Re: [Dime] [dime] #12: Review of draft-ietf-dime-ikev2-psk-diameter-02
"Cakulev, Violeta (Violeta)" <violeta.cakulev@alcatel-lucent.com> Mon, 30 August 2010 20:13 UTC
Return-Path: <violeta.cakulev@alcatel-lucent.com>
X-Original-To: dime@core3.amsl.com
Delivered-To: dime@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 294A33A684C for <dime@core3.amsl.com>; Mon, 30 Aug 2010 13:13:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.67
X-Spam-Level:
X-Spam-Status: No, score=-1.67 tagged_above=-999 required=5 tests=[AWL=-0.930, BAYES_20=-0.74]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id odr5smu0odXy for <dime@core3.amsl.com>; Mon, 30 Aug 2010 13:13:35 -0700 (PDT)
Received: from ihemail3.lucent.com (ihemail3.lucent.com [135.245.0.37]) by core3.amsl.com (Postfix) with ESMTP id 30D013A67F8 for <dime@ietf.org>; Mon, 30 Aug 2010 13:13:35 -0700 (PDT)
Received: from usnavsmail2.ndc.alcatel-lucent.com (usnavsmail2.ndc.alcatel-lucent.com [135.3.39.10]) by ihemail3.lucent.com (8.13.8/IER-o) with ESMTP id o7UKE5oO003841 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Mon, 30 Aug 2010 15:14:05 -0500 (CDT)
Received: from USNAVSXCHHUB02.ndc.alcatel-lucent.com (usnavsxchhub02.ndc.alcatel-lucent.com [135.3.39.111]) by usnavsmail2.ndc.alcatel-lucent.com (8.14.3/8.14.3/GMO) with ESMTP id o7UKE5oD007284 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NOT); Mon, 30 Aug 2010 15:14:05 -0500
Received: from USNAVSXCHMBSA3.ndc.alcatel-lucent.com ([135.3.39.125]) by USNAVSXCHHUB02.ndc.alcatel-lucent.com ([135.3.39.111]) with mapi; Mon, 30 Aug 2010 15:14:05 -0500
From: "Cakulev, Violeta (Violeta)" <violeta.cakulev@alcatel-lucent.com>
To: "dime@ietf.org" <dime@ietf.org>, "lionel.morand@orange-ftgroup.com" <lionel.morand@orange-ftgroup.com>
Date: Mon, 30 Aug 2010 15:14:03 -0500
Thread-Topic: [dime] #12: Review of draft-ietf-dime-ikev2-psk-diameter-02
Thread-Index: Acs9YooxKq4wX5tRRC+T0JyNnhCMaQBsfJWA
Message-ID: <AAE76B481E7A0E4C96610790A852B9A624FC5BCDCC@USNAVSXCHMBSA3.ndc.alcatel-lucent.com>
References: <074.fd1143ff15296cc8707a663a09a095ab@tools.ietf.org>
In-Reply-To: <074.fd1143ff15296cc8707a663a09a095ab@tools.ietf.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.57 on 135.245.2.37
X-Scanned-By: MIMEDefang 2.64 on 135.3.39.10
Subject: Re: [Dime] [dime] #12: Review of draft-ietf-dime-ikev2-psk-diameter-02
X-BeenThere: dime@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Diameter Maintanence and Extentions Working Group <dime.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dime>, <mailto:dime-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dime>
List-Post: <mailto:dime@ietf.org>
List-Help: <mailto:dime-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dime>, <mailto:dime-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Aug 2010 20:13:38 -0000
Lionel, Thanks for the comments. Please see inline (>>[VC]). I'll upload a new version (v3) of the draft shortly. -Violeta -----Original Message----- From: dime issue tracker [mailto:trac@tools.ietf.org] Sent: Monday, August 16, 2010 12:46 PM To: lionel.morand@orange-ftgroup.com Cc: dime@ietf.org; Cakulev, Violeta (Violeta) Subject: [dime] #12: Review of draft-ietf-dime-ikev2-psk-diameter-02 #12: Review of draft-ietf-dime-ikev2-psk-diameter-02 ----------------------------------------------+------------------------- ----------------------------------------------+---- Reporter: lionel.morand@... | Owner: Type: defect | Status: new Priority: major | Milestone: Component: ikev2-psk-diameter | Version: Severity: In WG Last Call | Keywords: ----------------------------------------------+------------------------- ----------------------------------------------+---- I have reviewed this draft and is pretty good for publication. One remaining open issue from my side: 1/Is there any need for Authorize-Type AVP in the request if only Authorize-Only is used in this application? >>[VC] Please see my response to Sebastien. In short, today this value is constrained and probably not necessary, but in future it may change. In addition, it is better to be explicit. Additional comments/proposed modifications below. Regards, Lionel. ****************** 1. Introduction [RFC4306] defines Internet Key Exchange v2 as a protocol that ==> s/[RFC4306] defines Internet Key Exchange v2 as a protocol that/ [RFC4306] defines the version 2 of the Internet Key Exchange (IKE) protocol that >>[VC] Changed. performs mutual authentication between two parties and establishes a security association (SA) that includes shared secret information