Operations Group
Internet Draft I. Singh
Document: draft-singh-capwap-ctp-00.txt P. Francisco
Chantry Networks
F. Backes
Propagate Networks
Expires: November 2004 May 2004
CAPWAP Tunneling Protocol (CTP)
Status of this Memo
This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on November 13, 2004.
Copyright Notice
Copyright (C) The Internet Society (2004). All Rights Reserved.
Abstract
With the overwhelming choice of proprietary implementations of
centralized control and management of wireless access points and
access controllers there is a great demand for a standard protocol
and architecture that enables the deployment of large scale wireless
networks.
This document describes the CAPWAP Tunneling Protocol, a protocol
that allows for the centralized control and provisioning of a large
Singh Expires - November 2004 [Page 1]
Internet-Draft CTP May 2004
number of wireless access points from access controllers. It is
supported by an architecture where the MAC layer of the RF technology
is terminated within the AP. This allows for the protocol to be
extensible to multiple radio technologies. It assumes an IP
connection between the access points and access controllers and has
signaling primitives to enable wireless station mobility between
access points. Therefore, seamless Layer 3 subnet mobility is
enabled by this protocol.
Table of Contents
1. Definitions....................................................4
1.1 Conventions used in this document..........................4
1.2 Terminology................................................4
2. Introduction...................................................4
2.1 Out of scope...............................................6
2.1.1 Secure discovery of AP and AC.........................6
2.1.2 AP image management...................................6
2.1.3 Multiple AC mobility..................................7
3. Protocol Overview..............................................7
3.1 Control and Status Messages................................7
3.2 Configuration and Statistics messages......................7
3.3 Data Messages..............................................8
4. CTP Packets....................................................8
4.1 CTP Header format..........................................8
4.2 Messages...................................................9
4.3 Message Payloads..........................................10
5. Message descriptions..........................................13
5.1 Message State Control.....................................13
5.2 Control and Status messages...............................13
5.2.1 CTP Reg-Req..........................................13
5.2.2 CTP Reg-Rsp..........................................13
5.2.3 CTP Auth-Req.........................................14
5.2.4 CTP Auth-Rsp.........................................14
5.2.5 CTP SW-Update-Req....................................15
5.2.6 CTP SW-Update-Rsp....................................15
5.2.7 CTP Set-State-Req....................................16
5.2.8 CTP Set-State-Rsp....................................17
5.2.9 CTP Poll-Req.........................................17
5.2.10 CTP Poll-Rsp........................................17
5.2.11 CTP MU-Connect-Req..................................18
5.2.12 CTP MU-Connect-Rsp..................................18
5.2.13 CTP MU-Disconnect-Req...............................18
5.2.14 CTP MU-Disconnect-Rsp...............................19
5.2.15 CTP MU-Disconnect-Nfy...............................19
5.2.16 CTP MU-Authenticate-Req.............................20
5.2.17 CTP MU-Authenticate-Rsp.............................20
5.3 Configuration and Statistics messages.....................21
Singh Expires - November 2004 [Page 2]
Internet-Draft CTP May 2004
5.3.1 CTP Cap-Req..........................................21
5.3.2 CTP Cap-Rsp..........................................23
5.3.3 CTP Config-Req.......................................24
5.3.4 CTP Config-Rsp.......................................24
5.3.5 CTP Config-Ack.......................................24
5.3.6 CTP Config-Status-Notify.............................25
5.3.7 CTP Stats-Notify.....................................25
5.3.8 CTP Stats-Req........................................25
5.3.9 CTP Stats-Rsp........................................26
5.3.10 Configuration and Statistics........................26
5.4 CTP Data Messages.........................................26
5.4.1 CTP Data.............................................27
6. State Machines................................................28
6.1 Init......................................................28
6.2 Control Channel Establishment.............................28
6.3 Active State..............................................29
6.4 Standby State.............................................29
7. Security Considerations.......................................29
8. References....................................................30
9. Author's Addresses............................................30
10. Appendix I - Registration and Authentication.................31
Intellectual Property Statement..................................33
Singh Expires - November 2004 [Page 3]
Internet-Draft CTP May 2004
1. Definitions
1.1 Conventions used in this document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC-2119 [1].
1.2 Terminology
AP - Access Point - The network device that includes both the
wireless termination point as well as the implementation of a
specific radio technology management layer.
AC - Access Controller - A centralized network entity that controls,
configures and manages one or more than one APs.
MU - Mobile Unit - A wireless device which is also an IP node capable
of dynamic change in its association with an Access Point.
2. Introduction
The rapid pace with which wireless networks are being deployed in the
home, enterprise and carrier industries has led to the proliferation
of proprietary solutions which attempt to address problems associated
with large scale wireless installations. The main issues plaguing
802.11 wireless networks, for example, are described in [2] and can
be summarized as: the manageability of large numbers of APs (Access
Points); the secure and bulk provisioning, monitoring, and control of
APs; and policy control and enforcement of MU (Mobile Units) data
flows and policies.
One of the key problems with deploying large scale wireless networks
is that the infrastructure needs to scale to meet both geographic
coverage as well as client density requirements. CAPWAP Tunneling
Protocol (CTP) addresses these challenges by minimizing configuration
of the wired infrastructure to accommodate the wireless network.
CTP provides both centralized configuration and operational control
for wireless networks, and in doing so, provides centralized security
and policy management.
This solution has been currently focused towards 802.11 networks.
However, CTP is independent of the layer 2 wireless standard because
it assumes that the MAC layer of the wireless technology is fully
implemented in the AP. The control channel binding between the AP and
AC provides for all the necessary signaling to facilitate MU
connection, mobility, and even RF resource management. Thus, it is
Singh Expires - November 2004 [Page 4]
Internet-Draft CTP May 2004
possible to use CTP to offer IP network services to wireless users
independent of the underlying wireless technology (e.g. 802.11,
802.15, or 802.16).
