# HG changeset patch
# User Sebastien Decugis <sdecugis@nict.go.jp>
# Date 1288928343 -32400
# Node ID 9d8dd59747f49b117ddff5b74bf6b7e1d4be22cc
# Parent  6ac9daa8c7752ae2f97826846bbc45505fd76882
Cleanup folder structure

diff -r 6ac9daa8c775 -r 9d8dd59747f4 2009-02-20 interim ERP v2.odp
Binary file 2009-02-20 interim ERP v2.odp has changed
diff -r 6ac9daa8c775 -r 9d8dd59747f4 DiME/drafts/draft-ietf-dime-erp.xml
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/DiME/drafts/draft-ietf-dime-erp.xml	Fri Nov 05 12:39:03 2010 +0900
@@ -0,0 +1,888 @@
+<?xml version="1.0" encoding="US-ASCII"?>
+<!DOCTYPE rfc SYSTEM "rfc2629.dtd" [
+<!ENTITY RFC2119 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.2119.xml">
+<!ENTITY RFC3748 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.3748.xml">
+<!ENTITY RFC3588 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.3588.xml">
+<!ENTITY RFC4072 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.4072.xml">
+<!ENTITY RFC5247 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.5247.xml">
+<!ENTITY RFC5295 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.5295.xml">
+<!ENTITY RFC5296 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.5296.xml">
+<!ENTITY I-D.ietf-dime-local-keytran SYSTEM "http://xml.resource.org/public/rfc/bibxml3/reference.I-D.draft-ietf-dime-local-keytran-02.xml">
+]>
+<?xml-stylesheet type='text/xsl' href='rfc2629.xslt' ?>
+<?rfc strict="yes"?>
+<?rfc comments="no"?>
+<?rfc inline="yes"?>
+<?rfc editing="no"?>
+<?rfc toc="yes"?>
+<?rfc tocompact="yes"?>
+<?rfc tocdepth="3"?>
+<?rfc symrefs="yes"?>
+<?rfc sortrefs="yes"?>
+<?rfc compact="yes"?>
+<?rfc subcompact="no"?>
+<?rfc rfcedstyle="yes"?>
+<?rfc rfcprocack="no"?>
+<?rfc tocindent="yes"?>
+<rfc category="std" docName="draft-ietf-dime-erp-03.txt" ipr="trust200902">
+	<front>
+		<title abbrev="Diameter support for ERP">Diameter support for the EAP Re-authentication Protocol (ERP)</title>
+
+		<author fullname="Julien Bournelle" initials="J." surname="Bournelle">
+			<organization abbrev="Orange Labs">Orange Labs</organization>
+			<address>
+				<postal>
+					<street>38-40 rue du general Leclerc</street>
+					<city>Issy-Les-Moulineaux</city>
+					<code>92794</code>
+					<country>France</country>
+				</postal>
+				<email>julien.bournelle@orange-ftgroup.com</email>
+			</address>
+		</author>
+
+		<author fullname="Lionel Morand" initials="L." surname="Morand">
+			<organization abbrev="Orange Labs">Orange Labs</organization>
+			<address>
+				<postal>
+					<street>38-40 rue du general Leclerc</street>
+					<city>Issy-Les-Moulineaux</city>
+					<code>92794</code>
+					<country>France</country>
+				</postal>
+				<email>lionel.morand@orange-ftgroup.com</email>
+			</address>
+		</author>
+
+		<author fullname="Sebastien Decugis" initials="S." role="editor" surname="Decugis">
+			<organization abbrev="NICT">NICT</organization>
+			<address>
+				<postal>
+					<street>4-2-1 Nukui-Kitamachi</street>
+					<city>Tokyo</city>
+					<code>184-8795</code>
+					<country>Koganei, Japan</country>
+				</postal>
+				<email>sdecugis@nict.go.jp</email>
+			</address>
+		</author>
+
+		<author fullname="Qin Wu" initials="Q." surname="Wu">
+			<organization abbrev="Huawei">Huawei Technologies Co., Ltd</organization>
+			<address>
+				<postal>
+					<street>Site B, Floor 12F, Huihong Mansion, No.91 Baixia Rd.</street>
+					<city>Nanjing</city>
+					<code>210001</code>
+					<country>China</country>
+				</postal>
+				<email>sunseawq@huawei.com</email>
+			</address>
+		</author>
+
+		<author fullname="Glen Zorn" initials="G." surname="Zorn" role="editor">
+			<organization>Network Zen</organization>
+			<address>
+				<postal>
