A Group Keying Protocol
draft-eastlake-trill-group-keying-02

Document Type Active Internet-Draft (candidate for trill WG)
Last updated 2017-06-20
Stream IETF
Intended RFC status (None)
Formats plain text pdf html bibtex
Stream WG state Call For Adoption By WG Issued
Document shepherd No shepherd assigned
IESG IESG state I-D Exists
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)
INTERNET-DRAFT                                           Donald Eastlake
Intended status: Proposed Standard                                Huawei
Expires: December 19, 2017                                 June 20, 2017

                        A Group Keying Protocol
               <draft-eastlake-trill-group-keying-02.txt>

Abstract

   This document specifies a general group keying protocol. It also
   provides use profiles for the application of this group keying
   protocol to multi-destination TRILL Extended RBridge Channel message
   security and TRILL over IP packet security.

Status of This Memo

   This Internet-Draft is submitted to IETF in full conformance with the
   provisions of BCP 78 and BCP 79.

   Distribution of this document is unlimited. Comments should be sent
   to the authors or the TRILL working group mailing list:
   trill@ietf.org.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/1id-abstracts.html. The list of Internet-Draft
   Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.

D. Eastlake                                                     [Page 1]
INTERNET-DRAFT                                       TRILL: Group Keying

Table of Contents

      1. Introduction............................................3
      1.1  Terminology and Acronyms..............................3

      2. Group Keying Protocol...................................5
      2.1 Assumptions............................................5
      2.2 Group Keying Procedure Overview........................5
      2.3 Transmission and Receipt of Group Data Messages........6
      2.4 Changes in Group Membership or GKd.....................6
      2.5 Group Keying Messages..................................7
      2.6 Set Key Message........................................9
      2.7 Use, Delete, Disuse, or Deleted Key Messages..........11
      2.8 Response Message......................................12
      2.8.1 Response Codes......................................14
      2.8 No-Op Message.........................................15
      2.9 General Security Considerations.......................16

      3. DTLS: Extended RBridge Channel Group Keyed Security....17
      3.1 Transmission of Group Keying Messages.................17
      3.2 Transmission of Protected Multi-destination Data......18

      4. TRILL Over IP Group Keyed Security.....................19
      4.1 Transmission of Group Keying Messages.................19
      4.2 Transmission of Protected Multi-destination Data......19

      5. IANA Considerations....................................20
      5.1 Group Keying Protocol.................................20
      5.2 Group Keying RBridge Channel Protocol Numbers.........21
      5.3 Group Secured Extended RBridge Channel SType..........21

      6. Security Considerations................................22

      Normative References......................................23
      Informative References....................................24

      Acknowledgements..........................................25
      Authors' Addresses........................................26

D. Eastlake                                                     [Page 2]
INTERNET-DRAFT                                       TRILL: Group Keying

1. Introduction

   This document specifies a general group keying protocol in Section 2.
   In addition, it provides, in Section 3, the use profile for the
   application of this group keying protocol to a case using DTLS (TRILL
   [RFC6325] [RFC7780] Extended RBridge Channel message security
   [RFC7178] [RFC7978]) and IPsec [TRILLoverIP}. It is anticipated that
   there will be other uses for this group keying protocol.

1.1  Terminology and Acronyms

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [RFC2119] [RFC8174]
   when, and only when, they appear in all capitals, as shown here.

   This document uses terminology and acronyms defined in [RFC6325] and
   [RFC7178].  Some of these are repeated below for convenience along
Show full document text