CTP involves one or more Access Points (APs) connected to one or more
Access Controllers (ACs). The network connectivity between the APs
and ACs is primarily through a Layer 3 routed network. However,
switched Layer 2 or directly connected network topologies are also
supported. Figure 1 shows the typical network topology of AP and AC
placement in a CTP network. However, since it is assumed that the AP
and AC are IP addressable direct connect or L2 connect is also
supported.
+-------+-------+
| AC |
+-------+-------+
|
--------+------ LAN
|
+-------+-------+
| <L3 Network> |
+-------+-------+
|
-----+--+--+--- LAN
| |
+---+ +---+
| |
+--+--+ +--+--+
| AP | | AP |
+--+--+ +--+--+
Figure 1 - Topology of AP and AC placement
CTP interacts directly with the MAC management entity to monitor and
control configuration and wireless connections. CTP tunnels data
traffic as 802.3 traffic to the AP and uses the L2 Bridge to pass
data to the MAC. Optionally, data traffic can be passed directly to
the AP, independent of a CTP data connection. This mode of operation
is fully controlled by the AC rather than being an inherent property
of the AP. There has been wide interest in this deployment model in
the case where the link between the AC and the AP is a slow WAN link,
for example. By bridging the MU data traffic locally at the AP's
network, and still controlling the authentication centrally via the
AC, the user is able to forgo the possibility of the data traffic
having to traverse the slow WAN link upstream and then again
downstream to access, for example, a local printer. In this
Singh Expires - November 2004 [Page 5]
Internet-Draft CTP May 2004
centralized architecture solution of CTP, the layer 2 wireless
termination point and the MAC layer are fully implemented in the AP
as shown in Figure 2, which enables this type of feature.
+--+--+ +----+------+
Control <===>| | (Control) | |
| CTP |<===========>|WirelessMAC|
Data <--->| | | |
+--+--+ +----+------+
^ ^
| +-----------+ |
| | | |
Data (optional) <-------+--->| L2 bridge |<---+
| (Data) |
+-----------+
Figure 2 - CTP and MAC interaction in an AP
2.1 Out of scope
The following areas are out of scope for this version of the
protocol.
2.1.1 Secure discovery of AP and AC.
Rather than specify a brand new secure discovery mechanism for APs
and ACs within this protocol, CTP specifies the context and security
credentials that are required to register APs into ACs. All AP
implementations of CTP MUST provide a method to statically configure
the IP address(es) of the AC to be stored in the non-volatile RAM of
the AP.
Other methods for automatic discovery that MAY be used by
implementations of CTP are: SLP, DNS name resolution, and DHCP
options for AC IP address(es). The mechanism by which these methods
are incorporated into CTP is out of scope for this document but is a
worthwhile task for the working group that takes on this work.
2.1.2 AP image management.
A conscious decision in the design of this protocol excluded the
implementation of an AP image management system. However, CTP
provides triggers for software upgrade, ie. a message to indicate
software version and a message to command the AP to initiate software
upgrade. The actual protocol and mechanism for secure software
download has been deemed out of scope for the protocol and beyond
what the protocol was intended for.
Singh Expires - November 2004 [Page 6]
Internet-Draft CTP May 2004
2.1.3 Multiple AC mobility
This version of CTP does not include the details of support for
multi-AC control over APs for the purposes of multi-AC MU mobility.
However, the reserved message types and the capability exchange phase
may be used to facilitate the setting up of intra-AC tunnels.
3. Protocol Overview
CTP is a generic protocol that defines a mechanism for the control
and provisioning of wireless APs through centralized ACs. In
addition, it provides a mechanism to optionally tunnel the mobile
client data between the AP and AC.
There are two types of CTP packet headers:
a) Control: these messages allow the AC to provision and control
the APs and MU session state and further contain messages that
consist of configuration, statistics and state management.
b) Data: an optional aspect of the protocol that allows MU data
packets tunneled between the AP and the AC.
The CTP messages between APs and ACs are delivered by a UDP transport
and the UDP port number is [TBD]. The message types of this protocol
are classified into three distinct categories:
o Control and Status messages
o Configuration and Statistics messages
o Data messages.
3.1 Control and Status Messages
The set of control messages of CTP provides a mechanism for an AP to
register itself with the AC and to interact with the MU session
management operations of the AC. Primarily this set is utilized by
the AP to request session association with the AC, configuration
information, and to provide the mechanism and notification of MU
connection to the AC. The AC uses this message set to acknowledge AP
and MU session establishment and to explicitly control both AP and MU
session operational state (such as AP state changes, AP and MU
session disconnection, etc.)
3.2 Configuration and Statistics messages
This logical set of messages exchanged between AP and AC is primarily
intended for the provisioning of the AP via a capabilities exchange
and configuration message set. This message set also includes a
means for the AP to provide periodic status notifications of current
Singh Expires - November 2004 [Page 7]
Internet-Draft CTP May 2004
operational state, statistics information such as wireless and wired
statistics, security alerts, etc.
3.3 Data Messages
The CTP-Data message is the only message in this set. Its purpose is
to carry encapsulated frames associated with a registered MU. This
message type utilizes the Policy field of the message header to
provide user based, post authentication policy enforcement on a per
packet basis. This message type applies to actual MU client data and
does not include MU association, authentication and MU session
management messages as those operations are explicitly represented
though specific control messages.
It must be noted that the protocol allows for the data path to not
have to traverse the AC. In that case, no policy can be applied on a
per user basis centrally.
4. CTP Packets
It is assumed that the AP and AC source and destination information
is available in the transport layer headers. As such, it is not
indicated below.
4.1 CTP Header format
Figure 3 describes the CTP message header format:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Ver |0|0|0|0|E| Type | Policy | Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Session Id. | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Message Payload...
+-+-+-+-+
Figure 3 - CTP Header format
Ver Field
This field identifies the version of the protocol. It is 3 bits of
data. For this specification the version field is 0.
Flags Field
Singh Expires - November 2004 [Page 8]
Internet-Draft CTP May 2004
This field is a bitmask of 5 bits that represents special CTP
processing. Bits 3, 4, 5 and 6 are undefined and MUST be zero (0).
