http://stupid.domain.name/ietf/

One document matched: draft-nir-ike-qcd-07.ps
%!PS-Adobe-3.0
%%Creator: groff version 1.19.2
%%CreationDate: Sun Jul 11 09:53:50 2010
%%DocumentNeededResources: font Times-Roman
%%+ font Courier
%%DocumentSuppliedResources: procset grops 1.19 2
%%Pages: 21 0
%%PageOrder: Ascend
%%DocumentMedia: Default 612 792 0 () ()
%%Orientation: Portrait
%%EndComments
%%BeginDefaults
%%PageMedia: Default
%%EndDefaults
%%BeginProlog
%%BeginProcSet: PStoPS 1 15
userdict begin
[/showpage/erasepage/copypage]{dup where{pop dup load
 type/operatortype eq{1 array cvx dup 0 3 index cvx put
 bind def}{pop}ifelse}{pop}ifelse}forall
[/letter/legal/executivepage/a4/a4small/b5/com10envelope
 /monarchenvelope/c5envelope/dlenvelope/lettersmall/note
 /folio/quarto/a5]{dup where{dup wcheck{exch{}put}
 {pop{}def}ifelse}{pop}ifelse}forall
/setpagedevice {pop}bind 1 index where{dup wcheck{3 1 roll put}
 {pop def}ifelse}{def}ifelse
/PStoPSmatrix matrix currentmatrix def
/PStoPSxform matrix def/PStoPSclip{clippath}def
/defaultmatrix{PStoPSmatrix exch PStoPSxform exch concatmatrix}bind def
/initmatrix{matrix defaultmatrix setmatrix}bind def
/initclip[{matrix currentmatrix PStoPSmatrix setmatrix
 [{currentpoint}stopped{$error/newerror false put{newpath}}
 {/newpath cvx 3 1 roll/moveto cvx 4 array astore cvx}ifelse]
 {[/newpath cvx{/moveto cvx}{/lineto cvx}
 {/curveto cvx}{/closepath cvx}pathforall]cvx exch pop}
 stopped{$error/errorname get/invalidaccess eq{cleartomark
 $error/newerror false put cvx exec}{stop}ifelse}if}bind aload pop
 /initclip dup load dup type dup/operatortype eq{pop exch pop}
 {dup/arraytype eq exch/packedarraytype eq or
  {dup xcheck{exch pop aload pop}{pop cvx}ifelse}
  {pop cvx}ifelse}ifelse
 {newpath PStoPSclip clip newpath exec setmatrix} bind aload pop]cvx def
/initgraphics{initmatrix newpath initclip 1 setlinewidth
 0 setlinecap 0 setlinejoin []0 setdash 0 setgray
 10 setmiterlimit}bind def
end
%%EndProcSet
%%BeginResource: procset grops 1.19 2
%!PS-Adobe-3.0 Resource-ProcSet
/setpacking where{
pop
currentpacking
true setpacking
}if
/grops 120 dict dup begin
/SC 32 def
/A/show load def
/B{0 SC 3 -1 roll widthshow}bind def
/C{0 exch ashow}bind def
/D{0 exch 0 SC 5 2 roll awidthshow}bind def
/E{0 rmoveto show}bind def
/F{0 rmoveto 0 SC 3 -1 roll widthshow}bind def
/G{0 rmoveto 0 exch ashow}bind def
/H{0 rmoveto 0 exch 0 SC 5 2 roll awidthshow}bind def
/I{0 exch rmoveto show}bind def
/J{0 exch rmoveto 0 SC 3 -1 roll widthshow}bind def
/K{0 exch rmoveto 0 exch ashow}bind def
/L{0 exch rmoveto 0 exch 0 SC 5 2 roll awidthshow}bind def
/M{rmoveto show}bind def
/N{rmoveto 0 SC 3 -1 roll widthshow}bind def
/O{rmoveto 0 exch ashow}bind def
/P{rmoveto 0 exch 0 SC 5 2 roll awidthshow}bind def
/Q{moveto show}bind def
/R{moveto 0 SC 3 -1 roll widthshow}bind def
/S{moveto 0 exch ashow}bind def
/T{moveto 0 exch 0 SC 5 2 roll awidthshow}bind def
/SF{
findfont exch
[exch dup 0 exch 0 exch neg 0 0]makefont
dup setfont
[exch/setfont cvx]cvx bind def
}bind def
/MF{
findfont
[5 2 roll
0 3 1 roll
neg 0 0]makefont
dup setfont
[exch/setfont cvx]cvx bind def
}bind def
/level0 0 def
/RES 0 def
/PL 0 def
/LS 0 def
/MANUAL{
statusdict begin/manualfeed true store end
}bind def
/PLG{
gsave newpath clippath pathbbox grestore
exch pop add exch pop
}bind def
/BP{
/level0 save def
1 setlinecap
1 setlinejoin
72 RES div dup scale
LS{
90 rotate
}{
0 PL translate
}ifelse
1 -1 scale
}bind def
/EP{
level0 restore
showpage
}def
/DA{
newpath arcn stroke
}bind def
/SN{
transform
.25 sub exch .25 sub exch
round .25 add exch round .25 add exch
itransform
}bind def
/DL{
SN
moveto
SN
lineto stroke
}bind def
/DC{
newpath 0 360 arc closepath
}bind def
/TM matrix def
/DE{
TM currentmatrix pop
translate scale newpath 0 0 .5 0 360 arc closepath
TM setmatrix
}bind def
/RC/rcurveto load def
/RL/rlineto load def
/ST/stroke load def
/MT/moveto load def
/CL/closepath load def
/Fr{
setrgbcolor fill
}bind def
/setcmykcolor where{
pop
/Fk{
setcmykcolor fill
}bind def
}if
/Fg{
setgray fill
}bind def
/FL/fill load def
/LW/setlinewidth load def
/Cr/setrgbcolor load def
/setcmykcolor where{
pop
/Ck/setcmykcolor load def
}if
/Cg/setgray load def
/RE{
findfont
dup maxlength 1 index/FontName known not{1 add}if dict begin
{
1 index/FID ne{def}{pop pop}ifelse
}forall
/Encoding exch def
dup/FontName exch def
currentdict end definefont pop
}bind def
/DEFS 0 def
/EBEGIN{
moveto
DEFS begin
}bind def
/EEND/end load def
/CNT 0 def
/level1 0 def
/PBEGIN{
/level1 save def
translate
div 3 1 roll div exch scale
neg exch neg exch translate
0 setgray
0 setlinecap
1 setlinewidth
0 setlinejoin
10 setmiterlimit
[]0 setdash
/setstrokeadjust where{
pop
false setstrokeadjust
}if
/setoverprint where{
pop
false setoverprint
}if
newpath
/CNT countdictstack def
userdict begin
/showpage{}def
/setpagedevice{}def
}bind def
/PEND{
countdictstack CNT sub{end}repeat
level1 restore
}bind def
end def
/setpacking where{
pop
setpacking
}if
%%EndResource
%%EndProlog
%%BeginSetup
%%BeginFeature: *PageSize Default
<< /PageSize [ 612 792 ] /ImagingBBox null >> setpagedevice
%%EndFeature
%%IncludeResource: font Times-Roman
%%IncludeResource: font Courier
grops begin/DEFS 1 dict def DEFS begin/u{.001 mul}bind def end/RES 72
def/PL 792 def/LS false def/ENC0[/asciicircum/asciitilde/Scaron/Zcaron
/scaron/zcaron/Ydieresis/trademark/quotesingle/Euro/.notdef/.notdef
/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef
/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef
/.notdef/.notdef/space/exclam/quotedbl/numbersign/dollar/percent
/ampersand/quoteright/parenleft/parenright/asterisk/plus/comma/hyphen
/period/slash/zero/one/two/three/four/five/six/seven/eight/nine/colon
/semicolon/less/equal/greater/question/at/A/B/C/D/E/F/G/H/I/J/K/L/M/N/O
/P/Q/R/S/T/U/V/W/X/Y/Z/bracketleft/backslash/bracketright/circumflex
/underscore/quoteleft/a/b/c/d/e/f/g/h/i/j/k/l/m/n/o/p/q/r/s/t/u/v/w/x/y
/z/braceleft/bar/braceright/tilde/.notdef/quotesinglbase/guillemotleft
/guillemotright/bullet/florin/fraction/perthousand/dagger/daggerdbl
/endash/emdash/ff/fi/fl/ffi/ffl/dotlessi/dotlessj/grave/hungarumlaut
/dotaccent/breve/caron/ring/ogonek/quotedblleft/quotedblright/oe/lslash
/quotedblbase/OE/Lslash/.notdef/exclamdown/cent/sterling/currency/yen
/brokenbar/section/dieresis/copyright/ordfeminine/guilsinglleft
/logicalnot/minus/registered/macron/degree/plusminus/twosuperior
/threesuperior/acute/mu/paragraph/periodcentered/cedilla/onesuperior
/ordmasculine/guilsinglright/onequarter/onehalf/threequarters
/questiondown/Agrave/Aacute/Acircumflex/Atilde/Adieresis/Aring/AE
