--- 1/draft-ietf-hip-rfc5202-bis-04.txt 2013-11-19 00:14:29.893575849 -0800 +++ 2/draft-ietf-hip-rfc5202-bis-05.txt 2013-11-19 00:14:29.969577836 -0800 @@ -1,24 +1,24 @@ Network Working Group P. Jokela Internet-Draft Ericsson Research NomadicLab Obsoletes: 5202 (if approved) R. Moskowitz Intended status: Standards Track ICSAlabs, An Independent -Expires: March 8, 2014 Division of Verizon Business +Expires: May 22, 2014 Division of Verizon Business Systems J. Melen Ericsson Research NomadicLab - September 4, 2013 + November 18, 2013 Using the Encapsulating Security Payload (ESP) Transport Format with the Host Identity Protocol (HIP) - draft-ietf-hip-rfc5202-bis-04 + draft-ietf-hip-rfc5202-bis-05 Abstract This memo specifies an Encapsulated Security Payload (ESP) based mechanism for transmission of user data packets, to be used with the Host Identity Protocol (HIP). This document obsoletes RFC 5202. Status of This Memo This Internet-Draft is submitted in full conformance with the @@ -27,21 +27,21 @@ Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." - This Internet-Draft will expire on March 8, 2014. + This Internet-Draft will expire on May 22, 2014. Copyright Notice Copyright (c) 2013 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents @@ -80,50 +80,50 @@ 5.1.1. ESP_INFO . . . . . . . . . . . . . . . . . . . . . . . 13 5.1.2. ESP_TRANSFORM . . . . . . . . . . . . . . . . . . . . 15 5.1.3. NOTIFICATION Parameter . . . . . . . . . . . . . . . . 16 5.2. HIP ESP Security Association Setup . . . . . . . . . . . . 16 5.2.1. Setup During Base Exchange . . . . . . . . . . . . . . 16 5.3. HIP ESP Rekeying . . . . . . . . . . . . . . . . . . . . . 18 5.3.1. Initializing Rekeying . . . . . . . . . . . . . . . . 18 5.3.2. Responding to the Rekeying Initialization . . . . . . 19 5.4. ICMP Messages . . . . . . . . . . . . . . . . . . . . . . 19 5.4.1. Unknown SPI . . . . . . . . . . . . . . . . . . . . . 19 - 6. Packet Processing . . . . . . . . . . . . . . . . . . . . . . 19 + 6. Packet Processing . . . . . . . . . . . . . . . . . . . . . . 20 6.1. Processing Outgoing Application Data . . . . . . . . . . . 20 6.2. Processing Incoming Application Data . . . . . . . . . . . 20 6.3. HMAC and SIGNATURE Calculation and Verification . . . . . 21 6.4. Processing Incoming ESP SA Initialization (R1) . . . . . . 21 - 6.5. Processing Incoming Initialization Reply (I2) . . . . . . 21 + 6.5. Processing Incoming Initialization Reply (I2) . . . . . . 22 6.6. Processing Incoming ESP SA Setup Finalization (R2) . . . . 22 6.7. Dropping HIP Associations . . . . . . . . . . . . . . . . 22 6.8. Initiating ESP SA Rekeying . . . . . . . . . . . . . . . . 22 6.9. Processing Incoming UPDATE Packets . . . . . . . . . . . . 24 6.9.1. Processing UPDATE Packet: No Outstanding Rekeying Request . . . . . . . . . . . . . . . . . . . . . . . 24 6.10. Finalizing Rekeying . . . . . . . . . . . . . . . . . . . 25 6.11. Processing NOTIFY Packets . . . . . . . . . . . . . . . . 26 7. Keying Material . . . . . . . . . . . . . . . . . . . . . . . 26 8. Security Considerations . . . . . . . . . . . . . . . . . . . 26 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 27 10. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 27 11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 28 11.1. Normative references . . . . . . . . . . . . . . . . . . . 28 - 11.2. Informative references . . . . . . . . . . . . . . . . . . 28 - Appendix A. A Note on Implementation Options . . . . . . . . . . 29 + 11.2. Informative references . . . . . . . . . . . . . . . . . . 29 + Appendix A. A Note on Implementation Options . . . . . . . . . . 30 Appendix B. Bound End-to-End Tunnel mode for ESP . . . . . . . . 30 - B.1. Protocol definition . . . . . . . . . . . . . . . . . . . 30 - B.1.1. Changes to Security Association data structures . . . 30 + B.1. Protocol definition . . . . . . . . . . . . . . . . . . . 31 + B.1.1. Changes to Security Association data structures . . . 