+					<street>1463 East Republican Street</street>
+					<city>Seattle</city>
+					<region>Washington</region>
+					<code>98112</code>
+					<country>USA</country>
+				</postal>
+				<phone>+1 206 931 0768</phone>
+				<email>gwz@net-zen.net</email>
+			</address>
+		</author>
+
+		<date year="2010" />
+
+		<area>Operations &amp; Management</area>
+
+		<keyword>Internet-Draft</keyword>
+
+		<keyword>EAP</keyword>
+
+		<keyword>Diameter</keyword>
+
+		<keyword>Re-authentication</keyword>
+
+		<keyword>inter-authenticator roaming</keyword>
+
+		<abstract>
+			<t>
+				The EAP Re-authentication Protocol (ERP) defines extensions to the
+				Extensible Authentication Protocol (EAP) to support efficient
+				re-authentication between the peer and an EAP Re-authentication (ER)
+				server through a compatible authenticator. This document specifies
+				Diameter support for ERP. It defines a new Diameter ERP application to
+				transport ERP messages between an ER authenticator and the ER server, and a set
+				of new AVPs that can be used to transport the cryptographic material
+				needed by the re-authentication server.
+			</t>
+		</abstract>
+	</front>
+
+	<middle>
+		<section anchor="Introduction" title="Introduction">
+			<t>
+				<xref target="RFC5296">RFC 5296</xref> defines the EAP Re-authentication
+				Protocol (ERP). It consists of the following steps:
+				<list style="hanging">
+					<t hangText="Bootstrapping">
+						<vspace blankLines="0"/>
+						A root key for re-authentication is derived from
+						the Extended Master Session Key (EMSK) created during EAP
+						authentication <xref target="RFC5295"></xref>. 
+						This root key is transported from the EAP server to the ER server.
+					</t>
+					<t hangText="Re-authentication">
+						<vspace blankLines="0"/>
+						A one-round-trip exchange between the peer and
+						the ER server, resulting in mutual authentication. To support the
+						EAP reauthentication functionality, ERP defines two new EAP codes -
+						EAP-Initiate and EAP-Finish.
+					</t>
+				</list>
+				This document defines how Diameter transports the ERP messages
+				during the re-authentication process. For this purpose, we define a new Application
+				Identifier for ERP, and re-use the Diameter EAP commands (DER/DEA).
+				<vspace blankLines="1"/>
+				This document also discusses the distribution of the root key
+				during bootstrapping, in conjunction with either the initial EAP authentication
+				(implicit bootstrapping) or the first ERP exchange (explicit
+				bootstrapping). Security considerations for this key distribution are
+				detailed in <xref target="RFC5295">RFC 5295</xref>.
+			</t>
+		</section>
+
+		<section title="Terminology">
+			<t>
+				This document uses terminology defined in <xref target="RFC3748">RFC 3748</xref>, 
+				<xref target="RFC5295">RFC 5295</xref>, 
+				<xref target="RFC5296">RFC 5296</xref>, 
+				and <xref target="RFC4072">RFC 4072</xref>.
+				<vspace blankLines="1"/>
+				"Root key" (RK) or "bootstrapping material" refer to the rRK or rDSRK
+				derived from an EMSK, depending on the location of the ER server in home
+				or foreign domain.
+				<vspace blankLines="1"/>
+				We use the notation "ERP/DER" in this document to refer to a
+				Diameter-EAP-Request command with its Application Id set to Diameter ERP
+				application. Similarly, we use the "ERP/DEA", "EAP/DER", and
+				"EAP/DEA".
+			</t>
+			<section title="Requirements Language">
+				<t>
+					The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
+					"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
+					document are to be interpreted as described in <xref target="RFC2119"></xref>.