Bit #7 as follows:
Bit E - Data path Encryption
1 indicates that the CTP-Data message type data is encrypted
0 indicates that the CTP-Data message is in the clear
Type Field
This is a 1 byte field that identifies the message type. The message
types are identified in Section 4.2.
Policy Field
This is a 1 byte field that represents policy to be assigned and
enforced. The definition of this policy field is dependent on the
message type. For example, if the message type is CTP-Data (defined
below) the Policy field corresponds to QOS policy for the MU data
above and beyond the QOS TOS markings or DiffServ markings that may
have been applied to the end-to-end user data. If the message type
is not CTP-Data, then this field is not interpreted by either AP or
AC and MUST be set to all zeros.
Reserved
Reserved for future use. MUST be set to zero (0).
Session ID Field
This is a 2 byte field that includes a unique session identifier
provisioned by the AC after successful authentication.
Length Field
This is a 2 byte field that indicates the length of payload (excludes
the header length).
4.2 Messages
The following message types are defined in CTP:
Message Type
-----------------------------
Reserved 0-1
Reg-Req 2
Reg-Rsp 3
Auth-Req 4
Singh Expires - November 2004 [Page 9]
Internet-Draft CTP May 2004
Auth-Rsp 5
SW-Update-Req 6
SW-Update-Rsp 7
Config-Req 8
Config-Rsp 9
Config-Ack 10
Conf-Status-Notify 11
Set-State-Req 12
Set-State-Rsp 13
Stats-Notify 14
CTP-Data 15
Poll-Req 16
Poll-Rsp 17
Stats-Req 18
Stats-Rsp 19
Cap-Req 20
Cap-Rsp 21
Reserved 22-50
MU-Connect-Req 51
MU-Connect-Rsp 52
MU-Disconnect-Req 53
MU-Disconnect-Rsp 54
MU-Authenticate-Req 55
MU-Authenticate-Rsp 56
MU-Disconnect-Nfy 57
Reserved 58-255
4.3 Message Payloads
Each message type defined above may or may not have a corresponding
CTP message payload. The payload contents are exchanged with the AC
through the exchange of relevant Type-Length-Value (TLV) elements.
Each element is encoded as follows:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Value...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
One of the element types as defined below
Length
Total length of the value field
Singh Expires - November 2004 [Page 10]
Internet-Draft CTP May 2004
Value
Value
Several elements may be combined in sequence to provide a full
payload definition.
Note: In order to properly utilize TLVs, the length field of the CTP
header must be properly calculated and includes the sum of the length
fields of all TLVs in the payload.
The following provides a list of TLVs as defined in this version of
the protocol:
Definition Type Length Description
(bytes)
---------------------------------------------------------------------
STATUS 1 1 Explicit indication of the
response to requests messages.
Values for STATUS are the same
across all messages:
0 - Undefined
1 - Success
2 Failure
SWVersion 2 Variable ASCII text representation of
the AP software version
number.
AP SERIAL_NUMBER 3 Variable Unique ASCII representation of
the Serial number of AP. This
serial number of the AP must
be a priori available to the
AC. Method of getting this
serial number to the AC is out
of scope for this document.
AP REG_CHALLENGE 4 16 A 16 byte random challenge
generated by the AC, to be
used by AP upon registration.
AP REG_RESPONSE 5 16 A 16 byte AP calculated
response to AP REG CHALLENGE
AC REG CHALLENGE 6 16 A 16 byte random challenge
generated by the AP, to be
used by AC upon registration
request.
Singh Expires - November 2004 [Page 11]
Internet-Draft CTP May 2004
AC REG_RESPONSE 7 16 A 16 byte AC calculated
response to AC REG CHALLENGE
AC_IPADDR LIST 8 Variable List of AC IP addresses with
which said AP should attempt
to connect
NETWORK ID 9 4 Network ID with which a given
radio in the AP is associated.
This value is unique as it is
calculated by the AC upon the
provisioning phase of the AP
and provided to it in the
Config-Rsp message. In the
case of 802.11 radio
technology, this is the
Extended Service Set (ESS) to
which the AP belongs. This is
a 32 bit integer represent-
ation of the ESS. For other
radio technologies, this is a
unique value representing the
network that the radio is a
member of.
CONFIG 10 variable Value contains a
[SNMP] set OIDs of encoded
configuration elements
AP_STATE 11 1 Value contains indication of
AP state:
0=Standby
1=Active
2=Reset
SESSION_KEY 12 16 Encrypted session encryption
key to secure AP to/from AC
communications.
STATS 13 Variable Value contains a
[SNMP] set of OIDs of encoded
statistics elements
CERTIFICATE 14 Variable Digital certificate
credentials of the AP or AC
RADIO ID 15 1 Index number of the radio as
learnt during the Capabilities
Singh Expires - November 2004 [Page 12]
Internet-Draft CTP May 2004
exchange.
REQ ID 16 1 Message identification to
match request and response
messages.
5. Message descriptions
5.1 Message State Control
Unless otherwise stated, every message that is a "request" type
includes a REQ ID payload inserted by the sender of the message.
This is sent so as to aid in the match of messages that are received
as "responses". After the transmission of each request, the source
will wait up to 2 seconds for the reception of the response. If a
response is not received, the source will retransmit the packet up to
3 times. If after 3 attempts a response is still not received the
source aborts the session and resets its state machine. If the
source is the AP, the AP shall resume registration operations.
Correspondingly the AC will simply delete the AP session from its
database and drop all packets which are from unregistered APs.
5.2 Control and Status messages
5.2.1 CTP Reg-Req
This message is used by the AP to request registration with the AC.
This message is initiated by the AP after successful secure discovery
and following the hardware and software initialization sequence of
the AP. The Session ID of this message is set to 0x0000 because the
AC will subsequently assign a Session ID upon successful
authentication. This message requires a mandatory payload, namely
"AP Serial Number".
HEADER
Type = 2
SessionID = 0x0000
PAYLOAD
REQ ID
AP SERIAL NUMBER
5.2.2 CTP Reg-Rsp
This message is sent by the AC to an AP to indicate that it has
conditionally accepted the AP's registration request based on knowing
Singh Expires - November 2004 [Page 13]
Internet-Draft CTP May 2004
who the AP is and based on the provided serial number. If the STATUS
= Success, then this message will also contain an AP REG CHALLENGE
payload. This is a randomly generated 16 byte challenge to the AP.
