draft-ietf-pana-pana-05.txt   draft-ietf-pana-pana-06.txt 
PANA Working Group D. Forsberg PANA Working Group D. Forsberg
Internet-Draft Nokia Internet-Draft Nokia
Expires: January 15, 2005 Y. Ohba (Ed.) Expires: April 20, 2005 Y. Ohba (Ed.)
Toshiba Toshiba
B. Patil B. Patil
Nokia Nokia
H. Tschofenig H. Tschofenig
Siemens Siemens
A. Yegin A. Yegin
Samsung Samsung
July 17, 2004 October 20, 2004
Protocol for Carrying Authentication for Network Access (PANA) Protocol for Carrying Authentication for Network Access (PANA)
draft-ietf-pana-pana-05 draft-ietf-pana-pana-06
Status of this Memo Status of this Memo
By submitting this Internet-Draft, I certify that any applicable By submitting this Internet-Draft, I certify that any applicable
patent or other IPR claims of which I am aware have been disclosed, patent or other IPR claims of which I am aware have been disclosed,
and any of which I become aware will be disclosed, in accordance with and any of which I become aware will be disclosed, in accordance with
RFC 3668. RFC 3668.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
skipping to change at page 1, line 41 skipping to change at page 1, line 41
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on January 15, 2005. This Internet-Draft will expire on April 20, 2005.
Copyright Notice Copyright Notice
Copyright (C) The Internet Society (2004). All Rights Reserved. Copyright (C) The Internet Society (2004). All Rights Reserved.
Abstract Abstract
This document defines the Protocol for Carrying Authentication for Extensible Authentication Protocol (EAP) defines a number of
Network Access (PANA), a link-layer agnostic transport for Extensible authentication schemes. Network access authentication requires a
Authentication Protocol (EAP) to enable network access authentication host to authenticate itself before being authorized for sending and
between clients and access networks. PANA can carry any receiving packets. The Protocol for Carrying Authentication for
authentication method that can be specified as an EAP method, and can Network Access (PANA) is defined in this document. PANA is a
be used on any link that can carry IP. PANA covers the link-layer agnostic carrier for EAP. PANA specifies the
client-to-network access authentication part of an overall secure client-to-network access authentication within the scope of an
network access framework, which additionally includes other protocols overall secure network access framework.
and mechanisms for service provisioning, access control as a result
of initial authentication, and accounting.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 5 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 5
1.1 Specification of Requirements . . . . . . . . . . . . . . 5 1.1 Specification of Requirements . . . . . . . . . . . . . . 5
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . 6 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . 6
3. Protocol Overview . . . . . . . . . . . . . . . . . . . . . 8 3. Protocol Overview . . . . . . . . . . . . . . . . . . . . . 8
3.1 Illustration of a Complete Message Sequence . . . . . . . 9 4. Protocol Details . . . . . . . . . . . . . . . . . . . . . . 10
4. Protocol Details . . . . . . . . . . . . . . . . . . . . . . 11 4.1 Discovery and Handshake Phase . . . . . . . . . . . . . . 10
4.1 Common Processing Rules . . . . . . . . . . . . . . . . . 11 4.2 Authentication Phase . . . . . . . . . . . . . . . . . . . 13
4.1.1 Payload Encoding . . . . . . . . . . . . . . . . . . . 11 4.3 Authorization Phase . . . . . . . . . . . . . . . . . . . 15
4.1.2 Transport Layer Protocol . . . . . . . . . . . . . . . 12 4.4 Re-authentication Phase . . . . . . . . . . . . . . . . . 15
4.1.3 Fragmentation . . . . . . . . . . . . . . . . . . . . 12 4.5 Termination Phase . . . . . . . . . . . . . . . . . . . . 17
4.1.4 Sequence Number and Retransmission . . . . . . . . . . 12 5. Protocol Design Details and Processing Rules . . . . . . . . 19
4.1.5 PANA Security Association . . . . . . . . . . . . . . 13 5.1 Payload Encoding . . . . . . . . . . . . . . . . . . . . . 19
4.1.6 Message Authentication Code . . . . . . . . . . . . . 15 5.2 Transport Layer . . . . . . . . . . . . . . . . . . . . . 20
4.1.7 Message Validity Check . . . . . . . . . . . . . . . . 15 5.2.1 Fragmentation . . . . . . . . . . . . . . . . . . . . 20
4.1.8 Error Handling . . . . . . . . . . . . . . . . . . . . 17 5.3 Sequence Number and Retransmission . . . . . . . . . . . . 20
4.2 Discovery and Initial Handshake Phase . . . . . . . . . . 17 5.4 Message Authentication Code . . . . . . . . . . . . . . . 21
4.2.1 Discovery and Initial Handshake with NAP-ISP 5.5 Message Validity Check . . . . . . . . . . . . . . . . . . 21
Authentication Separation . . . . . . . . . . . . . . 20 5.6 PANA Security Association . . . . . . . . . . . . . . . . 23
4.3 Authentication Phase . . . . . . . . . . . . . . . . . . . 21 5.7 Error Handling . . . . . . . . . . . . . . . . . . . . . . 25
4.4 Re-authentication . . . . . . . . . . . . . . . . . . . . 24 5.8 Device ID Choice . . . . . . . . . . . . . . . . . . . . . 25
4.5 Termination Phase . . . . . . . . . . . . . . . . . . . . 26 5.9 Updating PaC' Address . . . . . . . . . . . . . . . . . . 26
4.6 Example Sequence for NAP and ISP Separate 5.10 Session Lifetime . . . . . . . . . . . . . . . . . . . . 26
Authentications . . . . . . . . . . . . . . . . . . . . . 26 5.11 Network Selection . . . . . . . . . . . . . . . . . . . 27
4.7 Responding to Duplicate Requests . . . . . . . . . . . . . 28 5.12 Separate NAP and ISP Authentication . . . . . . . . . . 27
4.8 Device ID Choice . . . . . . . . . . . . . . . . . . . . . 29 5.12.1 Negotiating Separate NAP and ISP Authentication . . 28
4.9 Updating PaC' Address . . . . . . . . . . . . . . . . . . 29 5.12.2 Execution of Separate NAP and ISP Authentication . . 28
4.10 Session Lifetime . . . . . . . . . . . . . . . . . . . . 30 5.12.3 AAA-Key Calculation . . . . . . . . . . . . . . . . 29
4.11 Retransmission of Duplicate Answers . . . . . . . . . . 31 5.12.4 Re-authentication . . . . . . . . . . . . . . . . . 30
4.12 Mobility Handling . . . . . . . . . . . . . . . . . . . 31 5.12.5 Example Sequence . . . . . . . . . . . . . . . . . . 30
4.13 Support for Separate EP . . . . . . . . . . . . . . . . 33 6. Security and Mobility . . . . . . . . . . . . . . . . . . . 32
5. PANA Security Association Establishment . . . . . . . . . . 34 6.1 PANA Security Association Establishment . . . . . . . . . 32
6. Message Formats . . . . . . . . . . . . . . . . . . . . . . 35 6.2 Mobility . . . . . . . . . . . . . . . . . . . . . . . . . 32
6.1 IP and UDP Headers . . . . . . . . . . . . . . . . . . . . 35 7. PANA Headers and Formats . . . . . . . . . . . . . . . . . . 35
6.2 PANA Header . . . . . . . . . . . . . . . . . . . . . . . 35 7.1 IP and UDP Headers . . . . . . . . . . . . . . . . . . . . 35
6.3 AVP Header . . . . . . . . . . . . . . . . . . . . . . . . 37 7.2 PANA Header . . . . . . . . . . . . . . . . . . . . . . . 35
6.4 PANA Messages . . . . . . . . . . . . . . . . . . . . . . 39 7.3 AVP Header . . . . . . . . . . . . . . . . . . . . . . . . 37
6.4.1 Message Specifications . . . . . . . . . . . . . . . . 39 8. PANA Messages, Message Specifications and AVPs . . . . . . . 40
6.4.2 PANA-PAA-Discover (PDI) . . . . . . . . . . . . . . . 40 8.1 PANA Messages . . . . . . . . . . . . . . . . . . . . . . 40
6.4.3 PANA-Start-Request (PSR) . . . . . . . . . . . . . . . 40 8.2 Message Specifications . . . . . . . . . . . . . . . . . . 40
6.4.4 PANA-Start-Answer (PSA) . . . . . . . . . . . . . . . 40 8.2.1 PANA-PAA-Discover (PDI) . . . . . . . . . . . . . . . 41
6.4.5 PANA-Auth-Request (PAR) . . . . . . . . . . . . . . . 41 8.2.2 PANA-Start-Request (PSR) . . . . . . . . . . . . . . . 41
6.4.6 PANA-Auth-Answer (PAN) . . . . . . . . . . . . . . . . 41 8.2.3 PANA-Start-Answer (PSA) . . . . . . . . . . . . . . . 41
6.4.7 PANA-Bind-Request (PBR) . . . . . . . . . . . . . . . 41 8.2.4 PANA-Auth-Request (PAR) . . . . . . . . . . . . . . . 41
6.4.8 PANA-Bind-Answer (PBA) . . . . . . . . . . . . . . . . 42 8.2.5 PANA-Auth-Answer (PAN) . . . . . . . . . . . . . . . . 42
6.4.9 PANA-Reauth-Request (PRAR) . . . . . . . . . . . . . . 42 8.2.6 PANA-Reauth-Request (PRAR) . . . . . . . . . . . . . . 42
6.4.10 PANA-Reauth-Answer (PRAA) . . . . . . . . . . . . . 42 8.2.7 PANA-Reauth-Answer (PRAA) . . . . . . . . . . . . . . 42
6.4.11 PANA-Termination-Request (PTR) . . . . . . . . . . . 42 8.2.8 PANA-Bind-Request (PBR) . . . . . . . . . . . . . . . 42
6.4.12 PANA-Termination-Answer (PTA) . . . . . . . . . . . 43 8.2.9 PANA-Bind-Answer (PBA) . . . . . . . . . . . . . . . . 43
6.4.13 PANA-Error (PER) . . . . . . . . . . . . . . . . . . 43 8.2.10 PANA-Ping-Request (PPR) . . . . . . . . . . . . . . 43
6.4.14 PANA-FirstAuth-End-Request (PFER) . . . . . . . . . 43 8.2.11 PANA-Ping-Answer (PPA) . . . . . . . . . . . . . . . 43
6.4.15 PANA-FirstAuth-End-Answer (PFEA) . . . . . . . . . . 43 8.2.12 PANA-Termination-Request (PTR) . . . . . . . . . . . 43
6.4.16 PANA-Update-Request (PUR) . . . . . . . . . . . . . 44 8.2.13 PANA-Termination-Answer (PTA) . . . . . . . . . . . 44
6.4.17 PANA-Update-Answer (PUA) . . . . . . . . . . . . . . 44 8.2.14 PANA-Error-Request (PER) . . . . . . . . . . . . . . 44
6.5 AVPs in PANA . . . . . . . . . . . . . . . . . . . . . . . 44 8.2.15 PANA-Error-Answer (PEA) . . . . . . . . . . . . . . 44
6.5.1 MAC AVP . . . . . . . . . . . . . . . . . . . . . . . 44 8.2.16 PANA-FirstAuth-End-Request (PFER) . . . . . . . . . 44
6.5.2 Device-Id AVP . . . . . . . . . . . . . . . . . . . . 45 8.2.17 PANA-FirstAuth-End-Answer (PFEA) . . . . . . . . . . 45
6.5.3 Session-Id AVP . . . . . . . . . . . . . . . . . . . . 45 8.2.18 PANA-Update-Request (PUR) . . . . . . . . . . . . . 45
6.5.4 Cookie AVP . . . . . . . . . . . . . . . . . . . . . . 45 8.2.19 PANA-Update-Answer (PUA) . . . . . . . . . . . . . . 45
6.5.5 Protection-Capability AVP . . . . . . . . . . . . . . 45 8.3 AVPs in PANA . . . . . . . . . . . . . . . . . . . . . . . 45
6.5.6 Termination-Cause AVP . . . . . . . . . . . . . . . . 45 8.3.1 MAC AVP . . . . . . . . . . . . . . . . . . . . . . . 48
6.5.7 Result-Code AVP . . . . . . . . . . . . . . . . . . . 46 8.3.2 Device-Id AVP . . . . . . . . . . . . . . . . . . . . 49
6.5.8 EAP-Payload AVP . . . . . . . . . . . . . . . . . . . 50 8.3.3 Session-Id AVP . . . . . . . . . . . . . . . . . . . . 49
6.5.9 Session-Lifetime AVP . . . . . . . . . . . . . . . . . 50 8.3.4 Cookie AVP . . . . . . . . . . . . . . . . . . . . . . 49
6.5.10 Failed-AVP AVP . . . . . . . . . . . . . . . . . . . 50 8.3.5 Protection-Capability AVP . . . . . . . . . . . . . . 49
6.5.11 NAP-Information AVP . . . . . . . . . . . . . . . . 50 8.3.6 Termination-Cause AVP . . . . . . . . . . . . . . . . 49
6.5.12 ISP-Information AVP . . . . . . . . . . . . . . . . 50 8.3.7 Result-Code AVP . . . . . . . . . . . . . . . . . . . 50
6.5.13 Provider-Identifier AVP . . . . . . . . . . . . . . 50 8.3.8 EAP-Payload AVP . . . . . . . . . . . . . . . . . . . 54
6.5.14 Provider-Name AVP . . . . . . . . . . . . . . . . . 51 8.3.9 Session-Lifetime AVP . . . . . . . . . . . . . . . . . 54
6.5.15 EP-Device-Id AVP . . . . . . . . . . . . . . . . . . 51 8.3.10 Failed-AVP AVP . . . . . . . . . . . . . . . . . . . 54
6.5.16 Key-Id AVP . . . . . . . . . . . . . . . . . . . . . 51 8.3.11 NAP-Information AVP . . . . . . . . . . . . . . . . 54
6.5.17 Post-PANA-Address-Configuration (PPAC) AVP . . . . . 51 8.3.12 ISP-Information AVP . . . . . . . . . . . . . . . . 54
6.5.18 Nonce AVP . . . . . . . . . . . . . . . . . . . . . 52 8.3.13 Provider-Identifier AVP . . . . . . . . . . . . . . 54
6.5.19 IP-Address AVP . . . . . . . . . . . . . . . . . . . 52 8.3.14 Provider-Name AVP . . . . . . . . . . . . . . . . . 55
6.6 AVP Occurrence Table . . . . . . . . . . . . . . . . . . . 52 8.3.15 Key-Id AVP . . . . . . . . . . . . . . . . . . . . . 55
7. PANA Protocol Message Retransmissions . . . . . . . . . . . 56 8.3.16 Post-PANA-Address-Configuration (PPAC) AVP . . . . . 55
7.1 Transmission and Retransmission Parameters . . . . . . . . 58 8.3.17 Nonce AVP . . . . . . . . . . . . . . . . . . . . . 56
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . 59 8.3.18 IP-Address AVP . . . . . . . . . . . . . . . . . . . 56
8.1 PANA UDP Port Number . . . . . . . . . . . . . . . . . . . 59 9. PANA Protocol Message Retransmissions . . . . . . . . . . . 57
8.2 PANA Multicast Address . . . . . . . . . . . . . . . . . . 59 9.1 Transmission and Retransmission Parameters . . . . . . . . 58
8.3 PANA Header . . . . . . . . . . . . . . . . . . . . . . . 59 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . 60
8.3.1 Message Type . . . . . . . . . . . . . . . . . . . . . 59 10.1 PANA UDP Port Number . . . . . . . . . . . . . . . . . . 60
8.3.2 Flags . . . . . . . . . . . . . . . . . . . . . . . . 60 10.2 PANA Multicast Address . . . . . . . . . . . . . . . . . 60
8.4 AVP Header . . . . . . . . . . . . . . . . . . . . . . . . 60 10.3 PANA Header . . . . . . . . . . . . . . . . . . . . . . 60
8.4.1 AVP Code . . . . . . . . . . . . . . . . . . . . . . . 60 10.3.1 Message Type . . . . . . . . . . . . . . . . . . . . 60
8.4.2 Flags . . . . . . . . . . . . . . . . . . . . . . . . 61 10.3.2 Flags . . . . . . . . . . . . . . . . . . . . . . . 61
8.5 AVP Values . . . . . . . . . . . . . . . . . . . . . . . . 61 10.4 AVP Header . . . . . . . . . . . . . . . . . . . . . . . 61
8.5.1 Algorithm Values of MAC AVP . . . . . . . . . . . . . 61 10.4.1 AVP Code . . . . . . . . . . . . . . . . . . . . . . 61
8.5.2 Protection-Capability AVP Values . . . . . . . . . . . 61 10.4.2 Flags . . . . . . . . . . . . . . . . . . . . . . . 62
8.5.3 Termination-Cause AVP Values . . . . . . . . . . . . . 61 10.5 AVP Values . . . . . . . . . . . . . . . . . . . . . . . 62
8.5.4 Result-Code AVP Values . . . . . . . . . . . . . . . . 61 10.5.1 Algorithm Values of MAC AVP . . . . . . . . . . . . 62
8.5.5 Post-PANA-Address-Configuration AVP Values . . . . . . 62 10.5.2 Protection-Capability AVP Values . . . . . . . . . . 62
9. Security Considerations . . . . . . . . . . . . . . . . . . 63 10.5.3 Termination-Cause AVP Values . . . . . . . . . . . . 62
10. Open Issues and Change History . . . . . . . . . . . . . . . 69 10.5.4 Result-Code AVP Values . . . . . . . . . . . . . . . 62
11. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . 70 10.5.5 Post-PANA-Address-Configuration AVP Values . . . . . 63
12. References . . . . . . . . . . . . . . . . . . . . . . . . . 71 11. Security Considerations . . . . . . . . . . . . . . . . . . 64
12.1 Normative References . . . . . . . . . . . . . . . . . . . 71 11.1 General Security Measures . . . . . . . . . . . . . . . 64
12.2 Informative References . . . . . . . . . . . . . . . . . . 72 11.2 Discovery . . . . . . . . . . . . . . . . . . . . . . . 65
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . 75 11.3 EAP Methods . . . . . . . . . . . . . . . . . . . . . . 66
Intellectual Property and Copyright Statements . . . . . . . 77 11.4 Separate NAP and ISP Authentication . . . . . . . . . . 66
11.5 Cryptographic Keys . . . . . . . . . . . . . . . . . . . 66
11.6 Per-packet Ciphering . . . . . . . . . . . . . . . . . . 67
11.7 PAA-to-EP Communication . . . . . . . . . . . . . . . . 67
11.8 Livenes Test . . . . . . . . . . . . . . . . . . . . . . 68
11.9 Mobility Optimization . . . . . . . . . . . . . . . . . 68
11.10 Updating PaC's IP Address . . . . . . . . . . . . . . . 68
11.11 Early Termination of a Session . . . . . . . . . . . . . 69
12. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . 70
13. References . . . . . . . . . . . . . . . . . . . . . . . . . 71
13.1 Normative References . . . . . . . . . . . . . . . . . . . 71
13.2 Informative References . . . . . . . . . . . . . . . . . . 72
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . 73
Intellectual Property and Copyright Statements . . . . . . . 75
1. Introduction 1. Introduction
Providing secure network access service requires access control based Network access authentication has traditionally been a layer 2
on the authentication and authorization of the clients and the access function. This document specifies a protocol that enables EAP to be
networks. Initial and subsequent client-to-network authentication transported above the IP layer. As a result, network access
provides parameters that are needed to police the traffic flow authentication can be made a function of the network layer thereby
through the enforcement points. A protocol is needed to carry achieving link-layer independence for the process of authenticating a
authentication methods between the client and the access network. client seeking access to a network. At the present time, there are
no standardized solutions for authenticating a host for network
Currently there is no standard network-layer solution for access at the network layer. The problem statement for which the
authenticating clients for network access. Appendix A of PANA protocol is a solution can be found in Appendix A of
[I-D.ietf-pana-requirements] describes the problem statement that led [I-D.ietf-pana-requirements].
to the development of PANA.
Scope of this work is identified as designing a link-layer agnostic PANA relies on EAP for the actual authentication of a client. It
transport for network access authentication methods. The Extensible does not define any new authentication protocols or schemes. It
Authentication Protocol (EAP) [RFC3748] provides such authentication enables EAP messages to be carried between the client and the
methods. In other words, PANA will carry EAP which can carry various network. The actual choice of a specific EAP method to be run over
authentication methods. By the virtue of enabling transport of EAP PANA is dependent on the underlying access network technology. The
above IP, any authentication method that can be carried as an EAP key factor in the choice of the EAP method is the determination of
method is made available to PANA and hence to any link-layer whether the lower layer (link/physical) provides security for the
technology. There is a clear division of labor between PANA, EAP and PANA messages.
EAP methods.
Various environments and usage models for PANA are identified in A secure network access authentication framework goes beyond just
Appendix A of [I-D.ietf-pana-requirements]. Potential security authenticating the client to the network. Other aspects such as
threats for network-layer access authentication protocol are address configuration, data traffic security, access control filters
discussed in [I-D.ietf-pana-threats-eval]. These have been essential and separation of the enforcement point from the protocol end-point
in defining the requirements [I-D.ietf-pana-requirements] on the PANA are documented in [I-D.ietf-pana-framework] and [I-D.ietf-pana-snmp].
protocol. Note that some of these requirements are imposed by the
chosen payload, EAP [RFC3748].
There are components that are part of a complete secure network This document specifies the client-network interaction and the
solution but are outside of the PANA protocol specification, messages defined for this purpose.
including IP address configuration, authentication method choice,
filter rule installation, data traffic protection and PAA-EP
protocol. These components are described in separate documents (see
[I-D.ietf-pana-framework] and [I-D.ietf-pana-snmp]).
1.1 Specification of Requirements 1.1 Specification of Requirements
In this document, several words are used to signify the requirements In this document, several words are used to signify the requirements
of the specification. These words are often capitalized. The key of the specification. These words are often capitalized. The key
words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD",
"SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document
are to be interpreted as described in [RFC2119]. are to be interpreted as described in [RFC2119].
2. Terminology 2. Terminology
This section describes some terms introduced in this document: PANA Client (PaC):
The client side of the protocol that resides in the host device.
It is responsible for providing the credentials in order to prove
its identity for network access authorization.
PANA Authentication Agent (PAA):
The protocol entity in the access network whose responsibility is
to verify the credentials provided by a PANA client (PaC) and
authorize network access to the device associated with the client
and identified by a Device Identifier (DI). Note the
authentication and authorization procedure can, according to the
EAP model, be also offloaded to the backend AAA infrastructure.
PANA Session: PANA Session:
A PANA session begins with the initial handshake between the PANA A PANA session begins with the handshake between the PANA Client
Client (PaC) and the PANA Authentication Agent (PAA), and (PaC) and the PANA Authentication Agent (PAA), and terminates as a
terminates by an authentication failure, a timeout, or an explicit result of an authentication failure, a timeout, or an explicit
termination message. A fixed session identifier is maintained termination message. A fixed session identifier is maintained
throughout a session. A session cannot be shared across multiple throughout a session. A session cannot be shared across multiple
physical network interfaces. A distinct PANA session is network interfaces.
associated with the device identifiers of PaC and PAA.
Session Identifier: Session Identifier:
This identifier is used to uniquely identify a PANA session on the This identifier is used to uniquely identify a PANA session on the
PAA and PaC. It includes an identifier of the PAA, therefore it PAA and PaC. It includes an identifier of the PAA, therefore it
cannot be shared across multiple PAAs. It is included in PANA cannot be shared across multiple PAAs. It is included in PANA
messages to bind the message to a specific PANA session. This messages to bind the message to a specific PANA session. This
bidirectional identifier is allocated by the PAA following the bidirectional identifier is allocated by the PAA following the
initial handshake and freed when the session terminates. handshake and freed when the session terminates.
PANA Security Association: PANA Security Association (PANA SA):
A PANA security association is a relationship between the PaC and A PANA security association is a relationship between the PaC and
PAA, formed by the sharing of cryptographic keying material and PAA, formed by the sharing of cryptographic keying material and
associated context. Security associations are duplex. That is, associated context. Security associations are duplex. That is,
one security association is needed to protect the bidirectional one security association is needed to protect the bidirectional
traffic between the PaC and the PAA. traffic between the PaC and the PAA.
PANA Client (PaC):
The client side of the protocol that resides in the host device
which is responsible for providing the credentials to prove its
identity for network access authorization.
Device Identifier (DI): Device Identifier (DI):
The identifier used by the network as a handle to control and The identifier used by the network as a handle to control and
police the network access of a client. Depending on the access police the network access of a client. Depending on the access
technology, this identifier might contain any of IP address, technology, this identifier may contain an address that is carried
link-layer address, switch port number, etc. of a connected in protocol headers (e.g., IP or link-layer address), or a locally
significant identifier that is made available by the local
protocol stack (e.g., circuit id, PPP interface id) of a connected
device. device.
PANA Authentication Agent (PAA):
The protocol entity in the access network side whose
responsibility is to verify the credentials provided by a PANA
client and grant network access service to the device associated
with the client and identified by a DI. Note the authentication
and authorization procedure can, according to the EAP model, be
also offloaded to the backend AAA infrastructure.
Enforcement Point (EP): Enforcement Point (EP):
A node on the access network where per-packet enforcement policies A node on the access network where per-packet enforcement policies
(i.e., filters) are applied on the inbound and outbound traffic of (i.e., filters) are applied on the inbound and outbound traffic of
client devices. Information such as the DI and (optionally) client devices. Information such as the DI and (optionally)
cryptographic keys are provided by the PAA per client for cryptographic keys are provided by the PAA per client for
constructing filters on the EP. generating filters on the EP.
Network Access Provider (NAP): Network Access Provider (NAP):
A service provider that provides physical and link-layer A service provider that provides physical and link-layer
connectivity to an access network it manages. connectivity to an access network it manages.
AAA-Key: AAA-Key:
A key derived by the EAP peer and EAP server and transported to A key derived by the EAP peer and EAP server and transported to
the authenticator [I-D.ietf-eap-keying]. the authenticator [I-D.ietf-eap-keying].
3. Protocol Overview 3. Protocol Overview
The PANA protocol involves two functional entities namely the PaC and The PANA protocol is run between a client (PaC) and a server (PAA) in
the PAA. The protocol resides above the transport layer and the order to perform authentication and authorization for the network
details are explained in Section 4. access service.
The placement of the entities used in PANA largely depends on a The protocol messaging consists of a series of request and responses,
selected architecture. The PAA may optionally interact with a AAA some of which may be initiated by either ends. Each message can
backend to authenticate the user (PaC). The EP, mentioned in the carry zero or more AVPs as payload. The main payload of PANA is EAP
context with PANA, is a logical entity. In case that the PAA and the which performs authentication. PANA helps PaC and PAA establish an
EP are co-located only an API is required for intercommunication EAP session.
instead of a separate protocol. In the case where the PAA is
separated from the EP, a separate protocol will be used between the
PAA and the EP for managing access control. A description of this
protocol is outside the scope of this draft and is covered in
[I-D.ietf-pana-snmp].
Figure 1 illustrates the interactions in a simplified manner: PANA is a UDP-based protocol. It has its own retransmission
mechanism to reliably deliver messages.
PaC EP PAA AAA PANA messages are sent between a PaC and PAA as part of a PANA
--- --- --- --- session. A PANA session consists of distinct phases:
PAA Discovery o Discovery and handshake phase: This is the phase that initiates a
<---------------------o------------> (1) new PANA session. The PaC discovers the PAA(s) by either
PANA Authentication AAA interaction explicitly soliciting advertisements for them or receiving
<----------------------------------><------------> (2) unsolicited advertisements. The PaC's answer sent in response to
an advertisement starts a new session.
