Password Authenticated Connection Establishment with the Internet Key Exchange Protocol version 2 (IKEv2)
RFC 6631
| Document | Type |
RFC - Experimental
(June 2012; No errata)
Was draft-kuegler-ipsecme-pace-ikev2 (individual in sec area)
|
|
|---|---|---|---|
| Last updated | 2015-10-14 | ||
| Stream | IETF | ||
| Formats | plain text html pdf htmlized bibtex | ||
| Reviews | |||
| Stream | WG state | (None) | |
| Document shepherd | No shepherd assigned | ||
| IESG | IESG state | RFC 6631 (Experimental) | |
| Consensus Boilerplate | Unknown | ||
| Telechat date | |||
| Responsible AD | Sean Turner | ||
| IESG note | Paul Hoffman (paul.hoffman@vpnc.org) is the document shepherd. | ||
| Send notices to | paul.hoffman@vpnc.org | ||
Internet Engineering Task Force (IETF) D. Kuegler
Request for Comments: 6631 BSI
Category: Experimental Y. Sheffer
ISSN: 2070-1721 Porticor
June 2012
Password Authenticated Connection Establishment
with the Internet Key Exchange Protocol version 2 (IKEv2)
Abstract
The Internet Key Exchange protocol version 2 (IKEv2) does not allow
secure peer authentication when using short credential strings, i.e.,
passwords. Several proposals have been made to integrate password-
authentication protocols into IKE. This document provides an
adaptation of Password Authenticated Connection Establishment (PACE)
to the setting of IKEv2 and demonstrates the advantages of this
integration.
Status of This Memo
This document is not an Internet Standards Track specification; it is
published for examination, experimental implementation, and
evaluation.
This document defines an Experimental Protocol for the Internet
community. This document is a product of the Internet Engineering
Task Force (IETF). It represents the consensus of the IETF
community. It has received public review and has been approved for
publication by the Internet Engineering Steering Group (IESG). Not
all documents approved by the IESG are a candidate for any level of
Internet Standard; see Section 2 of RFC 5741.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
http://www.rfc-editor.org/info/rfc6631.
Kuegler & Sheffer Experimental [Page 1]
RFC 6631 IKEv2 with PACE June 2012
Copyright Notice
Copyright (c) 2012 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction ....................................................3
1.1. Terminology ................................................4
2. Overview ........................................................5
3. Protocol Sequence ...............................................6
3.1. The IKE_SA_INIT Exchange ...................................6
3.2. The IKE_AUTH Exchange, Round #1 ............................7
3.3. The IKE_AUTH Exchange, Round #2 ............................7
3.4. Public Key Validation ......................................8
3.5. Creating a Long-Term Shared Secret .........................9
3.6. Using the Long-Term Shared Secret .........................11
4. Encrypting and Mapping the Nonce ...............................11
4.1. Encrypting the Nonce ......................................11
4.2. Mapping the Nonce .........................................12
4.2.1. Modular Diffie-Hellman .............................13
4.2.2. Elliptic Curve Diffie-Hellman ......................13
5. Protocol Details ...............................................13
5.1. Password Processing .......................................13
5.2. The SECURE_PASSWORD_METHODS Notification ..................14
5.3. The PSK_PERSIST Notification ..............................15
5.4. The PSK_CONFIRM Notification ..............................15
5.5. The GSPM(ENONCE) Payload ..................................15
5.6. The KE (KEi2/KEr2) Payloads in PACE .......................16
5.7. PACE and Session Resumption ...............................16
6. Security Considerations ........................................16
6.1. Credential Security Assumptions ...........................16
6.2. Vulnerability to Passive and Active Attacks ...............16
6.3. Perfect Forward Secrecy ...................................17
6.4. Randomness ................................................17
6.5. Identity Protection .......................................17
6.6. Denial of Service .........................................17
Kuegler & Sheffer Experimental [Page 2]
RFC 6631 IKEv2 with PACE June 2012
6.7. Choice of Encryption Algorithms ...........................17
Show full document text