Usage of PAKE Protocols with IKEv2
draft-smyslov-ikev2-pake-00

Document Type Active Internet-Draft (individual)
Last updated 2019-09-10
Stream (None)
Intended RFC status (None)
Formats plain text pdf html bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state I-D Exists
Telechat date
Responsible AD (None)
Send notices to (None)
Network Working Group                                         V. Smyslov
Internet-Draft                                                ELVIS-PLUS
Intended status: Informational                         September 9, 2019
Expires: March 12, 2020

                   Usage of PAKE Protocols with IKEv2
                      draft-smyslov-ikev2-pake-00

Abstract

   This memo discusses how PAKE (Password Authenticated Key Exchange)
   protocols can be integrated into the IKEv2 (Internet Key Exchange)
   protocol.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on March 12, 2020.

Copyright Notice

   Copyright (c) 2019 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (https://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Smyslov                  Expires March 12, 2020                 [Page 1]
Internet-Draft                PAKE in IKEv2               September 2019

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Terminology and Notation  . . . . . . . . . . . . . . . . . .   3
   3.  Integrating PAKE protocols into IKEv2 . . . . . . . . . . . .   3
     3.1.  Using EAP methods . . . . . . . . . . . . . . . . . . . .   3
     3.2.  Using RFC6467 framework . . . . . . . . . . . . . . . . .   4
       3.2.1.  Algorithm Agility . . . . . . . . . . . . . . . . . .   5
       3.2.2.  AUTH Payload Calculation  . . . . . . . . . . . . . .   5
       3.2.3.  Possible PAKE Protocols Instantiation . . . . . . . .   6
     3.3.  Alternative Approaches  . . . . . . . . . . . . . . . . .  12
       3.3.1.  Using Secret Generator in IKE_SA_INIT . . . . . . . .  12
       3.3.2.  Using IKE_INTERMEDIATE Exchange . . . . . . . . . . .  13
   4.  Conclusions . . . . . . . . . . . . . . . . . . . . . . . . .  13
   5.  Security Considerations . . . . . . . . . . . . . . . . . . .  13
   6.  References  . . . . . . . . . . . . . . . . . . . . . . . . .  14
   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . .  16

1.  Introduction

   Recent interest in PAKE protocols in IETF resulted in launching the
   PAKE selection process in CFRG.  The goal of the process is to select
   one (or more, or zero) PAKE protocol(s) that will be recommended to
   be used in IETF security protocols, such as TLS 1.3, IKEv2 etc.
   There are eight candidates nominated: four balanced PAKEs (SPAKE2
   [I-D.irtf-cfrg-spake2], J-PAKE [RFC8236], SPERE [SPEKE] and CPace
   [CPace-AuCPace]) and four augmented ones (OPAQUE
   [I-D.krawczyk-cfrg-opaque], AuCPace [CPace-AuCPace], VTBPEKE
   [VTBPEKE] and BSPAKE [BSPAKE]).  The part of the selection process is
   an evaluation of how well the candidates can be fit into existing
   IETF security protocols.  This memo aims to discuss how each of the
   candidates can be integrated into IKEv2.

   The IKEv2 protocol defined in [RFC7296] is a key part of IPsec (IP
   Security) architecture, as it provides an authenticated key exchange
   between peers who wish to establish an IPsec SA (Security
   Association).  Core IKEv2 specification allows peers to authenticate
   each other either by using PSK (Pre-Shared Key) or by means of
   digital signatures.  In addition, the core IKEv2 specification allows
   optional use of EAP (Extensible Authentication Protocol) in the
   protocol.  Note, that the way EAP was originally integrated into
   IKEv2 still required using digital signatures by responder.  However,
   later an extension for the IKEv2 was developed, which allowed using
   EAP-only authentication [RFC5998].

Smyslov                  Expires March 12, 2020                 [Page 2]
Internet-Draft                PAKE in IKEv2               September 2019
Show full document text