Authorization o Authentication phase: Immediately following the handshake phase is
<------------- (3) the EAP execution between the PAA and PaC. The EAP payloads
(which carry an EAP method inside) is what is used for
authentication. Authentication phase may involve execution of two
EAP sessions back-to-back, one for the NAP and one for the ISP.
Figure 1: PANA Framework o Authorization phase: Following a successful PANA authentication
phase, the PaC gains access to the network and can send and
receive IP data traffic through EP. During this phase, the PaC
and PAA may optionally ping each other to test liveness of the
PANA session on each end.
PANA supports authentication of a PaC using various EAP methods. The o Re-authentication phase: Following an authorization phase, the PAA
EAP method used depends on the level of security required for the EAP must initiate re-authentication before the PANA session lifetime
messaging itself. PANA does not secure the data traffic itself. expires. Again EAP is carried by PANA to perform authentication.
However, EAP methods that enable key exchange may allow other This phase may be optionally triggered by both the PaC and the PAA
protocols to be bootstrapped for securing the data traffic (e.g., without any respect to the session lifetime. The session moves to
[I-D.ietf-pana-ipsec]). this phase from authorized phase, and returns back there upon
successful re-authentication.
From a state machine point of view, the PANA protocol consists of o Termination phase: The PaC or PAA may choose to discontinue the
three phases access service at any time. An explicit disconnect message can be
sent by either end. If either the PaC or the PAA disconnects
without engaging in termination messaging, it is expected that
either the expiration of a finite session lifetime or failed
liveness tests would do the job.
1. Discovery and initial handshake phase PaC PAA Message[AVPs]
-----------------------------------------------------
// Discovery and handshake phase
-----> PANA-PAA-Discover
<----- PANA-Start-Request
-----> PANA-Start-Answer
2. Authentication phase // Authentication phase
<----- PANA-Auth-Request /* EAP Request */
-----> PANA-Auth-Answer
-----> PANA-Auth-Request /* EAP Response */
<----- PANA-Auth-Answer
<----- PANA-Bind-Request /* EAP Success */
-----> PANA-Bind-Answer
3. Termination phase // Authorization phase (IP data traffic allowed)
In the first phase, an IP address of PAA is discovered and a PANA <----- PANA-Ping-Request
session is established between PaC and PAA. EAP messages are -----> PANA-Ping-Answer
exchanged and a PANA SA is established in the second phase. The PANA
session as well as the PANA SA is deleted in the third phase.
In addition, PANA defines the following two types of // Termination phase
re-authentication procedures that are performed while an established -----> PANA-Termination-Request
PANA session exists. <----- PANA-Termination-Answer
1. Re-authentication based on EAP Figure 1: Illustration of PANA Messages in a Session
2. Re-authentication based on PANA-Reauth exchange Cryptographic protection of messages between the PaC and PAA is
possible as soon as EAP in conjunction with the EAP method exports a
shared key. That shared key is used to create a PANA SA. The PANA
SA helps generating per-message authentication codes that provide
integrity protection and authentication.
The former type of re-authentication is used mainly for extending PANA also allows creation of a new PANA session with a new PAA out of
authorization lifetime or for updating the cryptographic keying an existing session with another PAA. This optimization allows PaC
material of a PANA SA. The latter type of re-authentication is used achieve quicker authorization without having to run EAP upon movement
mainly for maintaining the presence of the communicating peers each (changing PAAs).
other so that the established PANA session can be terminated as soon
as the presence of the peer is lost.
3.1 Illustration of a Complete Message Sequence Throughout the lifetime of a session, various problems found with the
incoming messages can generate a PANA error message sent in response.
A complete PANA message sequence is illustrated in Figure 2. The 4. Protocol Details
example assumes the following scenario:
o The PaC initiates the discovery and initial handshake phase by The following sections explain in detail the various phases of a PANA
multicasting a PANA-PAA-Discover message. The PAA responds with a session.
PANA-Start-Request message with a cookie to be stateless in the
discovery and initial handshake phase. At the end of the the
discovery and initial handshake phase, the PaC sends a
PANA-Start-Answer message with a cookie in response to the
PANA-Start-Request.
o An EAP authentication method with a single round trip is used in 4.1 Discovery and Handshake Phase
the authentication phase. A AAA-Key is derived from the EAP
method and used for establishing a PANA SA.
o At the end of the authentication phase, the PAA sends a When a PaC attaches to a network, and knows that it has to discover a
PANA-Bind-Request message and the PaC responds with a PAA, it SHOULD send a PANA-PAA-Discover message to a well-known link
PANA-Bind-Answer message. These messages contains a MAC AVP and a local multicast address (TBD) and UDP port (TBD). The PANA PAA
Key-Id AVP, as well as other AVPs for which usages are explained discovery assumes that the PaC and the PAA are one hop away from each
in Section 4, to securely establish a PANA session with a PANA SA. other. If the PaC knows the IP address of the PAA (based on
pre-configuration), it MAY unicast the PANA-PAA-Discover message to
that address.
o After the PANA SA is established, all messages are integrity and When the PAA receives a PANA-PAA-Discover message from a PaC, the PAA
replay protected with MAC AVPs. SHOULD unicast a PANA-Start-Request message to the PaC.
o Re-authentication based on the PANA-Reauth-Request/ PANA-Reauth The PaC MAY also choose to start sending packets before getting
exchange is performed. authenticated. In that case, the network may detect this and the PAA
MAY send an unsolicited PANA-Start-Request message to the PaC in
addition to filtering the unauthorized traffic. The EP is the node
that can detect such activity. The PAA-to-EP protocol MAY be used
for this purpose.
o The PaC initiates termination of the PANA session by sending a When a PaC receives a PANA-Start-Request message from a PAA, it
PANA-Termination-Request message. responds with a PANA-Start-Answer message if it wishes to enter an
authentication phase. The answer message copies the sequence number.
o Sequence numbers in PANA headers are not shown. There can be multiple PAAs on the link and a PaC may receive multiple
PANA-Start-Request messages from those PAAs. The authentication and
authorization result does not depend on which PAA is chosen by the
PaC. By default the PaC MAY choose the PAA that sent the first
response.
PaC PAA Message[AVPs] A PANA-Start-Request message MAY carry a Cookie AVP that contains a
----------------------------------------------------- cookie. The sequence number is set to a randomly picked initial
// Discovery and initial handshake phase sequence number. The cookie is used for preventing the PAA from
-----> PANA-PAA-Discover resource consumption DoS attacks by blind attackers. The cookie is
<----- PANA-Start-Request[Nonce, Cookie] computed in such a way that it does not require any per-session state
-----> PANA-Start-Request-Answer[Nonce, Cookie] maintenance on the PAA in order to verify the cookie returned in a
PANA-Start-Answer message. The exact algorithms and syntax used for
generating cookies does not affect interoperability and hence is not
specified here. An example algorithm is described below.
// Authentication phase Cookie =
<----- PANA-Auth-Request[Session-Id, EAP] <secret-version> | HMAC_SHA1( <Device-Id of PaC> , <secret> )
-----> PANA-Auth-Answer[Session-Id, EAP] where <secret> is a randomly generated secret known only to the PAA,
<----- PANA-Auth-Request[Session-Id, EAP] <secret-version> is an index used for choosing the secret for
-----> PANA-Auth-Answer[Session-Id, EAP] generating the cookie and '|' indicates concatenation. The
<----- PANA-Bind-Request[Session-Id, EAP{Success}, secret-version should be changed frequently enough to prevent replay
Device-Id, Lifetime, Protection-Cap., Key-Id, MAC] attacks. The secret key is valid for a certain time frame.
-----> PANA-Bind-Answer[Session-Id, Device-Id, Key-Id, MAC]
// Re-authentication based on PANA-Reauth exchange When the PaC sends a PANA-Start-Answer message in response to a
<----- PANA-Reauth-Request[Session-Id, MAC] PANA-Start-Request containing a Cookie AVP, the answer MUST contain a
-----> PANA-Reauth-Answer[Session-Id, MAC] Cookie AVP with the cookie value copied from the request.
// Termination phase When the PAA receives the PANA-Start-Answer message from the PaC, it
-----> PANA-Termination-Request[Session-Id, MAC] verifies the cookie. The cookie is considered as valid if the
<----- PANA-Termination-Answer[Session-Id, MAC] received cookie has the expected value. If the computed cookie is
valid, the protocol enters an authentication phase. Otherwise, it
MUST silently discard the received message.
Figure 2: A Complete Message Sequence Initial EAP Request MAY be optionally carried by the
PANA-Start-Request (as opposed to by a later PANA-Auth-Request)
message in order to reduce the number of round-trips. This
optimization SHOULD NOT be used if the PAA discovery is desired to be
stateless.
4. Protocol Details A Protection-Capability AVP and a Post-PANA-Address-Configuration
(PPAC) AVP MAY be included in the PANA-Start-Request in order to
indicate required and available capabilities for the network access.
These AVPs MAY be used by the PaC for assessing the capability match
even before the authentication takes place. But these AVPs are
provided during the insecure discovery and handshake phase, there are
certain security risks involved in using the provided information.
See Section 11 for further discussion on this.
4.1 Common Processing Rules If the initial EAP Request message is carried in the
PANA-Start-Request message, an EAP Response message MUST be carried
in the PANA-Start-Answer message returned to the PAA.
4.1.1 Payload Encoding In any case, PANA MUST NOT generate an EAP message on behalf of EAP
peer or EAP (pass-through) authenticator.
The PANA-Start-Request/Answer exchange is needed before entering an
authentication phase even when the PaC is pre-configured with PAAs IP
address and the PANA-PAA-Discover message is unicast.
A Nonce AVP MUST be included in PANA-Start-Request and
PANA-Start-Answer messages. The nonces are used to establish a PANA
SA.
A PANA-Start-Request message that carries a Cookie AVP is never
retransmitted. A PANA-Start-Request message that does not carry a
Cookie AVP is retransmitted based on timer. A PANA-Start-Answer
message that carries a Cookie AVP is retransmitted based on timer. A
PANA-Start-Answer message that does not carry a Cookie AVP is never
retransmitted based on timer.
It is possible that both the PAA and the PaC initiate the discovery
and handshake procedure at the same time, i.e., the PAA sends a
PANA-Start-Request message while the PaC sends a PANA-PAA-Discover
message. To resolve the race condition, the PAA SHOULD silently
discard the PANA-PAA-Discover message received from the PaC after it
has sent a PANA-Start-Request message with creating a state (i.e., no
Cookie AVP is included in the message) for the PaC. In this case PAA
will retransmit PANA-Start-Request based on a timer, if PaC doesn't
respond in time (message was lost for example). If the PAA had sent
a PANA-Start-Request message without creating a state for the PaC
(i.e., a Cookie AVP was included in the message), then it SHOULD
answer to the PANA-PAA-Discover message.
Figure 2 shows an example sequence for the discovery and handshake
phase when a PANA-PAA-Discover message is sent by the PaC. Figure 3
shows an example sequence for the discovery and handshake phase that
is triggered by data traffic.
PaC PAA Message(seqno)[AVPs]
------------------------------------------------------
-----> PANA-PAA-Discover(0)
<----- PANA-Start-Request(x)[Nonce, Cookie]
-----> PANA-Start-Answer(x)[Nonce, Cookie]
(continued to authentication phase)
Figure 2: Example Sequence for Discovery and Handshake Phase when
PANA-PAA-Discover is sent by PaC
PaC EP PAA Message(seqno)[AVPs]
------------------------------------------------------
---->o (Data packet arrival or L2 trigger)
------> PAA-to-EP protocol, or another mechanism
<------------ PANA-Start-Request(x)[Nonce, Cookie]
------------> PANA-Start-Answer(x)[Nonce, Cookie]
(continued to authentication phase)
Figure 3: Example Sequence for Discovery and Handshake when discovery
is triggered by data traffic
4.2 Authentication Phase
The main task in authentication phase is to carry EAP messages
between the PaC and the PAA. EAP Request and Response messages are
carried in PANA-Auth-Request messages. PANA-Auth-Answer messages are
simply used to acknowledge receipt of the requests. As an
optimization, a PANA-Auth-Answer message MAY include the EAP
Response. Another optimization allows optionally carrying the first
EAP Request/Response in PANA-Start-Request/Answer message as
described in Section 4.1
When an EAP Success/Failure message is sent from a PAA, the message
is carried in a PANA-Bind-Request (PBR) message. The
PANA-Bind-Request messages MUST be acknowledged with a
PANA-Bind-Answer (PBA) message. Figure 4 shows an example sequence
in an authentication phase.
PaC PAA Message(seqno)[AVPs]
--------------------------------------------------------------------
(continued from discovery and handshake phase)
<----- PANA-Auth-Request(x+1)
[Session-Id, EAP{Request}]
-----> PANA-Auth-Answer(x+1) // No piggybacking EAP-Response
[Session-Id]
-----> PANA-Auth-Request(y)
[Session-Id, EAP{Response}]
<----- PANA-Auth-Answer(y)
[Session-Id]
<----- PANA-Auth-Request(x+2)
[Session-Id, EAP{Request}]
-----> PANA-Auth-Answer(x+2) // Piggybacking EAP-Response
[Session-Id, EAP{Response}]
<----- PANA-Bind-Request(x+3)
[Session-Id, EAP{Success}, Device-Id, IP-Address,
Lifetime, Protection-Cap., PPAC, MAC]
-----> PANA-Bind-Answer(x+3)
[Session-Id, Device-Id, PPAC, MAC]
Figure 4: Example Sequence in Authentication Phase
When an EAP method that is capable of deriving keys is used during
the authentication phase and the keys are successfully derived, the
PANA-FirstAuth-End-Request and PANA-FirstAuth-End-Answer and/or
PANA-Bind-Request and PANA-Bind-Answer messages, and all subsequent
PANA messages MUST contain a MAC AVP.
The PANA-Bind-Request and the PANA-Bind-Answer message exchange is
also used for binding device identifiers of the PaC and EP(s), and
the IP address of the PAA to the PANA SA. To achieve this, the
PANA-Bind-Request SHOULD contain the device identifier(s) of the
EP(s) in Device-Id AVP(s) when they are either MAC or IP address(es),
and the IP address of the PAA in an IP-Address AVP. PANA-Bind-Answer
SHOULD contain PaC's device identifier in a Device-Id AVP when it is
already presented with that of EP(s). The PaC MUST use the same type
of device identifier as contained in the PANA-Bind-Request message.
This exchange when protected by a MAC AVP prevents man-in-the-middle
attacks. The PANA-Bind-Request message MAY also contain a
Protection-Capability AVP to indicate if link-layer or network-layer
ciphering should be initiated after PANA. No link layer or network
layer specific information is included in the Protection-Capability
AVP. When the information is preconfigured on the PaC and the PAA
this AVP can be omitted. It is assumed that at least PAA is aware of
the security capabilities of the access network. The PANA protocol
does not specify how the PANA SA and the Protection-Capability AVP
will be used to provide per-packet protection for data traffic.
Additionally, PANA-Bind-Request MUST include a
Post-PANA-Address-Configuration AVP, which helps PAA to inform PaC
about whether a new IP address MUST be configured and the available
methods to do so. PaC MUST include a PPAC AVP in order to indicate
its choice of method when there is a match between the methods
offered by the PAA and the methods available on the PaC. When there
is no match, a PPAC AVP MUST NOT be included and the Result-Code AVP
MUST be set to PANA_PPAC_CAPABILITY_UNSUPPORTED in the
PANA-Bind-Answer message.
PANA-Bind-Request and PANA-Bind-Answer messages MUST be retransmitted
based on the retransmission rule described in Section 5.3.
EAP authentication can fail at a pass-through authenticator without
sending an EAP-Failure message [I-D.ietf-eap-statemachine]. When
this occurs, the PAA SHOULD send a PANA-Error-Request message to the
PaC with using PANA_UNABLE_TO_COMPLY result code. The PaC SHOULD not
change its state unless the error message is secured by PANA or lower
layer. In any case, a more appropriate way is to rely on a timeout
on the PaC.
There is a case where EAP authentication succeeds with producing an
EAP-Success message but network access authorization fails due to,
e.g., authorization rejected by a AAA proxy or authorization locally
rejected by the PAA. When this occurs, the PAA MUST send
PANA-Bind-Request with a result code PANA_AUTHORIZATION_REJECTED. If
a AAA-Key is established between PaC and PAA by the time when the
EAP-Success is generated by the EAP server (this is the case when the
EAP method provides protected success indication), this PANA-Bind
message exchange MUST be protected with a MAC AVP and with carrying a
Key-Id AVP. The AAA-Key and the PANA session MUST be deleted after
the PANA-Bind message exchange.
4.3 Authorization Phase
Once an authentication phase or a re-authentication phase
successfully completes, the PaC gains access to the network and can
send and receive IP data traffic through EP and the PANA session
enters an authorization phase. In this phase, PANA-Ping-Request and
PANA-Ping-Answer messages are used for testing the liveness of the
PANA session on the PANA peer. Both the PaC and the PAA are allowed
to send a PANA-Ping-Request message to the communicating peer
whenever they need to make sure the availability of the session on
the peer and expect the peer to return a PANA-Ping-Answer message.
Both PANA-Ping-Request and PANA-Ping-Answer messages MUST be
protected with a MAC AVP when a PANA SA is available.
Implementations MUST limit the rate of performing this test. The PaC
and the PAA can handle rate limitation on their own, they do not have
to perform any coordination with each other. There is no negotiation
of timers for this purpose.
Figure 5 and Figure 6 show liveness tests as they are initiated by
the PaC and the PAA respectively.
PaC PAA Message(seqno)[AVPs]
------------------------------------------------------
-----> PANA-Ping-Request(q)[Session-Id, MAC]
<----- PANA-Ping-Answer(q)[Session-Id, MAC]
Figure 5: Example Sequence for PaC-initiated liveness test
PaC PAA Message(seqno)[AVPs]
------------------------------------------------------
<----- PANA-Ping-Request(p)[Session-Id, MAC]
-----> PANA-Ping-Answer(p)[Session-Id, MAC]
Figure 6: Example Sequence for PAA-initiated liveness test
4.4 Re-authentication Phase
A PANA session in an authorization phase can enter a
re-authentication phase to extend the current session lifetime by
re-executing EAP. Once the re-authentication phase successfully
completes, the session re-enters the authorization phase. Otherwise,
the session is deleted.
When a PaC wants to initiate re-authentication, it sends a
PANA-Reauth-Request message to the PAA. This message MUST contain a
Session-Id AVP which is used for identifying the PANA session on the
PAA. If the PAA already has an established PANA session for the PaC
with the matching identifier, it MUST first respond with a
PANA-Reauth-Answer, followed by a PANA-Auth-Request that starts a new
EAP authentication. If PAA cannot identify the session, it MUST
respond with a PANA-Error-Request with the error code
PANA_UNKNOWN_SESSION_ID. PANA-Reauth-Request/Answer messages MUST
contain a MAC AVP when PANA SA is available.
PaC may receive a PANA-Auth-Request before receiving the answer to
its outstanding PANA-Reauth-Request. This condition can arise due to
packet re-ordering or a race condition between the PaC and PAA when
they both attempt to engage in re-authentication. PaC MUST keep
discarding the received PANA-Auth-Requests until it receives the
answer to its request.
When the PAA initiates re-authentication, it sends a
PANA-Auth-Request message containing the session identifier for the
PaC to enter an authentication phase. PAA SHOULD initiate EAP
authentication before the current session lifetime expires.
Re-authentication of an on-going PANA session MUST maintain the
existing sequence numbers.
For any re-authentication, if there is an established PANA SA,
PANA-Auth-Request and PANA-Auth-Answer messages MUST be protected by
adding a MAC AVP to each message. Any subsequent EAP-based
authentication MUST be performed with the same ISP and NAP that was
selected during the initial authentication. An example sequence for
a re-authentication initiated by a PaC is shown in Figure 7.
PaC PAA Message(seqno)[AVPs]
------------------------------------------------------
-----> PANA-Reauth-Request(q)
[Session-Id, MAC]
<----- PANA-Reauth-Answer(q)
[Session-Id, MAC]
<----- PANA-Auth-Request(p)
[Session-Id, EAP{Request}, MAC]
-----> PANA-Auth-Answer(p) // No piggybacking EAP-Response
[Session-Id, MAC]
-----> PANA-Auth-Request(q+1)
[Session-Id, EAP{Response}, MAC]
<----- PANA-Auth-Answer(q+1) // No piggybacking EAP-Response
[Session-Id, MAC]
<----- PANA-Auth-Request(p+1)
[Session-Id, EAP{Request}, MAC]
-----> PANA-Auth-Answer(p+1) // Piggybacking EAP-Response
[Session-Id, EAP{Response}, MAC]
<----- PANA-Bind-Request(p+2)
[Session-Id, EAP{Success}, Device-Id,
IP-Address, Key-Id, Lifetime,
Protection-Cap., PPAC, MAC]
-----> PANA-Bind-Answer(p+2)
[Session-Id, Device-Id, Key-Id, PPAC, MAC]
Figure 7: Example Sequence for re-authentication initiated by PaC
4.5 Termination Phase
A procedure for explicitly terminating a PANA session can be
initiated either from the PaC (i.e., disconnect indication) or from
the PAA (i.e., session revocation). The PANA-Termination-Request and
the PANA-Termination-Answer message exchanges are used for disconnect
indication and session revocation procedures.
The reason for termination is indicated in the Termination-Cause AVP.
When there is an established PANA SA established between the PaC and
the PAA, all messages exchanged during the termination phase MUST be
protected with a MAC AVP. When the sender of the
PANA-Termination-Request receives a valid acknowledgment, all states
maintained for the PANA session MUST be deleted immediately.
PaC PAA Message(seqno)[AVPs]
------------------------------------------------------
-----> PANA-Termination-Request(q)[Session-Id, MAC]
<----- PANA-Termination-Answer(q)[Session-Id, MAC]
Figure 8: Example Sequence for Session Termination
5. Protocol Design Details and Processing Rules
5.1 Payload Encoding
The payload of any PANA message consists of zero or more AVPs The payload of any PANA message consists of zero or more AVPs
(Attribute Value Pairs). A brief description of the AVPs defined in (Attribute Value Pairs). A brief description of the AVPs defined in
this document is listed below: this document is listed below:
o Cookie AVP: contains a random value that is used for making o Cookie AVP: contains a random value that is used for making
initial handshake robust against blind resource consumption DoS handshake robust against blind resource consumption DoS attacks.
attacks.
o Protection-Capability AVP: contains information which protection o Protection-Capability AVP: contains information which protection
should be initiated after the PANA exchange (e.g., link-layer or should be initiated after the PANA exchange (e.g., link-layer or
network layer protection). network layer protection).
o Device-Id AVP: contains a device identifier of the sender of the o Device-Id AVP: contains a device identifier of the PaC or an EP.
message. A device identifier is represented as a pair of device A device identifier is represented as a pair of device identifier
identifier type and device identifier value. Either a layer-2 type and device identifier value. Either a layer-2 address or an
address or an IP address is used for the device identifier value. IP address is used for the device identifier value when this AVP
is present.
o EP-Device-Id AVP: contains the device identifier of an EP.
o EAP AVP: contains an EAP PDU. o EAP AVP: contains an EAP PDU.
o MAC AVP: contains a Message Authentication Code that protects a o MAC AVP: contains a Message Authentication Code that protects a
PANA message PDU. PANA message PDU.
o Termination-Cause AVP: contains the reason of session termination. o Termination-Cause AVP: contains the reason of session termination.
o Result-Code AVP: contains information about the protocol execution o Result-Code AVP: contains information about the protocol execution
results. results.
skipping to change at page 12, line 10 skipping to change at page 20, line 7
o Key-Id AVP: contains a AAA-Key identifier. o Key-Id AVP: contains a AAA-Key identifier.
o PPAC AVP: Post-PANA-Address-Configuration AVP. Conveys the list o PPAC AVP: Post-PANA-Address-Configuration AVP. Conveys the list
of IP address configuration methods available when sent by the of IP address configuration methods available when sent by the
PAA, and the chosen method when sent by the PaC. PAA, and the chosen method when sent by the PaC.
o Nonce AVP: contains a randomly chosen value. o Nonce AVP: contains a randomly chosen value.
o IP-Address AVP: contains an IP Address of a PaC. o IP-Address AVP: contains an IP Address of a PaC.
4.1.2 Transport Layer Protocol 5.2 Transport Layer
PANA uses UDP as its transport layer protocol. The UDP port number PANA uses UDP as its transport layer protocol. The UDP port number
is TBD. All messages except for PANA-PAA-Discover are always is TBD. All messages except for PANA-PAA-Discover are always
unicast. PANA-PAA-Discover MAY be unicasted when the PaC knows the unicast. PANA-PAA-Discover MAY be unicast when the PaC knows the IP
IP address of the PAA. address of the PAA.
4.1.3 Fragmentation 5.2.1 Fragmentation
PANA does not provide fragmentation of PANA messages. Instead, it PANA does not provide fragmentation of PANA messages. Instead, it
relies on fragmentation provided by EAP methods and IP layer when relies on fragmentation provided by EAP methods and IP layer when
needed. needed.
4.1.4 Sequence Number and Retransmission 5.3 Sequence Number and Retransmission
PANA uses sequence numbers to provide ordered delivery of EAP
messages. The design involves use of two sequence numbers to prevent
some of the DoS attacks on the sequencing scheme. Every PANA packet
includes one transmitted sequence number (tseq) and one received
sequence number (rseq) in the PANA header. See [1] for detailed
explanation on why two sequence numbers are needed.
The two sequence number fields have the same length of 32 bits and
appear in PANA header. The transmission sequence number starts from
initial sequence number (ISN) and is monotonically increased by 1.
This rule applies to all PANA messages but PANA-PAA-Discover. The
serial number arithmetic defined in [RFC1982] is used for sequence
number operation. The ISNs are exchanged between PaC and PAA during
the discovery and initial handshake phase (see Section 4.2). The
rules that govern the sequence numbers in other phases are described
as follows.
o When a message is sent, a new sequence number is placed on the
tseq field of message regardless of whether it is sent as a result
of retransmission or not. When a message is sent, rseq is copied
from the tseq field of the last accepted message.
o When a message is received, it is considered valid in terms of
sequence numbers if and only if (i) its tseq is greater than the
tseq of the last accepted message and (ii) its rseq falls in the
range between the tseq of the last acknowledged message and the
tseq of the last transmitted message.
PANA relies on EAP-layer retransmissions, or for example NAS
functionality [I-D.ietf-aaa-eap], for retransmitting EAP Requests
based on timer. Other PANA layer messages that require a response
from the communicating peer are retransmitted based on timer at
PANA-layer until a response is received (in which case the
retransmission timer is stopped) or the number of retransmission
reaches the maximum value (in which case the PANA session MUST be
deleted immediately). For PANA-layer retransmission, the
retransmission timer SHOULD be calculated as described in [RFC2988]
to provide congestion control. See Section 7 for default timer and
maximum retransmission count parameters.
4.1.5 PANA Security Association
A PANA SA is created as an attribute of a PANA session when EAP
authentication succeeds with a creation of a AAA-Key. A PANA SA is
not created when the PANA authentication fails or no AAA-Key is
produced by any EAP authentication method. In the case where two EAP
authentications are performed in sequence in a single PANA
authentication phase, it is possible that two AAA-Keys are derived.
If this happens, the PANA SA MUST be generated from both AAA-Keys.
