Diameter Support for the EAP Re-authentication Protocol (ERP)
RFC 6942

Document Type RFC - Proposed Standard (May 2013)
Authors Julien Bournelle , Lionel Morand , Sebastien Decugis , Qin Wu , Glen Zorn
Last updated 2015-10-14
RFC stream Internet Engineering Task Force (IETF)
Formats
txt html pdf htmlized bibtex
Additional resources Mailing list discussion
IESG Responsible AD Benoît Claise
Send notices to (None)
Email authors Email WG IPR References Referenced by Search Lists
RFC 6942 
Bournelle, et al.            Standards Track                   [Page 12]
RFC 6942                Diameter ERP Application                May 2013

   The primary use of the Diameter ERP Application Id is to ensure
   proper routing of the messages, and that the nodes that advertise the
   support for this application do understand the new AVPs defined in
   Section 8, although these AVPs have the 'M' flag cleared.

8.  AVPs

   The following subsections discuss the AVPs used by the Diameter ERP
   application.

8.1.  ERP-RK-Request AVP

   The ERP-RK-Request AVP (AVP Code 618) is of type Grouped AVP.  This
   AVP is used by the ER server to indicate its willingness to act as
   the ER server for a particular session.

   This AVP has the 'M' and 'V' bits cleared.

         ERP-RK-Request ::= < AVP Header: 618 >
                            { ERP-Realm }
                          * [ AVP ]

                       Figure 5: ERP-RK-Request ABNF

8.2.  ERP-Realm AVP

   The ERP-Realm AVP (AVP Code 619) is of type DiameterIdentity.  It
   contains the name of the realm in which the ER server is located.

   This AVP has the 'M' and 'V' bits cleared.

8.3.  Key AVP

   The Key AVP [RFC6734] is of type Grouped and is used to carry the rRK
   or rMSK and associated attributes.  The usage of the Key AVP and its
   constituent AVPs in this application is specified in the following
   subsections.

8.3.1.  Key-Type AVP

   The value of the Key-Type AVP MUST be set to 1 for rRK or 2 for rMSK.

8.3.2.  Keying-Material AVP

   The Keying-Material AVP contains the rRK sent by the home EAP server
   to the ER server, in answer to a request containing an ERP-RK-Request
   AVP, or the rMSK sent by the ER server to the authenticator.  How
   this material is derived and used is specified in RFC 6696.

Bournelle, et al.            Standards Track                   [Page 13]
RFC 6942                Diameter ERP Application                May 2013

8.3.3.  Key-Name AVP

   This AVP contains the EMSKname that identifies the keying material.
   The derivation of this name is specified in RFC 6696.

8.3.4.  Key-Lifetime AVP

   The Key-Lifetime AVP contains the lifetime of the keying material in
   seconds.  It MUST NOT be greater than the remaining lifetime of the
   EMSK from which the material was derived.

9.  Result-Code AVP Values

   This section defines new Result-Code [RFC6733] values that MUST be
   supported by all Diameter implementations that conform to this
   specification.

9.1.  Permanent Failures

   Errors that fall within the Permanent Failures category are used to
   inform the peer that the request failed and SHOULD NOT be attempted
   again.

      DIAMETER_ERROR_EAP_CODE_UNKNOWN (5048)

         This error code is used by the Diameter server to inform the
         peer that the received EAP-Payload AVP contains an EAP packet
         with an unknown EAP code.

10.  IANA Considerations

   IANA has registered the following new elements in the Authentication,
   Authorization, and Accounting (AAA) Parameters registries
   [AAAPARAMS].

10.1.  Diameter Application Identifier

   IANA has allocated a new value "Diameter ERP" (code: 13) in the
   "Application IDs" registry from the "Standards Action" range of
   numbers using the "Specification Required" policy [RFC5226]; see
   Section 11.3 of RFC 3588 [RFC3588] for further details.

Bournelle, et al.            Standards Track                   [Page 14]
RFC 6942                Diameter ERP Application                May 2013

10.2.  New AVPs

   IANA has allocated new values from the "AVP Codes" registry according
   to the policy specified in Section 11.1 of Fajardo, et al. [RFC6733]
   for the following AVPs:

      ERP-RK-Request (code: 618)

      ERP-Realm (code: 619)

   These AVPs are defined in Section 8.

10.3.  New Permanent Failures Result-Code AVP Values

   IANA has allocated a new value from the "Result-Code AVP Values (code
   268) - Permanent Failure" registry according to the policy specified
   in Section 11.3.2 of Fajardo, et al. [RFC6733] for the following
   Result-Code:

      DIAMETER_ERROR_EAP_CODE_UNKNOWN (code: 5048)

   This Result-Code value is defined in Section 9.

