Diff: draft-ietf-ipsecme-ikev2-intermediate-05.txt - draft-ietf-ipsecme-ikev2-intermediate-06.txt

	draft-ietf-ipsecme-ikev2-intermediate-05.txt	draft-ietf-ipsecme-ikev2-intermediate-06.txt

	Network Working Group V. Smyslov	Network Working Group V. Smyslov
	Internet-Draft ELVIS-PLUS	Internet-Draft ELVIS-PLUS

	Intended status: Standards Track September 10, 2020	Intended status: Standards Track March 9, 2021
	Expires: March 14, 2021	Expires: September 10, 2021

	Intermediate Exchange in the IKEv2 Protocol	Intermediate Exchange in the IKEv2 Protocol

	draft-ietf-ipsecme-ikev2-intermediate-05	draft-ietf-ipsecme-ikev2-intermediate-06

	Abstract	Abstract

	This documents defines a new exchange, called Intermediate Exchange,	This documents defines a new exchange, called Intermediate Exchange,
	for the Internet Key Exchange protocol Version 2 (IKEv2). This	for the Internet Key Exchange protocol Version 2 (IKEv2). This
	exchange can be used for transferring large amount of data in the	exchange can be used for transferring large amount of data in the
	process of IKEv2 Security Association (SA) establishment.	process of IKEv2 Security Association (SA) establishment.
	Introducing Intermediate Exchange allows re-using existing IKE	Introducing Intermediate Exchange allows re-using existing IKE
	fragmentation mechanism, that helps to avoid IP fragmentation of	fragmentation mechanism, that helps to avoid IP fragmentation of
	large IKE messages, but cannot be used in the initial IKEv2 exchange.	large IKE messages, but cannot be used in the initial IKEv2 exchange.

	skipping to change at page 1, line 36 ¶	skipping to change at page 1, line 36 ¶
	Internet-Drafts are working documents of the Internet Engineering	Internet-Drafts are working documents of the Internet Engineering
	Task Force (IETF). Note that other groups may also distribute	Task Force (IETF). Note that other groups may also distribute
	working documents as Internet-Drafts. The list of current Internet-	working documents as Internet-Drafts. The list of current Internet-
	Drafts is at https://datatracker.ietf.org/drafts/current/.	Drafts is at https://datatracker.ietf.org/drafts/current/.

	Internet-Drafts are draft documents valid for a maximum of six months	Internet-Drafts are draft documents valid for a maximum of six months
	and may be updated, replaced, or obsoleted by other documents at any	and may be updated, replaced, or obsoleted by other documents at any
	time. It is inappropriate to use Internet-Drafts as reference	time. It is inappropriate to use Internet-Drafts as reference
	material or to cite them other than as "work in progress."	material or to cite them other than as "work in progress."


	This Internet-Draft will expire on March 14, 2021.	This Internet-Draft will expire on September 10, 2021.

	Copyright Notice	Copyright Notice


	Copyright (c) 2020 IETF Trust and the persons identified as the	Copyright (c) 2021 IETF Trust and the persons identified as the
	document authors. All rights reserved.	document authors. All rights reserved.

	This document is subject to BCP 78 and the IETF Trust's Legal	This document is subject to BCP 78 and the IETF Trust's Legal
	Provisions Relating to IETF Documents	Provisions Relating to IETF Documents
	(https://trustee.ietf.org/license-info) in effect on the date of	(https://trustee.ietf.org/license-info) in effect on the date of
	publication of this document. Please review these documents	publication of this document. Please review these documents
	carefully, as they describe your rights and restrictions with respect	carefully, as they describe your rights and restrictions with respect
	to this document. Code Components extracted from this document must	to this document. Code Components extracted from this document must
	include Simplified BSD License text as described in Section 4.e of	include Simplified BSD License text as described in Section 4.e of
	the Trust Legal Provisions and are provided without warranty as	the Trust Legal Provisions and are provided without warranty as