When a new AAA-Key is derived as a result of EAP-based
re-authentication, any key derived from the old AAA-Key MUST be
updated to a new one that is derived from the new AAA-Key. In order
to distinguish the new AAA-Key from old ones, one Key-Id AVP MUST be
carried in PANA-Bind-Request and PANA-Bind-Answer messages or
PANA-FirstAuth-End-Request and PANA-FirstAuth-End-Answer messages at
the end of the EAP authentication which resulted in deriving a new
AAA-Key. The Key-Id AVP is of type Unsigned32 and MUST contain a
value that uniquely identifies the AAA-Key within the PANA session.
The PANA-Bind-Answer message (or the PANA-FirstAuth-End-Answer
message) sent in response to a PANA-Bind-Request message (or a
PANA-FirstAuth-End-Request message) with a Key-Id AVP MUST contain a
Key-Id AVP with the same AAA-Key identifier carried in the request.
PANA-Bind-Request, PANA-Bind-Answer, PANA-FirstAuth-End-Request and
PANA-FirstAuth-End-Answer messages with a Key-Id AVP MUST also carry
a MAC AVP whose value is computed by using the new PANA-MAC-KEY
derived from the new AAA-Key (or the new pair of AAA-Keys when the
PANA_MAC_KEY is derived from two AAA-Keys). Although the
specification does not mandate a particular method for calculation of
Key-Id AVP value, a simple method is to use monotonically increasing
numbers.
The created PANA SA is deleted when the corresponding PANA session is
deleted. The lifetime of the PANA SA is the same as the lifetime of
the PANA session for simplicity.
PANA SA attributes as well as PANA session attributes are listed
below:
PANA Session attributes:
* Session-Id
* Device-Id of PaC
* Device-Id of PAA
* IP address of PaC (may be the same as the Device-Id of PaC)
* IP address of PAA (may be the same as the Device-Id of PAA)
* List of device identifiers of EPs
* Last transmitted tseq value
* Last received rseq value
* Last transmitted message payload
* Retransmission interval
* Session lifetime
* Protection-Capability
* PANA SA attributes:
+ Nonce generated by PaC (PaC_nonce)
+ Nonce generated by PAA (PAA_nonce) PANA uses sequence numbers to provide ordered and reliable delivery
of messages.
+ AAA-Key PaC and PAA maintain two sequence numbers: the next one to be used
for a request it initiates and the next one it expects to see in a
request from the other end. These sequence numbers are 32-bit
unsigned numbers. They are monotonically incremented by 1 as new
requests are generated and received, and wrapped to zero on the next
message after 2^32-1. Answers always contain the same sequence
number as the corresponding request. Retransmissions maintain the
same sequence number.
+ AAA-Key Identifier The initial sequence numbers (ISN) are randomly picked by PaC and PAA
as they send their very first request messages. PANA-PAA-Discover
message carries sequence number 0.
+ PANA_MAC_KEY When a request message is received, it is considered valid in terms
of sequence numbers if and only if its sequence number matches the
expected value. This check does not apply to PANA-PAA-Discover, and
the very first request messages.
The PANA_MAC_Key is used to integrity protect PANA messages and When an answer message is received, it is considered valid in terms
derived from AAA-Key(s). When two AAA-Keys (AAA-Key1 and AAA-Key2) of sequence numbers if and only if its sequence number matches that
are generated as a result of double EAP authentication (see Section of the currently outstanding request. A peer can only have one
4.3) the compound AAA-Key can be computed as follows ('|' indicates outstanding request at a time.
concatenation):
AAA-Key = AAA-Key1 | AAA-Key2 PANA messages are retransmitted based on timer at until a response is
The PANA_MAC_KEY is computed in the following way: received (in which case the retransmission timer is stopped) or the
number of retransmission reaches the maximum value (in which case the
PANA session MUST be deleted immediately). The retransmission timer
SHOULD be calculated as described in [RFC2988] to provide congestion
control. See Section 9 for default timer and maximum retransmission
count parameters.
PANA_MAC_KEY = The first N bits of PaC and PAA MUST respond to duplicate requests. Last transmitted
HMAC_SHA1(AAA-Key, PaC_nonce | PAA_nonce | Session-ID) PANA answer MAY be cached in case it is not received by the peer and
that generates a retransmission of the last request. When available,
a cached answer can be used instead of fully processing the
retransmitted request and forming a new answer from scratch.
where the value of N depends on the integrity protection algorithm in PANA MUST NOT generate EAP message duplication. EAP payload of a
use, i.e., N=160 for HMAC-SHA1. The length of AAA-Key MUST be N bits retransmitted PANA message MUST NOT be passed to the EAP layer.
or longer. See Section Section 4.1.6 for the detailed usage of the
PANA_MAC_KEY.
4.1.6 Message Authentication Code 5.4 Message Authentication Code
A PANA message can contain a MAC (Message Authentication Code) AVP A PANA message can contain a MAC (Message Authentication Code) AVP
for cryptographically protecting the message. for cryptographically protecting the message.
When a MAC AVP is included in a PANA message, the value field of the When a MAC AVP is included in a PANA message, the value field of the
MAC AVP is calculated by using the PANA_MAC_KEY in the following way: MAC AVP is calculated by using the PANA_MAC_KEY in the following way:
MAC AVP value = PANA_MAC_PRF(PANA_MAC_KEY, PANA_PDU) MAC AVP value = PANA_MAC_PRF(PANA_MAC_KEY, PANA_PDU)
where PANA_PDU is the PANA message including the PANA header, with where PANA_PDU is the PANA message including the PANA header, with
skipping to change at page 15, line 36 skipping to change at page 21, line 38
represents the pseudo random function corresponding to the MAC represents the pseudo random function corresponding to the MAC
algorithm specified in the MAC AVP. In this version of draft, algorithm specified in the MAC AVP. In this version of draft,
PANA_MAC_PRF is HMAC-SHA1. The PaC and PAA MUST use the same PANA_MAC_PRF is HMAC-SHA1. The PaC and PAA MUST use the same
algorithm to calculate a MAC AVP they originate and receive. The algorithm to calculate a MAC AVP they originate and receive. The
algorithm is determined by the PAA when a PANA-Bind-Request with a algorithm is determined by the PAA when a PANA-Bind-Request with a
MAC AVP is sent. When the PaC does not support the MAC algorithm MAC AVP is sent. When the PaC does not support the MAC algorithm
specified in the PANA-Bind-Request message, it MUST silently discard specified in the PANA-Bind-Request message, it MUST silently discard
the message. The PAA MUST NOT change the MAC algorithm throughout the message. The PAA MUST NOT change the MAC algorithm throughout
the continuation of the PANA session. the continuation of the PANA session.
4.1.7 Message Validity Check 5.5 Message Validity Check
When a PANA message is received, the message is considered to be When a PANA message is received, the message is considered to be
invalid at least when one of the following conditions are not met: invalid at least when one of the following conditions are not met:
o The IP Hop Limit (or TTL) field has a value of 255, i.e., the o The IP Hop Limit (or TTL) field has a value of 255, i.e., the
packet could not possibly have been forwarded by a router. packet could not possibly have been forwarded by a router.
o Each field in the message header contains a valid value including o Each field in the message header contains a valid value including
sequence number, message length, message type, version number, sequence number, message length, message type, version number,
flags, etc. flags, etc.
o When a device identifier of the communication peer is bound to the o When a device identifier of the PaC is bound to the PANA session,
PANA session, it matches the device identifier carried in MAC and/ it matches the device identifier carried in MAC or or IP header,
or IP header(s), or other auxiliary indetifier provided by the or other locally-significant identifier provided by the
lower-layers (e.g., circuit ID). lower-layers (e.g., circuit ID) unless the message is a
PANA-Update-Request with an IP-Address AVP.
o The message type is one of the expected types in the current o The message type is one of the expected types in the current
state. Specifically the following messages are unexpected and state. Specifically the following messages are unexpected and
invalid: invalid:
* In discovery and initial handshake phase: * In discovery and handshake phase:
+ PANA-Termination-Request and PANA-Reauth-Request. + PANA-Termination-Request and PANA-Ping-Request.
+ PANA-Bind-Request. + PANA-Bind-Request.
+ PANA-Update-Request. + PANA-Update-Request.
* In authentication phase: * In authentication phase:
+ PANA-PAA-Discover. + PANA-PAA-Discover.
+ PANA-Termination-Request and PANA-Reauth-Request.
+ PANA-Update-Request. + PANA-Update-Request.
+ PANA-Start-Request after a PaC receives the first valid + PANA-Start-Request after a PaC receives the first valid
PANA-Auth-Request. PANA-Auth-Request.
+ PANA-Termination-Request before the PaC receives the first
successful PANA-Bind-Request.
* After successful PANA authentication: * After successful PANA authentication:
+ PANA-Start-Request as well as a non-duplicate + PANA-Start-Request as well as a non-duplicate
PANA-Bind-Request (see section Section 4.7 for definition of PANA-Bind-Request.
duplicate requests).
+ PANA-PAA-Discover without a Session-Id AVP. + PANA-PAA-Discover.
* In termination phase: * In termination phase:
+ PANA-PAA-Discover. + PANA-PAA-Discover.
+ All requests but PANA-Termination-Request. + All requests but PANA-Termination-Request.
o The message payload contains a valid set of AVPs allowed for the o The message payload contains a valid set of AVPs allowed for the
message type and there is no missing AVP that needs to be included message type and there is no missing AVP that needs to be included
in the payload. in the payload.
o Each AVP is decoded correctly. o Each AVP is decoded correctly.
o When a MAC AVP is included, the AVP value matches the MAC value o When a MAC AVP is included, the AVP value matches the MAC value
computed against the received message. computed against the received message.
o When a Device-Id AVP is included, the AVP is valid if the device o When a Device-Id AVP is included, the AVP is valid if the device
identifier type contained in the AVP is supported (this check is identifier type contained in the AVP is supported (check performed
for both PaC and PAA) and is the requested one (this check is for by both PaC and PAA) and is the requested one (check performed by
PAA only) and the device identifier value contained in the AVP PAA only) and the device identifier value contained in the AVP
matches the value extracted from the lower-layer encapsulation matches the value extracted from the lower-layer encapsulation
header corresponding to the device identifier type contained in header corresponding to the device identifier type contained in
the AVP. Note that a Device-Id AVP carries the PaC's device the AVP (check performed by PAA only). Note that a Device-Id AVP
identifier in messages from PaC to PAA and PAA's device identifier carries the PaC's device identifier in messages from PaC to PAA
in messages from PAA to PaC. and EP(s)' device identifier in messages from PAA to PaC.
Invalid messages MUST be discarded in order to provide robustness
against DoS attacks. In addition, a non-acknowledged error
notification message MAY be returned to the sender. See Section
4.1.8 for details.
4.1.8 Error Handling
PANA-Error message MAY be sent by either PaC or PAA when a badly o When an IP-Address AVP is received in a message, the AVP is valid
formed PANA message is received or in case of other errors. If the if the IP address matches the source address in the IP header.
cause of this error message was a request message (e.g.,
PANA-PAA-Discover or *-Request), then the request MAY be
retransmitted immediately without waiting for its retransmission
timer to go off. If the cause of the error was a response message,
the receiver of the PANA-Error message SHOULD NOT resend the same
response until it receives the next request.
To defend against DoS attacks a timer MAY be used. One (1) error Invalid messages MUST be discarded in order to provide robustness
notification is sent to each different sender each N seconds. N is a against DoS attacks. In addition, an error notification message MAY
configurable parameter. be returned to the sender. See Section 5.7 for details.
When an error message is sent unprotected with MAC AVP and the 5.6 PANA Security Association
lower-layer is insecure, the error message is treated as an
informational message. The receiver of such an error message MUST
NOT change its state unless the error persists and the PANA session
is not making any progress.
4.2 Discovery and Initial Handshake Phase A PANA SA is created as an attribute of a PANA session when EAP
authentication succeeds with a creation of a AAA-Key. A PANA SA is
not created when the PANA authentication fails or no AAA-Key is
produced by any EAP authentication method. In the case where two EAP
authentications are performed in sequence in a single PANA
authentication phase, it is possible that two AAA-Keys are derived.
If this happens, the PANA SA MUST be generated from both AAA-Keys.
When a new AAA-Key is derived as a result of EAP-based
re-authentication, any key derived from the old AAA-Key MUST be
updated to a new one that is derived from the new AAA-Key. In order
to distinguish the new AAA-Key from old ones, one Key-Id AVP MUST be
carried in PANA-Bind-Request and PANA-Bind-Answer messages or
PANA-FirstAuth-End-Request and PANA-FirstAuth-End-Answer messages at
the end of the EAP authentication which resulted in deriving a new
AAA-Key. The Key-Id AVP is of type Unsigned32 and MUST contain a
value that uniquely identifies the AAA-Key within the PANA session.
The PANA-Bind-Answer message (or the PANA-FirstAuth-End-Answer
message) sent in response to a PANA-Bind-Request message (or a
PANA-FirstAuth-End-Request message) with a Key-Id AVP MUST contain a
Key-Id AVP with the same AAA-Key identifier carried in the request.
PANA-Bind-Request, PANA-Bind-Answer, PANA-FirstAuth-End-Request and
PANA-FirstAuth-End-Answer messages with a Key-Id AVP MUST also carry
a MAC AVP whose value is computed by using the new PANA-MAC-KEY
derived from the new AAA-Key (or the new pair of AAA-Keys when the
PANA_MAC_KEY is derived from two AAA-Keys). Although the
specification does not mandate a particular method for calculation of
Key-Id AVP value, a simple method is to use monotonically increasing
numbers.
When a PaC attaches to a network, and knows that it has to discover a The created PANA SA is deleted when the corresponding PANA session is
PAA, it SHOULD send a PANA-PAA-Discover message to a well-known link deleted. The lifetime of the PANA SA is the same as the lifetime of
local multicast address (TBD) and UDP port (TBD). The PANA PAA the PANA session for simplicity.
discovery assumes that PaC and PAA are one hop away from each other.
If the PaC knows the IP address of the PAA (based on
pre-configuration), it MAY unicast the PANA discovery message to that
address. The PAA SHOULD respond to the PANA-PAA-Discover message
with a PANA-Start-Request message.
When the PAA receives such a request, or upon receiving some lower PANA SA attributes as well as PANA session attributes are listed
layer indications of a new PaC, the PAA SHOULD unicast a below:
PANA-Start-Request message.
There can be multiple PAAs on the link. The authentication and PANA Session attributes:
authorization result does not depend on which PAA is chosen by the
PaC. By default the PaC MAY choose the PAA that sent the first
response.
The PaC MAY also choose to start sending packets before getting * Session-Id
authenticated. In that case, the network may detect this and the PAA
MAY send an unsolicited PANA-Start-Request message to the PaC in
addition to filtering the unauthorized traffic. The EP is the node
that can detect such activity. The PAA-to-EP protocol MAY be used
for this purpose.
A PANA-Start-Request message MAY carry a Cookie AVP that contains a * Device-Id of PaC
cookie. The rseq field of the header is set to zero (0). The tseq
field of the header contains the initial sequence number. The cookie
is used for preventing the PAA from resource consumption DoS attacks
by blind attackers. The cookie is computed in such a way that it
does not require any per-session state maintenance on the PAA in
order to verify the cookie returned in a PANA-Start-Answer message.
The exact algorithms and syntax used for generating cookies does not
affect interoperability and hence is not specified here. An example
algorithm is described below.
Cookie = * IP address of PaC (may be the same as the Device-Id of PaC)
<secret-version> | HMAC_SHA1( <Device-Id of PaC> , <secret> )
where <secret> is a randomly generated secret known only to the PAA, * IP address of PAA
<secret-version> is an index used for choosing the secret for
generating the cookie and '|' indicates concatenation. The
secret-version should be changed frequently enough to prevent replay
attacks. The secret key is valid for a certain time frame.
When the PAA receives the PANA-Start-Answer message from the PaC, it * List of device identifiers of EPs
verifies the cookie. The cookie is considered as valid if the
received cookie has the expected value. If the computed cookie is
valid, the protocol enters the authentication phase. Otherwise, it
MUST silently discard the received message.
Initial EAP Request MAY be optionally carried by the * Sequence number of the last transmitted request
PANA-Start-Request (as opposed to by a later PANA-Auth-Request)
message in order to reduce the number of round-trips. This
optimization SHOULD NOT be used if the PAA discovery is desired to be
stateless.
Protection-Capability and Post-PANA-Address-Configuration AVPs MAY be * Sequence number of the last received request
optionally included in the PANA-Start-Request in order to indicate
required and available capabilities for the network access. These
AVPs MAY be used by the PaC for assessing the capability match even
before the authentication takes place. But these AVPs are provided
during the insecure discovery phase, there are certain security risks
involved in using the provided information. See Section 9 for
further discussion on this.
If the initial EAP Request message is carried in the * Last transmitted message payload
PANA-Start-Request message, an EAP Response message MUST be carried
in the PANA-Start-Answer message returned to the PAA.
In any case, PANA MUST NOT generate an EAP message on behalf of EAP * Retransmission interval
peer or EAP (pass-through) authenticator.
The PANA-Start-Request/Answer exchange is needed before entering * Session lifetime
authentication phase even when the PaC is pre-configured with PAAs IP
address and the PANA-PAA-Discover message is unicast.
A Nonce AVP MUST be included in PANA-Start-Request and * Protection-Capability
PANA-Start-Answer messages.
A PANA-Start-Request message that carries a Cookie AVP is never * PANA SA attributes:
retransmitted. A PANA-Start-Request message that does not carry a
Cookie AVP is retransmitted based on timer. A PANA-Start-Answer
message that carries a Cookie AVP is retransmitted based on timer. A
PANA-Start-Answer message that does not carry a Cookie AVP is never
retransmitted based on timer.
It is possible that both PAA and PaC initiate the discovery and + Nonce generated by PaC (PaC_nonce)
initial handshake procedure at the same time, i.e., the PAA sends a
PANA-Start-Request message while the PaC sends a PANA-PAA-Discover
message. To resolve the race condition, the PAA SHOULD silently
discard the PANA-PAA-Discover message received from the PaC after it
has sent a PANA-Start-Request message with creating a state (i.e., no
Cookie AVP included) for the PaC. In this case PAA will retransmit
PANA-Start-Request based on a timer, if PaC doesn't respond in time
(message was lost for example). If PAA had sent stateless
PANA-Start-Request message (i.e., a Cookie AVP was included), then it
SHOULD answer to the PANA-PAA-Discover message.
Figure 3 shows an example sequence for the discovery and initial + Nonce generated by PAA (PAA_nonce)
handshake phase when a PANA-PAA-Discover message is sent by a PaC.
Figure 4 shows an example sequence for the discovery and initial
handshake phase that is triggered by data traffic.
PaC PAA Message(tseq,rseq)[AVPs] + AAA-Key
------------------------------------------------------
-----> PANA-PAA-Discover(0,0)
<----- PANA-Start-Request(x,0)[Nonce, Cookie]
-----> PANA-Start-Answer(y,x)[Nonce, Cookie]
(continued to authentication phase)
Figure 3: Example Sequence for Discovery and Initial Handshake Phase + AAA-Key Identifier
when PANA-PAA-Discover is sent by PaC
PaC EP PAA Message(tseq,rseq)[AVPs] + PANA_MAC_KEY
------------------------------------------------------
---->o (Data packet arrival or L2 trigger)
------> PAA-to-EP protocol, or another mechanism
<------------ PANA-Start-Request(x,0)[Nonce, Cookie]
------------> PANA-Start-Answer(y,x)[Nonce, Cookie]
(continued to authentication phase)
Figure 4: Example Sequence for Discovery and Initial Handshake when The PANA_MAC_KEY is used to integrity protect PANA messages and
discovery is triggered by data traffic derived from AAA-Key(s). When two AAA-Keys (AAA-Key1 and AAA-Key2)
are generated as a result of double EAP authentication (see Section
4.2) the compound AAA-Key can be computed as follows ('|' indicates
concatenation):
4.2.1 Discovery and Initial Handshake with NAP-ISP Authentication AAA-Key = AAA-Key1 | AAA-Key2
Separation
In the discovery and initial handshake phase, a PAA MAY enable The PANA_MAC_KEY is computed in the following way:
NAP-ISP authentication separation ([I-D.ietf-pana-framework]) by
setting the S-flag of the message header of the PANA-Start-Request.
Also, the PANA-Start-Request MAY contain zero or one NAP-Information
AVP and zero or more ISP-Information AVPs to advertise the
information on the NAP and/or ISPs.
When a PaC receives the PANA-Start-Request message in response to the PANA_MAC_KEY = The first N bits of
PANA-PAA-Discover message, it responds with a PANA-Start-Answer HMAC_SHA1(AAA-Key, PaC_nonce | PAA_nonce | Session-ID)
message if it wishes to enter the authentication phase. The
PANA-Start-Answer message contains the initial sequence numbers in
the tseq and rseq fields of the PANA header, a copy of the received
Cookie (if any) as the PANA payload.
If the S-flag of the received PANA-Start-Request message is not set, where the value of N depends on the integrity protection algorithm in
PaC MUST NOT set the S-flag in the PANA-Start-Answer message sent use, i.e., N=160 for HMAC-SHA1. The length of AAA-Key MUST be N bits
back to the PAA. In this case, PaC MAY indicate its choice of ISP by or longer. See Section Section 5.4 for the detailed usage of the
including an ISP-Information AVP in the PANA-Start-Answer message. PANA_MAC_KEY.
When a AAA backend is used, the identity of the destination AAA
server or realm MUST be determined based on the explicitly chosen
ISP. When the ISP-Information AVP is not present, the access network
MAY rely on the client identifier carried in the EAP authentication
method to make this determination.
If the S-flag of the received PANA-Start-Request message is set, PaC 5.7 Error Handling
can indicate its desire to perform separate EAP authentication for
NAP and ISP by setting the S-flag in the PANA-Start-Answer message.
If the S-flag in the PANA-Start-Answer message is not set, only one
authentication is performed and the processing occurs as described in
Section 4.2. If the S-flag in the PANA-Start-Answer message is set,
the determination of the destination AAA server or realm for ISP
authentication is performed as described earlier. In addition, where
backend AAA servers are used for NAP authentication, the NAP is
considered the ultimate AAA realm, and the destination AAA server for
this authentication is determined entirely by the local configuration
on the access server hosting PAA (NAS).
The PaC can choose an ISP and contain an ISP-Information AVP for the A PANA-Error-Request message MAY be sent by either the PaC or the PAA
chosen ISP in a PANA-Start-Answer message even when there is no when a badly formed PANA message is received or in case of other
ISP-Information AVP contained in the PANA-Start-Request message. errors. The receiver of this request MUST respond with a
PANA-Error-Answer message. If the cause of this error message was a
request message (e.g., PANA-PAA-Discover or *-Request), then the
request MAY be retransmitted immediately without waiting for its
retransmission timer to go off. If the cause of the error was a
response message, the receiver of the PANA-Error-Request message
SHOULD NOT resend the same response until it receives the next
request.
When the S-flag is set in a PANA-Start-Request message, the initial To defend against DoS attacks a timer MAY be used. One (1) error
EAP Request MUST NOT be carried in the PANA-Start-Request message. notification is sent to each different sender each N seconds. N is a
(If the initial EAP Request were contained in the PANA-Start-Request configurable parameter.
message during the S-flag negotiation, the PaC cannot tell whether
the EAP Request is for NAP authentication or ISP authentication.)
4.3 Authentication Phase When an error message is sent unprotected with a MAC AVP and the
lower-layer is insecure, the error message is treated as an
informational message. The receiver of such an error message MUST
NOT change its state unless the error persists and the PANA session
is not making any progress.
The main task in authentication phase is to carry EAP messages 5.8 Device ID Choice
between PaC and PAA. EAP Request messages are carried in
PANA-Auth-Request messages and optionally carried in
PANA-Start-Request messages. EAP Response messages are carried in
PANA-Auth-Answer messages and optionally carried in PANA-Start-Answer
messages. When an EAP Success/Failure message is sent from a PAA,
the message is carried in a PANA-Bind-Request (PBR) or
PANA-FirstAuth-End-Request (PFER) message. The
PANA-FirstAuth-End-Reques message MUST be used at the end of the
first EAP when the PaC and PAA have negotiated during the discovery
and initial handshake phase to perform separate NAP and ISP
authentications in a single PANA authentication phase. Otherwise,
the PANA-Bind-Request message MUST be used. The PANA-Bind-Request
and PANA-FirstAuth-End-Request messages MUST be acknowledged with a
PANA-Bind-Answer (PBA) and a PANA-FirstAuth-End-Answer (PFEA)
messages, respectively. Figure 5 shows an example sequence for the
authentication phase without separating NAP and ISP authentications.
PaC PAA Message(tseq,rseq)[AVPs] The device identifier used in the context of PANA can be an IP
------------------------------------------------- address, a MAC address, or an identifier that is not carried in data
(continued from discovery and initial handshake phase) packets but has local significance in identifying a connected host
<----- PANA-Auth-Request(x+1,y)[Session-Id, EAP{Request}] (e.g., circuit id, PPP interface id). The last type of identifiers
-----> PANA-Auth-Answer(y+1,x+1)[Session-Id, EAP{Response}] are commonly used in point-to-point links where MAC addresses are not
. available and lower-layers are already physically or
. cryptographically secured.
<----- PANA-Auth-Request (x+2,y+1)[Session-Id, EAP{Request}]
-----> PANA-Auth-Answer (y+2,x+2)[Session-Id, EAP{Response}]
<----- PANA-Bind-Request(x+3,y+2)
[Session-Id, EAP{Success}, Device-Id, Lifetime,
Protection-Cap., PPAC, MAC]
-----> PANA-Bind-Answer(y+3,x+3)
[Session-Id, Device-Id, PPAC, MAC]
Figure 5: Example Sequence in Authentication Phase It is assumed that the PAA knows the link type and the security
mechanisms being provided or required on the access network (e.g.,
based on physical security, link-layer ciphers enabled before or
after PANA, or IPsec). Based on that information, the PAA can decide
what type of EP device id will be used when running PANA with the
client. When IPsec-based security [I-D.ietf-pana-ipsec] is the
choice of access control, the PAA SHOULD provide IP address(es) as
EP(s)' device ID, and expect the PaC to provide its IP address in
return. In case IPsec is not used, MAC addresses are used as device
IDs when available. If non-IPsec access control is enabled, and a
MAC address is not available, device ID exchange does not occur
within PANA. Instead, peers rely on lower-layers to provide
locally-significant identifiers along with received PANA packets.
When the PaC and PAA have negotiated during the discovery and initial 5.9 Updating PaC' Address
handshake phase to perform separate NAP and ISP authentications, the
S-flag of PANA-Auth-Request and PANA-Auth-Answer messages MUST be
set. Otherwise, the S-flag MUST NOT be set.
When separate NAP and ISP authentications are performed, the PAA A PaC's IP address can change in certain situations. For example,
determines the execution order of NAP authentication and ISP the PANA framework [I-D.ietf-pana-framework] describes a case in
authentication. In this case, the PAA can indicate which EAP which a PaC replaces a pre-PANA address (PRPA) with a post-PANA
authentication is currently occurring by using N-flag in the PANA address (POPA), and the PaC and PAA create host routes to each other
message header. When NAP authentication is performed, the N-flag in order to maintain on-link communication based on the POPA. The
MUST be set. When ISP authentication is performed, the N-flag MUST PAA needs to be notified about the change of PaC address.
NOT be set. The N-flag MUST NOT be set when S-flag is not set.
