IKEv2 support for specifying a Delete notify reason

The IKEv2 protocol supports sending a Delete Notify message, but this message cannot convey the reason why a particular Child SA or IKE SA is being deleted. It can be useful to know why a certain IPsec IKE SA or Child SA was deleted by the peer. Sometimes, when the peer's operator notices a specific SA is down, they have no idea whether this is permanent or temporary problem, and have no idea how long an outage might last. The DELETE_REASON Notify message can be added to any exchange that contains a Delete (42) payload specifying an estimated duration and reason. Example reasons are specified in .

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here.

All multi-octet fields representing integers are laid out in big endian order (also known as "most significant byte first", or "network byte order").

Protocol ID (1 octet) - MUST be 0. MUST be ignored if not 0. SPI Size (1 octet) - MUST be 0. MUST be ignored if not 0. Notify Status Message Type (2 octets) - set to [TBD1] Downtime. A value in seconds for the expected downtime. 0 means unspecified. Reason Message. May be empty. Otherwise a non-NULL terminated UTF-8 or ASCII text.

A DELETE_REASON payload MUST be ignored if the exchange does not contain a Delete payload. If multiple Delete payloads are present, the DELETE_REASON message applies to all of these. If separate different reasons should be conveyed for different Child SAs or IKE SA, those Delete messages and their accompanied DELETE_REASON messages should be sent in separate Informational Exchange messages.

Any timing information and reason should be treated as an informational "best effort" message from the peer's operator. A DELETE_REASON message SHOULD NOT change the behaviour of the IKE implementation other than logging the message or triggering an informational or alert message. As with all received free-form text data, the receiver MUST treat the DELETE_REASON notify data as untrusted. It SHOULD strip or replace any characters not deemd regular text, for example the dollar sign ($), braces, backticks and backslashes. The Reason Message MUST NOT be assumed to be safe to display. It MUST NOT be assumed to be NULL terminated, which means common string operations such as strlen() MUST NOT be used without precautions. After the data has been processed and confirmed safe, it can be used for logging or as messages in notification systems.

This section specifies short example messages that could be used to convey common reasons that implementations might have for deleting SAs. Meaning of the Reason Message The IKE service is being shut down The IKE service is being restarted The host running the IKE service is being shut down The host running the IKE service is being restarted The Child SA was removed from the peer's configuration The IKE SA was removed from the peer's configuration The SA was brought down by the operator The SA was inactive and brought down automatically by the system

[Note to RFC Editor: Please remove this section and the reference to before publication.] This section records the status of known implementations of the protocol defined by this specification at the time of posting of this Internet-Draft, and is based on a proposal described in . The description of implementations in this section is intended to assist the IETF in its decision processes in progressing drafts to RFCs. Please note that the listing of any individual implementation here does not imply endorsement by the IETF. Furthermore, no effort has been spent to verify the information presented here that was supplied by IETF contributors. This is not intended as, and must not be construed to be, a catalog of available implementations or their features. Readers are advised to note that other implementations may exist. According to , "this will allow reviewers and working groups to assign due consideration to documents that have the benefit of running code, which may serve as evidence of valuable experimentation and feedback that have made the implemented protocols more mature. It is up to the individual working groups to use this information as they see fit". Authors are requested to add a note to the RFC Editor at the top of this section, advising the Editor to remove the entire section before publication, as well as the reference to .

The Libreswan Project https://libreswan.org/ An initial IKE implementation using the Private Use value 40960 for the Notify payload Beta Implements the draft's example reasons GPLv2 TBD Libreswan Development: swan-dev@libreswan.org

This document defines one new IKEv2 Notify Message Type payload for the IANA "IKEv2 Notify Message Types - Status Types" registry.