--- 1/draft-ietf-pana-statemachine-07.txt 2008-12-04 19:12:03.000000000 +0100 +++ 2/draft-ietf-pana-statemachine-08.txt 2008-12-04 19:12:03.000000000 +0100 @@ -1,21 +1,21 @@ PANA Working Group V. Fajardo, Ed. Internet-Draft Y. Ohba -Expires: April 25, 2009 TARI +Expires: June 7, 2009 TARI R. Lopez Univ. of Murcia - October 22, 2008 + December 4, 2008 State Machines for Protocol for Carrying Authentication for Network Access (PANA) - draft-ietf-pana-statemachine-07 + draft-ietf-pana-statemachine-08 Status of this Memo By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that @@ -26,80 +26,81 @@ and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. - This Internet-Draft will expire on April 25, 2009. + This Internet-Draft will expire on June 7, 2009. Abstract This document defines the conceptual state machines for the Protocol for Carrying Authentication for Network Access (PANA). The state machines consist of the PANA Client (PaC) state machine and the PANA Authentication Agent (PAA) state machine. The two state machines show how PANA can interface with the EAP state machines. The state machines and associated model are informative only. Implementations may achieve the same results using different methods. Table of Contents - 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 - 2. Interface Between PANA and EAP . . . . . . . . . . . . . . . . 5 - 3. Document Authority . . . . . . . . . . . . . . . . . . . . . . 7 - 4. Notations . . . . . . . . . . . . . . . . . . . . . . . . . . 8 - 5. Common Rules . . . . . . . . . . . . . . . . . . . . . . . . . 10 - 5.1. Common Procedures . . . . . . . . . . . . . . . . . . . . 10 - 5.2. Common Variables . . . . . . . . . . . . . . . . . . . . . 12 - 5.3. Constants . . . . . . . . . . . . . . . . . . . . . . . . 14 - 5.4. Common Message Initialization Rules . . . . . . . . . . . 14 - 5.5. Common Retransmition Rules . . . . . . . . . . . . . . . . 14 - 5.6. Common State Transitions . . . . . . . . . . . . . . . . . 14 - 6. PaC State Machine . . . . . . . . . . . . . . . . . . . . . . 16 - 6.1. Interface between PaC and EAP Peer . . . . . . . . . . . . 16 - 6.1.1. Delivering EAP Messages from PaC to EAP Peer . . . . . 16 - 6.1.2. Delivering EAP Messages from EAP Peer to PaC . . . . . 16 - 6.1.3. EAP Restart Notification from PaC to EAP Peer . . . . 16 - 6.1.4. EAP Authentication Result Notification from EAP - Peer to PaC . . . . . . . . . . . . . . . . . . . . . 17 - 6.1.5. Alternate Failure Notification from PaC to EAP Peer . 17 - 6.2. Constants . . . . . . . . . . . . . . . . . . . . . . . . 17 - 6.3. Variables . . . . . . . . . . . . . . . . . . . . . . . . 17 - 6.4. Procedures . . . . . . . . . . . . . . . . . . . . . . . . 18 - 6.5. PaC State Transition Table . . . . . . . . . . . . . . . . 18 - 7. PAA State Machine . . . . . . . . . . . . . . . . . . . . . . 24 - 7.1. Interface between PAA and EAP Authenticator . . . . . . . 24 - 7.1.1. EAP Restart Notification from PAA to EAP - Authenticator . . . . . . . . . . . . . . . . . . . . 24 - 7.1.2. Delivering EAP Responses from PAA to EAP - Authenticator . . . . . . . . . . . . . . . . . . . . 24 - 7.1.3. Delivering EAP Messages from EAP Authenticator to - PAA . . . . . . . . . . . . . . . . . . . . . . . . . 24 + 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 5 + 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 6 + 3. Interface Between PANA and EAP . . . . . . . . . . . . . . . . 7 + 4. Document Authority . . . . . . . . . . . . . . . . . . . . . . 9 + 5. Notations . . . . . . . . . . . . . . . . . . . . . . . . . . 10 + 6. Common Rules . . . . . . . . . . . . . . . . . . . . . . . . . 12 + 6.1. Common Procedures . . . . . . . . . . . . . . . . . . . . 12 + 6.2. Common Variables . . . . . . . . . . . . . . . . . . . . . 14 + 6.3. Constants . . . . . . . . . . . . . . . . . . . . . . . . 16 + 6.4. Common Message Initialization Rules . . . . . . . . . . . 16 + 6.5. Common Retransmition Rules . . . . . . . . . . . . . . . . 16 + 6.6. Common State Transitions . . . . . . . . . . . . . . . . . 16 + 7. PaC State Machine . . . . . . . . . . . . . . . . . . . . . . 18 + 7.1. Interface between PaC and EAP Peer . . . . . . . . . . . . 18 + 7.1.1. Delivering EAP Messages from PaC to EAP Peer . . . . . 18 + 7.1.2. Delivering EAP Messages from EAP Peer to PaC . . . . . 18 + 7.1.3. EAP Restart Notification from PaC to EAP Peer . . . . 18 7.1.4. EAP Authentication Result Notification from EAP - Authenticator to PAA . . . . . . . . . . . . . . . . . 24 - 7.2. Variables . . . . . . . . . . . . . . . . . . . . . . . . 25 - 7.3. Procedures . . . . . . . . . . . . . . . . . . . . . . . . 26 - 7.4. PAA State Transition Table . . . . . . . . . . . . . . . . 26 - 8. Implementation Considerations . . . . . . . . . . . . . . . . 31 - 8.1. PAA and PaC Interface to Service Management Entity . . . . 31 - 9. Security Considerations . . . . . . . . . . . . . . . . . . . 32 - 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 33 - 11. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 34 - 12. References . . . . . . . . . . . . . . . . . . . . . . . . . . 35 - 12.1. Normative References . . . . . . . . . . . . . . . . . . . 35 - 12.2. Informative References . . . . . . . . . . . . . . . . . . 35 - Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 36 - Intellectual Property and Copyright Statements . . . . . . . . . . 37 + Peer to PaC . . . . . . . . . . . . . . . . . . . . . 19 + 7.1.5. Alternate Failure Notification from PaC to EAP Peer . 19 + 7.2. Constants . . . . . . . . . . . . . . . . . . . . . . . . 19 + 7.3. Variables . . . . . . . . . . . . . . . . . . . . . . . . 19 + 7.4. Procedures . . . . . . . . . . . . . . . . . . . . . . . . 20 + 7.5. PaC State Transition Table . . . . . . . . . . . . . . . . 20 + 8. PAA State Machine . . . . . . . . . . . . . . . . . . . . . . 26 + 8.1. Interface between PAA and EAP Authenticator . . . . . . . 26 + 8.1.1. EAP Restart Notification from PAA to EAP + Authenticator . . . . . . . . . . . . . . . . . . . . 26 + 8.1.2. Delivering EAP Responses from PAA to EAP + Authenticator . . . . . . . . . . . . . . . . . . . . 26 + 8.1.3. Delivering EAP Messages from EAP Authenticator to + PAA . . . . . . . . . . . . . . . . . . . . . . . . . 26 + 8.1.4. EAP Authentication Result Notification from EAP + Authenticator to PAA . . . . . . . . . . . . . . . . . 26 + 8.2. Variables . . . . . . . . . . . . . . . . . . . . . . . . 27 + 8.3. Procedures . . . . . . . . . . . . . . . . . . . . . . . . 28 + 8.4. PAA State Transition Table . . . . . . . . . . . . . . . . 28 + 9. Implementation Considerations . . . . . . . . . . . . . . . . 33 + 9.1. PAA and PaC Interface to Service Management Entity . . . . 33 + 10. Security Considerations . . . . . . . . . . . . . . . . . . . 34 + 11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 35 + 12. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 36 + 13. References . . . . . . . . . . . . . . . . . . . . . . . . . . 37 + 13.1. Normative References . . . . . . . . . . . . . . . . . . . 37 + 13.2. Informative References . . . . . . . . . . . . . . . . . . 37 + Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 38 + Intellectual Property and Copyright Statements . . . . . . . . . . 39 1. Introduction This document defines the state machines for Protocol Carrying Authentication for Network Access (PANA) [RFC5191]. There are state machines for the PANA client (PaC) and for the PANA Authentication Agent (PAA). Each state machine is specified through a set of variables, procedures and a state transition table. A PANA protocol execution consists of several exchanges to carry @@ -117,28 +118,32 @@ The details of EAP state machines are out of the scope of this document. Additional information can be found in [RFC4137]. Nevertheless PANA state machines presented here have been coordinated with state machines shown by [RFC4137]. This document, apart from defining PaC and PAA state machines and their interfaces to EAP state machines (running on top of PANA), provides some implementation considerations, taking into account that it is not a specification but an implementation guideline. -2. Interface Between PANA and EAP +2. Terminology + + This document reuses the terminology used in [RFC5191]. + +3. Interface Between PANA and EAP PANA carries EAP messages exchanged between an EAP peer and an EAP authenticator (see Figure 1). Thus a PANA state machine interacts with an EAP state machine. Two state machines are defined in this document : the PaC state - machine (see Section 