IPsec Working Group                                         Stephen Kent
Internet Draft                                          BBN Technologies
Expires January 2004                                           July 2003





       Extended Sequence Number Addendum to IPsec DOI for ISAKMP

                  draft-ietf-ipsec-esn-addendum-02.txt






Status of This Memo

   This document is an Internet Draft and is subject to all provisions
   of Section 10 of RFC2026. Internet Drafts are working documents of
   the Internet Engineering Task Force (IETF), its areas, and its
   working groups.  Note that other groups may also distribute working
   documents as Internet Drafts

   Internet Drafts are draft documents valid for a maximum of 6 months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet Drafts as reference
   material or to cite them other than as a "work in progress".

   The list of current Internet Drafts can be accessed at
   http://www.ietf.org/lid-abstracts.html

   The list of Internet Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html

   Copyright (C) The Internet Society (2003).  All Rights Reserved.


Abstract

   The IP Security Authentication Header (AH) and Encapsulating Security
   Payload (ESP) protocols use a sequence number to detect replay.  This
   document describes extensions to the Internet IP Security Domain of
   Interpretation (DOI) for the Internet Security Association and Key
   Management Protocol(ISAKMP).  These extensions support negotiation of
   the use of traditional 32-bit sequence numbers or extended 64-bit
   sequence numbers for a particular AH or ESP security association.

   Comments should be sent to Stephen Kent (kent@bbn.com).






Kent                                                            [Page 1]


Internet Draft         ESN Addendum to ISAKMP DOI              July 2003


1. Introduction

   The specifications for the IP Authentication Header [AH] and the IP
   Encapsulating Security Payload (ESP) describe an option for use of
   Extended (64-bit) Sequence Numbers.  This option permits transmission
   of very large volumes of data at high-speeds over an IPsec Security
   Association, without rekeying to avoid sequence number space
   exhaustion. This document describes the additions to the IPsec DOI
   for ISAKMP [DOI] that are needed to support negotiation of the
   Extended Sequence Number option.

   The keywords MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD,
   SHOULD NOT, RECOMMENDED, MAY, and OPTIONAL, when they appear in this
   document, are to be interpreted as described in RFC 2119 [Bra97].


2. IPSEC Security Association Attribute

   The following SA attribute definition is used in Phase II of an IKE
   negotiation.  The attribute type is Basic (B).  Encoding of this
   attribute is defined in the base ISAKMP specification [ISAKMP].
   Attributes described as basic MUST NOT be encoded as variable. See
   [IKE] for further information on attribute encoding in the IPSEC DOI.
   All restrictions listed in [IKE] also apply to the IPSEC DOI and to
   this addendum.

   Attribute Type

              class                        value           type
       ---------------------------------------------------------
       Extended (64-bit) Sequence Number    TBD             B

   Class Values

       This class specifies that the Security Association will be using
       64-bit Sequence Numbers.  (See [AH] and [ESP] for a description
       of Extended (64-bit) Sequence Numbers.)

       RESERVED                0
       64-bit Sequence Number  1










Kent                                                            [Page 2]


Internet Draft         ESN Addendum to ISAKMP DOI              July 2003


3. Attribute Negotiation

   If an implementation receives a defined IPSEC DOI attribute (or
   attribute value) which it does not support, an ATTRIBUTES-NOT-SUPPORT
   SHOULD be sent and the security association setup MUST be aborted.

   If an implementation receives any attribute value but the value for
   64-bit Sequence Numbers, the security association setup MUST be
   aborted.


4. Security Considerations

   This memo pertains to the Internet Key Exchange protocol ([IKE]),
   which combines ISAKMP ([ISAKMP]) and Oakley ([OAKLEY]) to provide for
   the derivation of cryptographic keying material in a secure and
   authenticated manner.  Specific discussion of the various security
   protocols and transforms identified in this document can be found in
   the associated base documents and in the cipher references.

   The addition of the ESN attribute does not change the underlying
   security characteristics of IKE. In using extended sequence numbers
   with ESP, it is important to employ an encryption mode that is secure
   when very large volumes of data are encrypted under a single key.
   Thus, for example, DES in CBC mode would NOT be suitable for use with
   the ESN, because no more than 2^32 blocks should be encrypted under a
   single DES key in that mode. Similarly, the integrity algorithm used
   with ESP or AH should be secure relative to the number of packets
   being protected. To avoid potential security problems imposed by
   algorithm limitations, the SA lifetime may be set to limit the volume
   of data protected with a single key, prior to reaching the 2^64
   packet limit imposed by the ESN.


5. IANA Considerations

   This document contains a "magic" number to be maintained by the IANA.
   No additional class values will be assigned for this attribute.  Upon
   approval of this draft for publication as an RFC, IANA is to allocate
   an IPsec Security Attribute value for "Attribute Type".  This value
   is to replace the TBD under the heading "value" in the table in
   Section 2.


Acknowledgments

   The author would like to thank the members of the IPsec working
   group. The author would also like to acknowledge the contributions of


Kent                                                            [Page 3]


Internet Draft         ESN Addendum to ISAKMP DOI              July 2003


   Karen Seo for her help in the editing of this specification.


References

   [AH]       Kent, S., "IP Authentication Header", RFC ???, ??? 2003.

   [DOI]      Piper, D., "The Internet IP Security Domain of
              Interpretation for ISAKMP", RFC 2407, November 1998.

   [ESP]      Kent, S., "IP Encapsulating Security Payload (ESP)", RFC
              ???, ??? 2003.

   [IKE]      Harkins, D., and D. Carrel, D., "The Internet Key Exchange
              (IKE)", RFC 2409, November 1998.

   [ISAKMP]   Maughan, D., Schertler, M., Schneider, M., and J.  Turner,
              "Internet Security Association and Key Management Protocol
              (ISAKMP)", RFC 2408, November 1998.

   [OAKLEY]   Orman, H., "The OAKLEY Key Determination Protocol", RFC
              2412, November 1998.

Disclaimer

   The views and specification here are those of the authors and are not
   necessarily those of their employers.  The authors and their
   employers specifically disclaim responsibility for any problems
   arising from correct or incorrect implementation or use of this
   specification.

Author Information

   Stephen Kent
   BBN Technologies
   10 Moulton Street
   Cambridge, MA  02138
   USA

   Phone: +1 (617) 873-3988
   EMail: kent@bbn.com









Kent                                                            [Page 4]


Internet Draft         ESN Addendum to ISAKMP DOI              July 2003


   Copyright (C) The Internet Society (2003).  All Rights Reserved.

   This document and translations of it may be copied and furnished to
   others, and derivative works that comment on or otherwise explain it
   or assist in its implementation may be prepared, copied, published
   and distributed, in whole or in part, without restriction of any
   kind, provided that the above copyright notice and this paragraph are
   included on all such copies and derivative works.  However, this
   document itself may not be modified in any way, such as by removing
   the copyright notice or references to the Internet Society or other
   Internet organizations, except as needed for the purpose of
   developing Internet standards in which case the procedures for
   copyrights defined in the Internet Standards process must be
   followed, or as required to translate it into languages other than
   English.

   The limited permissions granted above are perpetual and will not be
   revoked by the Internet Society or its successors or assigns.

   This document and the information contained herein is provided on an
   "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
   TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
   BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
   HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
   MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

Expires January 2004























Kent                                                            [Page 5]