HEADER
Type = 3
SessionID = 0x0
PAYLOAD
REQ ID = from the corresponding Reg-Req message
STATUS = Success (1) or Failure (2) based on the known AP database
in the AC
AP REG CHALLENGE
5.2.3 CTP Auth-Req
This message is sent by the AP to begin the authentication phase of
the connection establishment with the AC. It contains the AP serial
number, an AP REG RESPONSE payload, the AP's digital certificate
(which contains the AP's public key) and a 16 byte random challenge
to the AC. Note that the SessionID field in the packet header is
still zero.
HEADER
Type = 4
SessionID = 0x0
PAYLOAD
REQ ID
AP_SERIAL_NUMBER
CERTIFICATE
AP REG RESPONSE = Digital Signature of the concatenation of the AP
SERIAL NUMBER and the AP REG CHALLENGE (from the Reg-Rsp message)
AC_REG_CHALLENGE = 16 byte random number challenge sent to
authenticate the AC.
The response is calculated by the AP and is verified by the AC. For
details on the calculation of challenge and response, see the
APPENDIX...TBW
5.2.4 CTP Auth-Rsp
This message is sent by the AC to the AP as an indication of the
success or failure of the authentication phase. The AP is only
considered to have successfully associated with the AC if both
registration and authentication phases complete successfully.
HEADER
Type = 5
Singh Expires - November 2004 [Page 14]
Internet-Draft CTP May 2004
SessionID = 16 byte unsigned value generated by the AC. This is
set appropriately in this message if the authentication phase was
successful. After this message, the AP should use this Session ID in
all subsequent messages.
PAYLOAD
REQ ID = from the corresponding Auth-Req message
STATUS = Success (1) if the AP's digital certificate was
successfully verified and the AP REG RESPONSE was verified.
CERTIFICATE
AC REG RESPONSE = Digital Signature of the concatenation of the AP
SERIAL NUMBER and the AC REG CHALLENGE (from the Auth-Req message)
SESSION KEY = An encrypted payload of the AC generated CTP session
key. This is encrypted using the public key of the AP as received in
the AP's digital certificate from the Auth-Req message.
The STATUS payload indicates whether authentication and registration
was processed correctly. If so, Session ID for registration is
explicitly provided in the message header.
5.2.5 CTP SW-Update-Req
This message is sent by the AP to ask the AC whether it should
upgrade its own software or not. It simply needs to provide its
current software version to the AC.
This message MAY also be sent by the AC to the AP which is a command
indication for the AP to stop operations and upgrade its software.
HEADER
Type = 6
SessionID = the assigned ID as received in the Auth-Rsp message.
PAYLOAD
REQ ID
AP SERIAL NUMBER
SWVersion = Variable length ASCII text specifying the current
running software on the AP.
5.2.6 CTP SW-Update-Rsp
This message is sent by the AC to signal the AP to upgrade its
software or by the AP to the AC to indicate to confirm that it has
received the upgrade request. When the corresponding request is
issued by the AP, the AC will check the SWVersion payload received in
the Software-Upgrade-Req for the AP and send a response based on a
match. The interpretation of the SWVersion payload is implementation
specific. The response by the AC is either "Yes" or "No" which is
interpreted through the STATUS payload. If the response by the AC
Singh Expires - November 2004 [Page 15]
Internet-Draft CTP May 2004
indicates a failure the AP must abandon the registration stage,
upgrade its software to the version indicated by the AC. The method
by which the software image is exchanged is outside of the scope of
this protocol.
When the corresponding request is issued by the AC, the AP will
simply confirm the reception of the request and abandon it's
connected state in order to perform the upgrade.
HEADER
Type = 7
SessionID = the assigned ID as received in the Auth-Rsp message.
PAYLOAD
REQ ID = from the corresponding SW-Update-Req message
STATUS = [Success/Don't Upgrade (1) | Failure/Upgrade (2)]
SWVersion [On Failure] = Variable length ASCII text specifying the
correct software version the AP should have in order to complete the
session registration with the AC.
5.2.7 CTP Set-State-Req
This message is sent by the AC to modify the operational state of the
AP. For example, at some point during an established connection it
may be necessary to instruct an AP to go to STANDBY state or initiate
a reboot/reset of its state machine. These states are usually
entered upon user request
The following states are defined and apply to the AP:
ACTIVE
Indication to the AP that it should exit standby state and should
resume full active network state including enabling it's RF
interfaces. This is the default state of the AP after successful
configuration phase.
STANDBY
This signifies a state where the AP, although connected to the AC, is
in a state whereby no RF connection is allowed. It may be a sent to
the AP upon user request.
RESET
This is used as a command to the AP to change state to initialization
state. This may be sent to the AP upon user request or upon failure
of any of the phases of the control channel establishment.
Singh Expires - November 2004 [Page 16]
Internet-Draft CTP May 2004
HEADER
Type = 12
SessionID = AP session id from registration
PAYLOAD
REQ ID
AP_STATE = [STANDBY(0) | ACTIVE(1) | RESET(2)]
5.2.8 CTP_Set-State-Rsp
This message is sent by the AP to indicate to the AC that it has
changed its operational state as requested.
HEADER
Type = 13
SessionID = AP session id from registration
PAYLOAD
REQUEST ID = Same ID that was received in the Set-State-Req
message.
STATUS = [Success (1) | Failure (2)]
AP_STATE = [STANDBY(0) | ACTIVE(1) | RESET(2)]
The RESET(2) state assumes that the AP would have reset its
operations after sending out this message.
5.2.9 CTP Poll-Req
This message is the keepalive mechanism for the CTP control channel.
This is sent by the AP to the AC. The default send frequency for
this message is 5 seconds. If no response is received from the AC
after sending this message 6 times in a row, then the AP should tear
down its CTP control channel state and reattempt to connect to the
AC. These values are considered to be defaults. An AP
implementation MAY choose to change these values for suitability to
network deployment conditions.