6) and the PAA state machine (see Section 7). + machine (see Section 7) and the PAA state machine (see Section 8). The definition of each state machine consists of a set of variables, procedures and a state transition table. A subset of these variables and procedures defines the interface between a PANA state machine and an EAP state machine and the state transition table defines the PANA state machine behavior based on results obtained through them. On the one hand, the PaC state machine interacts with an EAP peer state machine in order to carry out the PANA protocol on the PaC side. On the other hand, the PAA state machine interacts with an EAP authenticator state machine to run the PANA protocol on the PAA side. @@ -179,27 +184,27 @@ and only the first three interfaces are of interest to PANA. The second and third interfaces are the same. In this regard, the EAP standalone authenticator or the EAP full authenticator and its state machine in [RFC4137] are referred to as the EAP authenticator and the EAP authenticator state machine, respectively, in this document. If an EAP peer and an EAP authenticator follow the state machines defined in [RFC4137], the interfaces between PANA and EAP could be based on that document. Detailed definition of interfaces between PANA and EAP are described in the subsequent sections. -3. Document Authority +4. Document Authority When a discrepancy occurs between any part of this document and any of the related documents ([RFC5191], [RFC4137] the latter (the other documents) are considered authoritative and takes precedence. -4. Notations +5. Notations The following state transition tables are completed mostly based on the conventions specified in [RFC4137]. The complete text is described below. State transition tables are used to represent the operation of the protocol by a number of cooperating state machines each comprising a group of connected, mutually exclusive states. Only one state of each machine can be active at any given time. @@ -239,31 +244,31 @@ (including exit conditions defined for the wildcard state) are evaluated until an exit condition for that state is met. Any event variable is set to TRUE when the corresponding event occurs and set to FALSE immediately after completion of the action associated with the current state and the event. The interpretation of the special symbols and operators used is defined in [RFC4137]. -5. Common Rules +6. Common Rules There are following procedures, variables, message initializing rules and state transitions that are common to both the PaC and PAA state machines. Throughout this document, the character string "PANA_MESSAGE_NAME" matches any one of the abbreviated PANA message names, i.e., "PCI", "PAR", "PAN", "PTR", "PTA", "PNR", "PNA". -5.1. Common Procedures +6.1. Common Procedures void None() A null procedure, i.e., nothing is done. void Disconnect() A procedure to delete the PANA session as well as the corresponding EAP session and authorization state. @@ -273,38 +278,38 @@ TRUE if authorization is successful. Otherwise, it returns FALSE. It is assumed that Authorize() procedure of PaC state machine always returns TRUE. In the case that a non-key-generating EAP method is used but a PANA SA is required after successful authentication (generate_pana_sa() returns TRUE), Authorize() procedure must return FALSE. void Tx:PANA_MESSAGE_NAME[flag](AVPs) A procedure to send a PANA message to its peering PANA entity. - The "flag" argment contains a flag (e.g., Tx:PAR[C]) to be set to + The "flag" argument contains a flag (e.g., Tx:PAR[C]) to be set to the message, except for 'R' (Request) flag. The "AVPs" contains a list of names of optional AVPs to be inserted in the message, except for AUTH AVP. This procedure includes the following action before actual transmission: if (flag==S) PANA_MESSAGE_NAME.S_flag=Set; if (flag==C) PANA_MESSAGE_NAME.C_flag=Set; if (flag==A) PANA_MESSAGE_NAME.A_flag=Set; if (flag==P) PANA_MESSAGE_NAME.P_flag=Set; PANA_MESSAGE_NAME.insert_avp(AVPs); - if (key_availble()) + if (key_available()) PANA_MESSAGE_NANE.insert_avp("AUTH"); void TxEAP() A procedure to send an EAP message to the EAP state machine it interfaces to. void RtxTimerStart() A procedure to start the retransmission timer, reset RTX_COUNTER @@ -357,25 +362,25 @@ PAA in PAR[S] message. For the PAA, it is used to indicate whether a PRF and Integrity algorithm AVPs will be sent in the PAR[S]. This procedure will return true if a PANA SA will be generated. Otherwise, it returns FALSE. boolean key_available() A procedure to check whether the PANA session has a PANA_AUTH_KEY. If the state machine already has a PANA_AUTH_KEY, it returns TRUE. If the state machine does not have a PANA_AUTH_KEY, it tries to - retrieve a AAA-Key from the EAP entity. If a AAA-Key is - retrieved, it computes a PANA_AUTH_KEY from the AAA-Key and - returns TRUE. Otherwise, it returns FALSE. + retrieve an MSK from the EAP entity. If an MSK is retrieved, it + computes a PANA_AUTH_KEY from the MSK and returns TRUE. + Otherwise, it returns FALSE. -5.2. Common Variables +6.2. Common Variables PAR.RESULT_CODE This variable contains the Result-Code AVP value in the PANA-Auth- Request message in process. When this variable carries PANA_SUCCESS it is assumed that the PAR message always contains an EAP-Payload AVP which carries an EAP-Success message. NONCE_SENT @@ -426,53 +431,53 @@ Session-Lifetime AVP if present in the last PANA-Auth-Request message in the case of the PaC. Otherwise, it is assumed that the value is infinite and therefore has no expiration. Expiration of LIFETIME_SESS_TIMEOUT will cause the event variable SESS_TIMEOUT to be set. ANY This event variable is set to TRUE when any event occurs. -5.3. Constants +6.3. Constants RTX_MAX_NUM Configurable maximum for how many retransmissions should be attempted before aborting. -5.4. Common Message Initialization Rules +6.4. Common Message Initialization Rules When a message is prepared for sending, it is initialized as follows: o For a request message, R-flag of the header is set. Otherwise, R-flag is not set. o Other message header flags are not set. They are set explicitly by specific state machine actions. o AVPs that are mandatory included in a message are inserted with appropriate values set. -5.5. Common Retransmition Rules +6.5. Common Retransmition Rules The state machines defined in this document assumes that the PaC and the PAA caches the last transmitted answer message. This scheme is described in Sec 5.2 of [RFC5191]. When the PaC or PAA receives a re-transmitted or duplicate request, it would be able to re-send the corresponding answer without any aid from the EAP layer. However, to simplify the state machine description, this caching scheme is omitted in the state machines below. In the case that there is not corresponding answer to a re-transmitted request, the request will be handled by the corresponding statemachine. -5.6. Common State Transitions +6.6. Common State Transitions The following transitions can occur at any state with exemptions explicitly noted. ---------- State: ANY ---------- Exit Condition Exit Action Exit State ------------------------+--------------------------+------------ @@ -503,100 +508,100 @@ ------------- State: CLOSED ------------- Exit Condition Exit Action Exit State ------------------------+--------------------------+------------ - - - - - - - -(Catch all event on closed state) - - - - - - - - ANY None(); CLOSED - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -6. PaC State Machine +7. PaC State Machine -6.1. Interface between PaC and EAP Peer +7.1. Interface between PaC and EAP Peer This interface defines the interactions between a PaC and an EAP peer. The interface serves as a mechanism to deliver EAP messages for the EAP peer. It allows the EAP peer to receive EAP requests and send EAP responses via the PaC. It also provides a mechanism to notify the EAP peer of PaC events and a mechanism to receive notification of EAP peer events. The EAP message delivery mechanism as well as the event notification mechanism in this interface have direct correlation with the PaC state transition table entries. These message delivery and event notifications mechanisms occur only within the context of their associated states or exit actions. -6.1.1. Delivering EAP Messages from PaC to EAP Peer +7.1.1. Delivering EAP Messages from PaC to EAP Peer TxEAP() procedure in the PaC state machine serves as the mechanism to deliver EAP messages contained in PANA-Auth-Request messages to the EAP peer. This