+				</t>
+			</section>
+		</section>
+
+		<section title="Assumptions">
+			<t>
+				This document assumes the existence of at most one logical ER server entity in a domain. If
+				several physical servers are deployed for robustness, a replication
+				mechanism must be deployed to synchronize the ERP states 
+				(root keys<cref>FFS: authorization attributes</cref>) between these servers. This
+				replication mechanism is out of the scope of this document. If multiple
+				ER servers are deployed in the domain, we assume that they can be used
+				interchangeably.
+			</t>
+		</section>
+
+		<section anchor="Overview" title="Protocol Overview">
+			<t>
+				The following figure shows the components involved in ERP, and their
+				interactions.
+				
+<figure align="center" anchor="Fig-Overview" title="Diameter ERP Overview"><artwork><![CDATA[
+                        Diameter                    +--------+
+        +-------------+   ERP   +-----------+  (*)  |  Home  |
+Peer <->|Authenticator|<=======>| ER server | <---> |  EAP   |
+        +-------------+         +-----------+       | server |
+                                                    +--------+
+(*) Diameter EAP application, explicit bootstrapping scenario only.
+]]></artwork></figure>
+
+				The ER server is located either in the home domain (same as EAP
+				server) or in the visited domain (same as authenticator, when it differs
+				from the home domain). 
+				<list style="hanging">
+					<t hangText="QUESTION:">
+						<vspace blankLines="0"/>
+						Can the ER server be located in a third domain (ex: broker's) according to ERP mechanism?
+					</t>
+				</list>				
+				<vspace blankLines="1"/>
+				When the peer initiates an ERP exchange, the authenticator creates a
+				Diameter-EAP-Request message, as described in Diameter EAP application
+				<xref target="RFC4072"></xref>. The Application Id of the message is set
+				to that of the Diameter ERP application (code: TBD) in the
+				message. 
+				The generation of the ERP/DER message is
+				detailed in section <xref target="Re-authentication"></xref>.
+				<vspace blankLines="1"/>
+				If there is an ER server in the same domain as the authenticator
+				(local domain), Diameter routing MUST 
+				<list style="hanging">
+					<t hangText="QUESTION:">
+						<vspace blankLines="0"/>
+						Should this say "SHOULD: instead of "MUST"?
+					</t>
+				</list>
+				be
+				configured so that this ERP/DER message reachs this server, even if the
+				Destination-Realm is not the local domain.
+				<vspace blankLines="1"/>			
+				If there is no local ER server, the message is routed according to
+				its Destination-Realm AVP content, extracted from the realm component of
+				the keyName-NAI attribute. As specified in 
+				<xref target="RFC5296">RFC 5296</xref>, this realm is the home domain of the peer in
+				case of a bootstrapping exchange (the 'B' flag is set in the ERP message) or the
+				domain of the bootstrapped ER server otherwise.  
+				<list style="hanging">
+					<t hangText="NOTE:">
+						<vspace blankLines="0"/>					
+						This actually might allow the ER server to be in a third party realm.
+					</t>
+				</list>
+				<vspace blankLines="1"/>
+				If no ER server is available in the home domain either, the ERP/DER
+				message cannot be delivered, and an error DIAMETER_UNABLE_TO_DELIVER is
+				generated <xref target="RFC3588"/> and returned to
+				the authenticator. The authenticator may cache this information (with
+				limited duration) to avoid further attempts for ERP with this realm. It
+				may also fallback to full EAP authentication to authenticate the
+				peer.
+				<vspace blankLines="1"/>
+				When an ER server receives the ERP/DER message, it searches its local
+				database for a root key 
+				<list style="hanging">
+					<t hangText="FFS:">
+						<vspace blankLines="0"/>
+						and authorization state?
+					</t>
+				</list>
+				matching
+				the keyName part of the User-Name AVP. If such key is found, the ER
+				server processes the ERP message as described in 
+				<xref target="RFC5296">RFC 5296</xref> then creates the ERP/DEA answer as described in
+				<xref target="Re-authentication"></xref>. The rMSK is included in this
+				answer.
