Secure Pre-Shared Key (PSK) Authentication for the Internet Key Exchange Protocol (IKE)
RFC 6617
| Document | Type |
RFC - Experimental
(June 2012; No errata)
Was draft-harkins-ipsecme-spsk-auth (individual in sec area)
|
|
|---|---|---|---|
| Author | Dan Harkins | ||
| Last updated | 2015-10-14 | ||
| Stream | IETF | ||
| Formats | plain text html pdf htmlized bibtex | ||
| Reviews | |||
| Stream | WG state | (None) | |
| Document shepherd | No shepherd assigned | ||
| IESG | IESG state | RFC 6617 (Experimental) | |
| Consensus Boilerplate | Unknown | ||
| Telechat date | |||
| Responsible AD | Sean Turner | ||
| IESG note | Paul Hoffman (paul.hoffman@vpnc.org) is the document shepherd. | ||
| Send notices to | paul.hoffman@vpnc.org | ||
Internet Engineering Task Force (IETF) D. Harkins
Request for Comments: 6617 Aruba Networks
Category: Experimental June 2012
ISSN: 2070-1721
Secure Pre-Shared Key (PSK) Authentication
for the Internet Key Exchange Protocol (IKE)
Abstract
This memo describes a secure pre-shared key (PSK) authentication
method for the Internet Key Exchange Protocol (IKE). It is resistant
to dictionary attack and retains security even when used with weak
pre-shared keys.
Status of This Memo
This document is not an Internet Standards Track specification; it is
published for examination, experimental implementation, and
evaluation.
This document defines an Experimental Protocol for the Internet
community. This document is a product of the Internet Engineering
Task Force (IETF). It represents the consensus of the IETF
community. It has received public review and has been approved for
publication by the Internet Engineering Steering Group (IESG). Not
all documents approved by the IESG are a candidate for any level of
Internet Standard; see Section 2 of RFC 5741.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
http://www.rfc-editor.org/info/rfc6617.
Copyright Notice
Copyright (c) 2012 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Harkins Experimental [Page 1]
RFC 6617 Secure PSK Authentication for IKE June 2012
Table of Contents
1. Introduction ....................................................3
1.1. Keyword Definitions ........................................3
2. Usage Scenarios .................................................3
3. Terms and Notation ..............................................4
4. Discrete Logarithm Cryptography .................................5
4.1. Elliptic Curve Cryptography (ECP) Groups ...................5
4.2. Finite Field Cryptography (MODP) Groups ....................7
5. Random Numbers ..................................................8
6. Using Passwords and Raw Keys For Authentication .................8
7. Assumptions .....................................................9
8. Secure PSK Authentication Message Exchange ......................9
8.1. Negotiation of Secure PSK Authentication ..................10
8.2. Fixing the Secret Element, SKE ............................11
8.2.1. ECP Operation to Select SKE ........................12
8.2.2. MODP Operation to Select SKE .......................13
8.3. Encoding and Decoding of Group Elements and Scalars .......14
8.3.1. Encoding and Decoding of Scalars ...................14
8.3.2. Encoding and Decoding of ECP Elements ..............15
8.3.3. Encoding and Decoding of MODP Elements .............15
8.4. Message Generation and Processing .........................16
8.4.1. Generation of a Commit .............................16
8.4.2. Processing of a Commit .............................16
8.4.2.1. Validation of an ECP Element ..............16
8.4.2.2. Validation of a MODP Element ..............16
8.4.2.3. Commit Processing Steps ...................17
8.4.3. Authentication of the Exchange .....................17
8.5. Payload Format ............................................18
8.5.1. Commit Payload .....................................18
8.6. IKEv2 Messaging ...........................................19
9. IANA Considerations ............................................20
10. Security Considerations .......................................20
11. Acknowledgements ..............................................22
12. References ....................................................22
12.1. Normative References .....................................22
12.2. Informative References ...................................23
Harkins Experimental [Page 2]
RFC 6617 Secure PSK Authentication for IKE June 2012
1. Introduction
Show full document text