procedure is enabled only after an EAP restart event is notified to the EAP peer and before any event resulting in a termination of the EAP peer session. In the case where the EAP peer follows the EAP peer state machine defined in [RFC4137], TxEAP() procedure sets eapReq variable of the EAP peer state machine and puts the EAP request in eapReqData variable of the EAP peer state machine. -6.1.2. Delivering EAP Messages from EAP Peer to PaC +7.1.2. Delivering EAP Messages from EAP Peer to PaC An EAP message is delivered from the EAP peer to the PaC via EAP_RESPONSE event variable. The event variable is set when the EAP peer passes the EAP message to its lower-layer. In the case where the EAP peer follows the EAP peer state machine defined in [RFC4137], EAP_RESPONSE event variable refers to eapResp variable of the EAP peer state machine and the EAP message is contained in eapRespData variable of the EAP peer state machine. -6.1.3. EAP Restart Notification from PaC to EAP Peer +7.1.3. EAP Restart Notification from PaC to EAP Peer The EAP peer state machine defined in [RFC4137] has an initialization procedure before receiving an EAP message. To initialize the EAP state machine, the PaC state machine defines an event notification mechanism to send an EAP (re)start event to the EAP peer. The event notification is done via EAP_Restart() procedure in the initialization action of the PaC state machine. -6.1.4. EAP Authentication Result Notification from EAP Peer to PaC +7.1.4. EAP Authentication Result Notification from EAP Peer to PaC In order for the EAP peer to notify the PaC of an EAP authentication result, EAP_SUCCESS and EAP_FAILURE event variables are defined. In the case where the EAP peer follows the EAP peer state machine defined in [RFC4137], EAP_SUCCESS and EAP_FAILURE event variables refer to eapSuccess and eapFail variables of the EAP peer state machine, respectively. In this case, if EAP_SUCCESS event variable - is set to TRUE and a AAA-Key is generated by the EAP authentication + is set to TRUE and an MSK is generated by the EAP authentication method in use, eapKeyAvailable variable is set to TRUE and eapKeyData - variable contains the AAA-Key. Note that EAP_SUCCESS and EAP_FAILURE + variable contains the MSK. Note that EAP_SUCCESS and EAP_FAILURE event variables may be set to TRUE even before the PaC receives a PAR with a 'Complete' flag set from the PAA. -6.1.5. Alternate Failure Notification from PaC to EAP Peer +7.1.5. Alternate Failure Notification from PaC to EAP Peer alt_reject() procedure in the PaC state machine serves as the mechanism to deliver an authentication failure event to the EAP peer without accompanying an EAP message. In the case where the EAP peer follows the EAP peer state machine defined in [RFC4137], alt_reject() procedure sets altReject variable of the EAP peer state machine. Note that the EAP peer state machine in [RFC4137] also defines altAccept variable, however, it is never used in PANA in which EAP- Success messages are reliably delivered by the last PANA-Auth exchange. -6.2. Constants +7.2. Constants FAILED_SESS_TIMEOUT Configurable value that allows the PaC to determine whether a PaC authentication and authorization phase has stalled without an explicit EAP success or failure notification. -6.3. Variables +7.3. Variables AUTH_USER This event variable is set to TRUE when initiation of EAP-based (re-)authentication is triggered by the application. EAP_SUCCESS This event variable is set to TRUE when the EAP peer determines that EAP conversation completes with success. @@ -613,21 +618,21 @@ received from the EAP peer. EAP_RESP_TIMEOUT This event variable is set to TRUE when the PaC that has passed an EAP message to the EAP-layer does not receive a subsequent EAP message from the the EAP-layer in a given period. This provides a time limit for certain EAP methods where user interaction maybe required. -6.4. Procedures +7.4. Procedures boolean eap_piggyback() This procedures returns TRUE to indicate whether the next EAP response will be carried in the pending PAN message for optimization. void alt_reject() This procedure informs the EAP peer of an authentication failure @@ -636,21 +641,21 @@ void EAP_RespTimerStart() A procedure to start a timer to receive an EAP-Response from