📄 rfc2522.txt
字号:
Network Working Group P. Karn
Request for Comments: 2522 Qualcomm
Category: Experimental W. Simpson
DayDreamer
March 1999
Photuris: Session-Key Management Protocol
Status of this Memo
This document defines an Experimental Protocol for the Internet
community. It does not specify an Internet standard of any kind.
Discussion and suggestions for improvement are requested.
Distribution of this memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (1999). Copyright (C) Philip Karn
and William Allen Simpson (1994-1999). All Rights Reserved.
Abstract
Photuris is a session-key management protocol intended for use with
the IP Security Protocols (AH and ESP). This document defines the
basic protocol mechanisms.
Karn & Simpson Experimental [Page i]
RFC 2522 Photuris Protocol March 1999
Table of Contents
1. Introduction .......................................... 1
1.1 Terminology ..................................... 1
1.2 Protocol Overview ............................... 3
1.3 Security Parameters ............................. 5
1.4 LifeTimes ....................................... 6
1.4.1 Exchange LifeTimes .............................. 6
1.4.2 SPI LifeTimes ................................... 7
1.5 Random Number Generation ........................ 8
2. Protocol Details ...................................... 9
2.1 UDP ............................................. 9
2.2 Header Format ................................... 10
2.3 Variable Precision Integers ..................... 11
2.4 Exchange-Schemes ................................ 13
2.5 Attributes ...................................... 13
3. Cookie Exchange ....................................... 14
3.0.1 Send Cookie_Request ............................. 14
3.0.2 Receive Cookie_Request .......................... 15
3.0.3 Send Cookie_Response ............................ 15
3.0.4 Receive Cookie_Response ......................... 16
3.1 Cookie_Request .................................. 17
3.2 Cookie_Response ................................. 18
3.3 Cookie Generation ............................... 19
3.3.1 Initiator Cookie ................................ 19
3.3.2 Responder Cookie ................................ 20
4. Value Exchange ........................................ 21
4.0.1 Send Value_Request .............................. 21
4.0.2 Receive Value_Request ........................... 22
4.0.3 Send Value_Response ............................. 22
4.0.4 Receive Value_Response .......................... 23
4.1 Value_Request ................................... 24
4.2 Value_Response .................................. 25
4.3 Offered Attribute List .......................... 26
5. Identification Exchange ............................... 28
5.0.1 Send Identity_Request ........................... 29
5.0.2 Receive Identity_Request ........................ 29
5.0.3 Send Identity_Response .......................... 30
5.0.4 Receive Identity_Response ....................... 30
5.1 Identity_Messages ............................... 31
5.2 Attribute Choices List .......................... 33
5.3 Shared-Secret ................................... 34
5.4 Identity Verification ........................... 34
Karn & Simpson Experimental [Page ii]
RFC 2522 Photuris Protocol March 1999
5.5 Privacy-Key Computation ......................... 36
5.6 Session-Key Computation ......................... 37
6. SPI Messages .......................................... 38
6.0.1 Send SPI_Needed ................................. 38
6.0.2 Receive SPI_Needed .............................. 39
6.0.3 Send SPI_Update ................................. 39
6.0.4 Receive SPI_Update .............................. 39
6.0.5 Automated SPI_Updates ........................... 40
6.1 SPI_Needed ...................................... 41
6.2 SPI_Update ...................................... 43
6.2.1 Creation ........................................ 44
6.2.2 Deletion ........................................ 45
6.2.3 Modification .................................... 45
6.3 Validity Verification ........................... 45
7. Error Messages ........................................ 46
7.1 Bad_Cookie ...................................... 47
7.2 Resource_Limit .................................. 47
7.3 Verification_Failure ............................ 48
7.4 Message_Reject .................................. 49
8. Public Value Exchanges ................................ 50
8.1 Modular Exponentiation Groups ................... 50
8.2 Moduli Selection ................................ 50
8.2.1 Bootstrap Moduli ................................ 51
8.2.2 Learning Moduli ................................. 51
8.3 Generator Selection ............................. 51
8.4 Exponent Selection .............................. 52
8.5 Defective Exchange Values ....................... 53
9. Basic Exchange-Schemes ................................ 54
10. Basic Key-Generation-Function ......................... 55
10.1 MD5 Hash ........................................ 55
11. Basic Privacy-Method .................................. 55
11.1 Simple Masking .................................. 55
12. Basic Validity-Method ................................. 55
12.1 MD5-IPMAC Check ................................. 55
13. Basic Attributes ...................................... 56
13.1 Padding ......................................... 56
13.2 AH-Attributes ................................... 57
13.3 ESP-Attributes .................................. 57
13.4 MD5-IPMAC ....................................... 58