that can be used to efficiently establish SAs for Encapsulating Security Payload (ESP) [RFC4303] and/or Authentication Header (AH) [RFC4302], and a set of cryptographic algorithms to be used by the SAs to protect the traffic that they carry. IKEv2 protocol allows several different mechanisms for authenticating a IKEv2 Peer to be used, such as the Extensible Authentication Protocol, certificates, and pre-shared secrets. From a service provider perspective it is important to ensure that a ==> s/From a service provider perspective it is/From a service provider perspective, it is >>[VC] Changed. user is authorized to use the services. Therefore, the IKEv2 Server must verify that the IKEv2 Peer is authorized for the requested services possibly with the assistance of the operator's Diameter servers. [RFC 5778] defines the home agent as a Diameter client to the Diameter server communication when the mobile node authenticates using the IKEv2 protocol with the Extensible Authentication Protocol or using the Mobile IPv6 Authentication Protocol. This document ==> s/the Extensible Authentication Protocol or using the Mobile IPv6 Authentication Protocol/ the Extensible Authentication Protocol (EAP) [RFC 3748] or using the Mobile IPv6 Authentication Protocol [RFC 4285]/ >>[VC] Changed. extends the functionality offered by [RFC 5778] with pre-shared key based authentication offered by IKEv2. This document does not assume that the IKEv2 Server has the pre-shared secrets (PSK) with the IKEv2 Peer. Instead, it allows for PSK to be derived for a specific IKEv2 session and exchanged between IKEv2 Server and HAAA. This is accomplished through the use of a new Diameter application specifically designed for performing IKEv2 authorization decisions. [skip] 4. Protocol Description 4.1. Support for IKEv2 and Pre-Shared Secrets When IKEv2 is used with PSK-based initiator authentication, the Diameter commands IKEv2-PSK-Request and IKEv2-PSK-Answer defined in ==> s/the Diameter commands IKEv2-PSK-Request and IKEv2-PSK-Answer defined/ the Diameter command pair IKEv2-PSK-Request/Answer defined >>[VC] Changed. this document are used to authorize the IKEv2 Peer for the services. ==> s/are used to authorize/are used between IKEv2 server and a Home AAA server (HAAA) to authorize >>[VC] Changed. Upon receiving the IKE_AUTH message from the IKEv2 Peer, the IKEv2 Server uses the information received in IDi to determine if it has the PSK for this IKEv2 Peer. If there is no PSK found associated with this IKEv2 Peer, the IKEv2 Server MUST send an Authorize-Only (Auth-Request-Type set to "Authorize-Only") Diameter IKEv2-PSK message with the IKEv2 Peer's IDi payload to the HAAA to obtain the PSK. ==> I think that the initial intention was to re-use RFC5778 and existing commands. Now, as you're creating new command, why do you have to re-use Auth-Request-Type AVP as it seems that only "Authorize-Only" will be used in this application? If removed from the command, this part will be modified. >>[VC] Discussed above. The IDi payload extracted from the IKE_AUTH message has to ==> s/has to/MUST >>[VC] Changed. contain an identity that is meaningful for the Diameter infrastructure, such as a Network Access Identifier (NAI), since it is used by the IKEv2 Server to populate the User-Name AVP in the Diameter message. The IKEv2 Server also includes in the IKEv2-Nonces AVP of the same Diameter message the initiator and responder nonces (Ni and Nr) exchanged during initial IKEv2 exchange. This message is routed to the IKEv2 Peer's HAAA. Upon receiving Diameter IKEv2-PSK-Request message from the IKEv2 Server, the HAAA SHALL use the User-Name AVP to retrieve the associated keying material. The HAAA SHALL use the nonces Ni and Nr received in IKEv2- Nonces AVP to generate the PSK. It is outside of scope of this document how the HAAA obtains or generates the PSK. For example, if the HAAA previously performed EAP based access authentication and authorization of the IKEv2 Peer, it can use the available EMSK to generate the PSK [RFC5295]. The HAAA returns the PSK to the IKEv2 Server using the Key AVP as specified in [I-D.ietf-dime-local-keytran]. ==> I would reorder the end of this paragraph and move the "it is outside of scope..." at the end. It would look like: "This message is routed to the IKEv2 Peer's HAAA. Upon receiving Diameter IKEv2-PSK-Request message from the IKEv2 Server, the HAAA SHALL use the User-Name AVP to retrieve the associated keying material. The HAAA SHALL use the nonces Ni and Nr received in IKEv2- Nonces