When separate NAP and ISP authentications are performed, if the first After the PaC has changed its address, it MUST send a
EAP authentication has failed, the PAA can choose not to perform the PANA-Update-Request message to the PAA. The message MUST carry the
second EAP authentication by clearing the S-flag of the new PaC address in an IP-Address AVP. If the address contained in
PANA-FirstAuth-End-Request message. In this case, the S-flag of the the request is invalid, the PAA MUST send a PANA-Error message with
PANA-FirstAuth-End-Answer message sent by the PaC MUST be cleared. the result code PANA_INVALID_IP_ADDRESS. Otherwise, the PAA MUST
If the S-flag of the PANA-FirstAuth-End-Request message is set when update the PANA session with the new PaC address and return a
the first EAP authentication has failed, the PaC can choose not to PANA-Update-Answer message. If there is an established PANA SA, both
perform the second EAP authentication by clearing the S-flag of the PANA-Update-Request and PANA-Update-Answer messages MUST be protected
PANA-FirstAuth-End-Answer message. If the first EAP authentication with a MAC AVP.
failed and the S-flag is not set in the PANA-FirstAuth-End-Answer
message as a result of those operations, the PANA session MUST be
immediately deleted. Otherwise, the second EAP authentication MUST
be performed.
Currently, use of multiple EAP methods in PANA is designed only for 5.10 Session Lifetime
NAP-ISP authentication separation. It is not for arbitrary EAP
method sequencing, or giving the PaC another chance when an
authentication method fails. The NAP and ISP authentication are
considered completely independent. Presence or success of one should
not effect the other. Making a network access authorization decision
based on the success or failure of each authentication is a network
policy issue.
When an EAP method that is capable of deriving keys is used during The authentication phase determines the PANA session lifetime when
the authentication phase and the keys are successfully derived, the the network access authorization succeeds. The Session-Lifetime AVP
PANA-FirstAuth-End-Request and PANA-FirstAuth-End-Answer and/or MAY be optionally included in the PANA-Bind-Request message to inform
PANA-Bind-Request and PANA-Bind-Answer messages, and all subsequent PaC about the valid lifetime of the PANA session. It MUST be ignored
PANA messages MUST contain a MAC AVP. when included in other PANA messages. When there are multiple EAP
authentication taking place, this AVP SHOULD be included after the
final authentication.
When separate NAP and ISP authentications are performed and the The lifetime is a non-negotiable parameter that can be used by PaC to
lower-layer is insecure, the two EAP methods MUST be capable of manage PANA-related state. PaC does not have to perform any actions
deriving keys. In this case, if the first EAP authentication is when the lifetime expires, other than optionally purging local state.
successful, the PANA-FirstAuth-End-Request and
PANA-FirstAuth-End-Answer messages as well as PANA-Auth-Request and
PANA-Auth-Answer messages in the second EAP authentication MUST be
protected with the key derived from the AAA-Key for the first EAP
authentication. The PANA-Bind-Request and PANA-Bind-Answer messages
and all subsequent PANA messages MUST be protected either with the
AAA-Key for the first EAP authentication if the first EAP
authentication succeeds and the second EAP authentication fails, or
with the AAA-Key for the second EAP authentication if the first EAP
authentication fails and the second EAP authentication succeeds, or
with the compound AAA-Key derived from the two AAA-Keys, one for the
first EAP authentication and the other from the second EAP
authentication, if both the first and second EAP authentications
succeed.
The PANA-Bind-Request and the PANA-Bind-Answer message exchange is PAA SHOULD initiate EAP authentication before the current session
also used for binding device identifiers of the PaC and the PAA to lifetime expires.
the PANA SA when the identifiers are either IP or MAC addresses. To
achieve this, the PANA-Bind-Request and the PANA-Bind-Answer SHOULD
contain a device identifier of the PAA and the PaC, respectively, in
a Device-Id AVP. Device identifier exchange that is protected by a
MAC AVP prevents man-in-the-middle attacks. The PaC MUST use the
same type of device identifier as contained in the PANA-Bind-Request
message. The PANA-Bind-Request message MAY also contain a
Protection-Capability AVP to indicate if link-layer or network-layer
ciphering should be initiated after PANA. No link layer or network
layer specific information is included in the Protection-Capability
AVP. When the information is preconfigured on the PaC and the PAA
this AVP can be omitted. It is assumed that at least PAA is aware of
the security capabilities of the access network. The PANA protocol
does not specify how the PANA SA and the Protection-Capability AVP
will be used to provide per-packet protection for data traffic.
Additionally, PANA-Bind-Request MUST include a PaC and PAA MAY optionally rely on lower-layer indications to
Post-PANA-Address-Configuration AVP, which helps PAA to inform PaC expedite the detection of a disconnected peer. Availability and
about whether a new IP address MUST be configured and the available reliability of such indications depend on the specific access
methods to do so. PaC MUST include a PPAC AVP in order to indicate technologies. PANA peer can use PANA-Ping-Request message to verify
its choice of method when there is a match between the methods the disconnection before taking an action.
offered by the PAA and the methods available on the PaC. When there
is no match, a PPAC AVP MUST NOT be included and the Result-Code AVP
MUST be set to PANA_PPAC_CAPABILITY_UNSUPPORTED in the
PANA-Bind-Answer message.
PANA-Bind-Request and PANA-Bind-Answer messages MUST be retransmitted The session lifetime parameter is not related to the transmission of
based on the retransmission rule described in Section 4.1.4. PANA-Ping-Request messages. These messages can be used for
asynchronously verifying the liveness of the peer. The decision to
send PANA-Ping-Request message is taken locally and does not require
coordination between the peers.
EAP authentication can fail at a pass-through authenticator without 5.11 Network Selection
sending an EAP-Failure message [I-D.ietf-eap-statemachine]. When
this occurs, the PAA SHOULD send a PANA-Error message to the PaC with
using PANA_UNABLE_TO_COMPLY result code. The PaC SHOULD ignore the
message unless it is secured by PANA or lower layer. In any case, a
more appropriate way is to rely on a timeout on the PaC.
There is a case where EAP authentication succeeds with producing an In a discovery and handshake phase, a PANA-Start-Request message sent
EAP-Success message but network access authorization fails due to, from the PAA MAY contain zero or one NAP-Information AVP and zero or
e.g., authorization rejected by a AAA proxy or authorization locally more ISP-Information AVPs to advertise the information on the NAP
rejected by a PAA. When this occurs, the PAA MUST send and/or ISPs. The PaC MAY indicate its choice of ISP by including an
PANA-Bind-Request with a result code PANA_AUTHORIZATION_REJECTED. If ISP-Information AVP in the PANA-Start-Answer message. When a AAA
a AAA-Key is established between PaC and PAA by the time when the backend is used, the identity of the destination AAA server or realm
EAP-Success is generated by the EAP server (this is the case when the MUST be determined based on the explicitly chosen ISP. When the
EAP method provides protected success indication), the this PANA-Bind ISP-Information AVP is not present, the access network MAY rely on
message exchange MUST be protected with a MAC AVP and with carrying a the client identifier carried in the EAP authentication method to
Key-Id AVP. The AAA-Key and the PANA session MUST be deleted after make this determination. The PaC can choose an ISP and contain an
the PANA-Bind message exchange. ISP-Information AVP for the chosen ISP in a PANA-Start-Answer message
even when there is no ISP-Information AVP contained in the
PANA-Start-Request message.
4.4 Re-authentication 5.12 Separate NAP and ISP Authentication
There are two types of re-authentication supported by PANA. PANA allows running at most two EAP sessions in sequence in an
authentication phase to support separate NAP and ISP authentication
as described in next sections. Currently, running multiple EAP
sessions in sequence in an authentication phase is designed only for
separate NAP and ISP authentication. It is not for running arbitrary
number of EAP sessions in sequence, or giving the PaC another chance
to try another EAP authentication method within an integrated NAP and
ISP authentication when an EAP authentication method fails. Within
separate NAP and ISP authentication, the NAP authentication and the
ISP authentication are considered completely independent. Presence
or success of one should not effect the other. Making a network
access authorization decision based on the success or failure of each
authentication is a network policy issue.
The first type of re-authentication is based on EAP by entering an 5.12.1 Negotiating Separate NAP and ISP Authentication
authentication phase. In this case, some or all message exchanges
for discovery and initial handshake phase MAY be omitted in the
following way. When a PaC wants to initiate EAP-based
re-authentication, it sends a unicast PANA-PAA-Discovery message to
the PAA. This message MUST contain a Session-Id AVP which is used
for identifying the PANA session on the PAA. If the PAA already has
an established PANA session for the PaC with the matching identifier,
it sends a PANA-Auth-Request message containing the same identifier
to start an authentication phase. If the PAA can not recognize the
session identifier, it proceeds with regular authentication by
sending back PANA-Start-Request. When the PAA initiates EAP-based
re-authentication, it sends a PANA-Auth-Request message containing
the session identifier for the PaC to enter an authentication phase.
PAA SHOULD initiate EAP authentication before the current session
lifetime expires. In both cases, the tseq and rseq values are
inherited from the previous (re-)authentication. For any EAP-based
re-authentication, if there is an established PANA SA,
PANA-Auth-Request and PANA-Auth-Answer messages MUST be protected by
adding a MAC AVP to each message. Any subsequent EAP-based
authentication MUST be performed with the same ISP and NAP that was
selected during the initial authentication. An example sequence for
the EAP-based re-authentication initiated by a PaC is shown in Figure
6.
PaC PAA Message When the PaC and PAA negotiates in the discovery and handshake phase
------------------------------------------------------ to perform separate NAP and ISP authentication, the PaC and the PAA
-----> PANA-PAA-Discover(0,0)[Session-Id] operate in the following way in addition to the behavior defined in
<----- PANA-Auth-Request(p,q)[Session-Id, EAP, MAC] Section 4.1
-----> PANA-Auth-Answer(q+1,p)[Session-Id, EAP, MAC]
<----- PANA-Auth-Request(p+1,q+1)[Session-Id, EAP, MAC]
-----> PANA-Auth-Answer(q+2,p+1)[Session-Id, EAP, MAC]
<----- PANA-Bind-Request(p+2,q+2)
[Session-Id, EAP{Success}, Device-Id, Key-Id,
Lifetime, Protection-Cap., PPAC, MAC]
-----> PANA-Bind-Answer(q+3,p+2)
[Session-Id, Device-Id, Key-Id, PPAC, MAC]
Figure 6: Example Sequence for EAP-based re-authentication initiated In the discovery and handshake phase, the PAA MAY enable separate NAP
by PaC and ISP authentication ([I-D.ietf-pana-framework]) by setting the
S-flag of the message header of the PANA-Start-Request.
The second type of re-authentication is based on a single protected If the S-flag of the received PANA-Start-Request message is not set,
message exchange without entering the authentication phase. the PaC MUST NOT set the S-flag in the PANA-Start-Answer message sent
PANA-Reauth-Request and PANA-Reauth-Answer messages are used for this back to the PAA.
purpose. If there is an established PANA session, both the PaC and
the PAA are allowed to send a PANA-Reauth-Request message to the
communicating peer whenever they need to make sure the availability
of the session on the peer and expect the peer to return a
PANA-Reauth-Answer message. Both PANA-Reauth-Request and
PANA-Reauth-Answer messages MUST be protected with a MAC AVP when a
PANA SA is available.
Implementations MUST limit the rate of performing re-authentication If the S-flag of the received PANA-Start-Request message is set, the
for both types of re-authentication. The PaC and the PAA can handle PaC can indicate its desire to perform separate NAP and ISP
rate limitation on their own, they do not have to perform any authentication by setting the S-flag in the PANA-Start-Answer
coordination with each other. There is no negotiation of timers for message. If the S-flag in the PANA-Start-Answer message is not set,
this purpose. only one authentication is performed and the processing occurs as
described in Section 4.1. If the S-flag in the PANA-Start-Answer
message is set, the determination of the destination AAA server or
realm for ISP authentication is performed as described in Section
5.11. In addition, where backend AAA servers are used for NAP
authentication, the NAP is considered the ultimate AAA realm, and the
destination AAA server for this authentication is determined entirely
by the local configuration on the access server hosting the PAA
(NAS).
Figure 7 and Figure 8 show re-authentication procedures based on When the S-flag is set in a PANA-Start-Request message, the initial
PANA-Reauth exchange initiated by a PaC and a PAA, respectively. EAP Request MUST NOT be carried in the PANA-Start-Request message.
(If the initial EAP Request were contained in the PANA-Start-Request
message during the S-flag negotiation, the PaC cannot tell whether
the EAP Request is for NAP authentication or ISP authentication.)
PaC PAA Message(tseq,rseq)[AVPs] 5.12.2 Execution of Separate NAP and ISP Authentication
------------------------------------------------------
-----> PANA-Reauth-Request(q,p)[Session-Id, MAC]
<----- PANA-Reauth-Answer(p+1,q)[Session-Id, MAC]
Figure 7: Example Sequence for PaC-initiated second type When the PaC and PAA have negotiated in the discovery and handshake
Re-authentication phase to perform separate NAP and ISP authentication, the PaC and the
PAA operate in the following way in addition to the behavior defined
in Section 4.2
PaC PAA Message(tseq,rseq)[AVPs] o The S-flag of PANA-Auth-Request and PANA-Auth-Answer messages MUST
------------------------------------------------------ be set.
<----- PANA-Reauth-Request(p,q)[Session-Id, MAC]
-----> PANA-Reauth-Answer(q+1,p)[Session-Id, MAC]
Figure 8: Example Sequence for PAA-initiated second type o An EAP Success/Failure message is carried in a
Re-authentication PANA-FirstAuth-End-Request (PFER) message as well as a
PANA-Bind-Request (PBR) message. The PANA-FirstAuth-End-Request
message MUST be used at the end of the first EAP authentication
and the PANA-Bind-Request MUST be used for the second EAP
authentication. The PANA-FirstAuth-End-Request messages MUST be
acknowledged with a PANA-FirstAuth-End-Answer (PFEA) message.
4.5 Termination Phase o If the first EAP authentication has failed, the PAA can choose not
to perform the second EAP authentication by clearing the S-flag of
the PANA-FirstAuth-End-Request message. In this case, the S-flag
of the PANA-FirstAuth-End-Answer message sent by the PaC MUST be
cleared. If the S-flag of the PANA-FirstAuth-End-Request message
is set when the first EAP authentication has failed, the PaC can
choose not to perform the second EAP authentication by clearing
the S-flag of the PANA-FirstAuth-End-Answer message. If the first
EAP authentication failed and the S-flag is not set in the
PANA-FirstAuth-End-Answer message as a result of those operations,
the PANA session MUST be immediately deleted. Otherwise, the
second EAP authentication MUST be performed.
A procedure for explicitly terminating a PANA session can be o The PAA determines the execution order of NAP authentication and
initiated either from PaC (i.e., disconnect indication) or from PAA ISP authentication. In this case, the PAA can indicate which
(i.e., session revocation). The PANA-Termination-Request and the authentication (NAP authentication or ISP authentication) is
PANA-Termination-Answer message exchanges are used for disconnect currently occurring by using N-flag in the PANA message header.
indication and session revocation procedures. When NAP authentication is being performed, the N-flag MUST be
set. When ISP authentication is being performed, the N-flag MUST
NOT be set. The N-flag MUST NOT be set when S-flag is not set.
The reason for termination is indicated in the Termination-Cause AVP. 5.12.3 AAA-Key Calculation
When there is an established PANA SA established between the PaC and
the PAA, all messages exchanged during the termination phase MUST be
protected with a MAC AVP. When the sender of the
PANA-Termination-Request receives a valid acknowledgment, all states
maintained for the PANA session MUST be deleted immediately.
PaC PAA Message(tseq,rseq)[AVPs] When the PaC and PAA have negotiated in the discovery and handshake
------------------------------------------------------ phase to perform separate NAP and ISP authentication, if the
-----> PANA-Termination-Request(q,p)[Session-Id, MAC] lower-layer is insecure, the two EAP authentication methods used in
<----- PANA-Termination-Answer(p+1,q)[Session-Id, MAC] the separate authentication MUST be capable of deriving keys. In
this case, if the first EAP authentication is successful, the
PANA-FirstAuth-End-Request and PANA-FirstAuth-End-Answer messages as
well as PANA-Auth-Request and PANA-Auth-Answer messages in the second
EAP authentication MUST be protected with the key derived from the
AAA-Key for the first EAP authentication. The PANA-Bind-Request and
PANA-Bind-Answer messages and all subsequent PANA messages exchanged
in authorized phase, re-authentication phase and termination phase
MUST be protected either with the AAA-Key for the first EAP
authentication if the first EAP authentication succeeds and the
second EAP authentication fails, or with the AAA-Key for the second
EAP authentication if the first EAP authentication fails and the
second EAP authentication succeeds, or with the compound AAA-Key
derived from the two AAA-Keys, one for the first EAP authentication
and the other from the second EAP authentication, if both the first
and second EAP authentications succeed.
Figure 9: Example Sequence for Session Termination 5.12.4 Re-authentication
4.6 Example Sequence for NAP and ISP Separate Authentications When separate ISP and NAP authentication is performed, it is possible
that different authorization lifetime values are associated with the
two authentications. In this case, the smaller authorization
lifetime value MUST be used for calculating the PANA Session-Lifetime
value. As a result, when entering a re-authentication phase, both
NAP and ISP authentication will be performed in the same
re-authentication phase.
A PANA message sequence where NAP and ISP separate authentications 5.12.5 Example Sequence
occur is illustrated in Figure 10. The example assumes the following
scenario:
o The PaC multicasts PANA-PAA-Discover message. A PANA message sequence with separate NAP and ISP authentication is
illustrated in Figure 9. The example assumes the following scenario:
o The ISNs used by the PAA and the PaC are x and y, respectively. o The PaC initiates the discovery and handshake phase.
o The PAA offers NAP and ISP separate authentications, as well as a o The PAA offers separate NAP and ISP authentication, as well as a
choice of ISP from "ISP1" and "ISP2". The PaC accepts the offer choice of ISP from "ISP1" and "ISP2". The PaC accepts the offer
from PAA, with choosing "ISP1" as the ISP. from PAA, with choosing "ISP1" as the ISP.
o An EAP sequence for NAP authentication and an EAP sequence for ISP o NAP authentication and ISP authentication is performed in this
authentication is performed in this order in authentication phase. order in authentication phase.
o An EAP authentication method with a single round trip is used in o An EAP authentication method with a single round trip is used in
each EAP sequence. each EAP sequence.
o Two AAA-Keys are derived from the EAP authentication methods,
i.e., AAA-Key1 and AAA-Key2. The PANA_MAC_KEY is first derived
from the AAA-Key1 upon the completion of the first EAP, and then
it is updated so that it is derived from both AAA-Key1 and
AAA-Key2 upon the completion of the second EAP.
o After a PANA SA is established, all messages are integrity and o After a PANA SA is established, all messages are integrity and
replay protected with MAC AVPs. replay protected with MAC AVPs.
o Re-authentication based on the PANA-Reauth exchange is performed. o Authorization, re-authentication and termination phases are not
shown.
o Re-authentication and termination phase are not shown.
o Session-Id AVP is not shown.
PaC PAA Message(tseq,rseq)[AVPs] PaC PAA Message(seqno)[AVPs]
----------------------------------------------------- -----------------------------------------------------
// Discovery and initial handshake phase // Discovery and handshake phase
-----> PANA-PAA-Discover(0,0) -----> PANA-PAA-Discover(0)
<----- PANA-Start-Request(x,0) // S-flag set <----- PANA-Start-Request(x) // S-flag set
[Nonce, Cookie, ISP-Information("ISP1"), [Nonce, Cookie,
ISP-Information("ISP1"),
ISP-Information("ISP2"), ISP-Information("ISP2"),
NAP-Information("MyNAP")] NAP-Information("MyNAP")]
-----> PANA-Start-Request-Answer(y,x) // S-flag set -----> PANA-Start-Answer(x) // S-flag set
[Nonce, Cookie, ISP-Information("ISP1")]// PaC chooses "ISP1" [Nonce, Cookie, // PaC chooses "ISP1"
ISP-Information("ISP1")]
// Authentication phase // Authentication phase
<----- PANA-Auth-Request(x+1,y)[EAP] // NAP authentication <----- PANA-Auth-Request(x+1) // NAP authentication
// S- and N-flags set [Session-Id, EAP{Request}] // S- and N-flags set
-----> PANA-Auth-Answer(y+1,x+1)[EAP] // S- and N-flags set -----> PANA-Auth-Answer(x+1) // S- and N-flags set
<----- PANA-Auth-Request(x+2,y+1)[EAP] // S- and N-flags set [Session-Id] // No piggybacking
-----> PANA-Auth-Answer(y+2,x+2)[EAP] // S- and N-flags set -----> PANA-Auth-Request(y) // S- and N-flags set
<----- PANA-FirstAuth-End-Request(x+3,y+2) // S- and N-flags set [Session-Id, EAP{Response}]
[EAP{Success}, Key-Id, MAC] <----- PANA-Auth-Answer(y)[Session-Id] // S- and N-flags set
-----> PANA-FirstAuth-End-Answer(y+3,x+3) // S- and N-flags set <----- PANA-Auth-Request(x+2) // S- and N-flags set
[Key-Id, MAC] [Session-Id, EAP{Request}]
<----- PANA-Auth-Request(x+3,y+4)[EAP, MAC]// ISP authentication -----> PANA-Auth-Answer(x+2) // S- and N-flags set
// S-flag set [Session-Id, EAP{Response}] // Piggybacking
-----> PANA-Auth-Answer(y+4,x+4)[EAP, MAC] // S-flag set <----- PANA-FirstAuth-End-Request(x+3) // S- and N-flags set
<----- PANA-Auth-Request(x+4,y+5)[EAP, MAC]// S-flag set [Session-Id, EAP{Success}, Key-Id, MAC]
-----> PANA-Auth-Answer(y+5,x+5)[EAP, MAC] // S-flag set -----> PANA-FirstAuth-End-Answer(x+3) // S- and N-flags set
<----- PANA-Bind-Request(x+5,y+6) // S-flag set [Session-Id, Key-Id, MAC]
[EAP{Success}, Device-Id, Key-Id, <----- PANA-Auth-Request(x+4) // ISP authentication
Lifetime, Protection-Cap., PPAC, MAC] [Session-Id, EAP{Request}, MAC] // S-flag set
-----> PANA-Bind-Answer(y+6,x+5) // S-flag set -----> PANA-Auth-Answer(x+4) // S-flag set
[Device-Id, Key-Id, PPAC, MAC] [Session-Id, MAC] // No piggybacking
-----> PANA-Auth-Request(y+1) // S-flag set
Figure 10: A Complete Message Sequence for NAP and ISP Separate [Session-Id, EAP{Response}, MAC]
Authentications <----- PANA-Auth-Answer(y+1) // S-flag set
[Session-Id, MAC]
4.7 Responding to Duplicate Requests <----- PANA-Auth-Request(x+5) // S-flag set
[Session-Id, EAP{Request}, MAC]
Since PANA is designed over UDP, an answer as well as a request can -----> PANA-Auth-Answer(x+5) // S-flag set
be lost. In order to provide robustness against possible loss of [Session-Id, EAP{Response}, MAC] // Piggybacking
synchronization between a PaC and a PAA, the responder MAY send a <----- PANA-Bind-Request(x+6) // S-flag set
duplicate answer to a request that it had just answered. The only [Session-Id, EAP{Success}, Device-Id,
difference between two consecutive duplicate requests are the IP-Address, Key-Id, Lifetime,
sequence numbers and the content of MAC AVP (when present). Protection-Cap., PPAC, MAC]
-----> PANA-Bind-Answer(x+6) // S-flag set
o When a PaC receives a duplicate PANA-Start-Request message for [Session-Id, Device-Id, Key-Id,
which it has already answered, it SHOULD send a duplicate PPAC, MAC]
PANA-Start-Answer message until it receives a valid
PANA-Auth-Request message.
o When a PaC receives a duplicate PANA-FirstAuth-End-Request message
for which it has already answered, it SHOULD send a duplicate
PANA-FirstAuth-End-Answer message until it receives a valid
PANA-Auth-Request message for the second EAP authentication.
o When a PaC receives a duplicate PANA-Bind-Request message for
which it has already answered, it SHOULD send a duplicate
PANA-Bind-Answer message until it receives some hint provided
outside the PANA protocol (e.g., receipt of a secure association
protocol message from an EP or receipt of data traffic) indicating
that the PAA has received a PANA-Bind-Answer message.
o When a PaC or a PAA receives a duplicate PANA-Termination-Request
message for which it has already answered, it MAY send a duplicate
PANA-Termination-Answer message in accordance with the timers
described in Section 7.
4.8 Device ID Choice
The device identifier used in the context of PANA can be an IP
address, a MAC address, or an identifier that is not carried in data
packets but has local significance in identifying a connected host
(e.g., circuit ID). The last type of identifiers are commonly used
in physically secured point-to-point links where MAC addresses are
not available.
It is assumed that the PAA knows the link type and the security
mechanisms being provided or required on the access network (e.g.,
based on physical security, link-layer ciphers enabled before or
after PANA, or IPsec). Based on that information, the PAA can decide
what type of device ID will be used when running PANA with the
client. When IPsec-based security [I-D.ietf-pana-ipsec] is the
choice of access control, the PAA SHOULD provide an IP address as
device ID, and expect the PaC to provide its IP address in return.
In case IPsec is not used, MAC addresses are used as device IDs when
available. If non-IPsec access control is enabled, and a MAC address
is not available, device ID exchange does not occur within PANA.
Instead, peers rely on lower-layers to provide locally-significant
identifiers along with received PANA packets.
4.9 Updating PaC' Address
A PaC's IP address can change in certain situations. For example,
the PANA framework [I-D.ietf-pana-framework] describes a case in
which a PaC replaces a pre-PANA address (PRPA) with a post-PANA
address (POPA), and the PaC and PAA create host routes to each other
in order to maintain on-link communication based on the POPA. The
PAA needs to be notified about the change of PaC address.
After the PaC has changed its address, it MUST send a
PANA-Update-Request message to the PAA. The message MUST carry the
new PaC address in an IP-Address AVP. If the address contained in
the request is invalid, the PAA MUST send a PANA-Error message with
the result code PANA_INVALID_IP_ADDRESS. Otherwise, the PAA MUST
update the PANA session with the new PaC address and return a
PANA-Update-Answer message. If there is an established PANA SA, both
PANA-Update-Request and PANA-Update-Answer messages MUST be protected
with a MAC AVP.
4.10 Session Lifetime
The authentication phase determines the PANA session lifetime when
the network access authorization succeeds. The Session-Lifetime AVP
MAY be optionally included in the PANA-Bind-Request message to inform
PaC about the valid lifetime of the PANA session. It MUST be ignored
when included in other PANA messages. When there are multiple EAP
authentication taking place, this AVP SHOULD be included after the
final authentication.
The lifetime is a non-negotiable parameter that can be used by PaC to
manage PANA-related state. PaC does not have to perform any actions
when the lifetime expires, other than optionally purging local state.
PAA SHOULD initiate EAP authentication before the current session
lifetime expires.
PaC and PAA MAY optionally rely on lower-layer indications to
expedite the detection of a disconnected peer. Availability and
reliability of such indications depend on the specific access
technologies. PANA peer can use PANA-Reauth-Request message to
verify the disconnection before taking an action.
The session lifetime parameter is not related to the transmission of
PANA-Reauth-Request messages. These messages can be used for
asynchronously verifying the liveness of the peer and enabling
mobility optimizations. The decision to send PANA-Reauth-Request
message is taken locally and does not require coordination between
the peers.
