Encrypted Sessions In CCNx (ESIC)
draft-wood-icnrg-esic-00

Document Type Active Internet-Draft (individual)
Last updated 2017-03-13
Stream (None)
Intended RFC status (None)
Formats plain text pdf html bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state I-D Exists
Telechat date
Responsible AD (None)
Send notices to (None)
ICNRG Working Group                                             M. Mosko
Internet-Draft                                                PARC, Inc.
Intended status: Experimental                                    C. Wood
Expires: September 14, 2017              University of California Irvine
                                                          March 13, 2017

                   Encrypted Sessions In CCNx (ESIC)
                      draft-wood-icnrg-esic-00

Abstract

   This document describes how to transport CCNx packets inside an
   encrypted session between peers - a sender and receiver - that share
   a traffic secret, such as that which is derived from [CCNxKE].  The
   peers create an outer naming context to identify the encryption
   session in one direction between the sender and the receiver.  The
   sender issues encrypted Interest messages to the receiver, who
   responds with encrypted Content Objects.  Inside the outer context,
   the sender sends Interests with different names, for which the
   receiver may reply to or send InterestReturns in response.  There
   does not need to be a naming relationship between the outer names and
   the inner names.  The inner content is still protected by normal CCNx
   authentication mechanisms and possibly encrypted under other schemes.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on September 14, 2017.

Copyright Notice

   Copyright (c) 2017 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

Mosko & Wood           Expires September 14, 2017               [Page 1]
Internet-Draft                  CCNx-ESIC                     March 2017

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
     1.1.  Conventions and Terminology . . . . . . . . . . . . . . .   3
   2.  Stateless packet keys . . . . . . . . . . . . . . . . . . . .   4
   3.  Inner and Outer Contexts  . . . . . . . . . . . . . . . . . .   4
     3.1.  Outer Context Names . . . . . . . . . . . . . . . . . . .   5
     3.2.  Outer Packet  . . . . . . . . . . . . . . . . . . . . . .   5
       3.2.1.  Sender Outer Packet . . . . . . . . . . . . . . . . .   6
       3.2.2.  Receiver Outer Packet . . . . . . . . . . . . . . . .   6
     3.3.  Processing Chain  . . . . . . . . . . . . . . . . . . . .   6
     3.4.  Transport State Machine . . . . . . . . . . . . . . . . .   7
   4.  Control Channel . . . . . . . . . . . . . . . . . . . . . . .   9
     4.1.  ESIC Control Packets  . . . . . . . . . . . . . . . . . .   9
     4.2.  ESIC Control Messages . . . . . . . . . . . . . . . . . .  11
   5.  Security Considerations . . . . . . . . . . . . . . . . . . .  11
   6.  References  . . . . . . . . . . . . . . . . . . . . . . . . .  11
     6.1.  Normative References  . . . . . . . . . . . . . . . . . .  11
     6.2.  Informative References  . . . . . . . . . . . . . . . . .  12
   Appendix A.  Sample API . . . . . . . . . . . . . . . . . . . . .  12
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  13

1.  Introduction

   CCNx packets [CCNxMessages] contain a fixed header, optional hop-by-
   hop headers, a CCNx Message, and a validation section.  Encrypted
   Sessions in CCNx (ESIC) describes how to to transport encrypted CCNx
   packets inside other CCNx packets.  The outer packet (the wrapper)
   uses a CCNx name that identifies the encrypted session while the
   inner (encrypted) portion remains hidden and private to an outside
   observer.

   ESIC defines a new field Encapsulated (T_ENCAP) that may occur in
Show full document text