+				<vspace blankLines="1"/>
+				Finally, the authenticator extracts the rMSK from the ERP/DEA as
+				described in <xref target="RFC5296">RFC 5296</xref>, and forwards the content of
+				the EAP-Payload AVP, the EAP-Finish/Re-Auth message, to the peer.
+				<vspace blankLines="1"/>
+				If the EAP-Initiate/Re-Auth message has its 'B' flag set
+				(Bootstrapping exchange), the ER server should not possess the root key
+				in its local database 
+				<list style="hanging">
+					<t hangText="COMMENT:">
+						<vspace blankLines="0"/>
+						This may not be true in future RFC5296bis?
+					</t>
+				</list>
+				In this case, the ER server acts as a proxy, and forwards the
+				message to the home EAP server after changing its Application Id to
+				Diameter EAP and adding an AVP to request the root key. See section
+				<xref target="Bootstrapping"></xref> for more detail on this
+				process.
+			</t>
+		</section>
+
+		<section anchor="Bootstrapping" title="Bootstrapping the ER Server">
+			<t>
+				The bootstrapping process involves the home EAP server and the ER
+				server, but also impacts the peer and the authenticator. In ERP, the
+				peer must derive the same keying material as the ER server. To achieve
+				this, it must learn the domain name of the ER server. How this
+				information is acquired is outside the scope of this specification, but
+				it may involves that the authenticator is configured to advertize this
+				domain name, especially in the case of re-authentication after a
+				handover.
+				<vspace blankLines="1"/>
+				The bootstrapping of an ER server with a given root key happens
+				either during the initial EAP authentication of the peer when the EMSK
+				-- from which the root key is derived -- is created, during the first
+				re-authentication, or sometime between those events. We only consider
+				the first two possibilities in this specification, in the following
+				subsections.
+			</t>
+			<section title="Bootstrapping During the Initial EAP authentication">
+				<t>
+					Bootstrapping the ER server during the initial EAP authentication
+					(also known as implicit bootstrapping) offers the advantage that the
+					server is immediatly available for re-authentication of the peer, thus
+					minimizing re-authentication delay. On the other hand, it is
+					possible that only a small number of peers will use re-authentication
+					in the visited domain. Deriving and caching key material for all the
+					peers (for example, for the peers that do not support ERP) is a waste
+					of resources and SHOULD be avoided.
+					<vspace blankLines="1"/>
+					To achieve implicit bootstrapping, the ER server must act as a
+					Diameter EAP Proxy as defined in the Diameter Base Protocol <xref
+					target="RFC3588"></xref>, and routing must be configured so that
+					Diameter messages of a full EAP authentication are routed through this
+					proxy. The figure bellow illustrates this mechanism.
+<figure align="center" anchor="Implict" title="ERP Bootstrapping During Full EAP Authentication"><artwork><![CDATA[
+                         ER server &
+Authenticator             EAP Proxy               Home EAP server
+=============            ===========              ===============
+     ------------------------->
+         Diameter EAP/DER
+          (EAP-Response)
+                               ------------------------->
+                                  Diameter EAP/DER
+                                   (EAP-Response)
+                                  (ERP-RK-Request)
+
+     <==================================================>
+        Multi-round Diameter EAP exchanges, unmodified
+
+                               <-------------------------
+                                   Diameter EAP/DEA
+                                    (EAP-Success)
+                                        (MSK)
+                                   (Key AVP (rRK))
+     <-------------------------
+         Diameter EAP/DEA
+           (EAP-Success)
+               (MSK)
+            [ERP-Realm]
+]]></artwork></figure>
+					The ER server proxies the first DER of the full EAP authentication
+					and adds the ERP-RK-Request AVP inside, if this AVP is not already in
+					the message (which might happen if there are ER servers in the visited
+					and the home domains), then forwards the request.
+					<vspace blankLines="1"/>
+					If the EAP server does not support the ERP extensions, it will simply
+					ignore this grouped AVP and continue as specified in <xref
+					target="RFC4072">RFC 4072</xref>. If the server supports the ERP extensions,
+					it caches the ERP-Realm value with the session data, and continues the EAP
+					authentication. When the authentication is complete, if it is
+					successful and the EAP method generated an EMSK, the server MUST
+					derive the rRK as
+					specified in <xref target="RFC5296">RFC 5296</xref>, and include an instance of the Key
+					AVP <xref target="KAVP"/>
+					in the Diameter-EAP-Answer message.