When separate EAP authentications are performed for ISP and NAP in a Figure 9: A Complete Message Sequence for Separate NAP and ISP
single PANA session, it is possible that different authorization Authentication
lifetime values are associated with the two authentications. In this
case, the smaller authorization lifetime value MUST be used for
calculating the PANA Session-Lifetime value. As a result, when
EAP-based re-authentication occurs, both NAP and ISP authentications
will be performed in the same re-authentication procedure.
4.11 Retransmission of Duplicate Answers 6. Security and Mobility
Since PANA is designed over UDP, an answer as well as a request can 6.1 PANA Security Association Establishment
be lost. In order to improve robustness against possible loss of
synchronization between a PaC and a PAA, the responder of a request
MAY send a duplicate answer to a duplicate request for which already
answered (as well as a fresh answer to a new request if any). In
PANA, a duplicate PANA-Start-Request or PANA-Start-Answer message has
the same contents as the original request or answer, respectively. A
duplicate request other than PANA-Start-Request has the same contents
as the original request except for the transmission sequence number
and a MAC AVP (if any). Also, a duplicate answer other than
PANA-Start-Answer has the same contents as the original answer except
for the transmission and receiving sequence numbers and a MAC AVP (if
any). Retransmission of a duplicate answer in response to a
duplicate request occurs in the following ways.
o When a PaC receives a duplicate PANA-Start-Request message for When PANA is used over an already established secure channel, such as
which it has already answered, it MAY send a duplicate physically secured wires or ciphered link-layers, we can reasonably
PANA-Start-Answer message until it receives a valid assume that man-in-the-middle attacks or service theft is not
PANA-Auth-Request message. possible. See [I-D.ietf-pana-threats-eval] for a detailed
discussion.
o When a PaC receives a duplicate PANA-FirstAuth-End-Request message In environments where no secure channel prior to the PANA execution
for which it has already answered, it MAY send a duplicate is available, PANA needs to protect itself against a number of
PANA-FirstAuth-End-Answer message until it receives a valid attacks. The device identifier that is used during the
PANA-Auth-Request message for the second EAP authentication. authentication needs to be verified at the end of the authentication
to prevent service theft and DoS attacks. Additionally, a free
loader should be prevented from spoofing data packets by using the
device identifier of an already authorized legitimate client. Both
of these requirements necessitate generation of a security
association between the PaC and the PAA at the end of the
authentication. This can only be done when the authentication method
used can generate session keys. Use of session keys can prevent
attacks which would otherwise be very easy to launch by eavesdropping
on and spoofing traffic over an insecure link.
o When a PaC receives a duplicate PANA-Bind-Request message for The EAP method provided session key is transported to the PAA (if
which it has already answered, it MAY send a duplicate necessary) and is subsequently input to the creation of the PANA SA.
PANA-Bind-Answer message until it receives some hint provided Applying the PANA SA to the messages exchanged during the final PANA
outside the PANA protocol (e.g., receipt of a secure association handshake provides implicit key confirmation to both the PAA and the
protocol message from an EP or receipt of data traffic) indicating PaC. Implicit key confirmation shows both, the PaC and the PAA, that
that the PAA has received a PANA-Bind-Answer message. they possess the unique and fresh session key.
o When a PaC or a PAA receives a duplicate PANA-Termination-Request Protecting the final PANA handshake also ensures that the device
message for which it has already answered, it MAY send a duplicate identifier (and other information) cannot be modified by an
PANA-Termination-Answer message for a while before deleting the adversary. Further usage of the keying material is discussed in
PANA session. The period to send duplicate [I-D.ietf-pana-framework].
PANA-Termination-Answer messages may be a configurable parameter.
4.12 Mobility Handling 6.2 Mobility
A mobile PaC's network access authentication performance can be A mobile PaC's network access authentication performance can be
enhanced by deploying a context-transfer-based mechanism, where some enhanced by deploying a context-transfer-based mechanism, where some
session attributes are transferred from the previous PAA to the new session attributes are transferred from the previous PAA to the new
one in order to avoid performing a full EAP authentication (reactive one in order to avoid performing a full EAP authentication (reactive
approach). Additional mechanisms that are based on the proactive AAA approach). Additional mechanisms that are based on the proactive AAA
state establishment at one or more candidate PAAs may be developed in state establishment at one or more candidate PAAs may be developed in
the future [I-D.irtf-aaaarch-handoff]. The details of a the future [I-D.irtf-aaaarch-handoff]. The details of a
context-transfer-based mechanism is provided in this section. context-transfer-based mechanism is provided in this section.
skipping to change at page 32, line 31 skipping to change at page 33, line 23
If a PAA receives a session identifier in the PANA-Start-Answer If a PAA receives a session identifier in the PANA-Start-Answer
message, and it is configured to enable this optimization, it SHOULD message, and it is configured to enable this optimization, it SHOULD
retrieve the PANA session attributes from the previous PAA. Current retrieve the PANA session attributes from the previous PAA. Current
PAA determines the identity of the previous PAA by looking at the PAA determines the identity of the previous PAA by looking at the
DiameterIdentity part of the PANA session identifier. The MAC AVP DiameterIdentity part of the PANA session identifier. The MAC AVP
can only be verified by the previous PAA, therefore a copy of the can only be verified by the previous PAA, therefore a copy of the
PANA message SHOULD be provided to the previous PAA. The mechanism PANA message SHOULD be provided to the previous PAA. The mechanism
required to send a copy of the PANA-Start-Answer message from current required to send a copy of the PANA-Start-Answer message from current
PAA to the previous PAA, and retrieve the session attributes is PAA to the previous PAA, and retrieve the session attributes is
outside the scope of PANA protocol. Seamoby Context Transfer outside the scope of PANA protocol. The Context Transfer Protocol
Protocol [I-D.ietf-seamoby-ctp] might be useful for this purpose. [I-D.ietf-seamoby-ctp] might be useful for this purpose.
When the previous or current PAA is not configured to enable this When the previous or current PAA is not configured to enable this
optimization, the current PAA can not retrieve the PANA session optimization, the current PAA can not retrieve the PANA session
attributes, or the PANA session has already expired (i.e., session attributes, or the PANA session has already expired (i.e., session
lifetime is zero), the PAA MUST send the PANA-Auth-Request message lifetime is zero), the PAA MUST send the PANA-Auth-Request message
with a new session identifier and let the PANA exchange take its with a new session identifier and let the PANA exchange take its
usual course. This action will engage EAP-based authentication and usual course. This action will engage EAP-based authentication and
create a fresh PANA session from scratch. create a fresh PANA session from scratch.
In case the current PAA can retrieve the on-going PANA session In case the current PAA can retrieve the on-going PANA session
skipping to change at page 33, line 16 skipping to change at page 34, line 9
current PAA. Session-ID is the identifier of the PaC's PANA session current PAA. Session-ID is the identifier of the PaC's PANA session
with the previous PAA. with the previous PAA.
The current PAA and PaC compute the new AAA-Key by using the nonce The current PAA and PaC compute the new AAA-Key by using the nonce
values and the AAA-Key-int. values and the AAA-Key-int.
AAA-Key-new = The first N bits of AAA-Key-new = The first N bits of
HMAC-SHA1(AAA-Key-int, PaC_nonce | PAA_nonce) HMAC-SHA1(AAA-Key-int, PaC_nonce | PAA_nonce)
New PANA_MAC_KEY is computed based on the algorithm described in New PANA_MAC_KEY is computed based on the algorithm described in
Section 4.1.5, by using the new AAA-Key and the new Session-ID Section 5.6, by using the new AAA-Key and the new Session-ID assigned
assigned by the current PAA. The MAC AVP contained in the by the current PAA. The MAC AVP contained in the PANA-Bind-Request
PANA-Bind-Request and PANA-Bind-Answer messages MUST be generated and and PANA-Bind-Answer messages MUST be generated and verified by using
verified by using the new PANA_MAC_KEY. The Session-ID AVP MUST the new PANA_MAC_KEY. The Session-ID AVP MUST include a new session
include a new session identifier assigned by the current PAA. A new identifier assigned by the current PAA. A new PANA session is
PANA session is created upon successful completion of this exchange. created upon successful completion of this exchange.
Note that correct operation of this optimization relies on many Note that correct operation of this optimization relies on many
factors, including applicability of authorization state from one factors, including applicability of authorization state from one
network attachment to another. [I-D.ietf-eap-keying] identifies this network attachment to another. [I-D.ietf-eap-keying] identifies this
operation as "fast handoff" and provides deployment considerations. operation as "fast handoff" and provides deployment considerations.
Operators are recommended to take those guidelines into account when Operators are recommended to take those guidelines into account when
using this optimization in their networks. using this optimization in their networks.
4.13 Support for Separate EP 7. PANA Headers and Formats
PANA allows the PAA and the EP to be separate entities. In this
case, if data traffic protection needs to be initiated after
successful PANA authentication phase, the PaC needs to know the
device identifier of EP(s) so that it is able to establish a security
association with each EP to protect data traffic.
To this end, when a Protection-Capability AVP with either
L2_PROTECTION or IPSEC_PROTECTION in the AVP payload is carried in a
PANA-Bind-Request message and if there is an EP that has a different
device identifier than that of the PAA, one or more EP-Device-Id AVPs
MUST also be carried in the PANA-Bind-Request message. In this case,
if one EP has the same device identifier as the PAA, an EP-Device-Id
AVP that contains the device identifier of the EP (i.e., the PAA)
MUST also be included in the PANA-Bind-Request.
Aside from provisioning the EP, the same PAA-to-EP protocol MAY be
used for triggering the PAA upon detecting the need to authenticate a
new client.
5. PANA Security Association Establishment
When PANA is used over an already established secure channel, such as
physically secured wires or ciphered link-layers, we can reasonably
assume that man-in-the-middle attacks or service theft is not
possible. See [I-D.ietf-pana-threats-eval] for a detailed
discussion.
In environments where no secure channel prior to the PANA execution
is available, PANA needs to protect itself against a number of
attacks. The device identifier that is used during the
authentication needs to be verified at the end of the authentication
to prevent service theft and DoS attacks. Additionally, a free
loader should be prevented from spoofing data packets by using the
device identifier of an already authorized legitimate client. Both
of these requirements necessitate generation of a security
association between the PaC and the PAA at the end of the
authentication. This can only be done when the authentication method
used can generate session keys. Use of session keys can prevent
attacks which would otherwise be very easy to launch by eavesdropping
on and spoofing traffic over an insecure link.
The EAP method provided session key is transported to the PAA (if
necessary) and is subsequently input to the creation of the PANA SA.
Applying the PANA SA to the messages exchanged during the final PANA
handshake provides implicit key confirmation to both the PAA and the
PaC. Implicit key confirmation shows both, the PaC and the PAA, that
they possess the unique and fresh session key.
Protecting the final PANA handshake also ensures that the device
identifier (and other information) cannot be modified by an
adversary. Further usage of the keying material is discussed in
[I-D.ietf-pana-framework].
6. Message Formats
This section defines message formats for PANA protocol. This section defines message formats for PANA protocol.
6.1 IP and UDP Headers 7.1 IP and UDP Headers
The Hop Limit (or TTL) field of the IP header MUST be set to 255. The Hop Limit (or TTL) field of the IP header MUST be set to 255.
When a PANA-PAA-Discover message is multicast, IP destination address When a PANA-PAA-Discover message is multicast, IP destination address
of the message is set to a well-known link-local multicast address of the message is set to a well-known link-local multicast address
(TBD). A PANA-PAA-Discover message MAY be unicast in some cases as (TBD). A PANA-PAA-Discover message MAY be unicast in some cases as
specified in Section 4.2. Any other PANA packet is unicasted between specified in Section 4.1. Any other PANA packet is unicast between
the PaC and the PAA. The source and destination addresses SHOULD be the PaC and the PAA. The source and destination addresses SHOULD be
set to the addresses on the interfaces from which the message will be set to the addresses on the interfaces from which the message will be
sent and received, respectively. sent and received, respectively.
When the PANA packet is sent in response to a request, the UDP source When the PANA packet is sent in response to a request, the UDP source
and destination ports of the response packet MUST be copied from the and destination ports of the response packet MUST be copied from the
destination and source ports of the request packet, respectively. destination and source ports of the request packet, respectively.
The destination port of an unsolicited PANA packet MUST be set to an The destination port of an unsolicited PANA packet MUST be set to an
assigned value (TBD), and the source port MUST be set to a value assigned value (TBD), and the source port MUST be set to a value
chosen by the sender. chosen by the sender.
6.2 PANA Header 7.2 PANA Header
A summary of the PANA header format is shown below. The fields are A summary of the PANA header format is shown below. The fields are
transmitted in network byte order. transmitted in network byte order.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Version | Message Length | | Version | Reserved | Message Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Flags | Message Type | | Flags | Message Type |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Transmitted Sequence Number | | Sequence Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Received Sequence Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| AVPs ... | AVPs ...
+-+-+-+-+-+-+-+-+-+-+-+-+- +-+-+-+-+-+-+-+-+-+-+-+-+-
Version Version
This Version field MUST be set to 1 to indicate PANA Version 1. This Version field MUST be set to 1 to indicate PANA Version 1.
Reserved
This 8-bit field is reserved for future use, and MUST be set to
zero, and ignored by the receiver.
Message Length Message Length
The Message Length field is three octets and indicates the length The Message Length field is three octets and indicates the length
of the PANA message including the header fields. of the PANA message including the header fields.
Flags Flags
The Flags field is eight bits. The following bits are assigned: The Flags field is eight bits. The following bits are assigned:
0 1 2 3 4 5 6 7 0 1
+-+-+-+-+-+-+-+-+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
|R r r r S N r r| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+-+-+-+-+-+-+-+-+ |R S N r r r r r r r r r r r r r|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
R(equest) R(equest)
If set, the message is a request. If cleared, the message is If set, the message is a request. If cleared, the message is
an answer. an answer.
S(eparate) S(eparate)
When the S-flag is set in a PANA-Start-Request message it When the S-flag is set in a PANA-Start-Request message it
indicates that PAA is willing to offer separate EAP indicates that PAA is willing to offer separate NAP and ISP
authentications for NAP and ISP. When the S-flag is set in a authentication. When the S-flag is set in a PANA-Start-Answer
PANA-Start-Answer message it indicates that PaC accepts on message it indicates that the PaC accepts on performing
performing separate EAP authentications for NAP and ISP. When separate NAP and ISP authentication. When the S-flag is set in
the S-flag is set in a PANA-Auth-Request/Answer, a PANA-Auth-Request/Answer, PANA-FirstAuth-End-Request/Answer
PANA-FirstAuth-End-Request/Answer and PANA-Bind-Request/Answer and PANA-Bind-Request/Answer messages it indicates that
messages it indicates that separate authentications are being separate NAP and ISP authentication is being performed in the
performed in the authentication phase. authentication phase. For other cases, S-flag MUST NOT be set.
N(AP authentication) N(AP authentication)
When the N-flag is set in a PANA-Auth-Request message, it When the N-flag is set in a PANA-Auth-Request message, it
indicates that PAA is performing NAP authentication. When the indicates that the current EAP authentication is for NAP
N-flag is unset in a PANA-Auth-Request message, it indicates authentication. When the N-flag is unset in a
that PAA is performing ISP authentication. The N-flag MUST NOT PANA-Auth-Request message, it indicates that the current EAP
be set when S-flag is not set. authentication is for ISP authentication. The PaC MUST copy
the value of the flag in its requests from the last received
request of the PAA. The value of the flag on an answer MUST be
copied from the request. The N-flag MUST NOT be set when
S-flag is not set.
r(eserved) r(eserved)
these flag bits are reserved for future use, and MUST be set to these flag bits are reserved for future use, and MUST be set to
zero, and ignored by the receiver. zero, and ignored by the receiver.
Message Type Message Type
The Message Type field is three octets, and is used in order to The Message Type field is two octets, and is used in order to
communicate the message type with the message. The 24-bit address communicate the message type with the message. The 16-bit address
space is managed by IANA [ianaweb]. PANA uses its own address space is managed by IANA [ianaweb]. PANA uses its own address
space for this field. space for this field.
Transmitted Sequence Number Sequence Number
The Transmitted Sequence Number field contains the monotonically
increasing 32 bit sequence number that the message sender
increments every time a new PANA message is sent.
Received Sequence Number
The Received Sequence Number field contains the 32 bit transmitted The Sequence Number field contains a 32 bit value.
sequence number that the message sender has last received from its
peer.
AVPs AVPs
AVPs are a method of encapsulating information relevant to the AVPs are a method of encapsulating information relevant to the
PANA message. See section Section 6.3 for more information on PANA message. See section Section 7.3 for more information on
AVPs. AVPs.
6.3 AVP Header 7.3 AVP Header
Each AVP of type OctetString MUST be padded to align on a 32-bit Each AVP of type OctetString MUST be padded to align on a 32-bit
boundary, while other AVP types align naturally. A number of boundary, while other AVP types align naturally. A number of
zero-valued bytes are added to the end of the AVP Data field till a zero-valued bytes are added to the end of the AVP Data field till a
word boundary is reached. The length of the padding is not reflected word boundary is reached. The length of the padding is not reflected
in the AVP Length field [RFC3588]. in the AVP Length field [RFC3588].
The fields in the AVP header MUST be sent in network byte order. The The fields in the AVP header MUST be sent in network byte order. The
format of the header is: format of the header is:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| AVP Code | | AVP Code | AVP Flags |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| AVP Flags | AVP Length | | AVP Length | Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Vendor-Id (opt) | | Vendor-Id (opt) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Data ... | Data ...
+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+
AVP Code AVP Code
The AVP Code, combined with the Vendor-Id field, identifies the The AVP Code, combined with the Vendor-Id field, identifies the
attribute uniquely. AVP numbers are allocated by IANA [ianaweb]. attribute uniquely. AVP numbers are allocated by IANA [ianaweb].
PANA uses its own address space for this field although some of PANA uses its own address space for this field although some of
the AVP formats are borrowed from Diameter protocol [RFC3588]. the AVP formats are borrowed from Diameter protocol [RFC3588].
AVP Flags AVP Flags
The AVP Flags field is eight bits. The following bits are The AVP Flags field is two octets. The following bits are
assigned: assigned:
0 1 2 3 4 5 6 7 0 1
+-+-+-+-+-+-+-+-+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
|V M r r r r r r| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+-+-+-+-+-+-+-+-+ |V M r r r r r r r r r r r r r r|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
M(andatory) M(andatory)
The 'M' Bit, known as the Mandatory bit, indicates whether The 'M' Bit, known as the Mandatory bit, indicates whether
support of the AVP is required. support of the AVP is required.
V(endor) V(endor)
The 'V' bit, known as the Vendor-Specific bit, indicates The 'V' bit, known as the Vendor-Specific bit, indicates
whether the optional Vendor-Id field is present in the AVP whether the optional Vendor-Id field is present in the AVP
header. header.
r(eserved) r(eserved)
these flag bits are reserved for future use, and MUST be set to These flag bits are reserved for future use, and MUST be set to
zero, and ignored by the receiver. zero, and ignored by the receiver.
AVP Length AVP Length
The AVP Length field is three octets, and indicates the number of The AVP Length field is four octets, and indicates the number of
octets in this AVP including the AVP Code, AVP Length, AVP Flags, octets in this AVP including the AVP Code, AVP Length, AVP Flags,
and the AVP data and the AVP data.
Reserved
This two-octet field is reserved for future use, and MUST be set
to zero, and ignored by the receiver.
Vendor-Id Vendor-Id
The Vendor-Id field is present if the 'V' bit is set in the AVP The Vendor-Id field is present if the 'V' bit is set in the AVP
Flags field. The optional four-octet Vendor-Id field contains the Flags field. The optional four-octet Vendor-Id field contains the
IANA assigned "SMI Network Management Private Enterprise Codes" IANA assigned "SMI Network Management Private Enterprise Codes"
[ianaweb] value, encoded in network byte order. Any vendor [ianaweb] value, encoded in network byte order. Any vendor
wishing to implement a vendor-specific PANA AVP MUST use their own wishing to implement a vendor-specific PANA AVP MUST use their own
Vendor-Id along with their privately managed AVP address space, Vendor-Id along with their privately managed AVP address space,
guaranteeing that they will not collide with any other vendor's guaranteeing that they will not collide with any other vendor's
vendor-specific AVP(s), nor with future IETF applications. vendor-specific AVP(s), nor with future IETF applications.
Data Data
The Data field is zero or more octets and contains information The Data field is zero or more octets and contains information
specific to the Attribute. The format and length of the Data specific to the Attribute. The format and length of the Data
field is determined by the AVP Code and AVP Length fields. field is determined by the AVP Code and AVP Length fields.
6.4 PANA Messages 8. PANA Messages, Message Specifications and AVPs
Figure 11 lists all PANA messages defined in this document 8.1 PANA Messages
Figure 10 lists all PANA messages defined in this document.
Message Direction: PaC---PAA Message Direction: PaC---PAA
---------------------------------------- ----------------------------------------
PANA-PAA-Discover --------> PANA-PAA-Discover -------->
PANA-Start-Request <-------- PANA-Start-Request <--------
PANA-Start-Answer --------> PANA-Start-Answer -------->
PANA-Auth-Request <-------- PANA-Auth-Request <------->
PANA-Auth-Answer --------> PANA-Auth-Answer <------->
PANA-Reauth-Request -------->
PANA-Reauth-Answer <--------
PANA-FirstAuth-End-Request <-------- PANA-FirstAuth-End-Request <--------
PANA-FirstAuth-End-Answer --------> PANA-FirstAuth-End-Answer -------->
PANA-Bind-Request <-------- PANA-Bind-Request <--------
PANA-Bind-Answer --------> PANA-Bind-Answer -------->
PANA-Reauth-Request <-------> PANA-Ping-Request <------->
PANA-Reauth-Answer <-------> PANA-Ping-Answer <------->
PANA-Termination-Request <-------> PANA-Termination-Request <------->
PANA-Termination-Answer <-------> PANA-Termination-Answer <------->
PANA-Update-Request --------> PANA-Update-Request -------->
PANA-Update-Answer <-------- PANA-Update-Answer <--------
PANA-Error <-------> PANA-Error-Request <------->
PANA-Error-Answer <------->
Figure 11: PANA Message Overview Figure 10: PANA Message Overview
6.4.1 Message Specifications 8.2 Message Specifications
Every PANA message MUST include a corresponding ABNF [RFC2234] Every PANA message MUST include a corresponding ABNF [RFC2234]
specification found in [RFC3588]. Note that PANA messages have a specification found in [RFC3588].
different header format compared to Diameter.
Example: Example:
message ::= < PANA-Header: <Message type>, [REQ] [SEP] > message ::= < PANA-Header: <Message type>, [REQ] [SEP] >
* [ AVP ] * [ AVP ]
6.4.2 PANA-PAA-Discover (PDI) 8.2.1 PANA-PAA-Discover (PDI)
The PANA-PAA-Discover (PDI) message is used to discover the address The PANA-PAA-Discover (PDI) message is used to discover the address
of PAA(s). Both sequence numbers in this message are set to zero of PAA(s). Both sequence numbers in this message are set to zero
(0). (0).
PANA-PAA-Discover ::= < PANA-Header: 1 > PANA-PAA-Discover ::= < PANA-Header: 1 >
0*1 < Session-Id >
* [ AVP ] * [ AVP ]
6.4.3 PANA-Start-Request (PSR) 8.2.2 PANA-Start-Request (PSR)
PANA-Start-Request (PSR) is sent by the PAA to the PaC. The PAA sets PANA-Start-Request (PSR) is sent by the PAA to the PaC. The PAA sets
the transmission sequence number to an initial random value. The the sequence number to an initial random value.
received sequence number is set to zero (0).
PANA-Start-Request ::= < PANA-Header: 2, REQ [SEP] > PANA-Start-Request ::= < PANA-Header: 2, REQ [SEP] >
{ Nonce } { Nonce }
[ Cookie ] [ Cookie ]
[ EAP-Payload ] [ EAP-Payload ]
[ NAP-Information ] [ NAP-Information ]
* [ ISP-Information ] * [ ISP-Information ]
[ Protection-Capability] [ Protection-Capability]
[ PPAC ] [ PPAC ]
* [ AVP ] * [ AVP ]
6.4.4 PANA-Start-Answer (PSA) 8.2.3 PANA-Start-Answer (PSA)
PANA-Start-Answer (PSA) is sent by the PaC to the PAA in response to PANA-Start-Answer (PSA) is sent by the PaC to the PAA in response to
a PANA-Start-Request message. The PANA_start message transmission a PANA-Start-Request message.
sequence number field is copied to the received sequence number
field. The transmission sequence number is set to initial random
value.
PANA-Start-Answer ::= < PANA-Header: 2 [SEP] > PANA-Start-Answer ::= < PANA-Header: 2 [SEP] >
{ Nonce } { Nonce }
[ Session-Id ] [ Session-Id ]
[ Cookie ] [ Cookie ]
[ EAP-Payload ] [ EAP-Payload ]
[ ISP-Information ] [ ISP-Information ]
* [ AVP ] * [ AVP ]
0*1 < MAC > 0*1 < MAC >
6.4.5 PANA-Auth-Request (PAR) 8.2.4 PANA-Auth-Request (PAR)
PANA-Auth-Request (PAR) is sent by the PAA to the PaC. PANA-Auth-Request (PAR) is sent by the PAA to the PaC.
PANA-Auth-Request ::= < PANA-Header: 3, REQ [SEP] [NAP] > PANA-Auth-Request ::= < PANA-Header: 3, REQ [SEP] [NAP] >
< Session-Id > < Session-Id >
< EAP-Payload > < EAP-Payload >
* [ AVP ] * [ AVP ]
0*1 < MAC > 0*1 < MAC >
(Both NAP-Information and ISP-Information MUST NOT be included at the 8.2.5 PANA-Auth-Answer (PAN)
same time)
6.4.6 PANA-Auth-Answer (PAN)
PANA-Auth-Answer (PAN) is sent by the PaC to the PAA in response to a PANA-Auth-Answer (PAN) is sent by the PaC to the PAA in response to a
PANA-Auth-Request message. PANA-Auth-Request message.
PANA-Auth-Answer ::= < PANA-Header: 3 [SEP] [NAP] > PANA-Auth-Answer ::= < PANA-Header: 3 [SEP] [NAP] >
< Session-Id > < Session-Id >
< EAP-Payload > < EAP-Payload >
* [ AVP ] * [ AVP ]
0*1 < MAC > 0*1 < MAC >
6.4.7 PANA-Bind-Request (PBR) 8.2.6 PANA-Reauth-Request (PRAR)
PANA-Reauth-Request (PRAR) is sent by the PaC to the PAA.
PANA-Reauth-Request ::= < PANA-Header: 4, REQ >
< Session-Id >
* [ AVP ]
0*1 < MAC >
8.2.7 PANA-Reauth-Answer (PRAA)
PANA-Reauth-Answer (PRAA) is sent by the PAA to the PaC in response
to a PANA-Reauth-Request message.
PANA-Reauth-Answer ::= < PANA-Header: 4 >
< Session-Id >
* [ AVP ]
0*1 < MAC >
8.2.8 PANA-Bind-Request (PBR)
PANA-Bind-Request (PBR) is sent by the PAA to the PaC. PANA-Bind-Request (PBR) is sent by the PAA to the PaC.
