datatracker.ietf.org
Sign in
Version 5.6.3, 2014-09-19
Report a bug

Diameter IKEv2 SK: Using Shared Keys to Support Interaction between IKEv2 Servers and Diameter Servers
RFC 6738

Internet Engineering Task Force (IETF)                        V. Cakulev
Request for Comments: 6738                                Alcatel Lucent
Category: Standards Track                                        A. Lior
ISSN: 2070-1721                                      Bridgewater Systems
                                                           S. Mizikovsky
                                                          Alcatel Lucent
                                                            October 2012

  Diameter IKEv2 SK: Using Shared Keys to Support Interaction between
                   IKEv2 Servers and Diameter Servers

Abstract

   The Internet Key Exchange Protocol version 2 (IKEv2) is a component
   of the IPsec architecture and is used to perform mutual
   authentication as well as to establish and to maintain IPsec Security
   Associations (SAs) between the respective parties.  IKEv2 supports
   several different authentication mechanisms, such as the Extensible
   Authentication Protocol (EAP), certificates, and Shared Key (SK).

   Diameter interworking for Mobile IPv6 between the Home Agent (HA), as
   a Diameter client, and the Diameter server has been specified.
   However, that specification focused on the usage of EAP and did not
   include support for SK-based authentication available with IKEv2.
   This document specifies the IKEv2-server-to-Diameter-server
   communication when the IKEv2 peer authenticates using IKEv2 with SK.

Status of This Memo

   This is an Internet Standards Track document.

   This document is a product of the Internet Engineering Task Force
   (IETF).  It represents the consensus of the IETF community.  It has
   received public review and has been approved for publication by the
   Internet Engineering Steering Group (IESG).  Further information on
   Internet Standards is available in Section 2 of RFC 5741.

   Information about the current status of this document, any errata,
   and how to provide feedback on it may be obtained at
   http://www.rfc-editor.org/info/rfc6738.

Cakulev, et al.              Standards Track                    [Page 1]
RFC 6738                    Diameter IKEv2 SK               October 2012

Copyright Notice

   Copyright (c) 2012 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1. Introduction ....................................................3
   2. Requirements Notation ...........................................4
      2.1. Abbreviations ..............................................4
   3. Application Identifier ..........................................5
   4. Protocol Description ............................................5
      4.1. Support for IKEv2 and Shared Keys ..........................5
      4.2. Session Management .........................................7
           4.2.1. Session-Termination-Request/Answer ..................7
           4.2.2. Abort-Session-Request/Answer ........................7
   5. Command Codes for Diameter IKEv2 with SK ........................7
      5.1. IKEv2-SK-Request (IKESKR) Command ..........................8
      5.2. IKEv2-SK-Answer (IKESKA) Command ...........................9
   6. Attribute-Value Pair Definitions ...............................10
      6.1. IKEv2-Nonces ..............................................10
           6.1.1. Ni .................................................10
           6.1.2. Nr .................................................10
      6.2. IKEv2-Identity ............................................10
           6.2.1. Initiator-Identity .................................10
           6.2.2. Responder-Identity .................................11
   7. AVP Occurrence Tables ..........................................12
   8. AVP Flag Rules .................................................13
   9. IANA Considerations ............................................14
      9.1. Command Codes .............................................14
      9.2. AVP Codes .................................................14
      9.3. AVP Values ................................................14
      9.4. Application Identifier ....................................14
   10. Security Considerations .......................................15

[include full document text]