HEADER
Type = 16
SessionID = AP session id from registration
PAYLOAD
REQ ID = ID representing the Poll-Req. Incremented until a
corresponding Poll-Rsp is received.
5.2.10 CTP Poll-Rsp
Singh Expires - November 2004 [Page 17]
Internet-Draft CTP May 2004
This message is the keepalive mechanism for the CTP control channel.
This is sent by the AC in response to a CTP Poll-Req message received
from the AP. The AC SHOULD detect the loss of connectivity with the
AP based on the receipt of a Poll-Req message.
HEADER
Type = 17
SessionID = AP session id from registration
PAYLOAD
REQ ID = ID corresponding to the Poll-Req received.
5.2.11 CTP MU-Connect-Req
This message is sent by the AP to relay an association request
received from an MU to the AC.
HEADER
Type = 51
SessionID = AP session id from registration
PAYLOAD
REQ ID
MU-MAC-Address = MAC Address corresponding to the associating MU
NETWORK ID = Network identification where association is taking
place
RADIO ID = Radio ID where association is taking place
5.2.12 CTP MU-Connect-Rsp
This message is sent by the AC to authorize the access point to relay
an association response to the MU requesting service. If the
association is successful, then the AC MAY also include optional
payloads such as Policy which can be enforced at the AP.
If the association is rejected by the AC, the AP must disallow
association of the MU.
HEADER
Type = 52
SessionID = AP session id from registration
PAYLOAD
REQ ID = from the corresponding MU-Connect-Req message
MU-MAC-Address = MAC Address corresponding to the associating MU
STATUS = [Success (1) | Failure (2)]
5.2.13 CTP MU-Disconnect-Req
Singh Expires - November 2004 [Page 18]
Internet-Draft CTP May 2004
This message is sent by the AC to request that a specific Mobile Unit
session be removed from the AP list of currently connected devices.
This operation may be the result of Mobile Unit roaming to a
different AP or the result of Mobile Unit session timeout, or user
request.
The MU-MAC-Address identifies the device in question.
HEADER
Type = 53
SessionID = AP session id from registration
PAYLOAD
REQ ID = ID for the request. Must increment after every
retransmission of this message.
MU-MAC-Address = MAC Address corresponding to the MU that is to be
disconnected.
RADIO ID = Radio ID where disconnection is required.
5.2.14 CTP MU-Disconnect-Rsp
This message is sent by the AP to indicate that it has successfully
processed a disconnect request by the AC. At this point the MU should
no longer be associated with the AP.
HEADER
Type = 54
SessionID = AP session id from registration
PAYLOAD
REQ ID = Same ID that was received in the MU-Disconnect-Req
message.
MU-MAC-ADDRESS = MAC Address corresponding to the MU that was
disconnected
STATUS = [Success (1) | Failure (2)]
5.2.15 CTP MU-Disconnect-Nfy
This message is sent by the AP to the AC to indicate that it has
received an explicit disconnection message from the MU. The
transmission of this message from the AP is dependent on the MAC
layer of the radio technology implemented on the AP as well as the
capability of the MU. For example, the radio MAC layer may or may
not support an explicit "disconnect" trigger when an MU goes away.
Rather, the disconnection is based on a timer. In cases where the
disconnection is timer based, the AC may be the appropriate entity to
handle idle timer management. However, in the case where there may
be a disconnect indication, then the AP must send this message to the
AC when and MU disconnects.
Singh Expires - November 2004 [Page 19]
Internet-Draft CTP May 2004
HEADER:
Type = 57
SessionID = AP session ID negotiated at registration
PAYLOAD
MU-MAC-Address = MAC address of Mobile unit that was disconnected
NETWORK ID =
5.2.16 CTP MU-Authenticate-Req
This message is sent by the AP to forward an authentication request
to the AC. In the case of 802.1x/EAP authentication, the payload of
this packet will include information that the AC will forward to a
RADIUS Server
HEADER
Type = 55
SessionID = AP session id from registration
PAYLOAD
REQ ID
The authentication request payload between the AP and the AC
carries the request of the MU for authentication. In typical cases
this will be the EAP packets from an 802.1x supplicant.
5.2.17 CTP MU-Authenticate-Rsp
This message is sent by the AC to forward an authentication response
to the AP. In the case of 802.1x/EAP authentication, the payload of
this packet will include the response from the RADIUS server which
will be forwarded to the AP.
HEADER
Type = 56
SessionID AP session id from registration
PAYLOAD
REQ ID = from the MU-Authenticate-Req message
The Authentication response payload between the AP and the AC
carries the response from the authentication server. In typical
cases this will be the EAP packets from the Authentication server.
STATUS = [Success (1) | Failure (2)] - Note that the authenticator
to authentication server interface resides in the AC so the AC does
know the state of the authentication.
Note: There may be multiple transitions of this message set.
Singh Expires - November 2004 [Page 20]
Internet-Draft CTP May 2004
5.3 Configuration and Statistics messages
These messages correspond to information and command exchanges
between AP and AC only after
5.3.1 CTP Cap-Req
This message is sent by the AP to indicate to the AC the capabilities
of this AP in regards to the number of radios and the types of RF
technologies that it supports. The AP will encode its capabilities
per each RADIO (or interface) that it supports. These are encoded in
a variable length embedded attribute format called "capabilities
control frames". A type-length-value encoding scheme, similar to the
format of payloads of regular control messages, is used to encode the
capabilities attributes (ATTs) in the capability control frames.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Value...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The available capability attributes are defined as follows:
1) ATT-NUM-RADIOS - number of radios that the AP supports.
Type= 1
Length= 1 byte
Value= 1 through 255
2) ATT-RADIO-INFO - the information for each radio that
consists of the RADIO-INDEX, RADIO-TYPE, and NUM-
NETWORKS. There MUST be exactly ATT-NUM-RADIOS number of
unique ATT-RADIO-INFO attributes within the Cap-Req
message.