/Ccedilla/Egrave/Eacute/Ecircumflex/Edieresis/Igrave/Iacute/Icircumflex
/Idieresis/Eth/Ntilde/Ograve/Oacute/Ocircumflex/Otilde/Odieresis
/multiply/Oslash/Ugrave/Uacute/Ucircumflex/Udieresis/Yacute/Thorn
/germandbls/agrave/aacute/acircumflex/atilde/adieresis/aring/ae/ccedilla
/egrave/eacute/ecircumflex/edieresis/igrave/iacute/icircumflex/idieresis
/eth/ntilde/ograve/oacute/ocircumflex/otilde/odieresis/divide/oslash
/ugrave/uacute/ucircumflex/udieresis/yacute/thorn/ydieresis]def
/Courier@0 ENC0/Courier RE/Times-Roman@0 ENC0/Times-Roman RE
userdict/PStoPSxform PStoPSmatrix matrix currentmatrix
 matrix invertmatrix matrix concatmatrix
 matrix invertmatrix put
%%EndSetup
%%Page: (0) 1
userdict/PStoPSsaved save put
PStoPSmatrix setmatrix
0.000000 -28.346457 translate
userdict/PStoPSmatrix matrix currentmatrix put
userdict/PStoPSclip{0 0 moveto
 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto
 closepath}put initclip
PStoPSxform concat
%%BeginPageSetup
BP
%%EndPageSetup
/F0 10/Times-Roman@0 SF(Netw)72 84 Q(ork W)-.1 E(orking Group)-.8 E 2.58
-1.29(Y. N)343.55 H(ir)1.29 E 360.8(Internet-Draft Check)72 96 R(Point)
2.5 E(Intended status: Standards T)72 108 Q 289.18(rack F)-.35 F 2.5(.D)
-.8 G(etienne)-2.5 E(Expires: January 12, 2011)72 120 Q 2.22 -1.11(P. S)
333.56 H(ethi)1.11 E(Cisco)517.22 132 Q(July 11, 2010)485.83 144 Q 2.5
(AQ)221.85 180 S(uick Crash Detection Method for IKE)-2.5 E(draft-nir)
266.165 192 Q(-ik)-.2 E(e-qcd-07)-.1 E(Abstract)72 216 Q
(This document describes an e)102 240 Q
(xtension to the IKEv2 protocol that allo)-.15 E(ws for f)-.25 E
(aster detection of SA)-.1 E(desynchronization using a sa)102 252 Q -.15
(ve)-.2 G 2.5(dt).15 G(ok)-2.5 E(en.)-.1 E
(When an IPsec tunnel between tw)102 276 Q 2.5(oI)-.1 G
(KEv2 peers is disconnected due to a restart of one peer)-2.5 E 2.5(,i)
-.4 G 2.5(tc)-2.5 G(an tak)-2.5 E 2.5(ea)-.1 G(s)-2.5 E(much as se)102
288 Q -.15(ve)-.25 G(ral minutes for the other peer to disco).15 E -.15
(ve)-.15 G 2.5(rt).15 G(hat the reboot has occurred, thus delaying reco)
-2.5 E -.15(ve)-.15 G(ry).15 E(.)-.65 E(In this te)102 300 Q
(xt we propose an e)-.15 E(xtension to the protocol, that allo)-.15 E
(ws for reco)-.25 E -.15(ve)-.15 G(ry immediately follo).15 E(wing the)
-.25 E(restart.)102 312 Q(Status of this Memo)72 336 Q
(This Internet-Draft is submitted in full conformance with the pro)102
360 Q(visions of BCP)-.15 E(78 and BCP)5 E(79.)5 E
(Internet-Drafts are w)102 384 Q
(orking documents of the Internet Engineering T)-.1 E(ask F)-.8 E
(orce \(IETF\).)-.15 E(Note that other)5 E(groups may also distrib)102
396 Q(ute w)-.2 E(orking documents as Internet-Drafts.)-.1 E
(The list of current Internet- Drafts is at)5 E(http://datatrack)102 408
Q(er)-.1 E(.ietf.or)-.55 E(g/drafts/current/.)-.18 E
(Internet-Drafts are draft documents v)102 432 Q
(alid for a maximum of six months and may be updated, replaced, or)-.25
E(obsoleted by other documents at an)102 444 Q 2.5(yt)-.15 G 2.5
(ime. It)-2.5 F
(is inappropriate to use Internet-Drafts as reference material or)2.5 E
(to cite them other than as "w)102 456 Q(ork in progress.")-.1 E
(This Internet-Draft will e)102 480 Q(xpire on January 12, 2011.)-.15 E
(Cop)72 504 Q(yright Notice)-.1 E(Cop)102 528 Q
(yright \(c\) 2010 IETF T)-.1 E
(rust and the persons identi\214ed as the document authors.)-.35 E
(All rights reserv)5 E(ed.)-.15 E
(This document is subject to BCP 78 and the IETF T)102 552 Q
(rust\264s Le)-.35 E -.05(ga)-.15 G 2.5(lP).05 G(ro)-2.5 E
(visions Relating to IETF Documents)-.15 E(\(http://trustee.ietf.or)102
564 Q(g/license-info\) in ef)-.18 E(fect on the date of)-.25 E(Nir)72
696 Q 2.5(,e)-.4 G 2.5(ta)-2.5 G 143.305(l. Expires)-2.5 F
(January 12, 2011)2.5 E([P)149.725 E(age 1])-.15 E 0 Cg EP
PStoPSsaved restore
%%Page: (1) 2
userdict/PStoPSsaved save put
PStoPSmatrix setmatrix
0.000000 -28.346457 translate
userdict/PStoPSmatrix matrix currentmatrix put
userdict/PStoPSclip{0 0 moveto
 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto
 closepath}put initclip
PStoPSxform concat
%%BeginPageSetup
BP
%%EndPageSetup
/F0 10/Times-Roman@0 SF 130.145(Internet-Draft Quick)72 48 R
(Crash Detection)2.5 E(July 2010)149.005 E
(publication of this document.)102 84 Q(Please re)5 E(vie)-.25 E 2.5(wt)
-.25 G(hese documents carefully)-2.5 E 2.5(,a)-.65 G 2.5(st)-2.5 G(he)
-2.5 E 2.5(yd)-.15 G(escribe your rights and)-2.5 E
(restrictions with respect to this document.)102 96 Q(Code Components e)
5 E(xtracted from this document must include)-.15 E
(Simpli\214ed BSD License te)102 108 Q
(xt as described in Section 4.e of the T)-.15 E(rust Le)-.35 E -.05(ga)
-.15 G 2.5(lP).05 G(ro)-2.5 E(visions and are pro)-.15 E(vided)-.15 E
(without w)102 120 Q
(arranty as described in the Simpli\214ed BSD License.)-.1 E(Nir)72 696
Q 2.5(,e)-.4 G 2.5(ta)-2.5 G 143.305(l. Expires)-2.5 F(January 12, 2011)
2.5 E([P)149.725 E(age 2])-.15 E 0 Cg EP
PStoPSsaved restore
%%Page: (2) 3
userdict/PStoPSsaved save put
PStoPSmatrix setmatrix
0.000000 -28.346457 translate
userdict/PStoPSmatrix matrix currentmatrix put
userdict/PStoPSclip{0 0 moveto
 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto
 closepath}put initclip
PStoPSxform concat
%%BeginPageSetup
BP
%%EndPageSetup
/F0 10/Times-Roman@0 SF 130.145(Internet-Draft Quick)72 48 R
(Crash Detection)2.5 E(July 2010)149.005 E -.8(Ta)72 84 S
(ble of Contents).8 E 2.5(1. Introduction)79.5 108 R(4)393.56 E 2.5
(1.1. Con)84.5 120 R -.15(ve)-.4 G(ntions Used in This Document).15 E(4)
282.72 E 2.5(2. RFC)79.5 132 R(4306 Crash Reco)2.5 E -.15(ve)-.15 G
332.75(ry 5).15 F 2.5(3. Protocol)79.5 144 R 374.11(Outline 5)2.5 F 2.5
(4. F)79.5 156 R(ormats and Exchanges)-.15 E(6)347.61 E 2.5
(4.1. Noti\214cation)84.5 168 R -.15(Fo)2.5 G 348.98(rmat 6).15 F 2.5
(4.2. P)84.5 180 R(assing a T)-.15 E(ok)-.8 E(en in the A)-.1 E
(UTH Exchange)-.55 E(7)269.35 E 2.5(4.3. Replacing)84.5 192 R -.8(To)2.5
G -.1(ke).8 G(ns After Rek).1 E .3 -.15(ey o)-.1 H 2.5(rR).15 G 243.34
(esumption 9)-2.5 F 2.5(4.4. Replacing)84.5 204 R(the T)2.5 E(ok)-.8 E
(en for an Existing SA)-.1 E(9)270.86 E 2.5(4.5. Presenting)84.5 216 R
(the T)2.5 E(ok)-.8 E(en in an INFORMA)-.1 E(TION)-1.11 E(AL Exchange)
-.35 E(10)192.9 E 2.5(5. T)79.5 228 R(ok)-.8 E(en Generation and V)-.1 E
297.82(eri\214cation 11)-1.11 F 2.5(5.1. A)84.5 240 R
(Stateless Method of T)2.5 E(ok)-.8 E(en Generation)-.1 E(11)262.26 E
2.5(5.2. A)84.5 252 R(Stateless Method with IP addresses)2.5 E(12)274.68
E 2.5(5.3. T)84.5 264 R(ok)-.8 E(en Lifetime)-.1 E(12)363.91 E 2.5
(6. Backup)79.5 276 R(Gate)2.5 E -.1(wa)-.25 G 363.37(ys 12).1 F 2.5
(7. Alternati)79.5 288 R .3 -.15(ve S)-.25 H 350.62(olutions 13).15 F