11.  Security Considerations

   The security considerations from the following documents apply here:

   o  Eronen, et al. [RFC4072]

   o  Salowey, et al. [RFC5295]

   o  Cao, et al. [RFC6696]

   o  Fajardo, et al. [RFC6733]

   o  Zorn, et al. [RFC6734]

   Because this application involves the transmission of sensitive data,
   including cryptographic keys, it MUST be protected using Transport
   Layer Security (TLS) [RFC5246], Datagram Transport Layer Security
   (DTLS) [RFC6347], or IP Encapsulating Security Payload (ESP)
   [RFC4303].  If TLS or DTLS is used, the bulk encryption algorithm
   negotiated MUST be non-null.  If ESP is used, the encryption
   algorithm MUST be non-null.

Bournelle, et al.            Standards Track                   [Page 15]
RFC 6942                Diameter ERP Application                May 2013

12.  Contributors

   Hannes Tschofenig wrote the initial draft of this document.

   Lakshminath Dondeti contributed to the early drafts of the document.

13.  Acknowledgements

   Hannes Tschofenig, Zhen Cao, Benoit Claise, Elwyn Davies, Menachem
   Dodge, Vincent Roca, Stephen Farrell, Sean Turner, Pete Resnick, Russ
   Housley, Martin Stiemerling, and Jouni Korhonen provided useful
   reviews.

   Vidya Narayanan reviewed a rough draft version of the document and
   found some errors.

   Many thanks to these people!

14.  References

14.1.  Normative References

   [RFC2119]   Bradner, S., "Key words for use in RFCs to Indicate
               Requirement Levels", BCP 14, RFC 2119, March 1997.

   [RFC3748]   Aboba, B., Blunk, L., Vollbrecht, J., Carlson, J., and H.
               Levkowetz, "Extensible Authentication Protocol (EAP)",
               RFC 3748, June 2004.

   [RFC4072]   Eronen, P., Hiller, T., and G. Zorn, "Diameter Extensible
               Authentication Protocol (EAP) Application", RFC 4072,
               August 2005.

   [RFC5226]   Narten, T. and H. Alvestrand, "Guidelines for Writing an
               IANA Considerations Section in RFCs", BCP 26, RFC 5226,
               May 2008.

   [RFC5295]   Salowey, J., Dondeti, L., Narayanan, V., and M. Nakhjiri,
               "Specification for the Derivation of Root Keys from an
               Extended Master Session Key (EMSK)", RFC 5295, August
               2008.

   [RFC6696]   Cao, Z., He, B., Shi, Y., Wu, Q., and G. Zorn, "EAP
               Extensions for the EAP Re-authentication Protocol (ERP)",
               RFC 6696, July 2012.

   [RFC6733]   Fajardo, V., Arkko, J., Loughney, J., and G. Zorn,
               "Diameter Base Protocol", RFC 6733, October 2012.

Bournelle, et al.            Standards Track                   [Page 16]
RFC 6942                Diameter ERP Application                May 2013

   [RFC6734]   Zorn, G., Wu, Q., and V. Cakulev, "Diameter Attribute-
               Value Pairs for Cryptographic Key Transport", RFC 6734,
               October 2012.

14.2.  Informative References

   [AAAPARAMS] Internet Assigned Numbers Authority, "Authentication,
               Authorization, and Accounting (AAA) Parameters",
               <http://www.iana.org/assignments/aaa-parameters/>.

   [RFC3588]   Calhoun, P., Loughney, J., Guttman, E., Zorn, G., and J.
               Arkko, "Diameter Base Protocol", RFC 3588, September
               2003.

   [RFC4303]   Kent, S., "IP Encapsulating Security Payload (ESP)", RFC
               4303, December 2005.

   [RFC5246]   Dierks, T. and E. Rescorla, "The Transport Layer Security
               (TLS) Protocol Version 1.2", RFC 5246, August 2008.

   [RFC6347]   Rescorla, E. and N. Modadugu, "Datagram Transport Layer
               Security Version 1.2", RFC 6347, January 2012.

Bournelle, et al.            Standards Track                   [Page 17]
RFC 6942                Diameter ERP Application                May 2013

Authors' Addresses

   Julien Bournelle
   Orange Labs
   38-40 rue du general Leclerc
   Issy-Les-Moulineaux  92794
   France

   EMail: julien.bournelle@orange.com

   Lionel Morand
   Orange Labs
   38-40 rue du general Leclerc
   Issy-Les-Moulineaux  92794
   France

   EMail: lionel.morand@orange.com

   Sebastien Decugis
   INSIDE Secure
   41 Parc Club du Golf
   Aix-en-Provence  13856
   France

   Phone: +33 (0)4 42 39 63 00
   EMail: sdecugis@freediameter.net

   Qin Wu
   Huawei Technologies Co., Ltd.
   101 Software Avenue, Yuhua District
   Nanjing, JiangSu  210012
   China

   EMail: sunseawq@huawei.com

   Glen Zorn
   Network Zen
   227/358 Thanon Sanphawut
   Bang Na, Bangkok  10260
   Thailand

   EMail: glenzorn@gmail.com

Bournelle, et al.            Standards Track                   [Page 18]