datatracker.ietf.org
Sign in
Version 5.6.2.p5, 2014-08-04
Report a bug

Kerberized Internet Negotiation of Keys (KINK)
RFC 4430

Document type: RFC - Proposed Standard (March 2006; Errata)
Document stream: IETF
Last updated: 2013-03-02
Other versions: plain text, pdf, html

IETF State: (None)
Consensus: Unknown
Document shepherd: No shepherd assigned

IESG State: RFC 4430 (Proposed Standard)
Responsible AD: Sam Hartman
Send notices to: <derek@ihtfp.com>, <jtrostle@world.std.com>

Network Working Group                                          S. Sakane
Request for Comments: 4430                                     K. Kamada
Category: Standards Track                        Yokogawa Electric Corp.
                                                               M. Thomas
                                                             J. Vilhuber
                                                           Cisco Systems
                                                              March 2006

             Kerberized Internet Negotiation of Keys (KINK)

Status of This Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2006).

Abstract

   This document describes the Kerberized Internet Negotiation of Keys
   (KINK) protocol.  KINK defines a low-latency, computationally
   inexpensive, easily managed, and cryptographically sound protocol to
   establish and maintain security associations using the Kerberos
   authentication system.  KINK reuses the Quick Mode payloads of the
   Internet Key Exchange (IKE), which should lead to substantial reuse
   of existing IKE implementations.

Table of Contents

   1. Introduction ....................................................3
      1.1. Conventions Used in This Document ..........................3
   2. Protocol Overview ...............................................4
   3. Message Flows ...................................................4
      3.1. GETTGT Message Flow ........................................5
      3.2. CREATE Message Flow ........................................6
           3.2.1. CREATE Key Derivation Considerations ................7
      3.3. DELETE Message Flow ........................................8
      3.4. STATUS Message Flow ........................................9
      3.5. Reporting Errors ...........................................9
      3.6. Rekeying Security Associations ............................10
      3.7. Dead Peer Detection .......................................10
           3.7.1. Coping with Dead User-to-User Peers ................12

Sakane, et al.              Standards Track                     [Page 1]
RFC 4430                          KINK                        March 2006

   4. KINK Message Format ............................................13
      4.1. KINK Alignment Rules ......................................15
      4.2. KINK Payloads .............................................16
           4.2.1. KINK_AP_REQ Payload ................................17
           4.2.2. KINK_AP_REP Payload ................................18
           4.2.3. KINK_KRB_ERROR Payload .............................19
           4.2.4. KINK_TGT_REQ Payload ...............................20
           4.2.5. KINK_TGT_REP Payload ...............................21
           4.2.6. KINK_ISAKMP Payload ................................21
           4.2.7. KINK_ENCRYPT Payload ...............................22
           4.2.8. KINK_ERROR Payload .................................23
   5. Differences from IKE Quick Mode ................................25
      5.1. Security Association Payloads .............................26
      5.2. Proposal and Transform Payloads ...........................26
      5.3. Identification Payloads ...................................26
      5.4. Nonce Payloads ............................................26
      5.5. Notify Payloads ...........................................27
      5.6. Delete Payloads ...........................................28
      5.7. KE Payloads ...............................................28
   6. Message Construction and Constraints for IPsec DOI .............28
      6.1. REPLY Message .............................................28
      6.2. ACK Message ...............................................28
      6.3. CREATE Message ............................................29
      6.4. DELETE Message ............................................30
      6.5. STATUS Message ............................................31
      6.6. GETTGT Message ............................................32
   7. ISAKMP Key Derivation ..........................................32
   8. Key Usage Numbers for Kerberos Key Derivation ..................33
   9. Transport Considerations .......................................33
   10. Security Considerations .......................................34
   11. IANA Considerations ...........................................35

[include full document text]