Mobile IP Working Group Charles E. Perkins
INTERNET DRAFT Nokia Research Center
10 March 2000 Pat R. Calhoun
Sun Microsystems Laboratories
Generalized Key Distribution Extensions for Mobile IP
draft-perkins-mobileip-gen-key-01.txt
Status of This Memo
This document is a submission by the mobile-ip Working Group of the
Internet Engineering Task Force (IETF). Comments should be submitted
to the MOBILE-IP@STANDARDS.NORTELNETWORKS.COM mailing list.
Distribution of this memo is unlimited.
This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026. Internet-Drafts are working
documents of the Internet Engineering Task Force (IETF), its areas,
and its working groups. Note that other groups may also distribute
working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at
any time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at:
http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at:
http://www.ietf.org/shadow.html.
Abstract
Recent proposals have suggested several kinds of key extensions for
Mobile IP registration messages. These keys may be used between
the mobile node and mobility agents, or between the mobility agents
themselves. This document specifies generalized extension formats
that can be useful for several kinds of key distributions. Each
generalized extension format will have subtypes which indicate the
specific format for the key distribution data.
Perkins, Calhoun Expires 10 September 2000 [Page i]
Internet Draft Generalized Key Extensions 10 March 2000
1. Introduction
Recent proposals [5, 1, 6] have suggested several kinds of key
extensions for Mobile IP [4] registration messages. These keys may
be used between the mobile node and mobility agents, or between the
mobility agents themselves. This document specifies generalized
extension formats that can be useful for several kinds of key
distributions. Each generalized extension format will have subtypes
which indicate the specific format for the key distribution data.
Each generalized format conforms to the overall format suggested for
generalized Mobile IP extensions recently described for MIER [2].
Different generalized extensions are defined depending upon the
following factors:
- The intended use of the key
- Whether the extension requests a key or supplies a key
2. Generalized MN-FA Key Request Extension
Figure 1 illustrates the Generalized MN-FA Key Request Extension.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Subtype | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Mobile Node SPI |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| MN-FA Key Request Subtype Data ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 1: The Generalized Mobile IP MN-FA Key Request Extension
Type 40 (not skippable) (see [4])
Subtype a number assigned to identify the way in
which the Key Request Data is to be used
when generating the registration key
Length 4 plus the number of bytes in the Subtype
Data; SHOULD be at least 20.
Perkins, Calhoun Expires 10 September 2000 [Page 1]
Internet Draft Generalized Key Extensions 10 March 2000
Mobile Node SPI The Security Parameters Index that the
mobile node will assign for the security
association created for use with the
registration key.
MN-FA Key Request Subtype Data
Data needed to carry out the creation of the
registration key on behalf of the mobile
node.
3. Generalized MN-FA Key Reply Extension
The Generalized MN-FA Key Reply extension supplies a registration key
requested by using one of the subtypes of the Generalized MN-FA Key
Request extension. Figure 2 illustrates the format Generalized MN-FA
Key Reply Extension.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Subtype | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Key Reply Subtype Data ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 2: The Generalized Mobile IP MN-FA Key Reply Extension
Type 41 (not skippable) (see [4])
Subtype a number assigned to identify the way in which
the Encoded MN-FA Key Data is to be decrypted to
obtain the registration key
Length The 16-bit Length field indicates the length of
the extension. It is equal to 4 plus the number
of bytes in the Encoded MN-FA Key Data.
MN-FA Key Reply Subtype Data
An encoded copy of the key to be used between the
mobile node and the foreign agent, along with
any other information needed by the recipient
to create the designated Mobility Security
Association.
Perkins, Calhoun Expires 10 September 2000 [Page 2]
Internet Draft Generalized Key Extensions 10 March 2000
For each subtype, the format of the MN-FA Key Reply Subtype Data has
to be separately defined according to the particular method required
to set up the security association.
In some cases, the MN-FA Key supplied in the data for a subtype of
this extension comes by a request which was sent using a subtype of
the Generalized MN-FA Key Request Extension. In that case, the SPI
to be used when employing the security association defined by the
registration key is the same as given in the original request.
4. Generalized MN-HA Key Reply Extension
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Subtype | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Lifetime |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| MN-HA Key Reply Subtype Data ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 3: The Generalized Mobile IP MN-HA Key Reply Extension
Type 43 (not skippable) (see [4])
Subtype a number assigned to identify the way in which
the Encoded MN-HA Key Data is to be decrypted to
obtain the registration key
Length The 16-bit Length field indicates the length of
the extension. It is equal to 4 plus the number
of bytes in the Encoded MN-HA Key Data.
Lifetime This field indicates the duration of time (in
seconds) for which the MN-HA key is valid.