Type= 2
Length= 3 bytes
Value= radio information type as defined below:
0 1 2
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| RADIO-INDEX | RADIO-TYPE | NUM NETWORKS |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
where
Singh Expires - November 2004 [Page 21]
Internet-Draft CTP May 2004
RADIO-INDEX is a unique index of the enumeration of the
number of radios that the AP supports. The AC will use this
value for subsequent configuration and control.
RADIO-TYPE is defined as
o 802.11a = 1
o 802.11b only = 2
o 802.11g only = 3
o 802.11b and g = 4
o 802.11n = 5
o 802.15 = 6
o 802.16 = 7
o 802.20 = 8
o All = 255 (this value indicates that
all interfaces are configurable
to any radio type)
NUM-NETWORKS is the number of unique networks that each
RADIO supports.
3) ATT-NETWORK-INFO - This attribute consists of the unique
information that identifies each network per RADIO-INDEX
and consists of RADIO-INDEX, NETWORK-INDEX and NETWORK-
ID. Each Cap-Req payload MUST contain exactly NUM-
NETWORKS worth of unique ATT-NETWORK-INFO attributes.
Type= 3
Length= 8 bytes
Value= network information type as defined below:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| RADIO-INDEX | NETWORK-INDEX | NETWORK ID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| NETWORK ID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
where
RADIO-INDEX is a unique index of the enumeration of the
number of radios that the AP supports
NETWORK-INDEX is a unique index of the enumeration of the
networks that each RADIO supports
NETWORD-ID is the unique identifier for the network. This 6
byte value MAY be the MAC address for the given network
Singh Expires - November 2004 [Page 22]
Internet-Draft CTP May 2004
within the radio. In the case of 802.11 radios, this value
SHOULD be the BSS ID.
4) ATT-VENDOR-ID - name of vendor or manufacturer of AP.
Type= 4
Length= 4 bytes
Value = a 32-bit value containing the IANA assigned
"SMI Network Management Private Enterprise Codes" [3].
5) ATT-PRODUCT-ID - name of product.
Type= 5
Length= variable length value of string
Value= ASCII string for the name of the product, non-
Null terminated.
HEADER
Type = 20
SessionID = AP session id from registration
PAYLOAD
REQ ID = increments with each retransmission.
The capabilities attributes encoded as TLVs and as defined above.
5.3.2 CTP Cap-Rsp
This message is sent by the AC to acknowledge the capabilities of the
AP. The AC must ack or nak the capabilities for each RADIO-INFO
element that it received in the Cap-Req message. This is
accomplished by sending back exactly ATT-NUM-RADIOS worth of ATT-
RADIO-INFO-ACK for each RADIO-INFO sub-attribute that this AC
supports.
The ATT-RADIO-INFO-ACK is an attribute that contains the RADIO-INDEX
and CAP-STATUS sub-attribute. For each Radio type that the AC
supports, the CAP-STATUS must be set to 1. For each radio type that
the AC does not support, the CAP-STATUS must be set to 0.
Type= 6
Length= 2 bytes
Value= as defined below.
0 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| RADIO-INDEX | CAP-STATUS |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Singh Expires - November 2004 [Page 23]
Internet-Draft CTP May 2004
HEADER
Type = 21
SessionID = AP session id from registration
PAYLOAD
REQ ID = ID corresponding to the Cap-Req message.
The AC capabilities attribute response encoded as TLVs and as
defined above.
5.3.3 CTP Config-Req
This message is sent by the AP to request configuration from its
master AC. This message must be sent only after a receipt of a
successful Auth-Rsp message from the AC and the verification of the
AC's AC REG RESPONSE payload.
HEADER
Type = 8
SessionID - the assigned ID as received in the Auth-Rsp message.
PAYLOAD
REQ ID
No specific information is required on this message.
5.3.4 CTP Config-Rsp
This message is sent by the AC as a response to a Config-Req message
to provide the configuration parameters for the registered AP.
HEADER
Type = 9
SessionID = AP session id from registration
Sequence Number = Sequence number of current packet.
PAYLOAD
REQ ID = from Config-Req message
STATUS = [Success (1) | Failure (2)]
CONFIG = The type of the configuration payload is defined in
Section 5.3.10.
5.3.5 CTP Config-Ack
This message is sent by the AP to indicate proper reception of an
AP_Config-Rsp message. This message is particularly important in
processing multi-sequenced packets, in particular configuration
updates that require more than one payload for full receipt of
configuration information.
Singh Expires - November 2004 [Page 24]
Internet-Draft CTP May 2004
HEADER
Type = 10
SessionID = AP session id from registration
PAYLOAD
None
5.3.6 CTP Config-Status-Notify
This message is used by the AP to indicate to the AC that it has
successfully completed it's configuration as per parameters indicated
by the AP.
HEADER
Type = 11
SessionID = AP session id from registration
PAYLOAD
STATUS
5.3.7 CTP Stats-Notify
This message is sent by the AP to provide periodic operational
statistics to the AC. This message is also used following a correct
configuration establishment to indicate to the AC that the AP is
functionally ready to enter ACTIVE state.
HEADER
Type = 14
SessionID = AP session id from registration
PAYLOAD
STATS - The type of the statistics payload is defined in Section
5.3.10.
5.3.8 CTP Stats-Req
This message is sent by the AC to request statistics information upon
request. It is intended to be used as an interface by an
administrator or management application to query the AP for
instantaneous statistics information.
HEADER
Type = 18
SessionID = AP session id from registration
PAYLOAD
None
Singh Expires - November 2004 [Page 25]
Internet-Draft CTP May 2004
5.3.9 CTP Stats-Rsp
This message is sent by the AP to provide operational statistics to
the AC as per the Stats-Req message. It is similar in format to the
Stats-Notify message.
HEADER
Type = 19
SessionID = AP session id from registration
PAYLOAD
STATS = The type of the statistics payload is defined in Section
5.3.10
5.3.10 Configuration and Statistics
Two data representations were considered for the CTP configuration
and statistics payload. The first data representation considered was
a TLV representation where all the variables for the statistics and
configuration would be defined as groups of TLVs. Given the nature of
CTP as a radio agnostic protocol and the complexity of the statistics
and configuration of the 802.11 protocols with multiple networks per
radio a TLV representation might be cumbersome and not extensible.
Most of today's network devices in both the enterprise and the
carrier space employ the Simple Network Management Protocol. Thus, it
is natural to assume that most, if not all, APs will contain an
embedded SNMP agent able to decode SMI representations. Using SMI
representations for configuration and statistics variables can speed
up deployment of CTP without incurring additional cost for the APs.
Our recommendation is to reuse the 802.11 MIBs where applicable for
the CTP configuration and statistics message payload. MIB extensions
should be defined where the corresponding IEEE MIBs are not
sufficient. Upon reception of the message the CTP daemon should
forward the configuration and statistics message payload to the SNMP
daemon for further decoding and processing of the SMI O.I.D.s.
5.4 CTP Data Messages
The CTP data messages use the same CTP header as the control and
other messages. If the Type field is 15 (CTP-Data), then the Policy
field of the header is used by the AC to tag the data for special
handling. The interpretation of the Policy field is left up to the
implementation. An example of its use is as follows:
Data packet coming into the AC from the wired network is a voice
packet as indicated by the TOS or DSCP markings in the IP header.
This TOS/DSCP byte will be copied to the outer transport header for
Singh Expires - November 2004 [Page 26]
Internet-Draft CTP May 2004
proper priority handling within the network between the AP and the
AC. However, for appropriate classification at the AP, the AC sets
the Policy field to a value that allows the AP to prioritize this
packet over other data packets that may have a lower priority.
Similarly in the reverse direction, the MU may have set the
appropriate fields in the original IP header, but the AP can
interpret those bits and map them to the Policy field in the CTP-Data
header for special dispensation at the AC.
5.4.1 CTP Data
This message is utilized as the transport of MU layer data. The
contents of the message body are not interpreted by the AP layer
other than sending it to the MAC layer of the AP.
HEADER
Type = 15
SessionID = AP session id from registration
Policy = as set by the implementation
PAYLOAD
802.3 frame
Singh Expires - November 2004 [Page 27]
Internet-Draft CTP May 2004
6. State Machines
This state machine in Figure 4 indicates the logical state
transitions of the CTP session establishment.
user-request/reset
+----------------------------------------------+
| |
| |
| |
| |
| |
V +-----------+ |
+------+ Success | Control | Success +----------+
| Init |------------->| Session |--------->| Active |
+------+ | Establish | +----------+
^ +-----------+ ^ |
| | | |
| | | |
| | user-req | |user-req
| | | |
| | | |
| Failure | | V
+--------------------------+ +----------+
| Standby |
+----------+
Figure 4 - Simple CTP state machine
6.1 Init
This state represents the boot state, and initialization of the
hardware. Entry into this state is either Failure of the Control
Session Establishment or user-request or reset signal from the Active
state
6.2 Control Channel Establishment
Once Initialization completes the AP initiates the control channel
establishment phase of the connection. Any phase within this state
that fails because of a STATUS=FAILURE or no response from either
device will result in a failure of the whole phase and go back to
initialization. A successful completion of the control session
establishment process will include
Registration
Authentication
Singh Expires - November 2004 [Page 28]
Internet-Draft CTP May 2004
Software Upgrade Notification
Capability negotiation
Configuration Request
Configuration Response
Configuration Ack.
Upon receipt of a successful Config-Ack from the AP, the AP and AC
session for the AP are put into ACTIVE state.
6.3 Active State
Once confirmation of successful registration is received the device
now has a properly established communications/tunneling session with
the AC. The Authentication response MUST have indicated a valid CTP
session ID by which this tunnel is registered on the AC. So in this
state, the SessionId MUST be non-zero.
This state persists until device terminates or communications with
the AC are interrupted. To assist in the detection of connection
termination, the device MUST implement the CTP Poll-Req and Poll-Rsp
messages as described previously. Another method of exiting this
state is with an explicit Set-State message that may be only be
initiated by the AC to the AP.
6.4 Standby State
At some time during the operation, it may be necessary to instruct an
AP to halt its current operation, ie. to switch off the RF
interface(s) on the AP . This is done by the Set-State message. The
device will remain in this state, until explicitly told by the AC to
resume operation also using the Set-State message.
7. Security Considerations
Since the AP and AC can be separated over any arbitrary L3 cloud,
first and foremost there is a need for a secure binding between the
AC and AP. A control channel security association is required
between the AC and AP. The AC and AP must go through a mutual
authentication phase during a registration and authentication process
and form a security association. A couple of assumptions are made to
ensure this security association is created. First, there must be a
secure mechanism to get the digital certificates onto the APs and ACs
and that process must be run either at the factory or prior to device
deployment. Secondly, the placement of the AP ID (in most cases the
AP serial number) in a data store on the AC assumes a secure
insertion mechanism. This may be a manual process or other secure ID
provisioning methods may be employed. Once the registration and
authentication process has successfully completed then the control
Singh Expires - November 2004 [Page 29]
Internet-Draft CTP May 2004
traffic is encrypted. The traffic is confined to control,
configuration and management traffic between the AC and AP.
There is an optional data path security association that can also be
created. It is believed that for security sensitive applications and
deployments there will always be an end to end encrypted tunnel of MU
data traffic. Therefore, a data path encryption mechanism is
considered optional and configurable based on security policy.
STA authentication and security policy enforcement is done centrally
in the AC but the mechanisms are out of scope for this protocol.
8. References
[1] Bradner, S., "Key words for use in RFCs to Indicate Requirement
Levels", BCP 14, RFC 2119, March 1997
[2] Yang, L., et. al., "CAPWAP Problem Statement", February 2004,
<http://www.ietf.org/internet-drafts/draft-ietf-capwap-problem-
statement-00.txt>.
[3] "Assigned Numbers: RFC 1700 is Replaced by an On-line Database",
January 2002, <ftp://ftp.isi.edu/in-notes/rfc3232>.
[4] Eastlake, D., et. al., "Randomness Recommendations for
Security", December 1994, RFC 1750.
[5] Whiting, et al., "Counter with CBC-MAC (CCM)", September 2003,
RFC 3610.
9. Author's Addresses
Paulo Francisco
Chantry Networks
1900 Minnesota Court
Mississauga, ON M8V 1E5
Canada
Phone: +1 905-567-6900
Email: paulo@chantrynetworks.com
Inderpreet Singh
Chantry Networks
1900 Minnesota Court
Mississauga, ON M8V 1E5
Singh Expires - November 2004 [Page 30]
Internet-Draft CTP May 2004
Canada
Phone: +1 905-567-6900
Email: isingh@chantrynetworks.com
Floyd Backes
Propagate Networks
125 Nagog Park
Acton, MA 01720
USA
Phone: +1 978-264-4884
Email: fbackes@propagatenet.com
10. Appendix I - Registration and Authentication
The registration and authentication phase of CTP is detailed below.
+----+ +----+
| AP | | AC |
+----+ +----+
Reg-Req(AP-ID)
---------------------------------------------->
Reg-Rsp(Status,AP-challenge)
<----------------------------------------------
Auth-Req(AP-ID,AP-cert,AP-resp,AC-challenge)
----------------------------------------------->
Auth-Rsp(Status,AC-cert,AC-rsp,Session-Key)
<-----------------------------------------------
AP-ID - AP SERIAL NUMBER attribute. This attribute is assumed to be
available in a data store in the AC as well as being factory burnt-in
in the AP device. The AC will respond with a STATUS=Success in the
Reg-Rsp message if there is a match in its data store for the given
AP-ID
AP-challenge - is a 16 byte random number generated using [4] as
guidelines for the randomness of the challenge.
AP-cert - Is a digital certificate assumed to be available on the AP
prior to its Registration request. The mechanism to get the
certificate onto the AP is out of scope for this document.
AP-resp - Is a digital signature over the MD5 hash of the AP-
challenge concatenated with the AP-ID.
Singh Expires - November 2004 [Page 31]
Internet-Draft CTP May 2004
S-ap(H-md5(AP-challenge|AP-ID))
AP-challenge - is a 16 byte random number generated for subsequent
authentication of the AC.
AC-cert - Is a digital certificate of the AC that is assumed to be
available on the AC prior to sending the Reg-Rsp message. The
mechanism to get the certificate onto the AC is out of scope for this
document.
AC-resp - is a digital signature over the MD5 hash of the AC-
challenge concatenated with the encrypted session key.
S-ac(H-md5(AC-challenge|Enc-ac-p(SessionKey)))
Session Key - is actually the encrypted randomly generated session
encryption keying material. The AC uses the public key of the AP to
encrypted the session encryption key.[Key generation algorithm is
TBD]
1. The AP sends a Reg-Req message with its AP SERIAL NUMBER. If
it does not receive a Reg-Req within 3 seconds, it must resend
the Reg-Req message.
2. Upon receipt of the Reg-Req message, the AC checks its data
store for the AP SERIAL NUMBER. If it exists then the AC
sends back a Reg-Rsp message with STATUS payload with Success
(1) attribute and an AP CHALLENGE payload. If the AP SERIAL
NUMBER does not exist, then a Reg-Rsp message with a STATUS
payload of Failure (2) is sent back.
3. The AP will take the AP CHALLENGE payload, concatenate it with
the AP SERIAL NUMBER and calculate an AP RESPONSE as shown
above and send it back to the AC along with an AC CHALLENGE
payload and its own digital CERTIFICATE payload in an Auth-Req
message.
4. Upon receipt of the Auth-Req message the AC will
a. Verify the AP's digital certificate
b. Verify the AP RESPONSE, which was the digital signature of
the AP over the hash of the AP CHALLENGE and the AP SERIAL
NUMBER. This is done with the public key of the AP.
c. If both a) and b) are verified correctly, then the STATUS
payload will contain Success (1). Otherwise it will
contain Failure (2).
d. If Success, then the AC will add its own CERTIFICATE to
the Auth-Rsp message
e. Encrypt the session encryption keys with the public key of
the AP.
f. Generate a unique SessionID to be used in subsequent CTP
messages.
Singh Expires - November 2004 [Page 32]
Internet-Draft CTP May 2004
g. Send back an Auth-Rsp message with STATUS, CERTIFICATE, AC
RESPONSE and SESSION KEY payloads with the SessionID in
the CTP header.
5. Upon receipt of the Auth-Rsp message, the AP will
a. Verify the AC's digital certificate
b. Verify the AC RESPONSE which was the digital signature of
the AC over the hash of the AC CHALLENGE and the encrypted
session encryption key.
c. Decrypt the encrypted session encryption key with its own
private key
d. Store the SessionID which will be used in each subsequent
CTP message.
6. All CTP control messages after the Auth-Rsp will be sent with
TBD encryption and per packet authentication mechanism.
(Current recommended scheme is AES-CCM as per [5].)
TBW - Rekeying mechanism
Intellectual Property Statement
The IETF takes no position regarding the validity or scope of any
intellectual property or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; neither does it represent that it
has made any effort to identify any such rights. Information on the
IETF's procedures with respect to rights in standards-track and
standards-related documentation can be found in BCP-11. Copies of
claims of rights made available for publication and any assurances of
licenses to be made available, or the result of an attempt made to
obtain a general license or permission for the use of such
proprietary rights by implementors or users of this specification can
be obtained from the IETF Secretariat.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights which may cover technology that may be required to practice
this standard. Please address the information to the IETF Executive
Director.
Full Copyright Statement
Copyright (C) The Internet Society (2004). All Rights Reserved.
This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it
or assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph are
Singh Expires - November 2004 [Page 33]
Internet-Draft CTP May 2004
included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing
the copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of
developing Internet standards in which case the procedures for
copyrights defined in the Internet Standards process must be
followed, or as required to translate it into languages other than
English.
The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assignees.
This document and the information contained herein is provided on an
AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Acknowledgment
Funding for the RFC Editor function is currently provided by the
Internet Society.
Singh Expires - November 2004 [Page 34]