2.5(7.1. Initiating)84.5 300 R 2.5(an)2.5 G .5 -.25(ew I)-2.5 H(KE SA)
.25 E(13)328.54 E 2.5(7.2. Birth)84.5 312 R 354.39(Certi\214cates 13)2.5
F 2.5(7.3. Reducing)84.5 324 R(Li)2.5 E -.15(ve)-.25 G
(ness Check Length).15 E(13)290.64 E 2.5(8. Interaction)79.5 336 R
(with Session Resumption)2.5 E(14)290.5 E 2.5(9. Operational)79.5 348 R
325.79(Considerations 15)2.5 F 2.5(9.1. Who)84.5 360 R
(should implement this speci\214cation)2.5 E(15)261.61 E 2.5
(9.2. Response)84.5 372 R(to unkno)2.5 E(wn child SPI)-.25 E(16)297.97 E
2.5(9.3. Using)84.5 384 R -.8(To)2.5 G -.1(ke).8 G
(ns that Depend on IP Addresses).1 E(17)251.98 E
(10. Security Considerations)79.5 396 Q(17)339.67 E(10.1. QCD T)84.5 408
Q(ok)-.8 E(en Generation and Handling)-.1 E(17)271.15 E(10.2. QCD T)84.5
420 Q(ok)-.8 E(en T)-.1 E 316.2(ransmission 18)-.35 F(10.3. QCD T)84.5
432 Q(ok)-.8 E(en Enumeration)-.1 E(18)320.58 E(11. IAN)79.5 444 Q 2.5
(AC)-.35 G 345.86(onsiderations 19)-2.5 F(12. Ackno)79.5 456 Q 353.82
(wledgements 19)-.25 F(13. Change Log)79.5 468 Q(19)386.34 E
(13.1. Changes from draft-nir)84.5 480 Q(-ik)-.2 E(e-qcd-03 and -04)-.1
E(19)251.68 E(13.2. Changes from draft-nir)84.5 492 Q(-ik)-.2 E 281.95
(e-qcd-02 19)-.1 F(13.3. Changes from draft-nir)84.5 504 Q(-ik)-.2 E
281.95(e-qcd-01 19)-.1 F(13.4. Changes from draft-nir)84.5 516 Q(-ik)-.2
E 281.95(e-qcd-00 20)-.1 F(13.5. Changes from draft-nir)84.5 528 Q(-qcr)
-.2 E 299.27(-00 20)-.2 F(14. References)79.5 540 Q(20)391.08 E
(14.1. Normati)84.5 552 Q .3 -.15(ve R)-.25 H 331.21(eferences 20).15 F
(14.2. Informati)84.5 564 Q .3 -.15(ve R)-.25 H 326.77(eferences 20).15
F(Authors\264 Addresses)79.5 576 Q(21)371.35 E(Nir)72 696 Q 2.5(,e)-.4 G
2.5(ta)-2.5 G 143.305(l. Expires)-2.5 F(January 12, 2011)2.5 E([P)
149.725 E(age 3])-.15 E 0 Cg EP
PStoPSsaved restore
%%Page: (3) 4
userdict/PStoPSsaved save put
PStoPSmatrix setmatrix
0.000000 -28.346457 translate
userdict/PStoPSmatrix matrix currentmatrix put
userdict/PStoPSclip{0 0 moveto
 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto
 closepath}put initclip
PStoPSxform concat
%%BeginPageSetup
BP
%%EndPageSetup
/F0 10/Times-Roman@0 SF 130.145(Internet-Draft Quick)72 48 R
(Crash Detection)2.5 E(July 2010)149.005 E 2.5(1. Introduction)72 84 R
(IKEv2, as described in [RFC4306] has a method for reco)102 108 Q -.15
(ve)-.15 G(ring from a reboot of one peer).15 E 5(.A)-.55 G 2.5(sl)-5 G
(ong as traf)-2.5 E<8c63>-.25 E<8d6f>102 120 Q(ws in both directions, t\
he rebooted peer should re-establish the tunnels immediately)-.25 E 5
(.H)-.65 G -.25(ow)-5 G -2.15 -.25(ev e).25 H .8 -.4(r, i).25 H 2.5(nm)
.4 G(an)-2.5 E(y)-.15 E(cases the rebooted peer is a VPN g)102 132 Q
(ate)-.05 E -.1(wa)-.25 G 2.5(yt).1 G(hat protects only serv)-2.5 E
(ers, or else the non-rebooted peer has a)-.15 E(dynamic IP address.)102
144 Q(In such cases, the rebooted peer will not be able to re-establish\
 the tunnels.)5 E 2.5(Section 2)5 F(describes ho)102 156 Q 2.5(wr)-.25 G
(eco)-2.5 E -.15(ve)-.15 G(ry w).15 E(orks under RFC 4306, and e)-.1 E
(xplains wh)-.15 E 2.5(yi)-.05 G 2.5(tm)-2.5 G(ay tak)-2.5 E 2.5(es)-.1
G -2.15 -.25(ev e)-2.5 H(ral minutes.).25 E(The method proposed here, i\
s to send an octet string, called a "QCD tok)102 180 Q(en" in the IKE_A)
-.1 E(UTH e)-.55 E(xchange that)-.15 E(establishes the tunnel.)102 192 Q
(That tok)5 E(en can be stored on the peer as part of the IKE SA.)-.1 E
(After a reboot, the)5 E
(rebooted implementation can re-generate the tok)102 204 Q
(en, and send it to the peer)-.1 E 2.5(,s)-.4 G 2.5(oa)-2.5 G 2.5(st)
-2.5 G 2.5(od)-2.5 G(elete the IKE SA.)-2.5 E
(Deleting the IKE SA results is a quick establishment of ne)102 216 Q
2.5(wI)-.25 G(Psec tunnels.)-2.5 E(This is described in Section)5 E(3.)5
E 2.5(1.1. Con)72 240 R -.15(ve)-.4 G(ntions Used in This Document).15 E
(The k)102 264 Q .3 -.15(ey w)-.1 H(ords "MUST", "MUST NO).05 E
(T", "REQ)-.4 E(UIRED", "SHALL", "SHALL NO)-.1 E(T", "SHOULD",)-.4 E
("SHOULD NO)102 276 Q(T", "RECOMMENDED", "MA)-.4 E(Y", and "OPTION)-1.05
E(AL" in this document are to be interpreted)-.35 E
(as described in [RFC2119].)102 288 Q(The term "tok)102 312 Q(en" refer\
s to an octet string that an implementation can generate using only the\
 properties of a)-.1 E
(protected IKE message \(such as IKE SPIs\) as input.)102 324 Q 2.5(Ac)5
G(onforming implementation MUST be able to)-2.5 E(generate the same tok)
102 336 Q(en from the same input e)-.1 E -.15(ve)-.25 G 2.5(na).15 G
(fter rebooting.)-2.5 E(The term "tok)102 360 Q(en mak)-.1 E
(er" refers to an implementation that generates a tok)-.1 E
(en and sends it to the peer as)-.1 E(speci\214ed in this document.)102
372 Q(The term "tok)102 396 Q(en tak)-.1 E
(er" refers to an implementation that stores such a tok)-.1 E
(en or a digest thereof, in order to)-.1 E -.15(ve)102 408 S
(rify that a ne).15 E 2.5(wt)-.25 G(ok)-2.5 E(en it recei)-.1 E -.15(ve)
-.25 G 2.5(si).15 G 2.5(si)-2.5 G(dentical to the old tok)-2.5 E
(en it has stored.)-.1 E(The term "non-v)102 432 Q(olatile storage" in \
this document refers to a data storage module, that persists across res\
tarts)-.2 E(of the tok)102 444 Q(en mak)-.1 E(er)-.1 E 5(.E)-.55 G(xamp\
les of such a storage module include an internal disk, an internal \215\
ash memory)-5 E(module, an e)102 456 Q(xternal disk and an e)-.15 E
(xternal database.)-.15 E 2.5(As)5 G(mall non-v)-2.5 E
(olatile storage module is required for a)-.2 E(tok)102 468 Q(en mak)-.1
E(er)-.1 E 2.5(,b)-.4 G(ut a lar)-2.7 E
(ger one can be used to enhance performance, as described in Section)
-.18 E(9.2.)5 E(Nir)72 696 Q 2.5(,e)-.4 G 2.5(ta)-2.5 G 143.305
(l. Expires)-2.5 F(January 12, 2011)2.5 E([P)149.725 E(age 4])-.15 E 0
Cg EP
PStoPSsaved restore
%%Page: (4) 5
userdict/PStoPSsaved save put
PStoPSmatrix setmatrix
0.000000 -28.346457 translate
userdict/PStoPSmatrix matrix currentmatrix put
userdict/PStoPSclip{0 0 moveto
 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto
 closepath}put initclip
PStoPSxform concat
%%BeginPageSetup
BP
%%EndPageSetup
/F0 10/Times-Roman@0 SF 130.145(Internet-Draft Quick)72 48 R
(Crash Detection)2.5 E(July 2010)149.005 E 2.5(2. RFC)72 84 R
(4306 Crash Reco)2.5 E -.15(ve)-.15 G(ry).15 E
(When one peer loses state or reboots, the other peer does not get an)
102 108 Q 2.5(yn)-.15 G(oti\214cation, so unidirectional IPsec)-2.5 E
(traf)102 120 Q(\214c can still \215o)-.25 E 3.8 -.65(w. T)-.25 H
(he rebooted peer will not be able to decrypt it, ho).65 E(we)-.25 E
-.15(ve)-.25 G .8 -.4(r, a).15 H(nd the only remedy is to).4 E
(send an unprotected INV)102 132 Q
(ALID_SPI noti\214cation as described in section 3.10.1 of [RFC4306].)
