Handover Keying (HOKEY) Architecture Design
RFC 6697

• Status
• IESG evaluation record
• IESG writeups
• Email expansions
• History

• Versions
• 11

Document	Type		RFC - Informational (July 2012; No errata) Was draft-ietf-hokey-arch-design (hokey WG)
	Last updated		2015-10-14
	Replaces		draft-hoeper-hokey-arch-design
	Stream		IETF
	Formats		plain text pdf html bibtex
	Reviews		SECDIR Last Call Review
Stream	WG state		WG Document
	Document shepherd		No shepherd assigned
IESG	IESG state		RFC 6697 (Informational)
	Consensus Boilerplate		Unknown
	Telechat date
	Responsible AD		Stephen Farrell
	IESG note		Tiny Tsou is the draft shepherd
	Send notices to		Tina.Tsou.Zouting@huawei.com

Internet Engineering Task Force (IETF)                      G. Zorn, Ed.
Request for Comments: 6697                                   Network Zen
Category: Informational                                            Q. Wu
ISSN: 2070-1721                                                T. Taylor
                                                                  Huawei
                                                                  Y. Nir
                                                             Check Point
                                                               K. Hoeper
                                                Motorola Solutions, Inc.
                                                              S. Decugis
                                                           INSIDE Secure
                                                               July 2012

              Handover Keying (HOKEY) Architecture Design

Abstract

   The Handover Keying (HOKEY) Working Group seeks to minimize handover
   delay due to authentication when a peer moves from one point of
   attachment to another.  Work has progressed on two different
   approaches to reduce handover delay: early authentication (so that
   authentication does not need to be performed during handover), and
   reuse of cryptographic material generated during an initial
   authentication to save time during re-authentication.  A basic
   assumption is that the mobile host or "peer" is initially
   authenticated using the Extensible Authentication Protocol (EAP),
   executed between the peer and an EAP server as defined in RFC 3748.

   This document defines the HOKEY architecture.  Specifically, it
   describes design objectives, the functional environment within which
   handover keying operates, the functions to be performed by the HOKEY
   architecture itself, and the assignment of those functions to
   architectural components.  It goes on to illustrate the operation of
   the architecture within various deployment scenarios that are
   described more fully in other documents produced by the HOKEY Working
   Group.

Zorn, et al.                  Informational                     [Page 1]
RFC 6697                HOKEY Architecture Design              July 2012

Status of This Memo

   This document is not an Internet Standards Track specification; it is
   published for informational purposes.

   This document is a product of the Internet Engineering Task Force
   (IETF).  It represents the consensus of the IETF community.  It has
   received public review and has been approved for publication by the
   Internet Engineering Steering Group (IESG).  Not all documents
   approved by the IESG are a candidate for any level of Internet
   Standard; see Section 2 of RFC 5741.

   Information about the current status of this document, any errata,
   and how to provide feedback on it may be obtained at
   http://www.rfc-editor.org/info/rfc6697.

Copyright Notice

   Copyright (c) 2012 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Zorn, et al.                  Informational                     [Page 2]
RFC 6697                HOKEY Architecture Design              July 2012

Table of Contents

   1. Introduction ....................................................3
   2. Terminology .....................................................6
   3. Design Goals ....................................................6
      3.1. Reducing Signaling Overhead ................................7
           3.1.1. Minimized Communications with Home Servers ..........7
           3.1.2. Minimized User Interaction for Authentication .......7
      3.2. Integrated Local Domain Name (LDN) Discovery ...............7
      3.3. Fault-Tolerant Re-Authentication ...........................8
      3.4. Improved Deployment Scalability ............................8
   4. Required Functionality ..........................................8
      4.1. Authentication Subsystem Functional Overview ...............8
      4.2. Pre-Authentication Function (Direct or Indirect) ...........9
      4.3. EAP Re-Authentication Function .............................9
      4.4. EAP Authentication Function ...............................10

Show full document text