+					<vspace blankLines="1"/>
+					When the ER server proxies a Diameter-EAP-Answer message with a
+					Session-Id corresponding to a message to which it added an
+					ERP-RK-Answer, and the Result-Code is DIAMETER_SUCCESS, it MUST
+					examine the message, extract and remove any Key AVP 
+					<xref target="KAVP"/>
+					from the
+					message, and save its content. If the message does not contain an
+					ERP-RK-Answer AVP, the ER server MAY cache this information to avoid
+					possible subsequent re-authentication attempts for this session. In
+					any case, the information stored SHOULD NOT have a lifetime greater
+					than the EMSK lifetime 
+					<list style="hanging">
+						<t hangText="QUESTION:">
+							<vspace blankLines="0"/>
+							How does the ER server knows the EMSK
+							lifetime, if there is no ERP-RK-Answer? What is the lifetime of the
+							MSK for example?
+						</t>
+					</list>
+					<vspace blankLines="1"/>
+					If the ER server is successfully bootstrapped, it MAY also add the
+					ERP-Realm AVP after removing the ERP-RK-Answer AVP in the EAP/DEA
+					message. This could be used by the authenticator to notify the peer
+					that ERP is bootstrapped, with the ER domain information. How this
+					information can be transmitted to the peer is outside the scope of
+					this document. 
+					<list style="hanging">
+						<t hangText="QUESTION:">
+							<vspace blankLines="0"/>
+							Is this possible? It might be useful...
+						</t>
+					</list>
+				</t>
+			</section>
+
+			<section title="Bootstrapping During the First Re-authentication">
+				<t>
+					Bootstrapping the ER server during the first re-authentication
+					(also known as explicit bootstrapping) offers several advantages: it
+					saves resources, since we generate and cache only root keys that we
+					actually need, and it can accomodate inter-domain handovers or ER
+					servers that lose their state (for example after reboot).
+					<list style="hanging">
+						<t hangText="COMMENT:">
+							<vspace blankLines="0"/>
+							This	last point might not be true currently, since the peer would not issue
+							a bootstrapping exchange... But this might change also with RFC5296bis
+							AFAIU						
+						</t>
+					</list>
+					On the other hand, the first re-authentication with the
+					ER server requires a one-round-trip exchange with the home EAP server,
+					which adds some delay to the process (but it is more efficient than a
+					full EAP authentication in any case). It also requires some
+					synchronization between the peer and the visited domain: since the ERP
+					message used is different
+					<list style="hanging">
+						<t hangText="QUESTION:">
+							<vspace blankLines="0"/>						
+							and the root key used also?	
+						</t>
+					</list>
+					for the
+					explicit bootstrapping exchange than for normal re-authentication;
+					explicit bootstrapping should not be used if implicit bootstrapping
+					was already performed.
+					<list style="hanging">
+						<t hangText="QUESTION:">
+							<vspace blankLines="0"/>
+							What should we do if the ER server receives an explicit
+							bootstrapping request but already possess the rDSRK? Can it answer
+							without going to the home server? That would be simpler -- planned in
+							rfc5296bis ?						
+						</t>
+					</list>
+					<vspace blankLines="1"/>
+					The ER server receives the ERP/DER message containing the
+					EAP-Initiate/Re-Auth message with the 'B' flag set. It proxies this
+					message, and performs the following processing in addition to standard proxy
+					operations:
+					<list>
+						<t>
+							Changes the Application Id in the header of the message to
+							Diameter EAP Application (code 5).
+					   </t>
+						<t>
+							Change the content of Application-Auth-Id accordingly. 
+							<list style="hanging">
+								<t hangText="QUESTION:">
+									<vspace blankLines="0"/>
+									Is t better to leave it unmodified?</t>
+							</list>
+						</t>
+						<t>
+							Add the ERP-RK-Request AVP, which contains the name of the
+							domain where the ER server is located.