-1.35 E(That section)5 E
(also describes the processing of such a noti\214cation:)102 144 Q/F1 10
/Courier@0 SF("If this Informational Message is sent outside the)138 168
Q(context of an IKE_SA, it should be used by the recipient)114 180 Q
(only as a "hint" that something might be wrong \(because it)114 192 Q
(could easily be forged\).")114 204 Q(XML2PDFRFC-ENDARTWORK)150 216 Q(S\
ince the INVALID_SPI can only be used as a hint, the non-rebooted peer)
102 240 Q(has to determine whether the IPsec SA, and indeed the parent \
IKE SA are)102 252 Q(still valid.)102 264 Q
(The method of doing this is described in section 2.4 of)12 E 6
([RFC4306]. This)102 276 R
(method, called "liveness check" involves sending a)6 E
(protected empty INFORMATIONAL message, and awaiting a response.)102 288
Q(This)12 E
(procedure is sometimes referred to as "Dead Peer Detection" or DPD.)102
300 Q
(Section 2.4 does not mandate how many times the liveness check message)
102 324 Q
(should be retransmitted, or for how long, but does recommend the)102
336 Q(following:)102 348 Q("It is)462 372 Q
(suggested that messages be retransmitted at least a dozen times over)
108 384 Q 6(ap)108 396 S
(eriod of at least several minutes before giving up on an SA...")-6 E
(XML2PDFRFC-ENDARTWORK)150 408 Q(Those "at least several minutes" are a\
 time during which both peers are)102 432 Q
(active, but IPsec cannot be used.)102 444 Q 6(3. Protocol)72 480 R
(Outline)6 E
(Supporting implementations will send a notification, called a "QCD)102
504 Q(token", as described in Section 4.1 in the last IKE_AUTH exchange)
102 516 Q 6(messages. These)102 528 R
(are the final IKE_AUTH request and final IKE_AUTH)6 E
(response that contain the AUTH payloads.)102 540 Q
(The generation of these tokens)12 E(is a local matter for implementati\
ons, but considerations are described)102 552 Q(in Section 5.)102 564 Q
(Implementations that send such a token will be called)12 E
("token makers".)102 576 Q 6(As)102 600 S
(upporting implementation receiving such a token MUST store it \(or a)-6
E(digest thereof\) as part of the IKE SA.)102 612 Q
(Implementations that)12 E F0(Nir)72 696 Q 2.5(,e)-.4 G 2.5(ta)-2.5 G
143.305(l. Expires)-2.5 F(January 12, 2011)2.5 E([P)149.725 E(age 5])
-.15 E 0 Cg EP
PStoPSsaved restore
%%Page: (5) 6
userdict/PStoPSsaved save put
PStoPSmatrix setmatrix
0.000000 -28.346457 translate
userdict/PStoPSmatrix matrix currentmatrix put
userdict/PStoPSclip{0 0 moveto
 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto
 closepath}put initclip
PStoPSxform concat
%%BeginPageSetup
BP
%%EndPageSetup
/F0 10/Times-Roman@0 SF 130.145(Internet-Draft Quick)72 48 R
(Crash Detection)2.5 E(July 2010)149.005 E/F1 10/Courier@0 SF
(support this part of the protocol will be called "token takers".)102 84
Q(Section 9.1 has considerations for which implementations need to be t\
oken)102 96 Q(takers, and which should be token makers.)102 108 Q
(Implementation that are not)12 E
(token takers will silently ignore QCD tokens.)102 120 Q(When a token m\
aker receives a protected IKE request message with unknown)102 144 Q(IK\
E SPIs, it MUST generate a new token that is identical to the previous)
102 156 Q(token, and send it to the requesting peer in an unprotected I\
KE message)102 168 Q(as described in Section 4.5.)102 180 Q(When a toke\
n taker receives the QCD token in an unprotected notification,)102 204 Q
(it MUST verify that the TOKEN_SECRET_DATA matches the token stored in \
the)102 216 Q(matching IKE SA.)102 228 Q
(If the verification fails, or if the IKE SPIs in the)12 E
(message do not match any existing IKE SA, it SHOULD log the event.)102
240 Q(If it)12 E(succeeds, it MUST silently delete the IKE SA associate\
d with the IKE_SPI)102 252 Q(fields, and all dependant child SAs.)102
264 Q(This event MAY also be logged.)12 E(The)12 E
(token taker MUST accept such tokens from any IP address and port)102
276 Q(combination, so as to allow different kinds of high-availability)
102 288 Q(configurations of the token maker.)102 300 Q 6(As)102 324 S
(upporting token taker MAY immediately create new SAs using an Initial)
-6 E(exchange, or it may wait for subsequent traffic to trigger the cre\
ation)102 336 Q(of new SAs.)102 348 Q
(There is ongoing work on IKEv2 Session Resumption \([resumption]\).)102
372 Q(See)12 E(Section 8 for a short discussion about this extensions\
\264s interaction with)102 384 Q(session resumption.)102 396 Q 6
(4. Formats)72 432 R(and Exchanges)6 E 6(4.1. Notification)72 456 R
(Format)6 E
(The notification payload called "QCD token" is formatted as follows:)
102 480 Q 114(123)252 504 S 6(01234567890123456789012345678901)132 516 S
(+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+)126
528 Q 6(!N)126 540 S(ext Payload)-6 E 6(!C! RESERVED)12 F 54(!P)18 G
(ayload Length)-54 E(!)48 E
(+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+)126
552 Q 12(!P)126 564 S(rotocol ID)-12 E 18(!S)12 G(PI Size)-18 E 6(!Q)24
G(CD Token Notify Message Type !)-6 E
(+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+)126
576 Q 378(!!)126 588 S 138(~T)126 600 S 132(OKEN_SECRET_DATA ~)-138 F
378(!!)126 612 S
(+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+)126
624 Q(XML2PDFRFC-ENDARTWORK)162 636 Q F0(Nir)72 696 Q 2.5(,e)-.4 G 2.5
(ta)-2.5 G 143.305(l. Expires)-2.5 F(January 12, 2011)2.5 E([P)149.725 E
(age 6])-.15 E 0 Cg EP
PStoPSsaved restore
%%Page: (6) 7
userdict/PStoPSsaved save put
PStoPSmatrix setmatrix
0.000000 -28.346457 translate
userdict/PStoPSmatrix matrix currentmatrix put
userdict/PStoPSclip{0 0 moveto
 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto
 closepath}put initclip
PStoPSxform concat
%%BeginPageSetup
BP
%%EndPageSetup
/F0 10/Times-Roman@0 SF 130.145(Internet-Draft Quick)72 48 R
(Crash Detection)2.5 E(July 2010)149.005 E/F1 10/Courier@0 SF 24(oP)102
84 S(rotocol ID \(1 octet\) MUST be 1, as this message is related to an)
-24 E(IKE SA.)132 96 Q 24(oS)102 108 S
(PI Size \(1 octet\) MUST be zero, in conformance with section 3.10 of)
-24 E([RFC4306].)132 120 Q 24(oQ)102 132 S
(CD Token Notify Message Type \(2 octets\) - MUST be xxxxx, the value)
-24 E(assigned for QCD token notifications.)132 144 Q(TBA by IANA.)12 E
24(oT)102 156 S
(OKEN_SECRET_DATA \(16-128 octets\) contains a generated token as)-24 E
(described in Section 5.)132 168 Q 6(4.2. Passing)72 192 R 6(aT)6 G
(oken in the AUTH Exchange)-6 E(For brevity, only the EAP version of an\
 AUTH exchange will be presented)102 216 Q 6(here. The)102 228 R
(non-EAP version is very similar.)6 E(The figures below are based)12 E
(on appendix A.3 of [RFC4718].)102 240 Q F0(Nir)72 696 Q 2.5(,e)-.4 G
2.5(ta)-2.5 G 143.305(l. Expires)-2.5 F(January 12, 2011)2.5 E([P)
149.725 E(age 7])-.15 E 0 Cg EP
PStoPSsaved restore
%%Page: (7) 8
userdict/PStoPSsaved save put
PStoPSmatrix setmatrix
0.000000 -28.346457 translate
userdict/PStoPSmatrix matrix currentmatrix put
userdict/PStoPSclip{0 0 moveto
 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto
 closepath}put initclip
PStoPSxform concat
%%BeginPageSetup
BP
%%EndPageSetup
/F0 10/Times-Roman@0 SF 130.145(Internet-Draft Quick)72 48 R
(Crash Detection)2.5 E(July 2010)149.005 E/F1 10/Courier@0 SF
(first request)108 84 Q(--> IDi,)42 E([N\(INITIAL_CONTACT\)],)252 96 Q
([[N\(HTTP_CERT_LOOKUP_SUPPORTED\)], CERTREQ+],)252 108 Q([IDr],)252 120
Q([CP\(CFG_REQUEST\)],)252 132 Q([N\(IPCOMP_SUPPORTED\)+],)252 144 Q
([N\(USE_TRANSPORT_MODE\)],)252 156 Q
([N\(ESP_TFC_PADDING_NOT_SUPPORTED\)],)252 168 Q
([N\(NON_FIRST_FRAGMENTS_ALSO\)],)252 180 Q(SA, TSi, TSr,)252 192 Q
([V+])252 204 Q(first response)108 228 Q(<-- IDr, [CERT+], AUTH,)36 E
(EAP,)252 240 Q([V+])252 252 Q 6(/-)216 276 S(-> EAP)-6 E
(repeat 1..N times |)108 288 Q 6(\\<)216 300 S(-- EAP)-6 E(last request)
108 324 Q(--> AUTH)48 E([N\(QCD_TOKEN\)])252 336 Q(last response)108 360
Q(<-- AUTH,)42 E([N\(QCD_TOKEN\)])252 372 Q([CP\(CFG_REPLY\)],)252 384 Q
([N\(IPCOMP_SUPPORTED\)],)252 396 Q([N\(USE_TRANSPORT_MODE\)],)252 408 Q
([N\(ESP_TFC_PADDING_NOT_SUPPORTED\)],)252 420 Q
([N\(NON_FIRST_FRAGMENTS_ALSO\)],)252 432 Q(SA, TSi, TSr,)252 444 Q
([N\(ADDITIONAL_TS_POSSIBLE\)],)252 456 Q([V+])252 468 Q
(XML2PDFRFC-ENDARTWORK)162 480 Q(Note that the QCD_TOKEN notification i\
s marked as optional because it is)102 504 Q
(not required by this specification that every implementation be both)
102 516 Q(token maker and token taker.)102 528 Q
(If only one peer sends the QCD token, then)12 E 6(ar)102 540 S
(eboot of the other peer will not be recoverable by this method.)-6 E
(This)12 E
(may be acceptable if traffic typically originates from the other peer.)
102 552 Q(In any case, the lack of a QCD_TOKEN notification MUST NOT be\
 taken as an)102 576 Q
(indication that the peer does not support this standard.)102 588 Q
(Conversely, if)12 E 6(ap)102 600 S
(eer does not understand this notification, it will simply ignore it.)-6
E(Therefore a peer MAY send this notification freely, even if it does n\
ot)102 612 Q(know whether the other side supports it.)102 624 Q F0(Nir)
72 696 Q 2.5(,e)-.4 G 2.5(ta)-2.5 G 143.305(l. Expires)-2.5 F
(January 12, 2011)2.5 E([P)149.725 E(age 8])-.15 E 0 Cg EP
PStoPSsaved restore
%%Page: (8) 9
userdict/PStoPSsaved save put
PStoPSmatrix setmatrix
0.000000 -28.346457 translate
userdict/PStoPSmatrix matrix currentmatrix put
userdict/PStoPSclip{0 0 moveto
 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto
 closepath}put initclip
PStoPSxform concat
%%BeginPageSetup
BP
%%EndPageSetup
/F0 10/Times-Roman@0 SF 130.145(Internet-Draft Quick)72 48 R
(Crash Detection)2.5 E(July 2010)149.005 E/F1 10/Courier@0 SF(The QCD_T\
OKEN notification is related to the IKE SA and MUST follow the)102 84 Q
(AUTH payload and precede the Configuration payload and all payloads)102
96 Q(related to the child SA.)102 108 Q 6(4.3. Replacing)72 132 R
(Tokens After Rekey or Resumption)6 E(After rekeying an IKE SA, the IKE\
 SPIs are replaced, so the new SA also)102 156 Q(needs to have a token.)
102 168 Q(If only the responder in the rekey exchange is)12 E
(the token maker, this can be done within the CREATE_CHILD_SA exchange.)
