INTERNET DRAFT Yoav Nir draft-nir-ikev2-auth-lt-01.txt Check Point Expires: May 2005 Intended status: Informational November 12, 2004 Repeated Authentication in IKEv2 Status of this Memo By submitting this Internet-Draft, I certify that any applicable patent or other IPR claims of which I am aware have been disclosed, or will be disclosed, and any of which I become aware will be disclosed, in accordance with RFC 3668. This document may not be modified, and derivative works of it may not be created, except to publish it as an RFC and to translate it into languages other than English. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/1id-abstracts.html The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html Abstract With some IPsec peers, particularly in the remote access scenario, it is desirable to repeat the mutual authentication periodically. The purpose of this is to limit the time that SAs can be used by a third party who has gained control of the IPsec peer. This is not the same as IKE SA rekeying, and need not be tied to it. Repeated authentication can be achieved by simply repeating the Initial exchange by whichever side has a stricter policy. However, in the remote access scenario it is usually up to a human user to supply the authentication credentials, and often EAP is used for authentication, which makes it unreasonable or impossible for the remote access gateway to initiate the exchange. This document describes how the original Responder can send a notification to the Initiator with the number of seconds before the authentication needs to be repeated. The Initiator will repeat the Initial exchange before that time is expired. If the Initiator fails to do so, the Responder may close all tunnels. Nir [Page 1] INTERNET-DRAFT Repeated Authentication in IKEv2 November 2004 1. Introduction This document extends the IKEv2 document [IKEv2]. It describes the authentication lifetime notification and its processing. The key words "MUST", "MUST NOT", "SHOULD", "SHOULD NOT", and "MAY" in this document are to be interpreted as described in [RFC2119]. 2. Authentication Lifetime The Responder in an IKEv2 negotiation MAY be configured to limit the time that an IKE SA and the associated IPsec SAs may be used before the peer is required to repeat the authentication, through a new Initial Exchange. The Responder MUST send this information to the Initiator in an AUTH_LIFETIME notification either in the last message of an IKE_AUTH exchange, or in a separate Informational exchange, which can be sent at any time. The Initial exchange follows the IKE_AUTH exchange, and is formed as follows: Initiator Responder ------------------------------- ----------------------------- HDR, SAi1, KEi, Ni --> <-- HDR, SAr1, KEr, Nr, [CERTREQ] HDR, SK {IDi, [CERT,] [CERTREQ,] [IDr,] AUTH, SAi2, TSi, TSr} --> <-- HDR, SK {IDr, [CERT,] AUTH, SAr2, TSi, TSr, N(AUTH_LIFETIME)} The separate Informational exchange is formed as follows: <-- HDR, SK {N(AUTH_LIFETIME)} HDR --> The AUTH_LIFETIME notification is described in section 3. The original Responder that sends the AUTH_LIFETIME notification SHOULD send a DELETE notification when the end of the lifetime period. An Initiator that received an AUTH_LIFETIME notification SHOULD repeat the Initial exchange within the time indicated in the notification. The AUTH_LIFETIME notification MUST be protected and MAY be sent by the original Responder at any time. If the policy changes, the original Responder MAY send it again in a new Informational. The new Initial exchange is not altered. 3. AUTH_LIFETIME Notification The AUTH_LIFETIME message is a notification payload formatted as follows: Nir [Page 2] INTERNET-DRAFT Repeated Authentication in IKEv2 November 2004 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ! Next Payload !C! RESERVED ! Payload Length ! +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ! Protocol ID ! SPI Size ! Notify Message Type ! +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ! Lifetime ! +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ o Payload Length is 12. o Protocol ID (1 octet) MUST be 1 (IKE_SA). o SPI size is 0 (SPI is in message header). o Notify Message type is TBA by IANA o Lifetime is the amount of time in seconds left before the peer should repeat the Initial exchange. 4. Interoperability with non-compliant IKEv2 implementations IKEv2 implementations that do not support the AUTH_LIFETIME notification will ignore it and will not repeat the authentication. In that case the original Responder will send a Delete notification for the IKE SA in an Informational exchange. Such implementations may be configured manually to repeat the authentication periodically. Non-compliant Responders are not a problem, because they will simply not send these notifications. In that case, there is no requirement that the original Initiator re-authenticate. 5. Security Considerations The AUTH_LIFETIME notification sent by the Responder does not override any security policy on the Initiator. In particular, the Initiator may have a different policy regarding re-authentication, requiring more frequent re-authentication. Such an Initiator can repeat the authentication earlier then is required by the notification. An Initiator MAY set reasonable limits on the amount of time in the AUTH_LIFETIME notification. For example, in the remote-access scenario, it may be unreasonable for the lifetime to be lower than 300 seconds. 6. References [IKEv2] "Internet Key Exchange (IKEv2) Protocol", draft-ietf-ipsec-ikev2, work in progress. [RFC2119] S. Bradner, "RFC2119 Key words for use in RFCs to Indicate Requirement Levels.", RFC2119, 1997 7. IANA Considerations IANA is asked to assign a notification payload type for the AUTH_LIFETIME notifications from the IKEv2 Notification Payload Types registry. Nir [Page 3] INTERNET-DRAFT Repeated Authentication in IKEv2 November 2004 8. Author's address Yoav Nir Check Point Software Technologies ynir@checkpoint.com Copyright (C) The Internet Society (2004). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Nir [Page 4]