INTERNET DRAFT                                                 Yoav Nir
draft-nir-ikev2-auth-lt-00.txt                              Check Point
Expires: October 2004
Intended status: Informational                             May 11, 2004

                    Repeated Authentication in IKEv2

Status of this Memo

This document is an Internet-Draft and is in full conformance with all
provisions of Section 10 of RFC2026.

Internet-Drafts are working documents of the Internet Engineering Task
Force (IETF), its areas, and its working groups. Note that other groups
may also distribute working documents as Internet-Drafts.

Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference material
or to cite them other than as "work in progress."

The list of current Internet-Drafts can be accessed at

The list of Internet-Draft Shadow Directories can be accessed at


With some IPsec peers, particularly in the remote access scenario, it
is desirable to repeat the mutual authentication periodically.
The purpose of this is to limit the time an IKE SA can be used by a
third party who has gained control of the IPsec peer.  This is not the
same as IKE SA rekeying.
At the end of the IKE_AUTH negotiation, the Responder sends a
notification to the Initiator with the number of seconds before the
authentication needs to be repeated.  The Initiator will repeat the
Initial exchange before that time is expired.

1. Introduction

This document extends the IKEv2 document [IKEv2]. It describes the
authentication lifetime notification and its processing.

The key words "MUST", "MUST NOT", "SHOULD", "SHOULD NOT", and "MAY" in
this document are to be interpreted as described in [RFC2119].

2. Authentication Lifetime

The Responder in an IKEv2 negotiation MAY be configured to limit the
time that an IKE SA and the associated IPsec SAs may be used before
the peer is required to repeat the authentication, through a new
Initial Exchange.

Nir                                                            [Page 1]

INTERNET-DRAFT        Repeated Authentication in IKEv2       April 2004

The Informational exchange follows the IKE_AUTH exchange, and is formed
as follows:

     Initiator                            Responder
      -----------------------------       -----------------------------
     HDR, SAi1, KEi, Ni              -->
                                     <--  HDR, SAr1, KEr, Nr, [CERTREQ]
     HDR, SK {IDi, [CERT,] [CERTREQ,]
        [IDr,] AUTH, SAi2, TSi, TSr} -->
                                     <--  HDR, SK {IDr, [CERT,] AUTH,
                                             SAr2, TSi, TSr}

                                     <--  HDR, SK {N(AUTH_LIFETIME)}
     HDR                             -->

The AUTH_LIFETIME notification is described in section 3.
The original Responder that sends the AUTH_LIFETIME notification SHOULD
send a DELETE notification when the end of the lifetime period.
An Initiator that received an AUTH_LIFETIME notification SHOULD start
an Initial exchange within the time indicated in the notification. The
AUTH_LIFETIME notification MUST be protected and MAY be sent by the
original Responder at any time. If the policy changes, the original
Responder MAY send it again in a new Informational.

The new Initial exchange will look like this:

     Initiator                            Responder
      -----------------------------       --------------------------
     HDR, SAi1, KEi, Ni              -->
                                     <--  HDR, SAr1, KEr, Nr, [CERTREQ]
     HDR, SK {IDi, [CERT,] [CERTREQ,]
        [IDr,] AUTH, N(REKEY_SA)}    -->
                                     <--  HDR, SK {IDr, [CERT,] AUTH}

The REKEY_SA notification MUST contain the IKE SPI of the old SA.  The
Responder MUST check that the the IDi and SAi1 payloads match those of
the old SA.  The AUTH payloads sign the first and second messages of
this exchange.

3. AUTH_LIFETIME Notification

The AUTH_LIFETIME message is a notification payload formatted as follows:

                           1                   2                   3
       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
      ! Next Payload  !C!  RESERVED   !         Payload Length        !
      !  Protocol ID  !   SPI Size    !      Notify Message Type      !
      !                           Lifetime                            !

Nir                                                            [Page 2]

INTERNET-DRAFT        Repeated Authentication in IKEv2       April 2004

   o  Payload Length is 12.
   o  Protocol ID (1 octet) MUST be 1 (IKE_SA).
   o  SPI size is 0 (SPI is in message header).
   o  Notify Message type is to be assigned by IANA
   o  Lifetime is the amount of time in seconds left before the peer
      should repeat the Initial exchange.

4. Interoperability with non-compliant IKEv2 implementations

IKEv2 implementations that do not support the AUTH_LIFETIME
notification will ignore it and will not repeat the authentication. In
that case the original Responder will send a Delete notification for
the IKE SA in an Informational exchange.

Non-compliant Responders are not a problem, because they will simply
not send these notifications.  In that case, there is no requirement
that the original Initiator re-authenticate.

5. Security Considerations

The AUTH_LIFETIME notification sent by the Responder does not override
any security policy on the Initiator.  In particular, the Initiator MAY
have a different policy regarding re-authentication, requiring more
frequent re-authentication.  Such an Initiator can repeat the
authentication earlier then is required by the notification.

An Initiator MAY set reasonable limits on the amount of time in the
AUTH_LIFETIME notification.  For example, in the remote-access scenario,
it may be unreasonable for the lifetime to be lower than 300 seconds.

6. References

[IKEv2] "Internet Key Exchange (IKEv2) Protocol",
draft-ietf-ipsec-ikev2, work in progress.

7. IANA Considerations

IANA is asked to assign a notification payload type for the
AUTH_LIFETIME notifications from the IKEv2 Notification Payload Types

8. Author's address

Yoav Nir
Check Point Software Technologies

Nir                                                            [Page 3]