PANA-Bind-Request ::= < PANA-Header: 4, REQ [SEP] [NAP] > PANA-Bind-Request ::= < PANA-Header: 5, REQ [SEP] [NAP] >
< Session-Id > < Session-Id >
{ Result-Code } { Result-Code }
{ PPAC } { PPAC }
{ IP-Address }
[ EAP-Payload ] [ EAP-Payload ]
[ Device-Id ]
[ Session-Lifetime ] [ Session-Lifetime ]
[ Protection-Capability ] [ Protection-Capability ]
[ Key-Id ] [ Key-Id ]
* [ EP-Device-Id ] * [ Device-Id ]
* [ AVP ] * [ AVP ]
0*1 < MAC > 0*1 < MAC >
6.4.8 PANA-Bind-Answer (PBA) 8.2.9 PANA-Bind-Answer (PBA)
PANA-Bind-Answer (PBA) is sent by the PaC to the PAA in response to a PANA-Bind-Answer (PBA) is sent by the PaC to the PAA in response to a
PANA-Result-Request message. PANA-Result-Request message.
PANA-Bind-Answer ::= < PANA-Header: 4 [,SEP] [NAP] > PANA-Bind-Answer ::= < PANA-Header: 5 [,SEP] [NAP] >
< Session-Id > < Session-Id >
{ Result-Code } { Result-Code }
[ PPAC ] [ PPAC ]
[ Device-Id ] [ Device-Id ]
[ Key-Id ] [ Key-Id ]
* [ AVP ] * [ AVP ]
0*1 < MAC > 0*1 < MAC >
6.4.9 PANA-Reauth-Request (PRAR) 8.2.10 PANA-Ping-Request (PPR)
PANA-Reauth-Request (PRAR) is either sent by the PaC or the PAA. PANA-Ping-Request (PPR) is either sent by the PaC or the PAA.
PANA-Reauth-Request ::= < PANA-Header: 5, REQ > PANA-Ping-Request ::= < PANA-Header: 6, REQ >
< Session-Id > < Session-Id >
* [ AVP ] * [ AVP ]
0*1 < MAC > 0*1 < MAC >
6.4.10 PANA-Reauth-Answer (PRAA) 8.2.11 PANA-Ping-Answer (PPA)
PANA-Reauth-Answer (PRAA) is sent in response to a PANA-Ping-Answer (PPA) is sent in response to a PANA-Ping-Request.
PANA-Reauth-Request.
PANA-Reauth-Answer ::= < PANA-Header: 5 > PANA-Ping-Answer ::= < PANA-Header: 6 >
< Session-Id > < Session-Id >
* [ AVP ] * [ AVP ]
0*1 < MAC > 0*1 < MAC >
6.4.11 PANA-Termination-Request (PTR) 8.2.12 PANA-Termination-Request (PTR)
PANA-Termination-Request (PTR) is sent either by the PaC or the PAA. PANA-Termination-Request (PTR) is sent either by the PaC or the PAA.
PANA-Termination-Request ::= < PANA-Header: 6, REQ > PANA-Termination-Request ::= < PANA-Header: 7, REQ >
< Session-Id > < Session-Id >
< Termination-Cause > < Termination-Cause >
* [ AVP ] * [ AVP ]
0*1 < MAC > 0*1 < MAC >
6.4.12 PANA-Termination-Answer (PTA) 8.2.13 PANA-Termination-Answer (PTA)
PANA-Termination-Answer (PTA) is sent either by the PaC or the PAA in PANA-Termination-Answer (PTA) is sent either by the PaC or the PAA in
response to PANA-Termination-Request. response to PANA-Termination-Request.
PANA-Termination-Answer ::= < PANA-Header: 6 > PANA-Termination-Answer ::= < PANA-Header: 7 >
< Session-Id > < Session-Id >
* [ AVP ] * [ AVP ]
0*1 < MAC > 0*1 < MAC >
6.4.13 PANA-Error (PER) 8.2.14 PANA-Error-Request (PER)
PANA-Error is sent either by the PaC or the PAA. PANA-Error is sent either by the PaC or the PAA.
PANA-Error ::= < PANA-Header: 7 > PANA-Error-Request ::= < PANA-Header: 8 REQ >
< Session-Id > < Session-Id >
< Result-Code > < Result-Code >
{ Failed-AVP } { Failed-AVP }
* [ AVP ] * [ AVP ]
0*1 < MAC > 0*1 < MAC >
6.4.14 PANA-FirstAuth-End-Request (PFER) 8.2.15 PANA-Error-Answer (PEA)
PANA-Error-Answer is sent in response to a PANA-Error-Request.
PANA-Error-Answer ::= < PANA-Header: 8 >
< Session-Id >
* [ AVP ]
0*1 < MAC >
8.2.16 PANA-FirstAuth-End-Request (PFER)
PANA-FirstAuth-End-Request (PFER) is sent by the PAA to the PaC. PANA-FirstAuth-End-Request (PFER) is sent by the PAA to the PaC.
PANA-FirstAuth-End-Request ::= < PANA-Header: 8, REQ [SEP] [NAP] > PANA-FirstAuth-End-Request ::= < PANA-Header: 9, REQ [SEP] [NAP] >
< Session-Id > < Session-Id >
< Device-Id >
{ EAP-Payload } { EAP-Payload }
{ Result-Code } { Result-Code }
[ Key-Id ] [ Key-Id ]
* [ AVP ] * [ AVP ]
0*1 < MAC > 0*1 < MAC >
6.4.15 PANA-FirstAuth-End-Answer (PFEA) 8.2.17 PANA-FirstAuth-End-Answer (PFEA)
PANA-FirstAuth-End-Answer (PFEA) is sent by the PaC to the PAA in PANA-FirstAuth-End-Answer (PFEA) is sent by the PaC to the PAA in
response to a PANA-FirstAuth-End-Request message. response to a PANA-FirstAuth-End-Request message.
PANA-FirstAuth-End-Answer ::= < PANA-Header: 8, REQ [SEP] [NAP] > PANA-FirstAuth-End-Answer ::= < PANA-Header: 9, REQ [SEP] [NAP] >
< Session-Id > < Session-Id >
< Device-Id >
[ Key-Id ] [ Key-Id ]
* [ AVP ] * [ AVP ]
0*1 < MAC > 0*1 < MAC >
6.4.16 PANA-Update-Request (PUR) 8.2.18 PANA-Update-Request (PUR)
PANA-Update-Request (PUR) is sent by the PaC to the PAA. PANA-Update-Request (PUR) is sent by the PaC to the PAA.
PANA-Update-Request ::= < PANA-Header: 9, REQ > PANA-Update-Request ::= < PANA-Header: 10, REQ >
< Session-Id > < Session-Id >
< IP-Address > < IP-Address >
* [ AVP ] * [ AVP ]
0*1 < MAC > 0*1 < MAC >
6.4.17 PANA-Update-Answer (PUA) 8.2.19 PANA-Update-Answer (PUA)
PANA-Update-Answer (PUA) is sent by the PAA to the PaC in response to PANA-Update-Answer (PUA) is sent by the PAA to the PaC in response to
a PANA-Update-Request. a PANA-Update-Request.
PANA-Update-Answer ::= < PANA-Header: 9 > PANA-Update-Answer ::= < PANA-Header: 10 >
< Session-Id > < Session-Id >
* [ AVP ] * [ AVP ]
0*1 < MAC > 0*1 < MAC >
6.5 AVPs in PANA 8.3 AVPs in PANA
Some of the used AVPs are defined in this document and some of them PANA defines several AVPs that are specific to the protocol. A
are defined in other documents like [RFC3588]. PANA proposes to use number of others AVPs are reused. These are specified in other
the same name space with [RFC3588]. For temporary allocation, PANA documents such as [RFC3588].
uses AVP type numbers starting from 1024.
6.5.1 MAC AVP The following tables lists the AVPs used in this document, and
specifies in which PANA messages they MAY, or MAY NOT be present.
The first octet (8 bits) of the MAC (Code 1024) AVP data contains the The table uses the following symbols:
MAC algorithm type. Rest of the AVP data payload contains the MAC
encoded in network byte order. The Algorithm 8 bit name space is 0 The AVP MUST NOT be present in the message.
0+ Zero or more instances of the AVP MAY be present in the
message.
0-1 Zero or one instance of the AVP MAY be present in the message.
It is considered an error if there are more than one instance
of the AVP.
1 One instance of the AVP MUST be present in the message.
1+ At least one instance of the AVP MUST be present in the
message.
+-----------------------------------------+
| Message |
| Type |
+-----+-----+-----+-----+-----+-----+-----+
Attribute Name | PSR | PSA | PAR | PAN | PBR | PBA | PDI |
--------------------+-----+-----+-----+-----+-----+-----+-----+
Result-Code | 0 | 0 | 0 | 0 | 1 | 1 | 0 |
Session-Id | 0 | 0-1 | 1 | 1 | 1 | 1 | 0 |
Termination-Cause | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
EAP-Payload | 0-1 | 0-1 | 1 | 0-1 | 0-1 | 0 | 0 |
MAC | 0 | 0-1 | 0-1 | 0-1 | 0-1 | 0-1 | 0 |
Nonce | 1 | 1 | 0 | 0 | 0 | 0 | 0 |
Device-Id | 0 | 0 | 0 | 0 | 0+ | 0-1 | 0 |
Cookie | 0-1 | 0-1 | 0 | 0 | 0 | 0 | 0 |
Protection-Cap. | 0-1 | 0 | 0 | 0 | 0-1 | 0 | 0 |
PPAC | 0-1 | 0 | 0 | 0 | 1 | 0-1 | 0 |
Session-Lifetime | 0 | 0 | 0 | 0 | 0-1 | 0 | 0 |
Failed-AVP | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
ISP-Information | 0+ | 0-1 | 0 | 0 | 0 | 0 | 0 |
NAP-Information | 0-1 | 0 | 0 | 0 | 0 | 0 | 0 |
Key-Id | 0 | 0 | 0 | 0 | 0-1 | 0-1 | 0 |
IP-Address | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
--------------------+-----+-----+-----+-----+-----+-----+-----+
Figure 11: AVP Occurrence Table (1/3)
+-------------------------------------+
| Message |
| Type |
+-----+-----+-----+-----+------+------+
Attribute Name | PPR | PPA | PTR | PTA | PFER | PFEA |
--------------------+-----+-----+-----+-----+------+------+
Result-Code | 0 | 0 | 0 | 0 | 1 | 0 |
Session-Id | 1 | 1 | 1 | 1 | 1 | 1 |
Termination-Cause | 0 | 0 | 1 | 0 | 0 | 0 |
EAP-Payload | 0 | 0 | 0 | 0 | 1 | 0 |
MAC | 0-1 | 0-1 | 0-1 | 0-1 | 0-1 | 0-1 |
Nonce | 0 | 0 | 0 | 0 | 0 | 0 |
Device-Id | 0 | 0 | 0 | 0 | 0 | 0 |
Cookie | 0 | 0 | 0 | 0 | 0 | 0 |
Protection-Cap. | 0 | 0 | 0 | 0 | 0 | 0 |
PPAC | 0 | 0 | 0 | 0 | 0 | 0 |
Session-Lifetime | 0 | 0 | 0 | 0 | 0 | 0 |
Failed-AVP | 0 | 0 | 0 | 0 | 0 | 0 |
ISP-Information | 0 | 0 | 0 | 0 | 0 | 0 |
NAP-Information | 0 | 0 | 0 | 0 | 0 | 0 |
Key-Id | 0 | 0 | 0 | 0 | 0-1 | 0-1 |
IP-Address | 0 | 0 | 0 | 0 | 0 | 0 |
--------------------+-----+-----+-----+-----+------+------+
Figure 12: AVP Occurrence Table (2/3)
+-------------------------------------+
| Message |
| Type |
+-----+-----+-----+-----+------+------+
Attribute Name | PUR | PUA | PER | PEA | PRAR | PRAA |
--------------------+-----+-----+-----+-----+------+------+
Result-Code | 0 | 0 | 1 | 0 | 0 | 0 |
Session-Id | 1 | 1 | 1 | 1 | 1 | 1 |
Termination-Cause | 0 | 0 | 0 | 0 | 0 | 0 |
EAP-Payload | 0 | 0 | 0 | 0 | 0 | 0 |
MAC | 0-1 | 0-1 | 0-1 | 0-1 | 0-1 | 0-1 |
Nonce | 0 | 0 | 0 | 0 | 0 | 0 |
Device-Id | 0 | 0 | 0 | 0 | 0 | 0 |
Cookie | 0 | 0 | 0 | 0 | 0 | 0 |
Protection-Cap. | 0 | 0 | 0 | 0 | 0 | 0 |
PPAC | 0 | 0 | 0 | 0 | 0 | 0 |
Session-Lifetime | 0 | 0 | 0 | 0 | 0 | 0 |
Failed-AVP | 0 | 0 | 1 | 0 | 0 | 0 |
ISP-Information | 0 | 0 | 0 | 0 | 0 | 0 |
NAP-Information | 0 | 0 | 0 | 0 | 0 | 0 |
Key-Id | 0 | 0 | 0 | 0 | 0 | 0 |
IP-Address | 1 | 0 | 0 | 0 | 0 | 0 |
--------------------+-----+-----+-----+-----+------+------+
Figure 13: AVP Occurrence Table (3/3)
8.3.1 MAC AVP
The first octet (8 bits) of the MAC (AVP Code 1) AVP data contains
the MAC algorithm type. Rest of the AVP data payload contains the
MAC encoded in network byte order. The 8-bit Algorithm name space is
managed by IANA [ianaweb]. The AVP length varies depending on the managed by IANA [ianaweb]. The AVP length varies depending on the
used algorithm. used algorithm.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Algorithm | MAC... | Algorithm | MAC...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Algorithm Algorithm
skipping to change at page 45, line 5 skipping to change at page 49, line 5
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Algorithm | MAC... | Algorithm | MAC...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Algorithm Algorithm
1 HMAC-SHA1 (20 bytes) 1 HMAC-SHA1 (20 bytes)
MAC MAC
The Message Authentication Code is encoded in network byte order. The Message Authentication Code is encoded in network byte order.
6.5.2 Device-Id AVP 8.3.2 Device-Id AVP
The Device-Id AVP (Code 1025) is of Address type [RFC3588]. IPv4 and The Device-Id AVP (AVP Code 2) is of Address type [RFC3588]. IPv4
IPv6 addresses are encoded as specified in [RFC3588]. The content and IPv6 addresses are encoded as specified in [RFC3588]. The
and format of data (including byte and bit ordering) for link-layer content and format of data (including byte and bit ordering) for
addresses is expected to be specified in specific documents that link-layer addresses is expected to be specified in specific
describe how IP operates over different link-layers. For instance, documents that describe how IP operates over different link-layers.
[RFC2464]. Address families other than that are defined for For instance, [RFC2464]. Address families other than that are
link-layer or IP addresses MUST NOT be used for this AVP. defined for link-layer or IP addresses MUST NOT be used for this AVP.
6.5.3 Session-Id AVP 8.3.3 Session-Id AVP
All messages pertaining to a specific PANA session MUST include a All messages pertaining to a specific PANA session MUST include a
Session-Id AVP (Code 1026) which carries a PAA-assigned fix value Session-Id AVP (AVP Code 3) which carries a PAA-assigned fix value
throughout the lifetime of a session. When present, the Session-Id throughout the lifetime of a session. When present, the Session-Id
SHOULD appear immediately following the PANA header. SHOULD appear immediately following the PANA header.
The Session-Id MUST be globally and eternally unique, as it is meant The Session-Id MUST be globally and eternally unique, as it is meant
to identify a PANA Session without reference to any other to identify a PANA Session without reference to any other
information, and may be needed to correlate historical authentication information, and may be needed to correlate historical authentication
information with accounting information. The PANA Session-Id AVP has information with accounting information. The PANA Session-Id AVP has
the same format as the Diameter Session-Id AVP [RFC3588]. the same format as the Diameter Session-Id AVP [RFC3588].
6.5.4 Cookie AVP 8.3.4 Cookie AVP
The Cookie AVP (Code 1027) is of type OctetString. The data is The Cookie AVP (AVP Code 4) is of type OctetString. The data is
opaque and the exact content is outside the scope of this protocol. opaque and the exact content is outside the scope of this protocol.
6.5.5 Protection-Capability AVP 8.3.5 Protection-Capability AVP
The Protection-Capability AVP (Code 1028) is of type Unsigned32. The The Protection-Capability AVP (AVP Code 5) is of type Unsigned32.
AVP data indicates the cryptographic data protection capability The AVP data indicates the cryptographic data protection capability
supported by the EPs. Below is a list of specified data protection supported by the EPs. Below is a list of specified data protection
capabilities: capabilities:
0 L2_PROTECTION 0 L2_PROTECTION
1 IPSEC_PROTECTION 1 IPSEC_PROTECTION
6.5.6 Termination-Cause AVP 8.3.6 Termination-Cause AVP
The Termination-Cause AVP (Code 1029) is of type of type Enumerated, The Termination-Cause AVP (AVP Code 6) is of type of type Enumerated,
and is used to indicate the reason why a session was terminated on and is used to indicate the reason why a session was terminated on
the access device. The AVP data is used as a collection of flags The the access device. The AVP data is used as a collection of flags The
following Termination-Cause AVP defined in [RFC3588] are used for following Termination-Cause AVP defined in [RFC3588] are used for
PANA. PANA.
LOGOUT 1 (PaC -> PAA) LOGOUT 1 (PaC -> PAA)
The client initiated a disconnect The client initiated a disconnect
ADMINISTRATIVE 4 (PAA -> Pac) ADMINISTRATIVE 4 (PAA -> PaC)
The client was not granted access, or was disconnected, due to The client was not granted access, or was disconnected, due to
administrative reasons, such as the receipt of a administrative reasons, such as the receipt of a
Abort-Session-Request message. Abort-Session-Request message.
SESSION_TIMEOUT 8 (PAA -> PaC) SESSION_TIMEOUT 8 (PAA -> PaC)
The session has timed out, and service has been terminated. The session has timed out, and service has been terminated.
6.5.7 Result-Code AVP 8.3.7 Result-Code AVP
The Result-Code AVP (AVP Code 1030) is of type Unsigned32 and The Result-Code AVP (AVP Code 7) is of type Unsigned32 and indicates
indicates whether an EAP authentication was completed successfully or whether an EAP authentication was completed successfully or whether
whether an error occurred. Here are Result-Code AVP values taken an error occurred. Here are Result-Code AVP values taken from
from [RFC3588] and adapted for PANA. [RFC3588] and adapted for PANA.
6.5.7.1 Authentication Results Codes 8.3.7.1 Authentication Results Codes
These result code values inform the PaC about the authentication and These result code values inform the PaC about the authentication and
authorization result. The authentication result and authorization authorization result. The authentication result and authorization
result can be different as described below, but only one result that result can be different as described below, but only one result that
corresponds to the one detected first is returned. corresponds to the one detected first is returned.
PANA_SUCCESS 2001 PANA_SUCCESS 2001
Both the authentication and authorization processes are Both the authentication and authorization processes are
successful. successful.
skipping to change at page 47, line 5 skipping to change at page 51, line 5
The authentication process failed. When this error is returned, The authentication process failed. When this error is returned,
the authorization process also fails. the authorization process also fails.
PANA_AUTHORIZATION_REJECTED 5003 PANA_AUTHORIZATION_REJECTED 5003
The authorization process failed. This error could occur when The authorization process failed. This error could occur when
authorization is rejected by a AAA proxy or rejected locally by a authorization is rejected by a AAA proxy or rejected locally by a
PAA, even if the authentication procedure succeeds. PAA, even if the authentication procedure succeeds.
6.5.7.2 Protocol Error Result Codes 8.3.7.2 Protocol Error Result Codes
Protocol error result code values. Protocol error result code values.
PANA_MESSAGE_UNSUPPORTED 3001 PANA_MESSAGE_UNSUPPORTED 3001
Error code from PAA to PaC or from PaC to PAA. Message type not Error code from PAA to PaC or from PaC to PAA. Message type not
recognized or supported. recognized or supported.
PANA_UNABLE_TO_DELIVER 3002 PANA_UNABLE_TO_DELIVER 3002
skipping to change at page 49, line 14 skipping to change at page 53, line 14
Error code from PAA to PaC or from PaC to PAA. This error is Error code from PAA to PaC or from PaC to PAA. This error is
returned when a message was received, whose version number is returned when a message was received, whose version number is
unsupported. unsupported.
PANA_UNABLE_TO_COMPLY 5012 PANA_UNABLE_TO_COMPLY 5012
This error is returned when a request is rejected for unspecified This error is returned when a request is rejected for unspecified
reasons. For example, when an EAP authentication fails at an EAP reasons. For example, when an EAP authentication fails at an EAP
pass-through authenticator without passing an EAP-Failure message pass-through authenticator without passing an EAP-Failure message
to the PAA, a Result-Code AVP with this error code is carried in to the PAA, a Result-Code AVP with this error code is carried in
PANA-Error message. PANA-Error-Request message.
PANA_INVALID_AVP_LENGTH 5014 PANA_INVALID_AVP_LENGTH 5014
Error code from PAA to PaC or from PaC to PAA. The message Error code from PAA to PaC or from PaC to PAA. The message
contained an AVP with an invalid length. The PANA-Error message contained an AVP with an invalid length. The PANA-Error message
indicating this error MUST include the offending AVPs within a indicating this error MUST include the offending AVPs within a
Failed-AVP AVP. Failed-AVP AVP.
PANA_INVALID_MESSAGE_LENGTH 5015 PANA_INVALID_MESSAGE_LENGTH 5015
Error code from PAA to PaC or from PaC to PAA. This error is Error code from PAA to PaC or from PaC to PAA. This error is
returned when a message is received with an invalid message returned when a message is received with an invalid message
length. length.
PANA_PROTECTION_CAPABILITY_UNSUPPORTED 5016 PANA_PROTECTION_CAPABILITY_UNSUPPORTED 5016
Error code from PaC to PAA. This error is returned when the PaC Error code from PaC to PAA. This error is returned when the PaC
receives a PANA-Bind-Request is received with an receives a PANA-Bind-Request with a Protection-Capability AVP and
Protection-Capability AVP and a valid MAC AVP but does not support a valid MAC AVP but does not support the protection capability
the protection capability specified in the Protection-Capability specified in the Protection-Capability AVP.
AVP.
PANA_PPAC_CAPABILITY_UNSUPPORTED 5017 PANA_PPAC_CAPABILITY_UNSUPPORTED 5017
Error code from PaC to PAA. This error is returned in a Error code from PaC to PAA. This error is returned in a
PANA-Bind-Answer message when there is no match between the list PANA-Bind-Answer message when there is no match between the list
of PPAC methods offered by the PAA and the ones available on the of PPAC methods offered by the PAA and the ones available on the
PaC. PaC.
PANA_INVALID_IP_ADDRESS 5018 PANA_INVALID_IP_ADDRESS 5018
Error code from PAA to PaC. This error is returned in a Error code from PAA to PaC. This error is returned in a
PANA-Error message when the IP-Address AVP in the received PANA-Error-Request message when the IP-Address AVP in the received
PANA-Update-Request message is invalid (e.g., a non-unicast PANA-Update-Request message is invalid (e.g., a non-unicast
address). address).
6.5.8 EAP-Payload AVP 8.3.8 EAP-Payload AVP
The EAP-Payload AVP (AVP Code 1031) is of type OctetString and is The EAP-Payload AVP (AVP Code 8) is of type OctetString and is used
used to encapsulate the actual EAP packet that is being exchanged to encapsulate the actual EAP packet that is being exchanged between
between the EAP peer and the EAP authenticator. the EAP peer and the EAP authenticator.
6.5.9 Session-Lifetime AVP 8.3.9 Session-Lifetime AVP
The Session-Lifetime AVP (Code 1032) data is of type Unsigned32. It The Session-Lifetime AVP (AVP Code 9) data is of type Unsigned32. It
contains the number of seconds remaining before the current session contains the number of seconds remaining before the current session
is considered expired. is considered expired.
6.5.10 Failed-AVP AVP 8.3.10 Failed-AVP AVP
The Failed-AVP AVP (AVP Code 1033) is of type Grouped and provides The Failed-AVP AVP (AVP Code 10) is of type Grouped and provides
debugging information in cases where a request is rejected or not debugging information in cases where a request is rejected or not
fully processed due to erroneous information in a specific AVP. The fully processed due to erroneous information in a specific AVP. The
format of the Failed-AVP AVP is defined in [RFC3588]. format of the Failed-AVP AVP is defined in [RFC3588].
6.5.11 NAP-Information AVP 8.3.11 NAP-Information AVP
The NAP-Information AVP (AVP Code: 1034) is of type Grouped, and The NAP-Information AVP (AVP Code 11) is of type Grouped, and
contains zero or one Provider-Identifier AVP which carries the contains zero or one Provider-Identifier AVP which carries the
identifier of the NAP and one Provider-Name AVP which carries the identifier of the NAP and one Provider-Name AVP which carries the
name of the NAP. Its Data field has the following ABNF grammar: name of the NAP. Its Data field has the following ABNF grammar:
NAP-Information ::= < AVP Header: 1034 > NAP-Information ::= < AVP Header: 11 >
0*1 { Provider-Identifier } 0*1 { Provider-Identifier }
{ Provider-Name } { Provider-Name }
* [ AVP ] * [ AVP ]
6.5.12 ISP-Information AVP 8.3.12 ISP-Information AVP
The ISP-Information AVP (AVP Code: 1035) is of type Grouped, and The ISP-Information AVP (AVP Code 12) is of type Grouped, and
contains zero or one Provider-Identifier AVP which carries the contains zero or one Provider-Identifier AVP which carries the
identifier of the ISP and one Provider-Name AVP which carries the identifier of the ISP and one Provider-Name AVP which carries the
name of the ISP. Its Data field has the following ABNF grammar: name of the ISP. Its Data field has the following ABNF grammar:
ISP-Information ::= < AVP Header: 1035 > ISP-Information ::= < AVP Header: 12 >
0*1 { Provider-Identifier } 0*1 { Provider-Identifier }
{ Provider-Name } { Provider-Name }
* [ AVP ] * [ AVP ]
6.5.13 Provider-Identifier AVP 8.3.13 Provider-Identifier AVP
The Provider-Identifier AVP (AVP Code: 1036) is of type Unsigned32, The Provider-Identifier AVP (AVP Code 13) is of type Unsigned32, and
and contains an IANA assigned "SMI Network Management Private contains an IANA assigned "SMI Network Management Private Enterprise
Enterprise Codes" [ianaweb] value, encoded in network byte order. Codes" [ianaweb] value, encoded in network byte order.
6.5.14 Provider-Name AVP 8.3.14 Provider-Name AVP
The Provider-Name AVP (AVP Code: 1037) is of type UTF8String, and The Provider-Name AVP (AVP Code 14) is of type UTF8String, and
contains the UTF8-encoded name of the provider. contains the UTF8-encoded name of the provider.
6.5.15 EP-Device-Id AVP 8.3.15 Key-Id AVP
The EP-Device-Id AVP (AVP Code: 1038) contains the device identifier
of an EP. The payload format of the EP-Device-Id AVP is the same as
that of the Device-Id AVP (see See section Section 6.5.2).
6.5.16 Key-Id AVP
The Key-Id AVP (AVP Code: 1039) is of type Integer32, and contains an The Key-Id AVP (AVP Code 15) is of type Integer32, and contains an
AAA-Key identifier. The AAA-Key identifier is assigned by PAA and AAA-Key identifier. The AAA-Key identifier is assigned by PAA and
MUST be unique within the PANA session. MUST be unique within the PANA session.