MN-HA Key Reply Subtype Data
An encrypted copy of the key to be used between
the mobile node and its home agent, along with
any other information needed by the mobile
node to create the designated Mobility Security
Association with the home agent.
Perkins, Calhoun Expires 10 September 2000 [Page 3]
Internet Draft Generalized Key Extensions 10 March 2000
For each subtype, the format of the MN-HA Key Reply Subtype Data has
to be separately defined according to the particular method required
to set up the security association.
5. Generalized FA-HA Key Reply Extension
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Subtype | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Lifetime |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| FA-HA Key Reply Subtype Data ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 4: The Generalized Mobile IP FA-HA Key Reply Extension
Type 45 (not skippable) (see [4])
Subtype a number assigned to identify the way in which
the Encoded FA-HA Key Data is to be decrypted to
obtain the registration key
Length The 16-bit Length field indicates the length of
the extension. It is equal to 4 plus the number
of bytes in the Encoded FA-HA Key Data.
Lifetime This field indicates the duration of time (in
seconds) for which the FA-HA key is valid.
MN-HA Key Reply Subtype Data
An encrypted copy of the key to be used between
the foreign agent and its home agent, along
with any other information needed by the mobile
node to create the designated Mobility Security
Association with the home agent.
For each subtype, the format of the FA-HA Key Reply Subtype Data has
to be separately defined according to the particular method required
to set up the security association.
Perkins, Calhoun Expires 10 September 2000 [Page 4]
Internet Draft Generalized Key Extensions 10 March 2000
6. IANA Considerations
Each generalized extension specified in this document is to be
numbered from the space of Mobile IP registration extension numbers
defined in RFC 2002 [4] as extended in RFC 2356 [3]. The numbers 40,
41, 43, and 45 chosen in the text are currently unassigned.
A subtype address space must be created for each generalized
extension defined in this document. From this space, subtype values
will be assigned according to standards approved principally by the
mobile-ip working group, but other working groups may also submit
requests to assign subtype numbers for Mobile IP extensions.
7. Security Considerations
The extensions in this document are intended to provide the
appropriate level of security for Mobile IP entities (mobile node,
foreign agent, and home agent) to operate Mobile IP registration
protocol. The security associations resulting from use of these
extensions do not offer any higher level of security than what is
already implicit in use of the security association between the
receiver and the entity distributing the key.
References
[1] P. Calhoun, Haseeb Akhtar, Emad Qaddoura, and N. Asokan. Minimal
Latency Secure Hand-off. (work in progress).
draft-calhoun-mobileip-min-lat-handoff-01.txt, February 2000.
[2] M. Khalil, R. Narayanan, H. Akhtar, and E. Qaddoura. Mobile IP
Extensions Rationalization (MIER). Internet Draft, Internet
Engineering Task Force. Work in progress.
draft-ietf-mobileip-mier-03.txt, February 2000.
[3] G. Montenegro and V. Gupta. Sun's SKIP Firewall Traversal for
Mobile IP. Request for Comments (Informational) 2356, Internet
Engineering Task Force, June 1998.
[4] C. Perkins. IP Mobility Support. Request for Comments (Proposed
Standard) 2002, Internet Engineering Task Force, October 1996.
[5] C. E. Perkins and P. Calhoun. AAA Registration Keys for Mobile
IP. draft-ietf-mobileip-aaa-key-01.txt, January 2000.
(work in progress).
[6] C. E. Perkins and D. Johnson. Registration Keys for Route
Optimization. draft-ietf-mobileip-regkey-01.txt, February 2000.
(work in progress).
Perkins, Calhoun Expires 10 September 2000 [Page 5]
Internet Draft Generalized Key Extensions 10 March 2000
Addresses
The working group can be contacted via the current chairs:
Basavaraj Patil Phil Roberts
Nokia Corporation Motorola
6000 Connection Drive 1501 West Shure Drive
M/S M8-540
Irving, TX 75039 Arlington Heights, IL 60004
USA USA
Phone: +1 972-894-6709 Phone: +1 847-632-3148
Fax : +1 972-894-5349
EMail: Raj.Patil@nokia.com EMail: QA3445@email.mot.com
Questions about this memo can also be directed to the authors:
Charles E. Perkins Pat R. Calhoun
Communications Systems Lab Network & Security Center
Nokia Research Center Sun Microsystems Laboratories
313 Fairchild Drive 15 Network Circle
Mountain View, California 94043 Menlo Park, California 94025
USA USA
Phone: +1-650 625-2986 Phone: +1 650-786-7733
EMail: charliep@iprg.nokia.com EMail: pcalhoun@eng.sun.com
Fax: +1 650 625-2502 Fax: +1 650-786-6445
Perkins, Calhoun Expires 10 September 2000 [Page 6]