AVP to generate the PSK. The HAAA returns the PSK to the IKEv2 Server using the Key AVP as specified in [I-D.ietf-dime-local-keytran]. It is outside of scope of this document how the HAAA obtains or generates the PSK. For example, if the HAAA previously performed EAP based access authentication and authorization of the IKEv2 Peer, it can use the available EMSK to generate the PSK [RFC5295]." >>[VC] Reordered. [skip] 4.2.2. AbortSession-Request ==> AbortSession/Abort-Session >>[VC] Changed. The Abort-Session-Request (ASR) message [RFC3588] is sent by the HAAA to the IKEv2 Server to terminate the authorized session. When the IKEv2 Server receives the ASR message, it MUST delete the corresponding IKE_SA and all CHILD_SAs set up through it. The Abort-Session-Answer (ASA) message [RFC3588] is sent by the IKEv2 Server in response to an ASR message. [skip] 5.1. IKEv2-PSK-Request (IKEPSKR) Command The IKEv2-PSK-Request message, indicated with the Command-Code set to TBD2 and the 'R' bit set in the Command Flags field is sent from the IKEv2 Server to the HAAA to initiate IKEv2 with PSK authorization. In this case, the Application-ID field of the Diameter Header MUST be set to the Diameter IKE PSK Application ID (value of TDB1). Message format <IKEv2-PSK-Request> ::= < Diameter Header: TBD2, REQ, PXY > < Session-Id > { Auth-Application-Id } { Origin-Host } { Origin-Realm } { Destination-Realm } { Auth-Request-Type } [ Destination-Host ] [ NAS-Identifier ] [ NAS-IP-Address ] [ NAS-IPv6-Address ] [ NAS-Port ] [ Origin-State-Id ] { User-Name } [ Auth-Session-State ] { IKEv2-Nonces } * [ Proxy-Info ] * [ Route-Record ] ... * [ AVP ] IKEv2-PSK-Request message MUST include a IKEv2-Nonces AVP containing Ni and Nr nonces exchanged during initial IKEv2 exchange. ==> Check if the use of Auth-Request-Type AVp is really needed. If not, remove it. >>[VC] Discussed above. ==> Why do we have to insist on the presence of IKEv2-Nonces AVP as this AVP is described as required in the ABNF? >>[VC] Makes sense. However, focus was more on the fact that those are the nonces exchanged between the peer and the server in IKE messages. I believe it is not wrong to leave the text as it is. ==> In the AVP Occurence table, Key AVP can be found in the request while this AVP is missing in the ABNF description. inconsistency must fixed. Moreover, if Key AVP can be found in the request, add some text to explain why. >>[VC] Good catch. Key AVP needs to be an optional AVP in the request. If present it contains SPI. Some applications might use SPI values for key identification purposes. Key AVP is added in the ABNF description. [skip] 7. AVP Occurrence Tables The following tables present the AVPs defined or used in this document and their occurrences in Diameter messages. Note that AVPs that can only be present within a Grouped AVP are not represented in this table. The table uses the following symbols: 0: The AVP MUST NOT be present in the message. 0+: Zero or more instances of the AVP MAY be present in the message. 0-1: Zero or one instance of the AVP MAY be present in the message. 1: One instance of the AVP MUST be present in the message. +-------------------+ | Command-Code | |---------+---------+ AVP Name | IKEPSKR | IKEPSKA | -------------------------------|---------+---------+ Key | 0-1 | 0-1 | IKEv2-Nonces | 0-1 | 0 | +---------+---------+ IKEPSKR and IKEPSKA Commands AVP Table ==> Inconsistency! IKEv2-Nonces is described are required in the Request and the Occurence is then 1. Moreover, the use of Key AVP in the request is not described, neither in the text nor in the request ABNF description. >>[VC] Agreed. Table is changed. [skip] 11.2. Informative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC3748] Aboba, B., Blunk, L., Vollbrecht, J., Carlson, J., and H. Levkowetz, "Extensible Authentication Protocol (EAP)", RFC 3748, June 2004. [RFC5295] Salowey, J., Dondeti, L., Narayanan, V., and M. Nakhjiri, "Specification for the Derivation of Root Keys from an Extended Master Session Key (EMSK)", RFC 5295, August 2008. ==> an informative reference to RFC 4285 should be added (cf. previous comment) >>[VC] Added. -- Ticket URL: <http://trac.tools.ietf.org/wg/dime/trac/ticket/12> dime <http://tools.ietf.org/wg/dime/>
- [Dime] #12: Review of draft-ietf-dime-ikev2-psk-d… lionel.morand
- Re: [Dime] [dime] #12: Review of draft-ietf-dime-… Cakulev, Violeta (Violeta)
- Re: [Dime] [dime] #12: Review of draft-ietf-dime-… lionel.morand
- Re: [Dime] [dime] #12: Review of draft-ietf-dime-… Cakulev, Violeta (Violeta)