31 B.1.2. Packet format . . . . . . . . . . . . . . . . . . . . 31 B.1.3. Cryptographic processing . . . . . . . . . . . . . . . 33 B.1.4. IP header processing . . . . . . . . . . . . . . . . . 33 - B.1.5. Handling of outgoing packets . . . . . . . . . . . . . 33 - B.1.6. Handling of incoming packets . . . . . . . . . . . . . 34 + B.1.5. Handling of outgoing packets . . . . . . . . . . . . . 34 + B.1.6. Handling of incoming packets . . . . . . . . . . . . . 35 B.1.7. IPv4 options handling . . . . . . . . . . . . . . . . 35 1. Introduction In the Host Identity Protocol Architecture [I-D.ietf-hip-rfc4423-bis], hosts are identified with public keys. The Host Identity Protocol [I-D.ietf-hip-rfc5201-bis] base exchange allows any two HIP-supporting hosts to authenticate each other and to create a HIP association between themselves. During the base exchange, the hosts generate a piece of shared keying material using @@ -675,23 +675,26 @@ DEPRECATED 4 DEPRECATED 5 DEPRECATED 6 NULL-ENCRYPT with HMAC-SHA-256 7 [RFC2410], [RFC4868] AES-128-CBC with HMAC-SHA-256 8 [RFC3602], [RFC4868] AES-256-CBC with HMAC-SHA-256 9 [RFC3602], [RFC4868] AES-CCM-8 10 [RFC4309] AES-CCM-16 11 [RFC4309] AES-GCM with a 8 octet ICV 12 [RFC4106] AES-GCM with a 16 octet ICV 13 [RFC4106] + AES-CMAC-96 14 [RFC4493], [RFC4494] + AES-GMAC 15 [RFC4543] The sender of an ESP transform parameter MUST make sure that there are no more than six (6) Suite IDs in one ESP transform parameter. + Conversely, a recipient MUST be prepared to handle received transform parameters that contain more than six Suite IDs. The limited number of Suite IDs sets the maximum size of the ESP_TRANSFORM parameter. As the default configuration, the ESP_TRANSFORM parameter MUST contain at least one of the mandatory Suite IDs. There MAY be a configuration option that allows the administrator to override this default. Mandatory implementations: AES-128-CBC with HMAC-SHA-256 and NULL with HMAC-SHA-256. @@ -1262,22 +1266,22 @@ also valid for this document. Many people have given valuable feedback, and our apologies to anyone whose name is missing. 11. References 11.1. Normative references [I-D.ietf-hip-rfc5201-bis] Moskowitz, R., Heer, T., Jokela, P., and T. Henderson, "Host Identity Protocol Version 2 (HIPv2)", - draft-ietf-hip-rfc5201-bis-12 (work in - progress), June 2013. + draft-ietf-hip-rfc5201-bis-14 (work in + progress), October 2013. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC2404] Madson, C. and R. Glenn, "The Use of HMAC-SHA-1-96 within ESP and AH", RFC 2404, November 1998. [RFC2410] Glenn, R. and S. Kent, "The NULL @@ -1294,30 +1298,42 @@ RFC 4106, June 2005. [RFC4303] Kent, S., "IP Encapsulating Security Payload (ESP)", RFC 4303, December 2005. [RFC4309] Housley, R., "Using Advanced Encryption Standard (AES) CCM Mode with IPsec Encapsulating Security Payload (ESP)", RFC 4309, December 2005. + [RFC4493] Song, JH., Poovendran, R., Lee, J., and + T. Iwata, "The AES-CMAC Algorithm", + RFC 4493, June 2006. + + [RFC4494] Song, JH., Poovendran, R., and J. Lee, + "The AES-CMAC-96 Algorithm and Its Use + with IPsec", RFC 4494, June 2006. + + [RFC4543] McGrew, D. and J. Viega, "The Use of + Galois Message Authentication Code (GMAC) + in IPsec ESP and AH", RFC 4543, May 2006. + [RFC4868] Kelly, S. and S. Frankel, "Using HMAC- SHA-256, HMAC-SHA-384, and HMAC-SHA-512 with IPsec", RFC 4868, May 2007. 11.2. Informative references - [I-D.ietf-hip-rfc4423-bis] Moskowitz, R., "Host Identity Protocol - Architecture", - draft-ietf-hip-rfc4423-bis-05 (work in - progress), September 2012. + [I-D.ietf-hip-rfc4423-bis] Moskowitz, R. and M. Komu, "Host Identity + Protocol Architecture", + draft-ietf-hip-rfc4423-bis-06 (work in + progress), November 2013. [RFC0791] Postel, J., "Internet Protocol", STD 5, RFC 791, September 1981. [RFC4301] Kent, S. and K. Seo, "Security Architecture for the Internet Protocol", RFC 4301, December 2005. [RFC5206] Henderson, T., Ed., "End-Host Mobility and Multihoming with the Host Identity