Mobile IP Working Group Charles E. Perkins
INTERNET DRAFT Nokia Research Center
2 March 2001 Pat R. Calhoun
Sun Microsystems Laboratories
Generalized Key Distribution Extensions for Mobile IP
draft-perkins-mobileip-gen-key-03.txt
Status of This Memo
This document is a submission by the mobile-ip Working Group of the
Internet Engineering Task Force (IETF). Comments should be submitted
to the MOBILE-IP@STANDARDS.NORTELNETWORKS.COM mailing list.
Distribution of this memo is unlimited.
This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026. Internet-Drafts are working
documents of the Internet Engineering Task Force (IETF), its areas,
and its working groups. Note that other groups may also distribute
working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at
any time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at:
http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at:
http://www.ietf.org/shadow.html.
Abstract
Recent proposals have suggested several kinds of key extensions for
Mobile IP registration messages. These keys may be used between
the mobile node and mobility agents, or between the mobility agents
themselves. This document specifies generalized extension formats
that can be useful for several kinds of key distributions. Each
generalized extension format will have subtypes which indicate the
specific format for the key distribution data.
Perkins, Calhoun Expires 2 September 2001 [Page i]
Internet Draft Generalized Key Extensions 2 March 2001
1. Introduction
Recent proposals [5, 1, 6] have suggested several kinds of key
extensions for Mobile IP [4] registration messages. These keys may
be used between the mobile node and mobility agents, or between the
mobility agents themselves. This document specifies generalized
extension formats that can be useful for several kinds of key
distributions. Each generalized extension format will have subtypes
which indicate the specific format for the key distribution data.
Each generalized format conforms to the overall format suggested for
generalized Mobile IP extensions recently described for MIER [2].
Different generalized extensions are defined depending upon the
following factors:
- The intended use of the key
- Whether the extension requests a key or supplies a key
2. Generalized MN-FA Key Request Extension
Figure 1 illustrates the Generalized MN-FA Key Request Extension.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Subtype | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Mobile Node SPI |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| MN-FA Key Request Subtype Data ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 1: The Generalized Mobile IP MN-FA Key Request Extension
Type 40 (not skippable) (see [4])
Subtype a number assigned to identify the way in
which the Key Request Data is to be used
when generating the registration key
Length 4 plus the number of bytes in the Subtype
Data; SHOULD be at least 20.
Perkins, Calhoun Expires 2 September 2001 [Page 1]
Internet Draft Generalized Key Extensions 2 March 2001
Mobile Node SPI The Security Parameters Index that the
mobile node will assign for the security
association created for use with the
registration key.
MN-FA Key Request Subtype Data
Data needed to carry out the creation of the
registration key on behalf of the mobile
node.
The Generalized MN-FA Key Request Extension defines a set of
extensions, identified by subtype, which may be used by a mobile node
in a Mobile IP Registration Request message to request that some
other entity create a key for use by the mobile node with the mobile
node's new foreign agent.
3. Generalized MN-FA Key Reply Extension
The Generalized MN-FA Key Reply extension supplies a registration key
requested by using one of the subtypes of the Generalized MN-FA Key
Request extension. Figure 2 illustrates the format Generalized MN-FA
Key Reply Extension.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Subtype | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Key Reply Subtype Data ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 2: The Generalized Mobile IP MN-FA Key Reply Extension
Type 41 (not skippable) (see [4])
Subtype a number assigned to identify the way in which
the Encoded MN-FA Key Data is to be decrypted to
obtain the registration key
Length The 16-bit Length field indicates the length of
the extension. It is equal to 4 plus the number
of bytes in the Encoded MN-FA Key Data.
MN-FA Key Reply Subtype Data
An encoded copy of the key to be used between the
Perkins, Calhoun Expires 2 September 2001 [Page 2]
Internet Draft Generalized Key Extensions 2 March 2001
mobile node and the foreign agent, along with
any other information needed by the recipient
to create the designated Mobility Security
Association.