102 180 Q
(If the initiator is a token maker, then we need an extra informational)
102 192 Q(exchange.)102 204 Q(The following figure shows the CREATE_CHI\
LD_SA exchange for rekeying the)102 228 Q(IKE SA.)102 240 Q
(Only the responder sends a QCD token.)12 E 72(request -->)120 264 R
(SA, Ni, [KEi])6 E 66(response <--)120 288 R
(SA, Nr, [KEr], N\(QCD_TOKEN\))6 E(XML2PDFRFC-ENDARTWORK)162 300 Q
(If the initiator is also a token maker, it SHOULD soon initiate an)102
324 Q(INFORMATIONAL exchange as follows:)102 336 Q 72(request -->)120
360 R(N\(QCD_TOKEN\))6 E 66(response <--)120 384 R
(XML2PDFRFC-ENDARTWORK)162 396 Q
(For session resumption, as specified in [resumption], the situation is)
102 420 Q 6(similar. The)102 432 R
(responder, which is necessarily the peer that has crashed,)6 E
(SHOULD send a new ticket within the protected payload of the)102 444 Q
(IKE_SESSION_RESUME exchange.)102 456 Q
(If the Initiator is also a token maker, it)12 E
(needs to send a QCD_TOKEN in a separate INFORMATIONAL exchange.)102 468
Q(The INFORMATIONAL exchange described in this section can also be used\
 if)102 492 Q(QCD tokens need to be replaced due to a key rollover.)102
504 Q(However, since)12 E(token takers are required to verify at least \
4 QCD tokens, this is only)102 516 Q
(necessary if secret QCD keys are rolled over more than four times as)
102 528 Q(often as IKE SAs are rekeyed.)102 540 Q 6(4.4. Replacing)72
564 R(the Token for an Existing SA)6 E
(With some token generation methods, such as that described in)102 588 Q
(Section 5.2, a QCD token may sometimes become invalid, although the IK\
E)102 600 Q(SA is still perfectly valid.)102 612 Q
(In such a case, the token maker MUST send the new token in a protected)
102 636 Q(message under that IKE SA.)102 648 Q
(That exchange could be a simple)12 E F0(Nir)72 696 Q 2.5(,e)-.4 G 2.5
(ta)-2.5 G 143.305(l. Expires)-2.5 F(January 12, 2011)2.5 E([P)149.725 E
(age 9])-.15 E 0 Cg EP
PStoPSsaved restore
%%Page: (9) 10
userdict/PStoPSsaved save put
PStoPSmatrix setmatrix
0.000000 -28.346457 translate
userdict/PStoPSmatrix matrix currentmatrix put
userdict/PStoPSclip{0 0 moveto
 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto
 closepath}put initclip
PStoPSxform concat
%%BeginPageSetup
BP
%%EndPageSetup
/F0 10/Times-Roman@0 SF 130.145(Internet-Draft Quick)72 48 R
(Crash Detection)2.5 E(July 2010)149.005 E/F1 10/Courier@0 SF
(INFORMATIONAL, such as in the last figure in the previous section, or)
102 84 Q
(else it can be part of a MOBIKE INFORMATIONAL exchange such as in the)
102 96 Q
(following figure taken from section 2.2 of [RFC4555] and modified by)
102 108 Q(adding a QCD_TOKEN notification:)102 120 Q
(\(IP_I2:4500 -> IP_R1:4500\))114 144 Q
(HDR, SK { N\(UPDATE_SA_ADDRESSES\),)114 156 Q
(N\(NAT_DETECTION_SOURCE_IP\),)174 168 Q
(N\(NAT_DETECTION_DESTINATION_IP\) })174 180 Q(-->)12 E
(<-- \(IP_R1:4500 -> IP_I2:4500\))246 204 Q
(HDR, SK { N\(NAT_DETECTION_SOURCE_IP\),)270 216 Q
(N\(NAT_DETECTION_DESTINATION_IP\) })300 228 Q
(<-- \(IP_R1:4500 -> IP_I2:4500\))246 252 Q
(HDR, SK { N\(COOKIE2\), [N\(QCD_TOKEN\)] })270 264 Q
(\(IP_I2:4500 -> IP_R1:4500\))114 288 Q
(HDR, SK { N\(COOKIE2\), [N\(QCD_TOKEN\)] })114 300 Q(-->)12 E
(XML2PDFRFC-ENDARTWORK)162 312 Q 6(At)102 336 S
(oken taker MUST accept such gratuitous QCD_TOKEN notifications as long)
-6 E(as they are carried in protected exchanges.)102 348 Q 6(At)12 G
(oken maker SHOULD NOT)-6 E(generate them unless it is no longer able t\
o generate the old QCD_TOKEN.)102 360 Q 6(4.5. Presenting)72 384 R
(the Token in an INFORMATIONAL Exchange)6 E(This QCD_TOKEN notification\
 is unprotected, and is sent as a response to)102 408 Q 6(ap)102 420 S
(rotected IKE request, which uses an IKE SA that is unknown.)-6 E 72
(request -->)156 444 R(N\(INVALID_IKE_SPI\), N\(QCD_TOKEN\)+)6 E
(XML2PDFRFC-ENDARTWORK)162 456 Q
(If child SPIs are persistently mapped to IKE SPIs as described in)102
480 Q(Section 9.2, a token taker may get the following unprotected mess\
age in)102 492 Q(response to an ESP or AH packet.)102 504 Q 72
(request -->)156 528 R(N\(INVALID_SPI\), N\(QCD_TOKEN\)+)6 E
(XML2PDFRFC-ENDARTWORK)162 540 Q
(The QCD_TOKEN and INVALID_IKE_SPI notifications are sent together to)
102 564 Q
(support both implementations that conform to this specification and)102
576 Q(implementations that don\264t.)102 588 Q
(Similar to the description in section 2.21)12 E(of [RFC4306], The IKE \
SPI and message ID fields in the packet headers are)102 600 Q
(taken from the protected IKE request.)102 612 Q
(To support a periodic rollover of the secret used for token)102 636 Q
F0(Nir)72 696 Q 2.5(,e)-.4 G 2.5(ta)-2.5 G 143.305(l. Expires)-2.5 F
(January 12, 2011)2.5 E([P)144.725 E(age 10])-.15 E 0 Cg EP
PStoPSsaved restore
%%Page: (10) 11
userdict/PStoPSsaved save put
PStoPSmatrix setmatrix
0.000000 -28.346457 translate
userdict/PStoPSmatrix matrix currentmatrix put
userdict/PStoPSclip{0 0 moveto
 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto
 closepath}put initclip
PStoPSxform concat
%%BeginPageSetup
BP
%%EndPageSetup
/F0 10/Times-Roman@0 SF 130.145(Internet-Draft Quick)72 48 R
(Crash Detection)2.5 E(July 2010)149.005 E/F1 10/Courier@0 SF
(generation, the token taker MUST support at least four QCD_TOKEN)102 84
Q(notifications in a single packet.)102 96 Q
(The token is considered verified if)12 E
(any of the QCD_TOKEN notifications matches.)102 108 Q
(The token maker MAY generate)12 E(up to four QCD_TOKEN notifications, \
based on several generations of keys.)102 120 Q
(If the QCD_TOKEN verifies OK, an empty response MUST be sent.)102 144 Q
(If the)12 E
(QCD_TOKEN cannot be validated, a response MUST NOT be sent.)102 156 Q
(Section 5)12 E(defines token verification.)102 168 Q 6(5. Token)72 204
R(Generation and Verification)6 E
(No token generation method is mandated by this document.)102 228 Q
(Two method are)12 E
(documented in the following sub-sections, but they only serve as)102
240 Q(examples.)102 252 Q(The following lists the requirements from a t\
oken generation mechanism:)102 276 Q 24(oT)102 288 S
(okens MUST be at least 16 octets long, and no more than 128 octets)-24
E(long, to facilitate storage and transmission.)132 300 Q
(Tokens SHOULD be)12 E(indistinguishable from random data.)132 312 Q 24
(oI)102 324 S 6(ts)-24 G
(hould not be possible for an external attacker to guess the QCD)-6 E
(token generated by an implementation.)132 336 Q
(Cryptographic mechanisms such)12 E
(as PRNG and hash functions are RECOMMENDED.)132 348 Q 24(oT)102 360 S
(he token maker, MUST be able to re-generate or retrieve the token)-24 E
(based on the IKE SPIs even after it reboots.)132 372 Q 6(5.1. A)72 396
R(Stateless Method of Token Generation)6 E
(This describes a stateless method of generating a token:)102 420 Q 24
(oA)102 432 S 6(ti)-24 G
(nstallation or immediately after the first boot of the token)-6 E
(maker, 32 random octets are generated using a secure random number)132
444 Q(generator or a PRNG.)132 456 Q 24(oT)102 468 S
(hose 32 bytes, called the "QCD_SECRET", are stored in non- volatile)-24
E(storage on the machine, and kept indefinitely.)132 480 Q 24(oI)102 492
S 6(fk)-24 G(ey rollover is required by policy, the implementation MAY)
-6 E(periodically generate a new QCD_SECRET and keep up to 3 previous)
132 504 Q 6(generations. When)132 516 R
(sending an unprotected QCD_TOKEN, as many as 4)6 E
(notification payloads may be sent, each from a different QCD_SECRET.)
132 528 Q 24(oT)102 540 S
(he TOKEN_SECRET_DATA is calculated as follows:)-24 E
(TOKEN_SECRET_DATA = HASH\(QCD_SECRET | SPI-I | SPI-R\))156 576 Q
(XML2PDFRFC-ENDARTWORK)162 600 Q F0(Nir)72 696 Q 2.5(,e)-.4 G 2.5(ta)
-2.5 G 143.305(l. Expires)-2.5 F(January 12, 2011)2.5 E([P)144.725 E
(age 11])-.15 E 0 Cg EP
PStoPSsaved restore
%%Page: (11) 12
userdict/PStoPSsaved save put
PStoPSmatrix setmatrix
0.000000 -28.346457 translate
userdict/PStoPSmatrix matrix currentmatrix put
userdict/PStoPSclip{0 0 moveto
 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto
 closepath}put initclip
PStoPSxform concat
%%BeginPageSetup
BP
%%EndPageSetup
/F0 10/Times-Roman@0 SF 130.145(Internet-Draft Quick)72 48 R
(Crash Detection)2.5 E(July 2010)149.005 E/F1 10/Courier@0 SF 6(5.2. A)
72 84 R(Stateless Method with IP addresses)6 E
(This method is similar to the one in the previous section, except that)
102 108 Q
(the IP address of the token taker is also added to the block being)102
120 Q 6(hashed. This)102 132 R
(has the disadvantage that the token needs to be replaced)6 E
(\(as described in Section 4.4\) whenever the token taker changes its)
102 144 Q(address.)102 156 Q
(The reason to use this method is described in Section 9.3.)102 180 Q
(When using)12 E
(this method, the TOKEN_SECRET_DATA field is calculated as follows:)102
192 Q(TOKEN_SECRET_DATA = HASH\(QCD_SECRET | SPI-I | SPI-R | IPaddr-T\))
138 228 Q(XML2PDFRFC-ENDARTWORK)162 252 Q
(The IPaddr-T field specifies the IP address of the token taker.)102 276
Q(Secret)12 E
(rollover considerations are similar to those in the previous section.)
102 288 Q 6(5.3. Token)72 312 R(Lifetime)6 E
(The token is associated with a single IKE SA, and SHOULD be deleted by)
102 336 Q(the token taker when the SA is deleted or expires.)102 348 Q
(More formally, the)12 E
(token is associated with the pair \(SPI-I, SPI-R\).)102 360 Q 6
(6. Backup)72 396 R(Gateways)6 E
(Making crash detection and recovery quick is a worthy goal, but since)
102 420 Q(rebooting a gateway takes a non-zero amount of time, many imp\
lementations)102 432 Q
(choose to have a stand-by gateway ready to take over as soon as the)102
444 Q(primary gateway fails for any reason.)102 456 Q(If such a configu\
ration is available, it is RECOMMENDED that the stand-by)102 480 Q(gate\
way be able to generate the same token as the active gateway. if the)102
492 Q(method described in Section 5.1 is used, this means that the QCD_\
SECRET)102 504 Q(field is identical in both gateways.)102 516 Q
(This has the effect of having the)12 E
(crash recovery available immediately.)102 528 Q(Note that this refers \
to "high availability" configurations, where only)102 552 Q
(one gateway is active at any given moment.)102 564 Q
(This is different from "load)12 E(sharing" configurations where more t\
han one gateway is active at the same)102 576 Q 6(time. This)102 588 R
(is also different from high availability configurations where)6 E
(the SAs are synchronized.)102 600 Q
(For load sharing configurations, please see)12 E
(Section 10.2 for security considerations.)102 612 Q F0(Nir)72 696 Q 2.5
(,e)-.4 G 2.5(ta)-2.5 G 143.305(l. Expires)-2.5 F(January 12, 2011)2.5 E
([P)144.725 E(age 12])-.15 E 0 Cg EP
PStoPSsaved restore
%%Page: (12) 13
userdict/PStoPSsaved save put
PStoPSmatrix setmatrix
0.000000 -28.346457 translate
userdict/PStoPSmatrix matrix currentmatrix put
userdict/PStoPSclip{0 0 moveto
 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto
 closepath}put initclip
PStoPSxform concat
%%BeginPageSetup
BP
%%EndPageSetup
/F0 10/Times-Roman@0 SF 130.145(Internet-Draft Quick)72 48 R
(Crash Detection)2.5 E(July 2010)149.005 E/F1 10/Courier@0 SF 6
(7. Alternative)72 84 R(Solutions)6 E 6(7.1. Initiating)72 108 R 6(an)6
G(ew IKE SA)-6 E(Instead of sending a QCD token, we could have the rebo\
oted implementation)102 132 Q
(start an Initial exchange with the peer, including the INITIAL_CONTACT)
102 144 Q 6(notification. This)102 156 R
(would have the same effect, instructing the peer to)6 E
(erase the old IKE SA, as well as establishing a new IKE SA with fewer)
102 168 Q(rounds.)102 180 Q(The disadvantage here, is that in IKEv2 an \
authentication exchange MUST)102 204 Q
(have a piggy-backed Child SA set up.)102 216 Q
(Since our use case is such that the)12 E(rebooted implementation does \
not have traffic flowing to the peer, there)102 228 Q
(are no good selectors for such a Child SA.)102 240 Q
(Additionally, when authentication is asymmetric, such as when EAP is)
102 264 Q(used, it is not possible for the rebooted implementation to i\
nitiate IKE.)102 276 Q 6(7.2. Birth)72 300 R(Certificates)6 E
(Birth Certificates is a method of crash detection that has never been)
102 324 Q(formally defined.)102 336 Q
(Bill Sommerfeld suggested this idea in a mail to the)12 E(IPsec mailin\
g list on August 7, 2000, in a thread discussing methods of)102 348 Q
(crash detection:)102 360 Q
(If we have the system sign a "birth certificate" when it)126 384 Q
(reboots \(including a reboot time or boot sequence number\),)126 396 Q
(we could include that with a "bad spi" ICMP error and in)126 408 Q
(the negotiation of the IKE SA.)126 420 Q(XML2PDFRFC-ENDARTWORK)162 432
Q(We believe that this method would have some problems.)102 456 Q
(First, it requires)12 E
(Alice to store the certificate, so as to be able to compare the public)
102 468 Q 6(keys. That)102 480 R
(requires more storage than does a QCD token.)6 E(Additionally,)12 E(th\
e public-key operations needed to verify the self- signed certificates)
102 492 Q(are more expensive for Alice.)102 504 Q(We believe that a sym\
metric-key operation such as proposed here is more)102 528 Q(light-weig\
ht and simple than that implied by the Birth Certificate idea.)102 540 Q
6(7.3. Reducing)72 564 R(Liveness Check Length)6 E
(Some have suggested that the RFC 4306 procedure described in Section 2)
102 588 Q(can be tweaked by requiring fewer retransmissions over a shor\
ter period)102 600 Q(of time for cases of liveness check started becaus\
e of an INVALID_SPI or)102 612 Q(INVALID_IKE_SPI notification.)102 624 Q
F0(Nir)72 696 Q 2.5(,e)-.4 G 2.5(ta)-2.5 G 143.305(l. Expires)-2.5 F
(January 12, 2011)2.5 E([P)144.725 E(age 13])-.15 E 0 Cg EP
PStoPSsaved restore
%%Page: (13) 14
userdict/PStoPSsaved save put
PStoPSmatrix setmatrix
0.000000 -28.346457 translate
userdict/PStoPSmatrix matrix currentmatrix put
userdict/PStoPSclip{0 0 moveto
 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto
 closepath}put initclip
PStoPSxform concat
%%BeginPageSetup
BP
%%EndPageSetup
/F0 10/Times-Roman@0 SF 130.145(Internet-Draft Quick)72 48 R
(Crash Detection)2.5 E(July 2010)149.005 E/F1 10/Courier@0 SF(We believ\
e that the default retransmission policy should represent a good)102 84
Q(balance between the need for a timely discovery of a dead peer, and a\
 low)102 96 Q(probability of false detection.)102 108 Q
(We expect the policy to be set to take)12 E(the shortest time such tha\
t this probability achieves a certain target.)102 120 Q(Therefore, redu\
cing elapsed time and retransmission count will create an)102 132 Q
(unacceptably high probability of false detection, and this can be)102
144 Q(triggered by a single INVALID_IKE_SPI notification.)102 156 Q(Add\
itionally, even if the retransmission policy is reduced to, say, one)102
180 Q
(minute, it is still a very noticeable delay from a human perspective,)
102 192 Q(from the time that the gateway has come up until the tunnels \
are active,)102 204 Q(or from the time the backup gateway has taken ove\
r until the tunnels are)102 216 Q(active.)102 228 Q 6(8. Interaction)72
264 R(with Session Resumption)6 E(Session Resumption, specified in [res\
umption] proposes to make setting up)102 288 Q 6(an)102 300 S
(ew IKE SA consume less computing resources.)-6 E(This is particularly)
12 E
(useful in the case of a remote access gateway that has many tunnels.)
102 312 Q(A)12 E
(failure of such a gateway would require all these many remote access)
102 324 Q(clients to establish an IKE SA either with the rebooted gatew\
ay or with a)102 336 Q(backup gateway.)102 348 Q
(This tunnel re- establishment should occur within a)12 E
(short period of time, creating a burden on the remote access gateway.)
102 360 Q(Session Resumption addresses this problem by having the clien\
ts store an)102 372 Q
(encrypted derivative of the IKE SA for quick re-establishment.)102 384
Q(What Session Resumption does not help, is the problem of detecting th\
at)102 408 Q(the peer gateway has failed.)102 420 Q 6(Af)12 G
(ailed gateway may go undetected for as)-6 E
(long as the lifetime of a child SA, because IPsec does not have packet)
102 432 Q(acknowledgement, and applications cannot signal the IPsec lay\
er that the)102 444 Q(tunnel "does not work".)102 456 Q
(Before establishing a new IKE SA using Session)12 E(Resumption, a clie\
nt should ascertain that the gateway has indeed failed.)102 468 Q
(This could be done using either a liveness check \(as in RFC 4306\) or)
102 480 Q(using the QCD tokens described in this document.)102 492 Q 6
(Ar)102 516 S
(emote access client conforming to both specifications will store QCD)-6
E(tokens, as well as the Session Resumption ticket, if provided by the)
102 528 Q 6(gateway. A)102 540 R
(remote access gateway conforming to both specifications will)6 E
(generate a QCD token for the client.)102 552 Q
(When the gateway reboots, the)12 E
(client will discover this in either of two ways:)102 564 Q 6(1. The)102
576 R(client does regular liveness checks, or else the time for some)6 E
(other IKE exchange has come.)142 588 Q
(Since the gateway is still down, the)12 E
(IKE exchange times out after several minutes.)142 600 Q
(In this case QCD)12 E(does not help.)142 612 Q F0(Nir)72 696 Q 2.5(,e)
-.4 G 2.5(ta)-2.5 G 143.305(l. Expires)-2.5 F(January 12, 2011)2.5 E([P)
144.725 E(age 14])-.15 E 0 Cg EP
PStoPSsaved restore
%%Page: (14) 15
userdict/PStoPSsaved save put
PStoPSmatrix setmatrix
0.000000 -28.346457 translate
userdict/PStoPSmatrix matrix currentmatrix put
userdict/PStoPSclip{0 0 moveto
 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto
 closepath}put initclip
PStoPSxform concat
%%BeginPageSetup
BP
%%EndPageSetup
/F0 10/Times-Roman@0 SF 130.145(Internet-Draft Quick)72 48 R
(Crash Detection)2.5 E(July 2010)149.005 E/F1 10/Courier@0 SF 6
(2. Either)102 84 R
(the primary gateway or a backup gateway \(see Section 6\) is)6 E
(ready and sends a QCD token to the client.)142 96 Q(In that case the)12
E(client will quickly re-establish the IPsec tunnel, either with the)142
108 Q(rebooted primary gateway or the backup gateway as described in)142
120 Q(this document.)142 132 Q
(The full combined protocol looks like this:)102 156 Q 90
(Initiator Responder)132 180 R 78(----------- -----------)132 192 R
(HDR, SAi1, KEi, Ni)126 204 Q(-->)12 E 18(<-- HDR,)246 228 R
(SAr1, KEr, Nr, [CERTREQ])6 E(HDR, SK {IDi, [CERT,])126 252 Q
([CERTREQ,] [IDr,])126 264 Q(AUTH, N\(QCD_TOKEN\))126 276 Q
(SAi2, TSi, TSr,)126 288 Q 6(N\(TICKET_REQUEST\)} -->)126 300 R 18
(<-- HDR,)246 312 R(SK {IDr, [CERT,] AUTH,)6 E
(N\(QCD_TOKEN\), SAr2, TSi, TSr,)288 324 Q(N\(TICKET_LT_OPAQUE\) })288
336 Q(---- Reboot -----)180 360 Q(HDR, {})126 384 Q(-->)78 E 6(<-- HDR,)
246 396 R(N\(QCD_TOKEN\))6 E(HDR, [N\(COOKIE\),])126 420 Q
(Ni, N\(TICKET_OPAQUE\))126 432 Q 84([,N+] -->)126 444 R 6(<-- HDR,)246
456 R(Nr [,N+])6 E(XML2PDFRFC-ENDARTWORK)162 480 Q 6(9. Operational)72
516 R(Considerations)6 E 6(9.1. Who)72 540 R
(should implement this specification)6 E(Throughout this document, we h\
ave referred to reboot time alternatingly)102 564 Q(as the time that th\
e implementation crashes and the time when it is ready)102 576 Q
(to process IPsec packets and IKE exchanges.)102 588 Q
(Depending on the hardware)12 E
(and software platforms and the cause of the reboot, rebooting may take)
102 600 Q(anywhere from a few seconds to several minutes.)102 612 Q
(If the implementation is)12 E(down for a long time, the benefit of thi\
s protocol extension is reduced.)102 624 Q
(For this reason critical systems should implement backup gateways as)
102 636 Q(described in Section 6.)102 648 Q F0(Nir)72 696 Q 2.5(,e)-.4 G
2.5(ta)-2.5 G 143.305(l. Expires)-2.5 F(January 12, 2011)2.5 E([P)
144.725 E(age 15])-.15 E 0 Cg EP
PStoPSsaved restore
%%Page: (15) 16
userdict/PStoPSsaved save put
PStoPSmatrix setmatrix
0.000000 -28.346457 translate
userdict/PStoPSmatrix matrix currentmatrix put
userdict/PStoPSclip{0 0 moveto
 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto
 closepath}put initclip
PStoPSxform concat
%%BeginPageSetup
BP
%%EndPageSetup
/F0 10/Times-Roman@0 SF 130.145(Internet-Draft Quick)72 48 R
(Crash Detection)2.5 E(July 2010)149.005 E/F1 10/Courier@0 SF
(Implementing the "token maker" side of QCD makes sense for IKE)102 84 Q
(implementation where protected connections originate from the peer, su\
ch)102 96 Q(as inter-domain VPNs and remote access gateways.)102 108 Q
(Implementing the "token)12 E
(taker" side of QCD makes sense for IKE implementations where protected)
102 120 Q
(connections originate, such as inter-domain VPNs and remote access)102
132 Q(clients.)102 144 Q(To clarify the requirements:)102 168 Q 24(oA)
102 180 S(remote-access client MUST be a token taker and MAY be a token)
-18 E(maker.)132 192 Q 24(oA)102 204 S
(remote-access gateway MAY be a token taker and MUST be a token)-18 E
(maker.)132 216 Q 24(oA)102 228 S 6(ni)-24 G
(nter-domain VPN gateway MUST be both token maker and token)-6 E(taker.)
132 240 Q(In order to limit the effects of DoS attacks, a token taker S\
HOULD limit)102 264 Q
(the rate of QCD_TOKENs verified from a particular source.)102 276 Q
(If excessive amounts of IKE requests protected with unknown IKE SPIs)
102 300 Q
(arrive at a token maker, the IKE module SHOULD revert to the behavior)
102 312 Q(described in section 2.21 of [RFC4306] and either send an INV\
ALID_IKE_SPI)102 324 Q(notification, or ignore it entirely.)102 336 Q 6
(9.2. Response)72 360 R(to unknown child SPI)6 E(After a reboot, it is \
more likely that an implementation receives IPsec)102 384 Q
(packets than IKE packets.)102 396 Q
(In that case, the rebooted implementation will)12 E
(send an INVALID_SPI notification, triggering a liveness check.)102 408
Q(The token)12 E(will only be sent in a response to the liveness check,\
 thus requiring an)102 420 Q(extra round-trip.)102 432 Q(To avoid this,\
 an implementation that has access to non-volatile storage)102 456 Q
(MAY store a mapping of child SPIs to owning IKE SPIs, or to generated)
102 468 Q 6(tokens. If)102 480 R
(such a mapping is available and persistent across reboots,)6 E
(the rebooted implementation SHOULD respond to the IPsec packet with an)
102 492 Q
(INVALID_SPI notification, along with the appropriate QCD_Token)102 504
Q 6(notifications. A)102 516 R
(token taker SHOULD verify the QCD token that arrives)6 E(with an INVAL\
ID_SPI notification the same as if it arrived with the IKE)102 528 Q
(SPIs of the parent IKE SA.)102 540 Q
(However, a persistent storage module might not be updated in a timely)
102 564 Q(manner, and could be populated with tokens relating to IKE SP\
Is that have)102 576 Q(already been rekeyed.)102 588 Q 6(At)12 G
(oken taker MUST NOT take an invalid QCD Token)-6 E(sent along with an \
INVALID_SPI notification as evidence that the peer is)102 600 Q(either \
malfunctioning or attacking, but it SHOULD limit the rate at which)102
612 Q(such notifications are processed.)102 624 Q F0(Nir)72 696 Q 2.5
(,e)-.4 G 2.5(ta)-2.5 G 143.305(l. Expires)-2.5 F(January 12, 2011)2.5 E
([P)144.725 E(age 16])-.15 E 0 Cg EP
PStoPSsaved restore
%%Page: (16) 17
userdict/PStoPSsaved save put
PStoPSmatrix setmatrix
0.000000 -28.346457 translate
userdict/PStoPSmatrix matrix currentmatrix put
userdict/PStoPSclip{0 0 moveto
 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto
 closepath}put initclip
PStoPSxform concat
%%BeginPageSetup
BP
%%EndPageSetup
/F0 10/Times-Roman@0 SF 130.145(Internet-Draft Quick)72 48 R
(Crash Detection)2.5 E(July 2010)149.005 E/F1 10/Courier@0 SF 6
(9.3. Using)72 84 R(Tokens that Depend on IP Addresses)6 E(This section\
 describes the rationale for token generation methods such as)102 108 Q
(the one described in Section 5.2.)102 120 Q
(Note that this section merely provides)12 E 6(ap)102 132 S
(ossible rationale, and does not specify or recommend any kind of)-6 E
(configuration.)102 144 Q
(Some configurations of security gateway use a load-sharing cluster of)
102 168 Q(hosts, all sharing the same IP addresses, where the SAs \(IKE\
 and child\))102 180 Q
(are not synchronized between the cluster members.)102 192 Q(In such a)
12 E(configuration, a single member does not know about all the IKE SAs\
 that)102 204 Q(are active for the configuration.)102 216 Q 6(Al)12 G
(oad balancer \(usually a networking)-6 E
(switch\) sends IKE and IPsec packets to the several members based on)
102 228 Q(source IP address.)102 240 Q
(In such a configuration, an attacker can send a forged protected IKE)
102 264 Q(packet with the IKE SPIs of an existing IKE SA, but from a di\
fferent IP)102 276 Q 6(address. This)102 288 R
(packet will likely be processed by a different cluster)6 E
(member from the one that owns the IKE SA.)102 300 Q
(Since no IKE SA state is)12 E
(stored on this member, it will send a QCD token to the attacker.)102
312 Q(If the)12 E
(QCD token does not depend on IP address, this token can immediately be)
102 324 Q(used to tell the token taker to tear down the IKE SA using an\
 unprotected)102 336 Q(QCD_TOKEN notification.)102 348 Q(To thwart this\
 possible attack, such configurations should use a method)102 372 Q(tha\
t considers the taker\264s IP address, such as the method described in)
102 384 Q(Section 5.2.)102 396 Q 6(10. Security)72 432 R(Considerations)
6 E 6(10.1. QCD)72 456 R(Token Generation and Handling)6 E
(Tokens MUST be hard to guess.)102 480 Q
(This is critical, because if an attacker)12 E(can guess the token asso\
ciated with an IKE SA, she can tear down the IKE)102 492 Q
(SA and associated tunnels at will.)102 504 Q
(When the token is delivered in the)12 E
(IKE_AUTH exchange, it is encrypted.)102 516 Q
(When it is sent again in an)12 E(unprotected notification, it is not, \
but that is the last time this token)102 528 Q(is ever used.)102 540 Q
(An aggregation of some tokens generated by one maker together with the)
102 564 Q
(related IKE SPIs MUST NOT give an attacker the ability to guess other)
102 576 Q 6(tokens. Specifically,)102 588 R
(if one taker does not properly secure the QCD)6 E
(tokens and an attacker gains access to them, this attacker MUST NOT be)
102 600 Q(able to guess other tokens generated by the same maker.)102
612 Q(This is the)12 E(reason that the QCD_SECRET in Section 5.1 needs \
to be sufficiently long.)102 624 Q F0(Nir)72 696 Q 2.5(,e)-.4 G 2.5(ta)
-2.5 G 143.305(l. Expires)-2.5 F(January 12, 2011)2.5 E([P)144.725 E
(age 17])-.15 E 0 Cg EP
PStoPSsaved restore
%%Page: (17) 18
userdict/PStoPSsaved save put
PStoPSmatrix setmatrix
0.000000 -28.346457 translate
userdict/PStoPSmatrix matrix currentmatrix put
userdict/PStoPSclip{0 0 moveto
 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto
 closepath}put initclip
PStoPSxform concat
%%BeginPageSetup
BP
%%EndPageSetup
/F0 10/Times-Roman@0 SF 130.145(Internet-Draft Quick)72 48 R
(Crash Detection)2.5 E(July 2010)149.005 E/F1 10/Courier@0 SF
(The token taker MUST store the token in a secure manner.)102 84 Q
(No attacker)12 E(should be able to gain access to a stored token.)102
96 Q(The QCD_SECRET MUST be protected from access by other parties.)102
120 Q(Anyone)12 E(gaining access to this value will be able to delete a\
ll the IKE SAs for)102 132 Q(this token maker.)102 144 Q
(The QCD token is sent by the rebooted peer in an unprotected message.)
102 168 Q(A)12 E(message like that is subject to modification, deletion\
 and replay by an)102 180 Q 6(attacker. However,)102 192 R
(these attacks will not compromise the security of)6 E(either side.)102
204 Q(Modification is meaningless because a modified token is)12 E
(simply an invalid token.)102 216 Q
(Deletion will only cause the protocol not to)12 E
(work, resulting in a delay in tunnel re- establishment as described in)
102 228 Q(Section 2.)102 240 Q
(Replay is also meaningless, because the IKE SA has been)12 E
(deleted after the first transmission.)102 252 Q 6(10.2. QCD)72 276 R
(Token Transmission)6 E 6(At)102 300 S
(oken maker MUST NOT send a QCD token in an unprotected message for an)
-6 E(existing IKE SA.)102 312 Q
(This implies that a conforming QCD token maker MUST be)12 E(able to te\
ll whether a particular pair of IKE SPIs represent a valid IKE)102 324 Q
(SA.)102 336 Q
(This requirement is obvious and easy in the case of a single gateway.)
102 360 Q
(However, some implementations use a load balancer to divide the load)
102 372 Q(between several physical gateways.)102 384 Q
(It MUST NOT be possible even in such)12 E 6(ac)102 396 S
(onfiguration to trick one gateway into sending a QCD token for an IKE)
-6 E(SA which is valid on another gateway.)102 408 Q(This document does\
 not specify how a load sharing sharing configuration)102 432 Q(of IPse\
c gateways would work, but in order to support this specification,)102
444 Q
(all members MUST be able to tell whether a particular IKE SA is active)
102 456 Q(anywhere in the cluster.)102 468 Q
(One way to do it is to synchronize a list of)12 E
(active IKE SPIs among all the cluster members.)102 480 Q 6(10.3. QCD)72
504 R(Token Enumeration)6 E(An attacker may try to attack QCD if the ge\
neration algorithm described)102 528 Q(in Section 5.1 is used.)102 540 Q
(The attacker will send several fake IKE requests)12 E
(to the gateway under attack, receiving and recording the QCD Tokens in)
102 552 Q(the responses.)102 564 Q
(This will allow the attacker to create a dictionary of)12 E(IKE SPIs t\
o QCD Tokens, which can later be used to tear down any IKE SA.)102 576 Q
(Three factors mitigate this threat:)102 600 Q F0(Nir)72 696 Q 2.5(,e)
-.4 G 2.5(ta)-2.5 G 143.305(l. Expires)-2.5 F(January 12, 2011)2.5 E([P)
144.725 E(age 18])-.15 E 0 Cg EP
PStoPSsaved restore
%%Page: (18) 19
userdict/PStoPSsaved save put
PStoPSmatrix setmatrix
0.000000 -28.346457 translate
userdict/PStoPSmatrix matrix currentmatrix put
userdict/PStoPSclip{0 0 moveto
 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto
 closepath}put initclip
PStoPSxform concat
%%BeginPageSetup
BP
%%EndPageSetup
/F0 10/Times-Roman@0 SF 130.145(Internet-Draft Quick)72 48 R
(Crash Detection)2.5 E(July 2010)149.005 E/F1 10/Courier@0 SF 24(oT)102
84 S(he space of all possible IKE SPI pairs is huge: 2^128, so making)
-24 E(such a dictionary is impractical.)132 96 Q
(Even if we assume that one)12 E
(implementation is faulty and always generates predictable IKE SPIs,)132
108 Q
(the space is still at least 2^64 entries, so making the dictionary)132
120 Q(is extremely hard.)132 132 Q 24(oT)102 144 S
(hrottling the amount of QCD_TOKEN notifications sent out, as)-24 E
(discussed in Section 9.1, especially when not soon after a crash)132
156 Q(will limit the attacker\264s ability to construct a dictionary.)
132 168 Q 24(oT)102 180 S
(he methods in Section 5.1 and Section 5.2 allow for a periodic)-24 E
(change of the QCD_SECRET.)132 192 Q
(Any such change invalidates the entire)12 E(dictionary.)132 204 Q 6
(11. IANA)72 240 R(Considerations)6 E(IANA is requested to assign a not\
ify message type from the status types)102 264 Q(range \(16406-40959\) \
of the "IKEv2 Notify Message Types" registry with)102 276 Q
(name "QUICK_CRASH_DETECTION".)102 288 Q 6(12. Acknowledgements)72 324 R
(We would like to thank Hannes Tschofenig and Yaron Sheffer for their)
102 348 Q(comments about Session Resumption.)102 360 Q 6(13. Change)72
396 R(Log)6 E(This section lists all changes in this document)102 420 Q
(NOTE TO RFC EDITOR : Please remove this section in the final RFC)102
444 Q 6(13.1. Changes)72 468 R(from draft-nir-ike-qcd-03 and -04)6 E
(Mostly editorial changes and cleaning up.)102 492 Q 6(13.2. Changes)72
516 R(from draft-nir-ike-qcd-02)6 E 24(oD)102 540 S
(escribed QCD token enumeration, following a question by Lakshminath)-24
E(Dondeti.)132 552 Q 24(oA)102 564 S
(dded the ability to replace the QCD token for an existing IKE SA.)-24 E
24(oA)102 576 S
(dded tokens dependant on peer IP address and their interaction with)-24
E(MOBIKE.)132 588 Q 6(13.3. Changes)72 612 R(from draft-nir-ike-qcd-01)6
E F0(Nir)72 696 Q 2.5(,e)-.4 G 2.5(ta)-2.5 G 143.305(l. Expires)-2.5 F
(January 12, 2011)2.5 E([P)144.725 E(age 19])-.15 E 0 Cg EP
PStoPSsaved restore
%%Page: (19) 20
userdict/PStoPSsaved save put
PStoPSmatrix setmatrix
0.000000 -28.346457 translate
userdict/PStoPSmatrix matrix currentmatrix put
userdict/PStoPSclip{0 0 moveto
 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto
 closepath}put initclip
PStoPSxform concat
%%BeginPageSetup
BP
%%EndPageSetup
/F0 10/Times-Roman@0 SF 130.145(Internet-Draft Quick)72 48 R
(Crash Detection)2.5 E(July 2010)149.005 E/F1 10/Courier@0 SF 24(oR)102
84 S(emoved stateless method.)-24 E 24(oA)102 96 S
(dded discussion of rekeying and resumption.)-24 E 24(oA)102 108 S
(dded discussion of non-synchronized load-balanced clusters of)-24 E
(gateways in the security considerations.)132 120 Q 24(oO)102 132 S
(ther wording fixes.)-24 E 6(13.4. Changes)72 156 R
(from draft-nir-ike-qcd-00)6 E 24(oM)102 180 S
(erged proposal with draft-detienne-ikev2-recovery [recovery])-24 E 24
(oC)102 192 S
(hanged the protocol so that the rebooted peer generates the token.)-24
E(This has the effect, that the need for persistent storage is)132 204 Q
(eliminated.)132 216 Q 24(oA)102 228 S
(dded discussion of birth certificates.)-24 E 6(13.5. Changes)72 252 R
(from draft-nir-qcr-00)6 E 24(oC)102 276 S
(hanged name to reflect that this relates to IKE.)-24 E
(Also changed from)12 E
(quick crash recovery to quick crash detection to avoid confusion)132
288 Q(with IFARE.)132 300 Q 24(oA)102 312 S
(dded more operational considerations.)-24 E 24(oA)102 324 S
(dded interaction with IFARE.)-24 E 24(oA)102 336 S
(dded discussion of backup gateways.)-24 E 6(14. References)72 372 R 6
(14.1. Normative)72 396 R(References)6 E 6([RFC2119] Bradner,)102 420 R
(S., "Key words for use in RFCs to Indicate)6 E
(Requirement Levels", BCP 14, RFC 2119, March 1997.)212 432 Q 6
([RFC4306] Kaufman,)102 456 R
(C., "Internet Key Exchange \(IKEv2\) Protocol",)6 E
(RFC 4306, December 2005.)212 468 Q 6([RFC4555] Eronen,)102 492 R
(P., "IKEv2 Mobility and Multihoming Protocol)6 E
(\(MOBIKE\)", RFC 4555, June 2006.)212 504 Q 6([RFC4718] Eronen,)102 528
R(P. and P. Hoffman, "IKEv2 Clarifications and)6 E
(Implementation Guidelines", RFC 4718, October 2006.)212 540 Q 6
(14.2. Informative)72 564 R(References)6 E([recovery])102 588 Q
(Detienne, F., Sethi, P., and Y. Nir, "Safe IKE)212 600 Q
(Recovery", draft-detienne-ikev2-recovery \(work in)212 612 Q
(progress\), August 2008.)212 624 Q([resumption])102 648 Q F0(Nir)72 696
Q 2.5(,e)-.4 G 2.5(ta)-2.5 G 143.305(l. Expires)-2.5 F(January 12, 2011)
2.5 E([P)144.725 E(age 20])-.15 E 0 Cg EP
PStoPSsaved restore
%%Page: (20) 21
userdict/PStoPSsaved save put
PStoPSmatrix setmatrix
0.000000 -28.346457 translate
userdict/PStoPSmatrix matrix currentmatrix put
userdict/PStoPSclip{0 0 moveto
 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto
 closepath}put initclip
PStoPSxform concat
%%BeginPageSetup
BP
%%EndPageSetup
/F0 10/Times-Roman@0 SF 130.145(Internet-Draft Quick)72 48 R
(Crash Detection)2.5 E(July 2010)149.005 E/F1 10/Courier@0 SF
(Sheffer, Y. and H. Tschofenig, "IKEv2 Session)212 84 Q
(Resumption", draft-ietf-ipsecme-ikev2-resumption \(work)212 96 Q
(in progress\), June 2009.)212 108 Q(Authors\264 Addresses)72 144 Q
(Yoav Nir)102 168 Q(Check Point Software Technologies Ltd.)102 180 Q 6
(5H)102 192 S(asolelim st.)-6 E(Tel Aviv)102 204 Q(67897)12 E(Israel)102
216 Q(Email: ynir@checkpoint.com)102 240 Q(Frederic Detienne)102 276 Q
(Cisco Systems, Inc.)102 288 Q(De Kleetlaan, 7)102 300 Q 6
(Diegem B-1831)102 312 R(Belgium)102 324 Q(Phone: +32 2 704 5681)102 348
Q(Email: fd@cisco.com)102 360 Q(Pratima Sethi)102 396 Q
(Cisco Systems, Inc.)102 408 Q(O\264Shaugnessy Road, 11)102 420 Q
(Bangalore, Karnataka)102 432 Q(560027)12 E(India)102 444 Q
(Phone: +91 80 4154 1654)102 468 Q(Email: psethi@cisco.com)102 480 Q F0
(Nir)72 696 Q 2.5(,e)-.4 G 2.5(ta)-2.5 G 143.305(l. Expires)-2.5 F
(January 12, 2011)2.5 E([P)144.725 E(age 21])-.15 E 0 Cg EP
PStoPSsaved restore
%%Trailer
end
%%EOF
PAFTECH AB 2003-2026
2026-04-24 02:03:25