the EAP peer. void EAP_RespTimerStop() A procedure to stop a timer to receive an EAP-Response from the EAP peer. -6.5. PaC State Transition Table +7.5. PaC State Transition Table ------------------------------ State: INITIAL (Initial State) ------------------------------ Initialization Action: NONCE_SENT=Unset; RTX_COUNTER=0; RtxTimerStop(); @@ -852,86 +857,86 @@ ---------------- State: SESS_TERM ---------------- Exit Condition Exit Action Exit State ------------------------+--------------------------+------------ - - - - - - - -(Session termination initiated by PaC) - - - - - Rx:PTA[] Disconnect(); CLOSED - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -7. PAA State Machine +8. PAA State Machine -7.1. Interface between PAA and EAP Authenticator +8.1. Interface between PAA and EAP Authenticator The interface between a PAA and an EAP authenticator provides a mechanism to deliver EAP messages for the EAP authenticator as well as a mechanism to notify the EAP authenticator of PAA events and to receive notification of EAP authenticator events. These message delivery and event notification mechanisms occur only within context of their associated states or exit actions. -7.1.1. EAP Restart Notification from PAA to EAP Authenticator +8.1.1. EAP Restart Notification from PAA to EAP Authenticator An EAP authenticator state machine defined in [RFC4137] has an initialization procedure before sending the first EAP request. To initialize the EAP state machine, the PAA state machine defines an event notification mechanism to send an EAP (re)start event to the - EAP peer. The event notification is done via EAP_Restart() procedure - in the initialization action of the PAA state machine. + EAP authenticator. The event notification is done via EAP_Restart() + procedure in the initialization action of the PAA state machine. -7.1.2. Delivering EAP Responses from PAA to EAP Authenticator +8.1.2. Delivering EAP Responses from PAA to EAP Authenticator TxEAP() procedure in the PAA state machine serves as the mechanism to deliver EAP-Responses contained in PANA-Auth-Answer messages to the EAP authenticator. This procedure is enabled only after an EAP restart event is notified to the EAP authenticator and before any event resulting in a termination of the EAP authenticator session. In the case where the EAP authenticator follows the EAP authenticator state machines defined in [RFC4137], TxEAP() procedure sets eapResp variable of the EAP authenticator state machine and puts the EAP response in eapRespData variable of the EAP authenticator state machine. -7.1.3. Delivering EAP Messages from EAP Authenticator to PAA +8.1.3. Delivering EAP Messages from EAP Authenticator to PAA An EAP request is delivered from the EAP authenticator to the PAA via EAP_REQUEST event variable. The event variable is set when the EAP authenticator passes the EAP request to its lower-layer. In the case where the EAP authenticator follows the EAP authenticator state machines defined in [RFC4137], EAP_REQUEST event variable refers to eapReq variable of the EAP authenticator state machine and the EAP request is contained in eapReqData variable of the EAP authenticator state machine. -7.1.4. EAP Authentication Result Notification from EAP Authenticator to +8.1.4. EAP Authentication Result Notification from EAP Authenticator to PAA In order for the EAP authenticator to notify the PAA of the EAP authentication result, EAP_SUCCESS, EAP_FAILURE and EAP_TIMEOUT event variables are defined. In the case where the EAP authenticator follows the EAP authenticator state machines defined in [RFC4137], EAP_SUCCESS, EAP_FAILURE and EAP_TIMEOUT event variables refer to eapSuccess, eapFail and eapTimeout variables of the EAP authenticator state machine, respectively. In this case, if EAP_SUCCESS event variable is set to TRUE, an EAP-Success message is contained in eapReqData variable of the EAP authenticator state machine, and additionally, eapKeyAvailable variable is set to TRUE and eapKeyData - variable contains a AAA-Key if the AAA-Key is generated as a result - of successful authentication by the EAP authentication method in use. + variable contains an MSK if the MSK is generated as a result of + successful authentication by the EAP authentication method in use. Similarly, if