6.5.17 Post-PANA-Address-Configuration (PPAC) AVP 8.3.16 Post-PANA-Address-Configuration (PPAC) AVP
The data field of PPAC AVP (Code 1040) is of type Unsigned32. The The data field of PPAC AVP (AVP Code 16) is of type Unsigned32. The
AVP data is used to carry a set of flags which maps to various IP AVP data is used to carry a set of flags which maps to various IP
address configuration methods. When sent by the PAA, the AVP MUST address configuration methods. When sent by the PAA, the AVP MUST
have at least one of the flags set, and MAY have more than one set. have at least one of the flags set, and MAY have more than one set.
When sent by the PaC, only one of the flags MUST be set. When sent by the PaC, only one of the flags MUST be set.
The format of the AVP data is as follows: The format of the AVP data is as follows:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
skipping to change at page 52, line 32 skipping to change at page 56, line 25
Reserved Reserved
These flag bits are reserved for future use, and MUST be set to These flag bits are reserved for future use, and MUST be set to
zero, and ignored by the receiver. zero, and ignored by the receiver.
Unless the N-flag is set, the PaC MUST configure a new IP address Unless the N-flag is set, the PaC MUST configure a new IP address
using one of the methods indicated by the other flags. Refer to using one of the methods indicated by the other flags. Refer to
[I-D.ietf-pana-framework] for a detailed discussion on when these [I-D.ietf-pana-framework] for a detailed discussion on when these
methods can be used. methods can be used.
6.5.18 Nonce AVP 8.3.17 Nonce AVP
The Nonce AVP (Code 1041) is of type OctetString. The data contains
a randomly generated value in opaque format. The data length MUST be
between 8 and 256 bytes inclusive.
6.5.19 IP-Address AVP
The IP-Address (AVP Code: 1042) contains an IP address of a PaC. The
payload format of the IP-Address AVP is the same as that of the
Device-Id AVP (see See section Section 6.5.2). Address families for
IPv4 or IPv6 MUST be used for this AVP.
6.6 AVP Occurrence Table
The following tables lists the AVPs used in this document, and
specifies in which PANA messages they MAY, or MAY NOT be present.
The table uses the following symbols:
0 The AVP MUST NOT be present in the message.
0+ Zero or more instances of the AVP MAY be present in the
message.
0-1 Zero or one instance of the AVP MAY be present in the message.
It is considered an error if there are more than one instance
of the AVP.
1 One instance of the AVP MUST be present in the message.
1+ At least one instance of the AVP MUST be present in the
message.
+-----------------------------------------+
| Message |
| Type |
+-----+-----+-----+-----+-----+-----+-----+
Attribute Name | PSR | PSA | PAR | PAN | PBR | PBA | PDI |
--------------------+-----+-----+-----+-----+-----+-----+-----+
Result-Code | 0 | 0 | 0 | 0 | 1 | 1 | 0 |
Session-Id | 0 | 0-1 | 1 | 1 | 1 | 1 | 0-1 |
Termination-Cause | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
EAP-Payload | 0-1 | 0-1 | 1 | 1 | 0-1 | 0 | 0 |
MAC | 0 | 0-1 | 0-1 | 0-1 | 0-1 | 0-1 | 0 |
Nonce | 1 | 1 | 0 | 0 | 0 | 0 | 0 |
Device-Id | 0 | 0 | 0 | 0 | 0-1 | 0-1 | 0 |
Cookie | 0-1 | 0-1 | 0 | 0 | 0 | 0 | 0 |
Protection-Cap. | 0-1 | 0 | 0 | 0 | 0-1 | 0 | 0 |
PPAC | 0-1 | 0 | 0 | 0 | 1 | 0-1 | 0 |
Session-Lifetime | 0 | 0 | 0 | 0 | 0-1 | 0 | 0 |
Failed-AVP | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
ISP-Information | 0+ | 0-1 | 0 | 0 | 0 | 0 | 0 |
NAP-Information | 0-1 | 0 | 0 | 0 | 0 | 0 | 0 |
EP-Device-Id | 0 | 0 | 0 | 0 | 0+ | 0 | 0 |
Key-Id | 0 | 0 | 0 | 0 | 0-1 | 0-1 | 0 |
IP-Address | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
--------------------+-----+-----+-----+-----+-----+-----+-----+
Figure 12: AVP Occurrence Table (1/3)
+---------------------------------------------+
| Message |
| Type |
+------+------+-----+-----+-----+------+------+
Attribute Name | PRAR | PRAA | PTR | PTA | PER | PFER | PFEA |
--------------------+------+------+-----+-----+-----+------+------+
Result-Code | 0 | 0 | 0 | 0 | 1 | 1 | 0 |
Session-Id | 1 | 1 | 1 | 1 | 1 | 1 | 1 |
Termination-Cause | 0 | 0 | 1 | 0 | 0 | 0 | 0 |
EAP-Payload | 0 | 0 | 0 | 0 | 0 | 1 | 0 |
MAC | 0-1 | 0-1 | 0-1 | 0-1 | 0-1 | 0-1 | 0-1 |
Nonce | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Device-Id | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Cookie | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Protection-Cap. | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
PPAC | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Session-Lifetime | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Failed-AVP | 0 | 0 | 0 | 0 | 1 | 0 | 0 |
ISP-Information | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
NAP-Information | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
EP-Device-Id | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Key-Id | 0 | 0 | 0 | 0 | 0 | 0-1 | 0-1 |
IP-Address | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
--------------------+------+------+-----+-----+-----+------+------+
Figure 13: AVP Occurrence Table (2/3)
+-----------+
| Message |
| Type |
+-----+-----+
Attribute Name | PUR | PUA |
--------------------+-----+-----+
Result-Code | 0 | 0 |
Session-Id | 1 | 1 |
Termination-Cause | 0 | 0 |
EAP-Payload | 0 | 0 |
MAC | 0-1 | 0-1 |
Nonce | 0 | 0 |
Device-Id | 0 | 0 |
Cookie | 0 | 0 |
Protection-Cap. | 0 | 0 |
PPAC | 0 | 0 |
Session-Lifetime | 0 | 0 |
Failed-AVP | 0 | 0 |
ISP-Information | 0 | 0 |
NAP-Information | 0 | 0 |
EP-Device-Id | 0 | 0 |
Key-Id | 0 | 0 |
IP-Address | 1 | 0 |
--------------------+-----+-----+
Figure 14: AVP Occurrence Table (3/3)
7. PANA Protocol Message Retransmissions The Nonce AVP (AVP Code 17) is of type OctetString. The data
contains a randomly generated value in opaque format. The data
length MUST be between 8 and 256 bytes inclusive.
The PANA protocol provides retransmissions for all the message 8.3.18 IP-Address AVP
exchanges except PANA-Auth-Request/Answer. PANA-Auth-Request
messages carry EAP requests which are retransmitted by the EAP
protocol entities when needed. The messages that need PANA-level
retransmissions are listed below:
PANA-PAA-Discover (PDI) The IP-Address (AVP Code 18) contains an IP address of n a PaC or
PANA-Start-Request (PSR)* PAA. The payload format of the IP-Address AVP is the same as that of
PANA-Start-Answer (PSA)** the Device-Id AVP (see See Section 8.3.2). Address families for IPv4
PANA-Bind-Request (PBR) or IPv6 MUST be used for this AVP. Address families for IPv4 or IPv6
PANA-FirstAuth-End-Request (PFER) MUST be used for this AVP.
PANA-Reauth-Request (PRAR)
PANA-Termination-Request (PTR)
PANA-Update-Request (PUR)
*) PSR that carries a Cookie AVP is not retransmitted. 9. PANA Protocol Message Retransmissions
**) PSA that does not carry a Cookie AVP is not retransmitted.
The PDI and PSA messages are always sent by the PaC. PBR is sent by The PANA protocol provides retransmissions for the PANA-PAA-Discover
PAA. The last two messages, PRAR and PTR are sent either by PaC or and request messages.
PAA.
The rule is that the sender of the request message retransmits the The rule is that the sender of the request message retransmits the
request if the corresponding answer is not received in time. Answer request if the corresponding answer is not received in time. Answer
messages are sent as answers to the request messages, not based on a messages are sent as answers to the request messages, not based on a
timer. Exception to this rule is the PSA message. Because of the timer.
stateless nature of the PAA in the beginning PaC provides
retransmission also for the PSA message. PANA-Error messages MUST PaC MUST retransmit PANA-PAA-Discover if a subsequent
NOT be retransmitted. See Section 4.1.8 for more details of PANA PANA-Start-Request is not received in time. Even though a
error handling. PANA-Start-Request is received, PANA-PAA-Discover may still have to
be retransmitted. This is because a stateless PANA handshake
requires one time transmission of a PANA-Start-Request. PAA MUST NOT
start a timer and retransmit the request if it wants to avoid state
creation. If the received PANA-Start-Request included a Cookie AVP
(an indication of stateless handshake), PaC MUST retransmit
PANA-PAA-Discover until the first PANA-Auth-Request is received.
PANA retransmission timers are based on the model used in DHCPv6 PANA retransmission timers are based on the model used in DHCPv6
[RFC3315]. Variables used here are also borrowed from this [RFC3315]. Variables used here are also borrowed from this
specification. PANA is a request response like protocol. The specification. PANA is a request response like protocol. The
message exchange terminates when either the request sender message exchange terminates when either the request sender
successfully receives the appropriate answer, or when the message successfully receives the appropriate answer, or when the message
exchange is considered to have failed according to the retransmission exchange is considered to have failed according to the retransmission
mechanism described below. mechanism described below.
The retransmission behavior is controlled and described by the The retransmission behavior is controlled and described by the
skipping to change at page 58, line 10 skipping to change at page 58, line 46
once MRD seconds have elapsed since the client first transmitted the once MRD seconds have elapsed since the client first transmitted the
message. message.
If both MRC and MRD are non-zero, the message exchange fails whenever If both MRC and MRD are non-zero, the message exchange fails whenever
either of the conditions specified in the previous two paragraphs are either of the conditions specified in the previous two paragraphs are
met. met.
If both MRC and MRD are zero, the client continues to transmit the If both MRC and MRD are zero, the client continues to transmit the
message until it receives a response. message until it receives a response.
7.1 Transmission and Retransmission Parameters 9.1 Transmission and Retransmission Parameters
This section presents a table of values used to describe the message This section presents a table of values used to describe the message
retransmission behavior of request and PANA-Start-Answer messages retransmission behavior of PANA requests (REQ_*) and
marked with REQ_*. PANA-PAA-Discover message retransmission values PANA-PAA-Discover message (PDI_*). The table shows default values.
are marked with PDI_*. The table shows default values.
Parameter Default Description Parameter Default Description
------------------------------------------------ ------------------------------------------------
PDI_IRT 1 sec Initial PDI timeout. PDI_IRT 1 sec Initial PDI timeout.
PDI_MRT 120 secs Max PDI timeout value. PDI_MRT 120 secs Max PDI timeout value.
PDI_MRC 0 Configurable. PDI_MRC 0 Configurable.
PDI_MRD 0 Configurable. PDI_MRD 0 Configurable.
REQ_IRT 1 sec Initial Request timeout. REQ_IRT 1 sec Initial Request timeout.
REQ_MRT 30 secs Max Request timeout value. REQ_MRT 30 secs Max Request timeout value.
REQ_MRC 10 Max Request retry attempts. REQ_MRC 10 Max Request retry attempts.
REQ_MRD 0 Configurable. REQ_MRD 0 Configurable.
So for example the first RT for the PBR message is calculated using So for example the first RT for the PBR message is calculated using
REQ_IRT as the IRT: REQ_IRT as the IRT:
RT = REQ_IRT + RAND*REQ_IRT RT = REQ_IRT + RAND*REQ_IRT
8. IANA Considerations 10. IANA Considerations
This section provides guidance to the Internet Assigned Numbers This section provides guidance to the Internet Assigned Numbers
Authority (IANA) regarding registration of values related to the PANA Authority (IANA) regarding registration of values related to the PANA
protocol, in accordance with BCP 26 [IANA]. The following policies protocol, in accordance with BCP 26 [IANA]. The following policies
are used here with the meanings defined in BCP 26: "Private Use", are used here with the meanings defined in BCP 26: "Private Use",
"First Come First Served", "Expert Review", "Specification Required", "First Come First Served", "Expert Review", "Specification Required",
"IETF Consensus", "Standards Action". "IETF Consensus", "Standards Action".
This section explains the criteria to be used by the IANA for This section explains the criteria to be used by the IANA for
assignment of numbers within namespaces defined within this document. assignment of numbers within namespaces defined within this document.
skipping to change at page 59, line 30 skipping to change at page 60, line 30
Required, the request is posted to the PANA WG mailing list (or, if Required, the request is posted to the PANA WG mailing list (or, if
it has been disbanded, a successor designated by the Area Director) it has been disbanded, a successor designated by the Area Director)
for comment and review, and MUST include a pointer to a public for comment and review, and MUST include a pointer to a public
specification. Before a period of 30 days has passed, the Designated specification. Before a period of 30 days has passed, the Designated
Expert will either approve or deny the registration request and Expert will either approve or deny the registration request and
publish a notice of the decision to the PANA WG mailing list or its publish a notice of the decision to the PANA WG mailing list or its
successor. A denial notice must be justified by an explanation and, successor. A denial notice must be justified by an explanation and,
in the cases where it is possible, concrete suggestions on how the in the cases where it is possible, concrete suggestions on how the
request can be modified so as to become acceptable. request can be modified so as to become acceptable.
8.1 PANA UDP Port Number 10.1 PANA UDP Port Number
PANA uses one well-known UDP port number (Section 4.1.2, Section 4.2 PANA uses one well-known UDP port number (Section 5.2, Section 4.1
and Section 6.1, which needs to be assigned by the IANA. and Section 7.1, which needs to be assigned by the IANA.
8.2 PANA Multicast Address 10.2 PANA Multicast Address
PANA uses one well-known IPv4 multicast address for which the scope PANA uses one well-known IPv4 multicast address for which the scope
is limited to be link-local by setting the TTL field to 255, and one is limited to be link-local by setting the TTL field to 255, and one
well-known IPv6 link-local scoped multicast address (Section 4.2 and well-known IPv6 link-local scoped multicast address (Section 4.1 and
Section 6.1), which need to be assigned by the IANA. Section 7.1), which need to be assigned by the IANA.
8.3 PANA Header 10.3 PANA Header
As defined in Section 6.2, the PANA header contains two fields that As defined in Section 7.2, the PANA header contains two fields that
requires IANA namespace management; the Message Type and Flags field. requires IANA namespace management; the Message Type and Flags field.
8.3.1 Message Type 10.3.1 Message Type
The Message Type namespace is used to identify PANA messages. Values The Message Type namespace is used to identify PANA messages. Values
0-16,777,213 are for permanent, standard message types, allocated by 0-65,533 are for permanent, standard message types, allocated by IETF
IETF Consensus [IANA]. This document defines the Message Types 1-8. Consensus [IANA]. This document defines the Message Types 1-10. See
See Section 6.4.1 for the assignment of the namespace in this Section 8.2.1 through Section 8.2.19 for the assignment of the
specification. namespace in this specification.
The values 16,777,214 and 16,777,215 (hexadecimal values 0xfffffe - The values 65,534 and 65,535 (hexadecimal values 0xfffe - 0xffff) are
0xffffff) are reserved for experimental messages. As these codes are reserved for experimental messages. As these codes are only for
only for experimental and testing purposes, no guarantee is made for experimental and testing purposes, no guarantee is made for
interoperability between communicating PaC and PAA using experimental interoperability between communicating PaC and PAA using experimental
commands, as outlined in [IANA-EXP]. commands, as outlined in [IANA-EXP].
8.3.2 Flags 10.3.2 Flags
There are eight bits in the Flags field of the PANA header. This There are 16 bits in the Flags field of the PANA header. This
document assigns bit 0 ('R'equest), bit 4 ('S'eparate) and bit 5 document assigns bit 0 ('R'equest), bit 1 ('S'eparate) and bit 2
('N'AP Authentication). The remaining bits MUST only be assigned via ('N'AP Authentication). The remaining bits MUST only be assigned via
a Standards Action [IANA]. a Standards Action [IANA].
8.4 AVP Header 10.4 AVP Header
As defined in Section 6.3, the AVP header contains three fields that As defined in Section 7.3, the AVP header contains three fields that
requires IANA namespace management; the AVP Code, AVP Flags and requires IANA namespace management; the AVP Code, AVP Flags and
Vendor-Id fields where only the AVP Code and AVP Flags create new Vendor-Id fields where only the AVP Code and AVP Flags create new
namespaces. namespaces.
8.4.1 AVP Code 10.4.1 AVP Code
The AVP Code namespace is used to identify attributes. There are The AVP Code namespace is used to identify attributes. There are
multiple namespaces. Vendors can have their own AVP Codes namespace multiple namespaces. Vendors can have their own AVP Codes namespace
which will be identified by their Vendor-ID (also known as which will be identified by their Vendor-ID (also known as
Enterprise-Number) and they control the assignments of their Enterprise-Number) and they control the assignments of their
vendor-specific AVP codes within their own namespace. The absence of vendor-specific AVP codes within their own namespace. The absence of
a Vendor-ID or a Vendor-ID value of zero (0) identifies the IETF IANA a Vendor-ID or a Vendor-ID value of zero (0) identifies the IETF IANA
controlled AVP Codes namespace. The AVP Codes and sometimes also controlled AVP Codes namespace. The AVP Codes and sometimes also
possible values in an AVP are controlled and maintained by IANA. possible values in an AVP are controlled and maintained by IANA.
AVP Code 0 is not used. This document defines the AVP Codes AVP Code 0 is not used. This document defines the AVP Codes 1-18.
1024-1041. See Section 6.5 for the assignment of the namespace in See Section 8.3.1 through Section 8.3.18 for the assignment of the
this specification. namespace in this specification.
AVPs may be allocated following Designated Expert with Specification AVPs may be allocated following Designated Expert with Specification
Required [IANA]. Release of blocks of AVPs (more than 3 at a time Required [IANA]. Release of blocks of AVPs (more than 3 at a time
for a given purpose) should require IETF Consensus. for a given purpose) should require IETF Consensus.
Note that PANA defines a mechanism for Vendor-Specific AVPs, where Note that PANA defines a mechanism for Vendor-Specific AVPs, where
the Vendor-Id field in the AVP header is set to a non-zero value. the Vendor-Id field in the AVP header is set to a non-zero value.
Vendor-Specific AVPs codes are for Private Use and should be Vendor-Specific AVPs codes are for Private Use and should be
encouraged instead of allocation of global attribute types, for encouraged instead of allocation of global attribute types, for
functions specific only to one vendor's implementation of PANA, where functions specific only to one vendor's implementation of PANA, where
no interoperability is deemed useful. Where a Vendor-Specific AVP is no interoperability is deemed useful. Where a Vendor-Specific AVP is
implemented by more than one vendor, allocation of global AVPs should implemented by more than one vendor, allocation of global AVPs should
be encouraged instead. be encouraged instead.
8.4.2 Flags 10.4.2 Flags
There are 8 bits in the AVP Flags field of the AVP header, defined in There are 16 bits in the AVP Flags field of the AVP header, defined
Section 6.3. This document assigns bit 0 ('V'endor Specific) and bit in Section 7.3. This document assigns bit 0 ('V'endor Specific) and
1 ('M'andatory). The remaining bits should only be assigned via a bit 1 ('M'andatory). The remaining bits should only be assigned via
Standards Action . a Standards Action .
8.5 AVP Values 10.5 AVP Values
Certain AVPs in PANA define a list of values with various meanings. Certain AVPs in PANA define a list of values with various meanings.
For attributes other than those specified in this section, adding For attributes other than those specified in this section, adding
additional values to the list can be done on a First Come, First additional values to the list can be done on a First Come, First
Served basis by IANA [IANA]. Served basis by IANA [IANA].
8.5.1 Algorithm Values of MAC AVP 10.5.1 Algorithm Values of MAC AVP
As defined in Section 6.5.1, the Algorithm field of MAC AVP (AVP Code As defined in Section 8.3.1, the Algorithm field of MAC AVP (AVP Code
1024) defines the value of 1 (one) for HMAC-SHA1. 1) defines the value of 1 (one) for HMAC-SHA1.
All remaining values are available for assignment via IETF Consensus All remaining values are available for assignment via IETF Consensus
[IANA]. [IANA].
8.5.2 Protection-Capability AVP Values 10.5.2 Protection-Capability AVP Values
As defined in Section 6.5.5, the Protection-Capability AVP (AVP Code As defined in Section 8.3.5, the Protection-Capability AVP (AVP Code
1028) defines the values 0 and 1. 5) defines the values 0 and 1.
All remaining values are available for assignment via a Standards All remaining values are available for assignment via a Standards
Action [IANA]. Action [IANA].
8.5.3 Termination-Cause AVP Values 10.5.3 Termination-Cause AVP Values
As defined in Section 6.5.6, the Termination-Cause AVP (AVP Code As defined in Section 8.3.6, the Termination-Cause AVP (AVP Code 6)
1029) defines the values 1, 4 and 8. defines the values 1, 4 and 8.
All remaining values are available for assignment via IETF Consensus All remaining values are available for assignment via IETF Consensus
[IANA]. [IANA].
8.5.4 Result-Code AVP Values 10.5.4 Result-Code AVP Values
As defined in Section 6.5.7, the Result-Code AVP (AVP Code 1030) As defined in Section 8.3.7.1 and Section 8.3.7.2 the Result-Code AVP
defines the values 2001, 3001-3002, 3008-3009, 4001, 5001-5009 and (AVP Code 7) defines the values 2001, 3001-3002, 3008-3009, 4001,
5011-5019. 5001-5009 and 5011-5019.
All remaining values are available for assignment via IETF Consensus All remaining values are available for assignment via IETF Consensus
[IANA]. [IANA].
8.5.5 Post-PANA-Address-Configuration AVP Values 10.5.5 Post-PANA-Address-Configuration AVP Values
As defined in Section 6.5.17, the Post-PANA-Address-Configuration AVP As defined in Section 8.3.16, the Post-PANA-Address-Configuration AVP
(AVP Code 1040) defines the bits 0 ('N': no configuration), 1 ('D': (AVP Code 17) defines the bits 0 ('N': no configuration), 1 ('D':
DHCP), 2 ('A' stateless autoconfiguration), 3 ('T': DHCP with IPsec DHCP), 2 ('A' stateless autoconfiguration), 3 ('T': DHCP with IPsec
tunnel mode) and 4 ('I': IKEv2). tunnel mode) and 4 ('I': IKEv2).
All remaining values are available for assignment via a Standards All remaining values are available for assignment via a Standards
Action [IANA]. Action [IANA].
9. Security Considerations 11. Security Considerations
The PANA protocol provides ordered delivery for EAP messages. If an The PANA protocol defines a UDP-based EAP encapsulation that runs
EAP method that provides session keys is used, a PANA SA is created. between two IP-enabled nodes on the same IP link. Various security
The EAP Success/Failure message is one of the signaling messages threats that are relevant to a protocol of this nature are outlined
which is integrity protected with this PANA SA. The PANA protocol in [I-D.ietf-pana-threats-eval]. Security considerations stemming
does not provide security protection for the initial EAP message from the use of EAP and EAP methods are discussed in [RFC3748]. This
exchange. Integrity protection can only be provided after the PANA section provides a discussion on the security-related issues that are
SA has been established. Thus, PANA re-authentication, revocation related to PANA framework and protocol design.
and disconnect notifications can be authenticated, integrity and
replay protected. In certain environments (e.g., on a shared link)
the EAP method selection is an important issue.
The PANA framework described in this document covers the discussion An important element in assessing security of PANA design and
of different protocols which are of interest for a protocol between deployment in a network is the presence of lower-layer (physical and
the PaC and the PAA (typically referred as the PANA protocol). link-layer) security. In the context of this document, lower-layers
are said to be secure if they can prevent eavesdropping and spoofing
of packets. Examples of such networks are physically-secured DSL
networks and 3GPP2 networks with crytographically-secured cdma2000
link-layer.
The PANA itself consists of a sequence of steps which are executed to In these examples, the lower-layer security is enabled even before
complete the network access authentication procedure. Some of these running the first PANA-based authentication. In the absence of such
steps are optional. a pre-established secure channel, one needs to be created in
conjunction with PANA using a link-layer or network-layer
cryptographic mechanism (e.g., IPsec).
The following execution steps have been identified as being relevant 11.1 General Security Measures
for PANA. They security considerations will be discussed in detail
subsequently.
a) Discovery message exchange PANA provides multiple mechanisms to secure a PANA session.
In general it is difficult to prevent a vulnerabilities of the Since PaC and PAA are on the same IP link, a simple TTL check on the
discovery protocol since the initial discovery are unsecured. To received PANA messages prevents off-link attacks.
prevent very basic attacks an adversary should not be able to cause
state creation with discovery messages at the PAA. This is prevented
by re-using a cookie concept (see [RFC2522] which allows the
responder to be stateless in the first message exchange. Because of
the architectural assumptions made in PANA (i.e., the PAA is the on
the same link as the PaC) the return-routability concept does not
provide additional protection. Hence it is difficult to prevent this
threat entirely. Furthermore it is not possible to shift heavy
cryptographic operations to the PaC at the first few messages since
the computational effort depends on the EAP method. The usage of
client-puzzles as introduced by [jb99] is under investigation.
Resistance against blind DoS attacks (i.e., attacks by off-path PANA messages carry sequence numbers, which are monotonically
adversaries) is achieved with sequence numbers and cookies. incremented by 1 with every new request message. These numbers are
randomly initialized at the beginning of the session, and verified
against expected numbers upon receipt. A message whose sequence
number is different than the expected one is silently discarded. In
addition to accomplishing orderly delivery of EAP messages and
duplicate elimination, this scheme also helps prevent an adversary
spoof messages to disturb ongoing PANA and EAP sessions unless it can
also eavesdrop to synchronize on the expected sequence number.
Since PAA and PaC are supposed to be one IP hop away, a simple TTL The PANA framework defines EP which is ideally located on a network
check can prevent off-link attacks. Furthermore, additional device that can filter traffic from the PaCs before the traffic
filtering can be enabled on the EPs. An EP may be able to filter enters the Internet. A set of filters can be used to discard
unauthorized PAA advertisements when they are received on the access unauthorized packets, such as a PANA-Start-Request message that is
side of the network where only PaCs are connected. received from the segment of the access network where only PaCs are
supposed to be connected.
The protocol also provides authentication and integrity protection to
PANA messages when the used EAP method can generate cryptographic
session keys. A PANA SA is generated based on the AAA-Key exported
by the EAP method. This SA is used for generating per-packet MAC to
protect the PANA header and payload (including the complete EAP
message).
The cryptographic protection prevents an adversary from acting as a
man-in-the-middle, injecting messages, replaying messages and
modifying the content of the exchanged messages. Any packet that
fails to pass the MAC verification is silently discarded. The
earliest this protection can be enabled is when the very first
PANA-Bind-Request that signals a successful authentication is
generated. Starting with the PANA-Bind-Request and PANA-Bind-Answer,
any subsequent PANA message until the session gets torn down can be
cryptographically protected.
The PANA SA enables authenticated and integrity protected exchange of
the device ID information between the PaC and PAA. This ensures
there were no man-in-the-middle during the PANA authentication.
The lifetime of the PANA SA is bounded by the AAA-authorized session
lifetime with an additional tolerance period. Unless PANA state is
updated by executing another EAP authentication, the PANA SA is
removed when the current session expires.
The ability to use cryptographic protection within PANA is determined
by the used EAP method, which is generally dictated by the deployment
environment. Insecure lower-layers necessitate use of key-generating
EAP methods. In networks where lower-layers are already secured,
cryptographic protection of PANA messages is not necessary.
11.2 Discovery
The discovery and handshake phase is vulnerable to spoofing attacks
as these messages are not authenticated and integrity protected. In
order to prevent very basic denial-of service attacks an adversary
should not be able to cause state creation by sending discovery
messages to the PAA. This protection is achieved by using a
cookie-based scheme (similar to [RFC2522] which allows the responder
(PAA) to be stateless in the first round of message exchange. A
return-routability test does not provide additional protection as
PANA traffic is not routed but simply forwarded on-link. It is
difficult to prevent this threat entirely.
In networks where lower-layers are not secured prior to running PANA, In networks where lower-layers are not secured prior to running PANA,
the capability discovery enabled through inclusion of the capability discovery enabled through inclusion of
Protection-Capability and Post-PANA-Address-Configuration AVPs in Protection-Capability and Post-PANA-Address-Configuration AVPs in a
PANA-Start-Request message is susceptible to spoofing. Therefore, PANA-Start-Request message is susceptible to spoofing leading to
usage of these AVPs during the discovery phase in such insecure denial-of service attacks. Therefore, usage of these AVPs during the
networks is NOT RECOMMENDED. The same AVPs are delivered via an discovery and handshake phase in such insecure networks is NOT
integrity-protected PANA-Bind-Request upon successful authentication. RECOMMENDED. The same AVPs are delivered via an integrity-protected
PANA-Bind-Request upon successful authentication.
b) EAP over PANA message exchange
The EAP derived session key is used to create a PANA security 11.3 EAP Methods
association. Since the execution of an EAP method might require a
large number of roundtrips and no other session key is available it
is not possible to secure the EAP message exchange itself. Hence an
adversary can both eavesdrop the EAP messages and is also able to
inject arbitrary messages which might confuse both the EAP peer on
PaC and the EAP authenticator or authentication server on the PAA.
The threats caused by this ability heavily depend on the EAP state
machine. Since especially the PAA is not allowed to discard packets
and packets have to be stored or forwarded to an AAA infrastructure
some risk of DoS attacks exists.
Eavesdropping EAP packets might cause problems when (a) the EAP Eavesdropping EAP packets might cause problems when the EAP method is
method is weak and enables dictionary or replay attacks or even weak and enables dictionary or replay attacks or even allows an
allows an adversary to learn the long-term password directly. adversary to learn the long-term password directly. Furthermore, if
Furthermore, if the optional EAP Identity payload is used then it the optional EAP Identity payload is used then it allows the
allows the adversary to learn the identity of the PaC. In such a adversary to learn the identity of the PaC. In such a case a privacy
case a privacy problem is prevalent. problem is prevalent.
To prevent these threats, [I-D.ietf-pana-framework] suggests using To prevent these threats, [I-D.ietf-pana-framework] suggests using
proper EAP methods for particular environments. Depending on the proper EAP methods for particular environments. Depending on the
usage environment an EAP authentication has to be used for example deployment environment an EAP authentication which supports user
which supports user identity confidentiality, protection against identity confidentiality, protection against dictionary attacks and
dictionary attacks and session key establishment. It is therefore session key establishment must be used. It is therefore the
the responsibility of the network operators and end users to choose responsibility of the network operators and users to choose a proper
the proper EAP method. EAP method.
PANA does not protect the EAP method exchange, but provides ordered
delivery with sequence numbers. Sequence numbers and cookies provide
resistance against blind DoS attacks.
c) PANA SA establishment
Once the EAP message authentication is finished a fresh and unique 11.4 Separate NAP and ISP Authentication
session key is available to the PaC and the PAA. This assumes that
the EAP method allows session key derivation and that the generated
session key has a good quality. For further discussion about the
importance of the session key generation refer to the next subsection
(d) about compound authentication. The session key available for the
PaC is established as part of the authentication and key exchange
procedure of the selected EAP method. The PAA obtains the session
key via the AAA infrastructure (if used). Security issues raised
with this session key transport are described in
[I-D.ietf-eap-keying].
The establishment of a PANA SA is required in environments where no The PANA design allows running two separate EAP sessions for the same
physical or link layer security is available. The PANA SA allows PaC in a single authentication phase: one with the NAP, and one with
subsequently exchanged messages to experience cryptographic the ISP. The process of arriving at the resultant authorization,
protection. For the current version of the document an integrity which is a combination of the individual authorizations obtained from
object (MAC AVP) is defined which supports data-origin respective service providers, is outside the scope of this protocol.
authentication, replay protection based on sequence numbers and In the absence of lower-layer security, both authentications MUST be
integrity protection based on a keyed message digest. able to generate a AAA-Key, leading to generation of a PANA SA. The
Confidentiality protection is not provided. The session keys used resultant PANA SA cryptographically binds the two AAA-Keys together,
for this object have to be provided by the EAP method. For this hence it prevents man-in-the-middle attacks.
version of the document it is assumed that no negotiation of
algorithms and parameters takes place. Instead HMAC-SHA1 is used by
default. A different algorithm may be chosen by default in a future
version of the PANA protocol specification. The used algorithm is
indicated in the header of the Integrity object. To select the
security association for signaling message protection the Session ID
is conveyed. The keyed message digest included in the Integrity
object will include all fields of the PANA signaling message
including the sequence number fields of the packet.
The protection of subsequent signaling messages prevents an adversary 11.5 Cryptographic Keys
from acting as a man-in-the-middle adversary, from injecting packets,
from replaying messages and from modifying the content of the
exchanged packets. This prevents subsequently described threats.
If an entity (PAA or PaC) loses its state (especially the current When the EAP method exports a AAA-Key, this key is used to produce a
sequence number) then the entire PANA protocol has to be restarted. PANA SA with PANA_MAC_KEY with a distinct key ID. The PANA_MAC_KEY
No re-synchronization procedure is provided. is unique to the PANA session, and takes PANA-based nonce values into
computation to cryptographically separate itself from the AAA-Key.
The lifetime of the PANA SA has to be bound to the AAA-authorized The PANA_MAC_KEY is solely used for authentication and integrity
session lifetime with an additional tolerance period. Unless PANA protection of the PANA messages within the designated session.
state is updated by executing another EAP authentication, PANA SA is
removed when the current session expires. The lifetime of the PANA
SA has to be bound to the AAA-authorized session lifetime with an
additional tolerance period. Unless PANA state is updated by
executing another EAP authentication, PANA SA is removed when the
current session expires.
d) Enabling weak legacy authentication methods in insecure networks Two AAA-Keys may be generated as a result of separate NAP and ISP
Some of the authentication methods are not strong enough to be used authentication. In that case, the AAA-Key used with the PANA SA is
in insecure networks where attackers can easily eavesdrop and spoof the combination of both keys.
on the link. They may not be able to produce much needed keying
material either. An example would be using EAP-MD5 over wireless
links. Use of such legacy methods can be enabled by carrying them
over a secure channel. There are EAP methods which are specifically
designed for this purpose, such as EAP-TTLS
[I-D.ietf-pppext-eap-ttls],PEAP [I-D.josefsson-pppext-eap-tls-eap] or
EAP-IKEv2 [I-D.tschofenig-eap-ikev2]. PANA can carry these EAP
tunneling methods which can carry the legacy methods. PANA does not
do anything special for this case. The EAP tunneling method will
have to produce keying material for PANA SA when needed. There are
certain MitM vulnerabilities with tunneling EAP methods [mitm].
Solving these problems is outside the scope of PANA. The compound
authentication problem described in [I-D.puthenkulam-eap-binding] is
likely to be solved in EAP itself rather than in PANA.
e) Device Identifier exchange The PANA SA lifetime is bounded by the AAA-Key lifetime. Another
execution of EAP method yields in a new AAA-Key, and updates the PANA
SA, PANA_MAC_KEY and key ID.
As part of the authorization procedure a Device Identifier has to be Upon PaC's movement to a another PAA (new PAA) and request to perform
installed at the EP by the PAA. The PaC provides the Device a context transfer based optimization, the current PAA computes a
Identifier information to the PAA secured with the PANA SA. Section AAA-Key-int based on the AAA-Key, ID of new PAA, and the session ID.
6.2.4 of [I-D.ietf-pana-threats-eval] describes a threat where an This AAA-Key-int is delivered to the new PAA, and used in the
adversary modifies the Device Identifier to gain unauthorized access computation of AAA-Key-new, which further takes a pair of nonce
to the network. values into account. After this point on, the AAA-Key-new becomes
the AAA-Key between the PaC and the new PAA.
The installation of the Device Identifier at the EP (independently When link-layer or network-layer ciphering [I-D.ietf-pana-ipsec] is
whether the EP is co-located with the PAA or not) has to be enabled as a result of successful PANA authentication, a separate
accomplished in a secure manner. These threats are, however, not master key is generated based on the AAA-Key, session ID, key ID, and
part of the PANA protocol itself since the protocol is not PANA EP ID.
specific.
f) Triggering a data protection protocol The lifetime of this key is bounded by the lifetime of the PANA SA.
This key may be used with a secure association protocol
[I-D.ietf-ipsec-ikev2] to produce further cipher-specific and
transient keys.
Recent activities in the EAP working group try to create a common 11.6 Per-packet Ciphering
framework for key derivation which is described in
[I-D.ietf-eap-keying]. This framework is also relevant for PANA in
various ways. First, a PANA security association needs to be
created. Additionally it might be necessary to trigger a protocol
which allows link layer and network layer data protection to be
established. As an example see Section 1 of [I-D.ietf-eap-keying]
with [802.11i] and [802.11] as an example. Furthermore, a derived
session key might help to create the pre-requisites for network-layer
protection (for example IPsec [I-D.ietf-pana-ipsec]).
As motivated in Section 6.4 of [I-D.ietf-pana-threats-eval] it might Networks that are not secured at the lower-layers prior to running
be necessary to establish either a link layer or a network layer PANA can rely on enabling per-packet data traffic ciphering upon
protection to prevent certain thefts in certain scenarios. successful PANA session establishment. The PANA framework allows
generation of a master key from AAA-Key for using with a per-packet
protection mechanism, such as link-layer or IPsec-based ciphering
[I-D.ietf-pana-ipsec]. In case the master key is not readily useful
to the ciphering mechanism, an additional secure association protocol
[I-D.ietf-ipsec-ikev2] may be needed to produce the required keying
material. These mechanisms ultimately establish a cryptographic
binding between the data traffic generated by and for a client and
the authenticated identity of the client. Data traffic must be
minimally data origin authenticated, replay and integrity protected,
and optionally encrypted.
Threats specific to the establishment of a link layer or a network 11.7 PAA-to-EP Communication
layer security association are outside the scope of PANA. The
interested reader should refer to the relevant working groups such as
IPsec or Midcom.
g) Liveness test The PANA framework allows separation of PAA from EP(s). SNMPv3
[I-D.ietf-pana-snmp] is used between the the PAA and EP for
provisioning authorized PaC information on the EP. This exchange
MUST be always physically or cryptographically protected for
authentication, integrity and replay protection. It MUST also be
privacy-protected when per-PaC master key for per-packet ciphering is
transmitted to the EP.
Network access authentication is done for a very specific purpose and The per-packet ciphering master key MUST be unique to the PaC and EP
often charging procedures are involved which allow restricting pair. The session ID and EP's device ID are taken into computation
network resource usage based on some policies. In mobile for achieving this effect [I-D.ietf-pana-ipsec]. Compromise of an EP
environments it is always possible that an end host suddenly does not automatically lead to compromise of another EP or the PAA.
disconnects without transmitting a disconnect message. Operators are
generally motivated to detect a disconnected end host as soon as
possible in order to release resources (i.e., garbage collection).
The PAA can remove per-session state information including installed
security association, packet filters, etc.
Different procedures can be used for disconnect indication. PANA 11.8 Livenes Test
cannot assume link-layer disconnect indication. Hence this
functionality has to be provided at a higher layer. With this
version of the draft we suggest to apply the soft-state principle
found at other protocols (such as RSVP). Soft-state means that
session state is kept alive as long as refresh messages refresh the
state. If no new refresh messages are provided then the state
automatically times out and resources are released. This process
includes stopping accounting procedures.
A PANA session is associated with a session lifetime. The session is A PANA session is associated with a session lifetime. The session is
terminated unless it is refreshed by a new round of EAP terminated unless it is refreshed by a new round of EAP
authentication before it expires. Therefore, at the latest a authentication before it expires. Therefore, at the latest a
disconnected client can be detected when its lifetime expires. A disconnected client can be detected when its lifetime expires. A
disconnect may also be detected earlier by using PANA disconnect may also be detected earlier by using PANA ping messages.
reauthentication messages. A request message can be generated by A request message can be generated by either PaC or PAA at any time
either PaC or PAA at any time and the peer must respond with an and the peer must respond with an answer message. A successful
answer message. A successful round-trip of this exchange is a simple round-trip of this exchange is a simple verification that the peer is
verification that the peer is alive. This test can be engaged when alive. This test can be engaged when there is a possibility that the
there is a possibility that the peer might have disconnected (e.g., peer might have disconnected (e.g., after discontinuation of data
after discontinuation of data traffic). Periodic use of this traffic). Periodic use of this exchange as a keep-alive requires
exchange as a keep-alive requires additional care as it might result additional care as it might result in congestion and hence false
in congestion and hence false alarms. This exchange is alarms. This exchange is cryptographically protected when a PANA SA
cryptographically protected when PANA SA is available in order to is available in order to prevent threats associated with the abuse of
prevent threats associated with the abuse of this functionality. this functionality.
h) Tear-Down message
The PANA protocol supports the ability for both the PaC and the PAA
to transmit a tear-down message. This message causes state removal,
a stop of the accounting procedure and removes the installed packet
filters.
It is obvious that such a message must be protected to prevent an
adversary from deleting state information and thereby causing denial
of service attacks.
i) Mobility optimization 11.9 Mobility Optimization
The mobility optimization described in Section 4.12 involves the The mobility optimization described in Section 4.12 involves the
previous PAA providing a AAA-Key to the current PAA of the PaC. previous PAA providing a AAA-Key to the current PAA of the PaC.
There are security risks stemming from potential compromise of PAAs. There are security risks stemming from potential compromise of PAAs.
Compromise of the current PAA does not yield compromise of the Compromise of the current PAA does not yield compromise of the
previous PAA, as AAA-Key cannot be computed from a compromised previous PAA, as AAA-Key cannot be computed from a compromised
AAA-Key-new. But a compromised previous PAA along with the AAA-Key-new. But a compromised previous PAA along with the
intercepted nonce values leads to the compromise of AAA-Key-new. intercepted nonce values on the current link leads to the compromise
Operators should be aware of the potential risk of using this of AAA-Key-new. Operators should be aware of the potential risk of
optimization. An operator can reduce the risk exposure by forcing using this optimization. An operator can reduce the risk exposure by
the PaC to perform an EAP-based authentication immediately after the forcing the PaC to perform an EAP-based authentication immediately
optimized PANA execution. after the PaC gains access to new link via the optimized PANA
execution.
j) Updating PaC's address
An attacker can generate a PANA-Update-Request with an IP-Address
AVP. There are several threats:
o An attacker spoofs an address and registers itself with the
address. If the registered address is not assigned to any PaC,
subsequent PANA messages sent from the PAA to the attacker will
not reach any node and this is not a significant harm. If the
registered address is assigned to some PaC, subsequent PANA
messages sent from the PAA to the attacker will reach the PaC, but
will be silently discarded because the Session-Id is different.
o An attacker registers other PaC with any address. As a result,
subsequent PANA messages sent from the PAA to the PaC will not
reach the PaC.
To avoid all those attacks against an address update, an additional
mechanism may be defined outside the PANA protocol for the PAA to
validate ownership of the address.
10. Open Issues and Change History
A list of open issues is maintained at [2].
Issues incorporated in PANA-01 June 2003: 1, 3, 10, 5, 6, 7 and 11.
Issues incorporated in PANA-02 October 2003: 8, 17, 18, 19, 20, 21, 11.10 Updating PaC's IP Address
22, 23, 24, 25, 26, 30, 31, 32 and 33.
Issues incorporated in PANA-03 February 2004: 2, 16, 34, 35, 36, 38, Even though the IP-Address AVP in a PANA-Update-Request can be
39, 40, 42, 43, 44, 50, 51 and 60. cryptographically protected by the MAC AVP, there is not way to prove
the ownership of the IP address presented by the PaC. Hence an
authorized PaC can launch a redirect attack by spoofing a victim's IP
address.
Issues incorporated in PANA-04 May 2004: 28, 52, 53, 56, 57, 58, 59, 11.11 Early Termination of a Session
61, 62, 63, 64, 65, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80 and 83.
Issues incorporated in PANA-05 July 2004: 84, 85, 91, 92, 93, 96, 97, The PANA protocol supports the ability for both the PaC and the PAA
98, 99, 100, 103 and 107. to transmit a tear-down message before the session lifetime expires.
This message causes state removal, a stop of the accounting procedure
and removes the installed per-PaC state on the EP(s). This message
is cryptographically protected when PANA SA is present.
11. Acknowledgments 12. Acknowledgments
We would like to thank Jari Arkko, Mohan Parthasarathy, Julien We would like to thank Jari Arkko, Mohan Parthasarathy, Julien
Bournelle, Rafael Marin Lopez, Pasi Eronen, Randy Turner, Erik Bournelle, Rafael Marin Lopez, Pasi Eronen, Randy Turner, Erik
Nordmark and all members of the PANA working group for their valuable Nordmark and all members of the PANA working group for their valuable
comments to this document. comments to this document.
12. References 13. References
12.1 Normative References 13.1 Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2131] Droms, R., "Dynamic Host Configuration Protocol", RFC [RFC2131] Droms, R., "Dynamic Host Configuration Protocol", RFC
2131, March 1997. 2131, March 1997.
[RFC1982] Elz, R. and R. Bush, "Serial Number Arithmetic", RFC 1982,
August 1996.
[RFC2988] Paxson, V. and M. Allman, "Computing TCP's Retransmission [RFC2988] Paxson, V. and M. Allman, "Computing TCP's Retransmission
Timer", RFC 2988, November 2000. Timer", RFC 2988, November 2000.
[RFC2234] Crocker, D. and P. Overell, "Augmented BNF for Syntax [RFC2234] Crocker, D. and P. Overell, "Augmented BNF for Syntax
Specifications: ABNF", RFC 2234, November 1997. Specifications: ABNF", RFC 2234, November 1997.
[RFC3588] Calhoun, P., Loughney, J., Guttman, E., Zorn, G. and J. [RFC3588] Calhoun, P., Loughney, J., Guttman, E., Zorn, G. and J.
Arkko, "Diameter Base Protocol", RFC 3588, September 2003. Arkko, "Diameter Base Protocol", RFC 3588, September 2003.
[RFC2462] Thomson, S. and T. Narten, "IPv6 Stateless Address [RFC2462] Thomson, S. and T. Narten, "IPv6 Stateless Address
skipping to change at page 71, line 47 skipping to change at page 71, line 44
[RFC3456] Patel, B., Aboba, B., Kelly, S. and V. Gupta, "Dynamic [RFC3456] Patel, B., Aboba, B., Kelly, S. and V. Gupta, "Dynamic
Host Configuration Protocol (DHCPv4) Configuration of Host Configuration Protocol (DHCPv4) Configuration of
IPsec Tunnel Mode", RFC 3456, January 2003. IPsec Tunnel Mode", RFC 3456, January 2003.
[RFC3748] Aboba, B., Blunk, L., Vollbrecht, J., Carlson, J. and H. [RFC3748] Aboba, B., Blunk, L., Vollbrecht, J., Carlson, J. and H.
Levkowetz, "Extensible Authentication Protocol (EAP)", RFC Levkowetz, "Extensible Authentication Protocol (EAP)", RFC
3748, June 2004. 3748, June 2004.
[I-D.ietf-eap-keying] [I-D.ietf-eap-keying]
Aboba, B., "Extensible Authentication Protocol (EAP) Key Aboba, B., "Extensible Authentication Protocol (EAP) Key
Management Framework", draft-ietf-eap-keying-02 (work in Management Framework", draft-ietf-eap-keying-03 (work in
progress), June 2004. progress), July 2004.
[IANA] Narten, T. and H. Alvestrand, "Guidelines for Writing an [IANA] Narten, T. and H. Alvestrand, "Guidelines for Writing an
IANA Considerations Section in RFCs", BCP 26, RFC 2434, IANA Considerations Section in RFCs", BCP 26, RFC 2434,
October 1998. October 1998.
12.2 Informative References 13.2 Informative References
[I-D.ietf-pana-requirements] [I-D.ietf-pana-requirements]
Yegin, A. and Y. Ohba, "Protocol for Carrying Yegin, A. and Y. Ohba, "Protocol for Carrying
Authentication for Network Access (PANA)Requirements", Authentication for Network Access (PANA)Requirements",
draft-ietf-pana-requirements-08 (work in progress), June draft-ietf-pana-requirements-09 (work in progress), August
2004. 2004.
[I-D.ietf-aaa-eap]
Eronen, P., Hiller, T. and G. Zorn, "Diameter Extensible
Authentication Protocol (EAP) Application",
draft-ietf-aaa-eap-08 (work in progress), June 2004.
[I-D.puthenkulam-eap-binding]
Puthenkulam, J., "The Compound Authentication Binding
Problem", draft-puthenkulam-eap-binding-04 (work in
progress), October 2003.
[RFC2522] Karn, P. and W. Simpson, "Photuris: Session-Key Management [RFC2522] Karn, P. and W. Simpson, "Photuris: Session-Key Management
Protocol", RFC 2522, March 1999. Protocol", RFC 2522, March 1999.
[I-D.ietf-pana-threats-eval] [I-D.ietf-pana-threats-eval]
Parthasarathy, M., "Protocol for Carrying Authentication Parthasarathy, M., "Protocol for Carrying Authentication
and Network Access Threat Analysis and Security and Network Access Threat Analysis and Security
Requirements", draft-ietf-pana-threats-eval-06 (work in Requirements", draft-ietf-pana-threats-eval-07 (work in
progress), June 2004. progress), August 2004.
[I-D.ietf-pana-ipsec] [I-D.ietf-pana-ipsec]
Parthasarathy, M., "PANA enabling IPsec based Access Parthasarathy, M., "PANA enabling IPsec based Access
Control", draft-ietf-pana-ipsec-03 (work in progress), May Control", draft-ietf-pana-ipsec-04 (work in progress),
2004. September 2004.
[I-D.ietf-pana-framework] [I-D.ietf-pana-framework]
Jayaraman, P., "PANA Framework", Jayaraman, P., "PANA Framework",
draft-ietf-pana-framework-00 (work in progress), May 2004. draft-ietf-pana-framework-02 (work in progress), September
2004.
[I-D.ietf-pana-snmp] [I-D.ietf-pana-snmp]
Mghazli, Y., Ohba, Y. and J. Bournelle, "SNMP usage for Mghazli, Y., Ohba, Y. and J. Bournelle, "SNMP usage for
PAA-2-EP interface", draft-ietf-pana-snmp-00 (work in PAA-2-EP interface", draft-ietf-pana-snmp-01 (work in
progress), April 2004. progress), July 2004.
[I-D.irtf-aaaarch-handoff] [I-D.irtf-aaaarch-handoff]
Arbaugh, W. and B. Aboba, "Experimental Handoff Extension Arbaugh, W. and B. Aboba, "Experimental Handoff Extension
to RADIUS", draft-irtf-aaaarch-handoff-04 (work in to RADIUS", draft-irtf-aaaarch-handoff-04 (work in
progress), November 2003. progress), November 2003.
[I-D.ietf-eap-statemachine] [I-D.ietf-eap-statemachine]
Vollbrecht, J., Eronen, P., Petroni, N. and Y. Ohba, Vollbrecht, J., Eronen, P., Petroni, N. and Y. Ohba,
"State Machines for Extensible Authentication Protocol "State Machines for Extensible Authentication Protocol
(EAP) Peer and Authenticator", (EAP) Peer and Authenticator",
draft-ietf-eap-statemachine-03 (work in progress), March draft-ietf-eap-statemachine-05 (work in progress),
2004. September 2004.
[I-D.ietf-seamoby-ctp] [I-D.ietf-seamoby-ctp]
Loughney, J., "Context Transfer Protocol", Loughney, J., "Context Transfer Protocol",
draft-ietf-seamoby-ctp-10 (work in progress), June 2004. draft-ietf-seamoby-ctp-11 (work in progress), August 2004.
[RFC2716] Aboba, B. and D. Simon, "PPP EAP TLS Authentication
Protocol", RFC 2716, October 1999.
[I-D.ietf-ipsec-ikev2] [I-D.ietf-ipsec-ikev2]
Kaufman, C., "Internet Key Exchange (IKEv2) Protocol", Kaufman, C., "Internet Key Exchange (IKEv2) Protocol",
draft-ietf-ipsec-ikev2-14 (work in progress), June 2004. draft-ietf-ipsec-ikev2-17 (work in progress), October
[I-D.josefsson-pppext-eap-tls-eap]
Josefsson, S., Palekar, A., Simon, D. and G. Zorn,
"Protected EAP Protocol (PEAP)",
draft-josefsson-pppext-eap-tls-eap-07 (work in progress),
October 2003.
[I-D.ietf-pppext-eap-ttls]
Funk, P. and S. Blake-Wilson, "EAP Tunneled TLS
Authentication Protocol (EAP-TTLS)",
draft-ietf-pppext-eap-ttls-04 (work in progress), April
2004. 2004.
[I-D.tschofenig-eap-ikev2]
Tschofenig, H. and D. Kroeselberg, "EAP IKEv2 Method
(EAP-IKEv2)", draft-tschofenig-eap-ikev2-03 (work in
progress), February 2004.
[ianaweb] IANA, "Number assignment", http://www.iana.org. [ianaweb] IANA, "Number assignment", http://www.iana.org.
[jb99] Juels, A. and J. Brainard, "Client Puzzles: A
Cryptographic Defense Against Connection Depletion
Attacks", Proceedings of NDSS '99 (Networks and
Distributed Security Systems), pages 151-165, 1999.
[mitm] Asokan, N., Niemi, V. and K. Nyberg, "Man-in-the-middle in
tunnelled authentication", In the Proceedings of the 11th
International Workshop on Security Protocols, Cambridge,
UK, April 2003.
[802.11i] Institute of Electrical and Electronics Engineers, "Draft
supplement to standard for telecommunications and
information exchange between systems - lan/man specific
requirements - part 11: Wireless medium access control
(mac) and physical layer (phy) specifications:
Specification for enhanced security", IEEE 802.11i/D10.0,
2004.
[802.11] Institute of Electrical and Electronics Engineers,
"Information technology - telecommunications and
information exchange between systems - local and
metropolitan area networks - specific requirements part
11: Wireless lan medium access control (mac) and physical
layer (phy) specifications", IEEE Standard 802.11,
1999(R2003).
[IANA-EXP] [IANA-EXP]
Narten, T., "Assigning Experimental and Testing Numbers Narten, T., "Assigning Experimental and Testing Numbers
Considered Useful", BCP 82, RFC 3692, January 2004. Considered Useful", BCP 82, RFC 3692, January 2004.
URIs
[1] <http://www.toshiba.com/tari/pana/sequence-number.txt>
[2] <http://danforsberg.info:8080/pana-issues/>
Authors' Addresses Authors' Addresses
Dan Forsberg Dan Forsberg
Nokia Research Center Nokia Research Center
P.O. Box 407 P.O. Box 407
FIN-00045 NOKIA GROUP FIN-00045 NOKIA GROUP
Finland Finland
Phone: +358 50 4839470 Phone: +358 50 4839470
EMail: dan.forsberg@nokia.com EMail: dan.forsberg@nokia.com
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/