I was reading the draft-ietf-ipsecme-ikev2-intermediate through and I
think it might be good thing to add a note at the end of section 3.3.1
Protection of the IKE_INTERMEDIATE messages to clarify which SK_e[i/r]
and SK_a[i/r] are to be used for the IKE_AUTH after all
IKE_INTERMEDIATE exchanges (I assume it is the latest one).
Also perhaps we should have appendix showing the full protocol
exchange example. I.e. something like this:
----------------------------------------------------------------------
Appendix A. Example of IKE_INTERMEDIATE exchange.
This appendix contains a short example of the messages using
IKE_INTERMEDIATE. This appendix is purely informative; if it
disagrees with the body of this document, the other text is
considered correct.
In this example there is one IKE_SA_INIT exchange, two
IKE_INTERMEDIATE key exchanges followed by the IKE_AUTH exchange to
authenticate the exchange. The xxx in the HDR(xxx,MID=yyy)
indicates the exchange type, and yyy tells the message id used for
that exchange. The keys used for each SK {} payload is indicated in
the parenthesis after the SK. Otherwise payload notation is same as
is used in the RFC7296.
Initiator Responder
-------------------------------------------------------------------
HDR(IKE_SA_INIT,MID=0),
SAi1, KEi, Ni,
N(INTERMEDIATE_EXCHANGE_SUPPORTED) -->
<-- HDR(IKE_SA_INIT,MID=0),
SAr1, KEr, Nr, [CERTREQ],
N(INTERMEDIATE_EXCHANGE_SUPPORTED)
<Generate SK_[aip][ir] and store them as SK_[aip][ir]_1, start
using them for SK {} payloads>
HDR(IKE_INTERMEDIATE,MID=1),
SK(SK_ei_1,SK_ai_1) { ... } -->
<Calculate IntAuth_1_I = prf(SK_pi_1, ...)>
<-- HDR(IKE_INTERMEDIATE,MID=1),
SK(SK_er_1,SK_ai_1) { ... }
<Calculate IntAuth_1_R = prf(SK_pr_1, ...)>
<If this IKE_INTERMEDIATE did a new key exchange then update
SK_[aip][ir] and store them as SK_[aip][ir]_2, start using them for
SK {} payloads>
HDR(IKE_INTERMEDIATE,MID=2),
SK(SK_ei_2,SK_ai_2) { ... } -->
<Calculate IntAuth_2_I = prf(SK_pi_2, ...)>
<-- HDR(IKE_INTERMEDIATE,MID=2),
SK(SK_er_2,SK_ai_2) { ... }
<Calculate IntAuth_2_R = prf(SK_pr_2, ...)>
<If this IKE_INTERMEDIATE did a new key exchange then update
SK_[aip][ir] and store them as SK_[aip][ir]_3, start using them for
SK {} payloads>
HDR(IKE_AUTH,MID=3),
SK(SK_ei_3,SK_ai_3) {IDi,
[CERT,] [CERTREQ,]
[IDr,] AUTH, SAi2,
TSi, TSr} -->
<-- HDR(IKE_AUTH,MID=3),
SK(SK_er_3,SK_ar_3) {IDr,
[CERT,] AUTH,
SAr2, TSi, TSr}
----------------------------------------------------------------------
I think having such appendix would make things easier to understand.
--
[email protected]
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