For each subtype, the format of the MN-FA Key Reply Subtype Data has
to be separately defined according to the particular method required
to set up the security association.
In some cases, the MN-FA Key supplied in the data for a subtype of
this extension comes by a request which was sent using a subtype of
the Generalized MN-FA Key Request Extension. In that case, the SPI
to be used when employing the security association defined by the
registration key is the same as given in the original request.
4. Generalized MN-HA Key Request Extension
Figure 3 illustrates the Generalized MN-HA Key Request Extension.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Subtype | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Mobile Node SPI |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| MN-HA Key Request Subtype Data ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 3: The Generalized Mobile IP MN-HA Key Request Extension
Type 42 (not skippable) (see [4])
Subtype a number assigned to identify the way in
which the Key Request Data is to be used
when generating the registration key
Length 4 plus the number of bytes in the Subtype
Data; SHOULD be at least 20.
Mobile Node SPI The Security Parameters Index that the
mobile node will assign for the security
association created for use with the
registration key.
Perkins, Calhoun Expires 2 September 2001 [Page 3]
Internet Draft Generalized Key Extensions 2 March 2001
MN-HA Key Request Subtype Data
Data needed to carry out the creation of the
registration key on behalf of the mobile
node.
The Generalized MN-HA Key Request Extension defines a set of
extensions, identified by subtype, which may be used by a mobile node
in a Mobile IP Registration Request message to request that some
other entity create a key for use by the mobile node with the mobile
node's new home agent.
5. Generalized MN-HA Key Reply Extension
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Subtype | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Lifetime |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| MN-HA Key Reply Subtype Data ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 4: The Generalized Mobile IP MN-HA Key Reply Extension
Type 43 (not skippable) (see [4])
Subtype a number assigned to identify the way in which
the Encoded MN-HA Key Data is to be decrypted to
obtain the registration key
Length The 16-bit Length field indicates the length of
the extension. It is equal to 4 plus the number
of bytes in the Encoded MN-HA Key Data.
Lifetime This field indicates the duration of time (in
seconds) for which the MN-HA key is valid.
MN-HA Key Reply Subtype Data
An encrypted copy of the key to be used between
the mobile node and its home agent, along with
any other information needed by the mobile
node to create the designated Mobility Security
Association with the home agent.
Perkins, Calhoun Expires 2 September 2001 [Page 4]
Internet Draft Generalized Key Extensions 2 March 2001
For each subtype, the format of the MN-HA Key Reply Subtype Data has
to be separately defined according to the particular method required
to set up the security association.
6. Generalized FA-HA Key Reply Extension
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Subtype | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Lifetime |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| FA-HA Key Reply Subtype Data ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 5: The Generalized Mobile IP FA-HA Key Reply Extension
Type 45 (not skippable) (see [4])
Subtype a number assigned to identify the way in which
the Encoded FA-HA Key Data is to be decrypted to
obtain the registration key
Length The 16-bit Length field indicates the length of
the extension. It is equal to 4 plus the number
of bytes in the Encoded FA-HA Key Data.
Lifetime This field indicates the duration of time (in
seconds) for which the FA-HA key is valid.
FA-HA Key Reply Subtype Data
An encrypted copy of the key to be used between
the foreign agent and the mobile node's home
agent, along with any other information needed
by the foreign agent to create the designated
Mobility Security Association with that home
agent.
For each subtype, the format of the FA-HA Key Reply Subtype Data has
to be separately defined according to the particular method required
to set up the security association.
7. Generalized FA-FA Key Reply Extension
Perkins, Calhoun Expires 2 September 2001 [Page 5]
Internet Draft Generalized Key Extensions 2 March 2001
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Subtype | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| FA-FA SPI |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| FA-FA Key Reply Subtype Data ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 6: The Generalized Mobile IP FA-FA Key Reply Extension
Type 46 (not skippable) (see [4])
Subtype a number assigned to identify the way in which
the Encoded FA-FA Key Data is to be decrypted to
obtain the registration key
Length The 16-bit Length field indicates the length of
the extension. It is equal to 4 plus the number
of bytes in the Encoded FA-HA Key Data.
FA-FA SPI This field indicates the SPI that should be used
to decipher the FA-FA key.
FA-FA Key Reply Subtype Data
An encrypted copy of the key to be used between
the foreign agent and its home agent, along
with any other information needed by the mobile
node to create the designated Mobility Security
Association with the home agent.
For each subtype, the format of the FA-HA Key Reply Subtype Data has
to be separately defined according to the particular method required
to set up the security association.
8. IANA Considerations
Each generalized extension specified in this document is to be
numbered from the space of Mobile IP registration extension numbers
defined in RFC 2002 [4] as extended in RFC 2356 [3]. The numbers 40,
41, 42, 43, 45 and 46 chosen in the text are currently unassigned.
A subtype address space must be created for each generalized
extension defined in this document. From this space, subtype values
Perkins, Calhoun Expires 2 September 2001 [Page 6]
Internet Draft Generalized Key Extensions 2 March 2001
will be assigned according to standards approved principally by the
mobile-ip working group, but other working groups may also submit
requests to assign subtype numbers for Mobile IP extensions.
9. Security Considerations
The extensions in this document are intended to provide the
appropriate level of security for Mobile IP entities (mobile node,
foreign agent, and home agent) to operate Mobile IP registration
protocol. The security associations resulting from use of these
extensions do not offer any higher level of security than what is
already implicit in use of the security association between the
receiver and the entity distributing the key.
References
[1] P. Calhoun, Haseeb Akhtar, Emad Qaddoura, and N. Asokan. Minimal
Latency Secure Hand-off.
draft-calhoun-mobileip-min-lat-handoff-01.txt, February 2000.
(work in progress).
[2] M. Khalil, R. Narayanan, H. Akhtar, and E. Qaddoura. Mobile IP
Extensions Rationalization (MIER). Internet Draft, Internet
Engineering Task Force.
draft-ietf-mobileip-mier-03.txt, February 2000. Work in
progress.
[3] G. Montenegro and V. Gupta. Sun's SKIP Firewall Traversal for
Mobile IP. Request for Comments (Informational) 2356, Internet
Engineering Task Force, June 1998.
[4] C. Perkins. IP Mobility Support. Request for Comments (Proposed
Standard) 2002, Internet Engineering Task Force, October 1996.
[5] C. E. Perkins and P. Calhoun. AAA Registration Keys for Mobile
IP.
draft-ietf-mobileip-aaa-key-01.txt, January 2000. (work in
progress).
[6] C. E. Perkins and D. Johnson. Registration Keys for Route
Optimization.
draft-ietf-mobileip-regkey-01.txt, February 2000. (work in
progress).
Perkins, Calhoun Expires 2 September 2001 [Page 7]
Internet Draft Generalized Key Extensions 2 March 2001
Addresses
The working group can be contacted via the current chairs:
Basavaraj Patil Phil Roberts
Nokia Corporation Motorola
6000 Connection Drive 1501 West Shure Drive
M/S M8-540
Irving, TX 75039 Arlington Heights, IL 60004
USA USA
Phone: +1 972-894-6709 Phone: +1 847-632-3148
Fax : +1 972-894-5349
EMail: Raj.Patil@nokia.com EMail: QA3445@email.mot.com
Questions about this memo can also be directed to the authors:
Charles E. Perkins Pat R. Calhoun
Communications Systems Lab Network & Security Center
Nokia Research Center Sun Microsystems Laboratories
313 Fairchild Drive 15 Network Circle
Mountain View, California 94043 Menlo Park, California 94025
USA USA
Phone: +1-650 625-2986 Phone: +1 650-786-7733
EMail: charliep@iprg.nokia.com EMail: pcalhoun@eng.sun.com
Fax: +1 650 625-2502 Fax: +1 650-786-6445
Perkins, Calhoun Expires 2 September 2001 [Page 8]