IKEv2 Optional SA&TS Payloads in Child Exchange
draft-kampati-ipsecme-ikev2-sa-ts-payloads-opt-01

Document Type Active Internet-Draft (individual)
Last updated 2019-05-21
Stream (None)
Intended RFC status (None)
Formats plain text xml pdf html bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state I-D Exists
Telechat date
Responsible AD (None)
Send notices to (None)
IPSECME                                                       S. Kampati
Internet-Draft                                                M. Bharath
Intended status: Standards Track                                  W. Pan
Expires: November 22, 2019                                        Huawei
                                                            May 21, 2019

            IKEv2 Optional SA&TS Payloads in Child Exchange
           draft-kampati-ipsecme-ikev2-sa-ts-payloads-opt-01

Abstract

   This document describes a method for reducing the size of the
   Internet Key Exchange version 2 (IKEv2) exchanges at time of rekeying
   IKE SAs and Child SAs by removing or making optional of SA & TS
   payloads.  Reducing size of IKEv2 exchanges is desirable for low
   power consumption battery powered devices.  It also helps to avoid IP
   fragmentation of IKEv2 messages.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on November 22, 2019.

Copyright Notice

   Copyright (c) 2019 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (https://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of

Kampati, et al.         Expires November 22, 2019               [Page 1]
Internet-Draft     IKEv2 Optional Child SA&TS Payloads          May 2019

   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Conventions Used in This Document . . . . . . . . . . . . . .   3
     2.1.  Requirements Language . . . . . . . . . . . . . . . . . .   3
   3.  Protocol Details  . . . . . . . . . . . . . . . . . . . . . .   3
     3.1.  Negotiation of Support for Optimizing Optional Payload at
           Rekeying IKE SAs and Child SAs  . . . . . . . . . . . . .   3
     3.2.  Optional Payload Optimization at Rekeying IKE SAs . . . .   4
       3.2.1.  Rekeying IKE SAs When No Change of Initiator and
               Responder's Cryptographic Suites  . . . . . . . . . .   4
       3.2.2.  Rekeying IKE SAs When Initiator's Cryptographic
               Suites Changed  . . . . . . . . . . . . . . . . . . .   5
       3.2.3.  Rekeying IKE SAs When Responder's Cryptographic
               Suites Changed  . . . . . . . . . . . . . . . . . . .   5
     3.3.  Optional Payload Optimization at Rekeying Child SAs . . .   6
       3.3.1.  Rekeying Child SAs When No Change of Initiator and
               Responder's Cryptographic Suites and ACL
               Configuration . . . . . . . . . . . . . . . . . . . .   6
       3.3.2.  Rekeying Child SAs When Initiator's Cryptographic
               Suites or ACL Configuration Changed . . . . . . . . .   7
       3.3.3.  Rekeying Child SAs When Responder's Cryptographic
               Suites or ACL Configuration Changed . . . . . . . . .   7
   4.  Payload Formats . . . . . . . . . . . . . . . . . . . . . . .   8
     4.1.  MINIMAL_REKEY_SUPPORTED Notification  . . . . . . . . . .   8
     4.2.  SA_UNCHANGED Notification . . . . . . . . . . . . . . . .   9
     4.3.  SA_TS_UNCHANGED Notification  . . . . . . . . . . . . . .   9
   5.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .  10
   6.  Security Considerations . . . . . . . . . . . . . . . . . . .  10
   7.  References  . . . . . . . . . . . . . . . . . . . . . . . . .  10
     7.1.  Normative References  . . . . . . . . . . . . . . . . . .  10
     7.2.  Informative References  . . . . . . . . . . . . . . . . .  11
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  11

1.  Introduction

   The Internet Key Exchange protocol version 2 (IKEv2) specified in
   [RFC7296] is used in the IP Security (IPsec) architecture for the
   purposes of Security Association (SA) parameters negotiation and
   authenticated key exchange.  The protocol uses UDP as the transport
   for its messages, which size varies from less than one hundred bytes
Show full document text