	skipping to change at page 2, line 19 ¶	skipping to change at page 2, line 19 ¶
	1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2	1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
	2. Terminology and Notation . . . . . . . . . . . . . . . . . . 3	2. Terminology and Notation . . . . . . . . . . . . . . . . . . 3
	3. Intermediate Exchange Details . . . . . . . . . . . . . . . . 3	3. Intermediate Exchange Details . . . . . . . . . . . . . . . . 3
	3.1. Support for Intermediate Exchange Negotiation . . . . . . 3	3.1. Support for Intermediate Exchange Negotiation . . . . . . 3
	3.2. Using Intermediate Exchange . . . . . . . . . . . . . . . 4	3.2. Using Intermediate Exchange . . . . . . . . . . . . . . . 4
	3.3. The IKE_INTERMEDIATE Exchange Protection and	3.3. The IKE_INTERMEDIATE Exchange Protection and
	Authentication . . . . . . . . . . . . . . . . . . . . . 5	Authentication . . . . . . . . . . . . . . . . . . . . . 5
	3.3.1. Protection of the IKE_INTERMEDIATE Messages . . . . . 5	3.3.1. Protection of the IKE_INTERMEDIATE Messages . . . . . 5
	3.3.2. Authentication of the IKE_INTERMEDIATE Exchanges . . 5	3.3.2. Authentication of the IKE_INTERMEDIATE Exchanges . . 5
	3.4. Error Handling in the IKE_INTERMEDIATE Exchange . . . . . 8	3.4. Error Handling in the IKE_INTERMEDIATE Exchange . . . . . 8

	4. Interaction with other IKEv2 Extensions . . . . . . . . . . . 8	4. Interaction with other IKEv2 Extensions . . . . . . . . . . . 9
	5. Security Considerations . . . . . . . . . . . . . . . . . . . 9	5. Security Considerations . . . . . . . . . . . . . . . . . . . 9

	6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9	6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10
	7. Implementation Status . . . . . . . . . . . . . . . . . . . . 10	7. Implementation Status . . . . . . . . . . . . . . . . . . . . 10
	8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 10	8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 10
	9. References . . . . . . . . . . . . . . . . . . . . . . . . . 10	9. References . . . . . . . . . . . . . . . . . . . . . . . . . 10
	9.1. Normative References . . . . . . . . . . . . . . . . . . 10	9.1. Normative References . . . . . . . . . . . . . . . . . . 10
	9.2. Informative References . . . . . . . . . . . . . . . . . 11	9.2. Informative References . . . . . . . . . . . . . . . . . 11
	Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 11	Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 11

	1. Introduction	1. Introduction

	The Internet Key Exchange protocol version 2 (IKEv2) defined in	The Internet Key Exchange protocol version 2 (IKEv2) defined in

	skipping to change at page 7, line 25 ¶	skipping to change at page 7, line 25 ¶
	+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ d \|	+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ d \|
	\| Message ID \| r A	\| Message ID \| r A
	+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ \| \|	+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ \| \|
	\| Adjusted Length \| \| \|	\| Adjusted Length \| \| \|
	+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ v \|	+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ v \|
	\| \| \|	\| \| \|
	~ Unencrypted payloads (if any) ~ \|	~ Unencrypted payloads (if any) ~ \|
	\| \| \|	\| \| \|
	+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ^ \|	+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ^ \|
	\| Next Payload \|C\| RESERVED \| Adjusted Payload Length \| \| \|	\| Next Payload \|C\| RESERVED \| Adjusted Payload Length \| \| \|

	+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ E v	+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ \| v
	\| Initialization Vector \| n	\| \| \|
		~ Initialization Vector ~ E
		\| \| E
	+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ c ^	+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ c ^
	\| \| r \|	\| \| r \|
	~ Inner payloads (not yet encrypted) ~ P	~ Inner payloads (not yet encrypted) ~ P
	\| \| P \|	\| \| P \|
	+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ l v	+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ l v
	\| Padding (0-255 octets) \| Pad Length \| d	\| Padding (0-255 octets) \| Pad Length \| d
	+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ \|	+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ \|

		\| \| \|
	~ Integrity Checksum Data ~ \|	~ Integrity Checksum Data ~ \|

		\| \| \|
	+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ v	+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ v

	Figure 1: Data to Authenticate in the IKE_INTERMEDIATE Exchange	Figure 1: Data to Authenticate in the IKE_INTERMEDIATE Exchange
	Messages	Messages

	Figure 1 illustrates the layout of the IntAuth_*_[I/R]_P (denoted as	Figure 1 illustrates the layout of the IntAuth_*_[I/R]_P (denoted as
	P) and the IntAuth_*_[I/R]_A (denoted as A) chunks in case the	P) and the IntAuth_*_[I/R]_A (denoted as A) chunks in case the
	Encrypted payload is not empty.	Encrypted payload is not empty.

	For the purpose of prf calculation the Length field in the IKE header	For the purpose of prf calculation the Length field in the IKE header

End of changes. 9 change blocks.
	9 lines changed or deleted	13 lines changed or added
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/