13.4.1 Symmetric Identification ........................ 58
Karn & Simpson Experimental [Page iii]
RFC 2522 Photuris Protocol March 1999
13.4.2 Authentication .................................. 59
13.5 Organizational .................................. 60
APPENDICES ................................................... 61
A. Automaton ............................................. 61
A.1 State Transition Table .......................... 62
A.2 States .......................................... 65
A.2.1 Initial ......................................... 65
A.2.2 Cookie .......................................... 66
A.2.3 Value ........................................... 66
A.2.4 Identity ........................................ 66
A.2.5 Ready ........................................... 66
A.2.6 Update .......................................... 66
B. Use of Identification and Secrets ..................... 67
B.1 Identification .................................. 67
B.2 Group Identity With Group Secret ................ 67
B.3 Multiple Identities With Group Secrets .......... 68
B.4 Multiple Identities With Multiple Secrets ....... 69
OPERATIONAL CONSIDERATIONS ................................... 70
SECURITY CONSIDERATIONS ...................................... 70
HISTORY ...................................................... 71
ACKNOWLEDGEMENTS ............................................. 72
REFERENCES ................................................... 73
CONTACTS ..................................................... 75
COPYRIGHT .................................................... 76
Karn & Simpson Experimental [Page iv]
RFC 2522 Photuris Protocol March 1999
1. Introduction
Photuris [Firefly] establishes short-lived session-keys between two
parties, without passing the session-keys across the Internet. These
session-keys directly replace the long-lived secret-keys (such as
passwords and passphrases) that have been historically configured for
security purposes.
The basic Photuris protocol utilizes these existing previously
configured secret-keys for identification of the parties. This is
intended to speed deployment and reduce administrative configuration
changes.
This document is primarily intended for implementing the Photuris
protocol. It does not detail service and application interface
definitions, although it does mention some basic policy areas
required for the proper implementation and operation of the protocol
mechanisms.
Since the basic Photuris protocol is extensible, new data types and
protocol behaviour should be expected. The implementor is especially
cautioned not to depend on values that appear in examples to be
current or complete, since their purpose is primarily pedagogical.
1.1. Terminology
In this document, the key words "MAY", "MUST, "MUST NOT", "optional",
"recommended", "SHOULD", and "SHOULD NOT", are to be interpreted as
described in [RFC-2119].
byte An 8-bit quantity; also known as "octet" in
standardese.
exchange-value The publically distributable value used to calculate
a shared-secret. As used in this document, refers
to a Diffie-Hellman exchange, not the public part of
a public/private key-pair.
private-key A value that is kept secret, and is part of an
asymmetric public/private key-pair.
public-key A publically distributable value that is part of an
asymmetric public/private key-pair.
secret-key A symmetric key that is not publically
distributable. As used in this document, this is
distinguished from an asymmetric public/private
Karn & Simpson Experimental [Page 1]
RFC 2522 Photuris Protocol March 1999
key-pair. An example is a user password.
Security Association (SA)
A collection of parameters describing the security
relationship between two nodes. These parameters
include the identities of the parties, the transform
(including algorithm and algorithm mode), the key(s)
(such as a session-key, secret-key, or appropriate
public/private key-pair), and possibly other
information such as sensitivity labelling.
Security Parameters Index (SPI)
A number that indicates a particular set of uni-
directional attributes used under a Security
Association, such as transform(s) and session-
key(s). The number is relative to the IP
Destination, which is the SPI Owner, and is unique
per IP (Next Header) Protocol. That is, the same
value MAY be used by multiple protocols to
concurrently indicate different Security Association
parameters.
session-key A key that is independently derived from a shared-
secret by the parties, and used for keying one
direction of traffic. This key is changed
frequently.
shared-secret As used in this document, the calculated result of
the Photuris exchange.
SPI Owner The party that corresponds to the IP Destination;
the intended recipient of a protected datagram.
SPI User The party that corresponds to the IP Source; the
sender of a protected datagram.
transform A cryptographic manipulation of a particular set of
data. As used in this document, refers to certain
well-specified methods (defined elsewhere). For
example, AH-MD5 [RFC-1828] transforms an IP datagram
into a cryptographic hash, and ESP-DES-CBC [RFC-
1829] transforms plaintext to ciphertext and back
again.
Karn & Simpson Experimental [Page 2]
RFC 2522 Photuris Protocol March 1999
Many of these terms are hierarchically related:
Security Association (bi-directional)
- one or more lists of Security Parameters (uni-directional)
-- one or more Attributes
--- may have a key
--- may indicate a transform
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -