Internet Draft
Submitted to MPLS Working Group                       Peter De Schrijver
INTERNET DRAFT                                              Yves T'Joens
<draft-schrijvp-mpls-ldp-end-to-end-auth-01.txt>                 Alcatel

                                                               July 2000
                                                   Expires January, 2001

                   End to end authentication for LDP


Status of this memo

   This document is an Internet-Draft and is in  full  conformance  with
   all provisions of Section 10 of RFC2026.

   Internet-Drafts are working documents  of  the  Internet  Engineering
   Task Force (IETF), its areas, and its working groups. Note that other
   groups may also distribute working documents as Internet-Drafts.

   Internet-Drafts are draft  documents  valid  for  a  maximum  of  six
   months.  Internet-Drafts  may  be  updated, replaced, or obsoleted by
   other documents at any time.  It is not appropriate to use  Internet-
   Drafts  as  reference  material  or  to  cite  them  other  than as a
   ``working draft'' or ``work in progress.''


     The list of current Internet-Drafts can be accessed at
     http://www.ietf.org/ietf/1id-abstracts.txt

     The list of Internet-Draft Shadow Directories can be accessed at
     http://www.ietf.org/shadow.html.



   To view the entire list of current Internet-Drafts, please check  the
   "1id-abstracts.txt"  listing  contained in the Internet-Drafts Shadow
   Directorieson ftp.is.co.za (Africa), ftp.nordu.net (Northern Europe),
   ftp.nis.garr.it   (Southern   Europe),   munnari.oz.au(Pacific  Rim),
   ftp.ietf.org (US East Coast), or ftp.isi.edu (US West Coast).

   Distribution of this memo is unlimited.


Abstract

   This  draft  defines  extensions  to  LDP  to  allow   end   to   end
   authentication   between  the  LER  initiating  a  LSP  and  the  LER
   terminating a LSP. The extensions require ordered control LDP and can
   also be applied to CR-LDP.


1. Introduction

   This draft proposes 2 extensions to allow the terminating LER  of  an
   LSP  to  authenticate  the  initiating  LER. The first extension is a
   challenge based  authentication  method.  The  second  authentication
   method is based on digital signatures.



De Schrijver, et al.      Expires January 2001                  [Page 1]

Internet Draft draft-schrijvp-mpls-ldp-end-to-end-auth-01      July 2000


1.1 Conventions

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL",  "SHALL  NOT",
   "SHOULD",  "SHOULD  NOT", "RECOMMENDED", "MAY" and "OPTIONAL" in this
   document are to be interpreted as described in RFC 2119 [RFC2119].

2. Challenge based authentication for LDP

   This section describes a challenge based  authentication  method  for
   LDP.  The  authenticator  sends  a  nonce  to  the  authenticee.  The
   authenticee encrypts this nonce using a shared secret  and  sends  it
   back  to  the  authenticator. The authenticator can then check if the
   authenticee knows the shared secret.

2.1 LDP challenge based authentication scenario overview

LER A                    LSR 1                   LER B
  |                       |                       |
  |       LDP Request     |      LDP Request      |
  |------------>----------|----------->-----------|
  |                       |                       |
  | LDP Notify            | LDP Notify            |
  | authentication failed | authentication failed |
  | challenge             | challenge             |
  |------------<----------|-----------<-----------|
  |                       |                       |
  | LDP Request           | LDP Request           |
  | encrypted challenge   | encrypted challenge   |
  |------------>----------|----------->-----------|
  |                       |                       |
  | LDP map               | LDP map               |
  | authentication ok     | authentication ok     |
  |------------<----------|-----------<-----------|

LER A sends a LDP request to LSR  1  destined  for  LER  B  without  any
authentication  information.  LER  B  will  reply  with a notify message
indicating the authentication failed. This message will also  include  a
new  nonce.  LER A will now retry the LSP setup by sending a LDP request
containing the the encrypted nonce. LER  B  will  verify  the  encrypted
nonce and reply with a LDP map message indicating the authentication was
successfull.

2.2 LDP challenge based authentication TLVs

To implement this two new TLV's and one new status code are necessary.

2.2.1 LDP challenge TLV




De Schrijver, et al.      Expires January 2001                  [Page 2]

Internet Draft draft-schrijvp-mpls-ldp-end-to-end-auth-01      July 2000


 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 |1|1| Challenge (TBD)           |      Length                   |
 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 |                                                               |
 |                           Challenge                           |
 |                                                               |
 |                                                               |
 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 |                          Challenge ID                         |
 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

2.2.2 LDP challenge response TLV

 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 |1|1| Challenge response (TBD)  |      Length                   |
 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 |                                                               |
 |                      Challenge Response                       |
 |                                                               |
 |                                                               |
 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 |                                                               |
 |                                                               |
 |                           Username                            |
 |                                                               |
 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 |                          Challenge ID                         |
 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

2.3 Procedures

1)  In  response  to  an  unauthenticated  LDP  request   message,   the
authenticator sends a LDP notify message to the authenticee containing a
challenge TLV. The challenge TLV contains a nonce and  a  Challenge  ID,
which  will  be  send  back  by  the  authenticee.  It  is  used  by the
authenticator to correlate the response.

2) In response to a LDP  notify  message  indicating  authentication  is
required,  the  authenticee  should  send a LDP request with a challenge
response containing the authenticee's name to identify the shared secret
used  to  encrypt  the  challenge  and  the  challenge  ID  to allow the
authenticator to correlate this response.

3. Digital signature based authentication for LDP



De Schrijver, et al.      Expires January 2001                  [Page 3]

Internet Draft draft-schrijvp-mpls-ldp-end-to-end-auth-01      July 2000


This  section   describes   a   digital   signature   based   end-to-end
authentication  method  for  LDP.  Each LER signs the messages it sends.
This allows the receiver to verify the sender's identity.

3.1 Scenario overview

LER A                    LSR 1                   LER B
  |                       |                       |
  |    LDP Request        |   LDP Request         |
  |    Digital signature  |   Digital signature   |
  |------------>----------|----------->-----------|
  |                       |                       |
  | LDP map               | LDP map               |
  | authentication ok     | authentication ok     |
  |------------<----------|-----------<-----------|

3.2 LDP digital signature based authentication TLV's

To implement LDP digital signature based authentication  two  new  TLV's
are  necessary.  1  TLV to carry the digital certificate identifying the
sender and 1 TLV to carry the signature consisting of a secure  hash  of
the  "fixed  part"  of  the message encrypted using the private key. The
"fixed part" of the message consists of aal  fields  carried  unmodified
from  ingress  LER  to egress LER. For a Label Request and Label mapping
messages these fields are : Message Type and the FEC  TLV.  The  message
receiver  can then verify the integrity of these fields by recalculating
the secure hash over the fixed part and comparing it with  the  received
hash.

3.2.1 Digital certificate TLV

 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 |0|0|   Certificate (TBD)       |           Length              |
 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 |                        Certificate type                       |
 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 |                                                               |
 |                                                               |
 |                        Certificate data                       |
 |                                                               |
 |                                                               |
 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

3.2.2 Digital signature TLV





De Schrijver, et al.      Expires January 2001                  [Page 4]

Internet Draft draft-schrijvp-mpls-ldp-end-to-end-auth-01      July 2000


 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 |0|0|   Signature (TBD)         |           Length              |
 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 |                                                               |
 |                                                               |
 |                         Signature data                        |
 |                                                               |
 |                                                               |
 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

4 Open Issues

4.1  Status TLV

As currently defined in [LDP] the status TLV cannot be easily  extended.
More  specifically every LSR must understand all status codes to be able
to take the correct action. Example : assume we introduce a  new  status
code  to  signal authentication failure as described in 2.3 in the LERs.
If the LSRs don't understand this new status code, they won't be able to
take  the  correct  action  when  a  notification message is received in
response to a label request.

6. IANA Considerations

New values for the challenge and challenge response TLV type fields have
to  be  assigned. Also a new status code needs to be defined to identify
authentication failure.

7. Security Considerations

   Security considerations are treated in the document.

8. References

   [LDP] Andersson, et al.,  "LDP  Specification",  draft-ietf-mpls-ldp-
   07.txt, June 2000.


9. Contacts

   Peter De Schrijver
   Alcatel Corporate Research Center
   Francis Wellesplein 1, 2018 Antwerp, Belgium
   Phone : +32 3 240 8569
   E-mail : peter.de_schrijver@alcatel.be




De Schrijver, et al.      Expires January 2001                  [Page 5]

Internet Draft draft-schrijvp-mpls-ldp-end-to-end-auth-01      July 2000


   Yves T'joens
   Alcatel Corporate Research Center
   Francis Wellesplein 1, 2018 Antwerp, Belgium
   Phone : +32 3 240 7890
   E-mail : yves.tjoens@alcatel.be














































De Schrijver, et al.      Expires January 2001                  [Page 6]