IKEv2-Derived Shared Secret Key for the One-Way Active Measurement Protocol (OWAMP) and Two-Way Active Measurement Protocol (TWAMP)
Draft of message to be sent after approval:
From: The IESG <firstname.lastname@example.org> To: IETF-Announce <email@example.com> Cc: RFC Editor <firstname.lastname@example.org>, ippm mailing list <email@example.com>, ippm chair <firstname.lastname@example.org> Subject: Protocol Action: 'IKEv2-derived Shared Secret Key for O/TWAMP' to Proposed Standard (draft-ietf-ippm-ipsec-11.txt) The IESG has approved the following document: - 'IKEv2-derived Shared Secret Key for O/TWAMP' (draft-ietf-ippm-ipsec-11.txt) as Proposed Standard This document is the product of the IP Performance Metrics Working Group. The IESG contact persons are Spencer Dawkins and Martin Stiemerling. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-ippm-ipsec/
Technical Summary The One-way Active Measurement Protocol (OWAMP) and Two-Way Active Measurement Protocol (TWAMP) security mechanism require that both the client and server endpoints possess a shared secret. Since the currently-standardized O/TWAMP security mechanism only supports a pre-shared key mode, large scale deployment of O/TWAMP is hindered significantly. At the same time, recent trends point to wider Internet Key Exchange Protocol Version 2 (IKEv2) deployment which, in turn, calls for mechanisms and methods that enable tunnel end-users, as well as operators, to measure one-way and two- way network performance in a standardized manner. This document describes the use of keys derived from an IKEv2 security association (SA) as the shared key in O/TWAMP. If the shared key can be derived from the IKEv2 SA, O/TWAMP can support certificate-based key exchange, which would allow for more operational flexibility and efficiency. The key derivation presented in this document can also facilitate automatic key management. Working Group Summary The document was discussed extensively within the IPPM WG, and has gone through two WGLCs. There was no significant controversy during the discussion of the document -- the main points of discussion had to do with the details of how to implement the binding between O/TWAMP and IPsec and whether the packet format used needed to be backward-compatible with non-IPsec O/TWAMP. The document has consensus to go forward. Document Quality As the document "glues" O/TWAMP to IPsec, it required review from both communities The document has had less comment from the IPsec WG than from the IPPM WG, but comments from IPsec were addressed. Personnel Brian Trammell is the document shepherd. Spencer Dawkins is the responsible AD.