EAP_FAILURE event variable is set to TRUE, an EAP- Failure message is contained in eapReqData variable of the EAP authenticator state machine. The PAA uses EAP_SUCCESS, EAP_FAILURE and EAP_TIMEOUT event variables as a trigger to send a PAR message to the PaC. -7.2. Variables +8.2. Variables OPTIMIZED_INIT This variable indicates whether the PAA is able to piggyback an EAP-Request in the initial PANA-Auth-Request. Otherwise it is set to FALSE. PAC_FOUND This variable is set to TRUE as a result of a PAA initiated @@ -961,32 +966,32 @@ This event variable is set to TRUE when the EAP authenticator delivers an EAP Request to the PAA. This event accompanies an EAP-Request message received from the EAP authenticator. EAP_TIMEOUT This event variable is set to TRUE when EAP conversation times out without generating an EAP-Success or an EAP-Failure message. This event does not accompany any EAP message. -7.3. Procedures +8.3. Procedures boolean new_key_available() A procedure to check whether the PANA session has a new PANA_AUTH_KEY. If the state machine already have a PANA_AUTH_KEY, it returns FALSE. If the state machine does not have a - PANA_AUTH_KEY, it tries to retrieve a AAA-Key from the EAP entity. - If a AAA-Key has been retrieved, it computes a PANA_AUTH_KEY from - the AAA-Key and returns TRUE. Otherwise, it returns FALSE. + PANA_AUTH_KEY, it tries to retrieve an MSK from the EAP entity. + If an MSK has been retrieved, it computes a PANA_AUTH_KEY from the + MSK and returns TRUE. Otherwise, it returns FALSE. -7.4. PAA State Transition Table +8.4. PAA State Transition Table ------------------------------ State: INITIAL (Initial State) ------------------------------ Initialization Action: OPTIMIZED_INIT=Set|Unset; NONCE_SENT=Unset; RTX_COUNTER=0; @@ -1182,64 +1187,64 @@ State: SESS_TERM ---------------- Exit Condition Exit Action Exit State ------------------------+--------------------------+------------ - - - - - - - - - - - - - -(PTA processing) - - - - - - - - - - Rx:PTA[] RtxTimerStop(); CLOSED Disconnect(); - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -8. Implementation Considerations +9. Implementation Considerations -8.1. PAA and PaC Interface to Service Management Entity +9.1. PAA and PaC Interface to Service Management Entity In general, it is assumed in each device that has a PANA protocol stack that there is a Service Management Entity (SME) that manages the PANA protocol stack. It is recommended that a generic interface (i.e., the SME-PANA interface) between the SME and the PANA protocol stack be provided by the implementation. Especially, common procedures such as startup, shutdown, re-authenticate signals and provisions for extracting keying material should be provided by such an interface. The SME-PANA interface in a PAA device should also provide a method for communicating filtering parameters to the EP(s). When cryptographic filtering is used, the filtering parameters include keying material used for bootstrapping per-packet ciphering. When a PAA device interacts with the backend authentication server using a AAA protocol, its SME may also have an interface to the AAA protocol to obtain authorization parameters such as the authorization lifetime and additional filtering parameters. -9. Security Considerations +10. Security Considerations This document's intent is to describe the PANA state machines fully. To this end, any security concerns with this document are likely a reflection of security concerns with PANA itself. -10. IANA Considerations +11. IANA Considerations This document has no actions for IANA. -11. Acknowledgments +12. Acknowledgments This work was started from state machines originally made by Dan Forsberg. -12. References +13. References -12.1. Normative References +13.1. Normative References [RFC5191] Forsberg, D., Ohba, Y., Patil, B., Tschofenig, H., and A. Yegin, "Protocol for Carrying Authentication for Network Access (PANA)", RFC 5191, May 2008. -12.2. Informative References +13.2. Informative References [RFC4137] Vollbrecht, J., Eronen, P., Petroni, N., and Y. Ohba, "State Machines for Extensible Authentication Protocol (EAP) Peer and Authenticator", RFC 4137, August 2005. Authors' Addresses Victor Fajardo (editor) Toshiba America Research, Inc. 1 Telcordia Drive