract and cache the content of the Key AVP with Key-Type set to Extract and cache the content of the Key AVP with Key-Type set to
rRK, as described in the implicit scenario (Section 5.1). rRK, as described in the implicit scenario (Section 5.1).
skipping to change at page 13, line 43 skipping to change at page 13, line 43
10. Contributors 10. Contributors
Hannes Tschofenig wrote the initial draft of this document. Hannes Tschofenig wrote the initial draft of this document.
Lakshminath Dondeti contributed to the early versions of the Lakshminath Dondeti contributed to the early versions of the
document. document.
11. Acknowledgements 11. Acknowledgements
Hannes Tschofenig provided useful reviews. Hannes Tschofenig, Zhen Cao and Jouni Korhonen provided useful
reviews.
Vidya Narayanan reviewed a rough draft version of the document and Vidya Narayanan reviewed a rough draft version of the document and
found some errors. found some errors.
Many thanks to these people! Many thanks to these people!
12. IANA Considerations 12. IANA Considerations
This document requires IANA registration of the following new This document requires IANA registration of the following new
elements in the Authentication, Authorization, and Accounting (AAA) elements in the Authentication, Authorization, and Accounting (AAA)
skipping to change at page 14, line 34 skipping to change at page 14, line 34
ERP-Realm ERP-Realm
These AVPs are defined in Section 8. These AVPs are defined in Section 8.
12.3. New Permanent Failures Result-Code AVP Values 12.3. New Permanent Failures Result-Code AVP Values
This specification requires IANA to allocate a new value from the This specification requires IANA to allocate a new value from the
"Result-Code AVP Values (code 268) - Permanent Failure" registry "Result-Code AVP Values (code 268) - Permanent Failure" registry
according to the policy specified in Section 11.3.2 of Fajardo, et according to the policy specified in Section 11.3.2 of Fajardo, et
al. [I-D.ietf-dime-rfc3588bis] for the following Result-Code: al. [I-D.ietf-dime-rfc3588bis] for the following Result-Code:
DIAMETER_ERROR_EAP_CODE_UNKNOWN TBD DIAMETER_ERROR_EAP_CODE_UNKNOWN TBD
This result-code value is defined in Section 9. This result-code value is defined in Section 9.
13. Security Considerations 13. Security Considerations
The security considerations from the following documents apply here: The security considerations from the following documents apply here:
o Fajardo, et al. [I-D.ietf-dime-rfc3588bis] o Fajardo, et al. [I-D.ietf-dime-rfc3588bis]
o RFC 4072 [RFC4072] o RFC 4072 [RFC4072]
o RFC 5296 [RFC5296] o RFC 5296 [RFC5296]
o Zorn, Wu and Cakulev [I-D.ietf-dime-local-keytran] o Zorn, Wu and Cakulev [I-D.ietf-dime-local-keytran]
14. Normative References 14. Normative References
[I-D.ietf-dime-local-keytran] Zorn, G., Wu, W., and V. Cakulev, [I-D.ietf-dime-local-keytran] Zorn, G., Wu, W., and V. Cakulev,
"Diameter Attribute-Value Pairs for "Diameter Attribute-Value Pairs for
Cryptographic Key Transport", Cryptographic Key Transport",
draft-ietf-dime-local-keytran-14 (work draft-ietf-dime-local-keytran-14 (work
in progress), August 2011. in progress), August 2011.
[I-D.ietf-dime-rfc3588bis] Fajardo, V., Arkko, J., Loughney, J., [I-D.ietf-dime-rfc3588bis] Fajardo, V., Arkko, J., Loughney, J.,
and G. Zorn, "Diameter Base Protocol", and G. Zorn, "Diameter Base Protocol",
draft-ietf-dime-rfc3588bis-33 (work in draft-ietf-dime-rfc3588bis-34 (work in
progress), May 2012. progress), June 2012.
[RFC2119] Bradner, S., "Key words for use in [RFC2119] Bradner, S., "Key words for use in
RFCs to Indicate Requirement Levels", RFCs to Indicate Requirement Levels",
BCP 14, RFC 2119, March 1997. BCP 14, RFC 2119, March 1997.
[RFC3588] Calhoun, P., Loughney, J., Guttman, [RFC3588] Calhoun, P., Loughney, J., Guttman,
E., Zorn, G., and J. Arkko, "Diameter E., Zorn, G., and J. Arkko, "Diameter
Base Protocol", RFC 3588, Base Protocol", RFC 3588,
September 2003. September 2003.
 End of changes. 10 change blocks. 
19 lines changed or deleted 21 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/