+						</t>
+						<t>
+							<list style="hanging">
+								<t hangText="QUESTION:">
+									<vspace blankLines="0"/>
+									Add the Destination-Host to reach the appropriate EAP
+									server, the one with the EMSK. How does the ER server know this
+									information?
+								</t>
+							</list>
+						</t>
+					</list>
+					Then the server forwards the EAP/DER request, which is routed
+					to the home EAP server.
+					<vspace blankLines="1"/>
+					If the home EAP server does not support the ERP extensions, it replies
+					with an error since the encapsulated EAP-Initiate/Re-auth command is
+					not understood. Otherwise, it processes the ERP request as described
+					in <xref target="RFC5296"></xref>. 
+					In particular, it includes the
+					Domain-Name TLV attribute with the content from the ERP-Realm AVP. It
+					creates the EAP/DEA reply message
+					<xref target="RFC4072"></xref>. including an instance of the Key AVP <xref target="KAVP"/>. 
+					<list style="hanging">
+						<t hangText="QUESTION:">
+							<vspace blankLines="0"/>
+							What about authorization AVPs?
+						</t>
+					</list>
+					<vspace blankLines="1"/>
+					The ER server receives this EAP/DEA and proxies it as follows, in
+					addition to standard proxy operations:
+					<list>
+						<t>
+							Set the Application Id back to Diameter ERP (code TBD)
+						</t>
+						<t>
+							Extract and cache the content of the Key AVP. 
+							<list style="hanging">
+								<t hangText="QUESTION:">
+									<vspace blankLines="0"/>
+									And authorization AVPs ?
+								</t> 
+							</list>
+						</t>
+					</list>
+					The DEA is then forwarded to the authenticator, that can use
+					the rMSK as described in <xref target="RFC5296">RFC 5296</xref>.
+					<vspace blankLines="1"/>
+					The figure below captures this proxy behavior:
+
+<figure align="center" anchor="FigExplicit" title="ERP Explicit Bootstrapping Message Flow"><artwork><![CDATA[
+Authenticator            ER server             Home EAP server
+=============            =========             ===============
+      ----------------------->
+          Diameter ERP/DER
+           (EAP-Initiate)
+                              ------------------------>
+                                    Diameter EAP/DER
+                                     (EAP-Initiate)
+                                    (ERP-RK-Request)
+
+                              <------------------------
+                                    Diameter EAP/DEA
+                                      (EAP-Finish)
+                                       (Key AVP)
+      <----------------------
+          Diameter ERP/DEA
+            (EAP-Finish)
+             (Key AVP)
+]]></artwork></figure>
+					</t>
+				</section>
+			</section>
+
+		<section anchor="Re-authentication" title="Re-Authentication">
+			<t>
+				This section describes in detail a re-authentication exchange with a
+				(bootstrapped) ER server. The following figure summarizes the
+				re-authentication exchange.
+<figure align="center" anchor="FigReauth" title="Diameter ERP Re-authentication Exchange"><artwork><![CDATA[
+                                                     ER server
+                                                   (bootstrapped)
+ Peer                 Authenticator            (local or home domain)
+ ====                 =============            ======================
+ [ <------------------------         ]               
+ [optional EAP-Initiate/Re-auth-start]               
+
+   ----------------------->
+     EAP-Initiate/Re-auth
+                           ===============================>
+                              Diameter ERP, cmd code DER
+                                User-Name: Keyname-NAI
+                           EAP-Payload: EAP-Initiate/Re-auth
+ 
+                           <===============================
+                              Diameter ERP, cmd code DEA
+                            EAP-Payload: EAP-Finish/Re-auth
+                                     Key AVP: rMSK
+    <----------------------
+      EAP-Finish/Re-auth
+]]></artwork></figure>
+			
+				In ERP, the peer sends an EAP-Initiate/Re-auth message to the ER
+				server via the authenticator. Alternatively, the authenticator may send an
+				EAP-Initiate/Re-auth-Start message to the peer to trigger the start of
+				ERP. 
+				In this case, the peer responds with an EAP-Initiate/Re-auth
+				message.
+				<vspace blankLines="1"/>
+				If the authenticator does not support ERP 
+				(pure <xref target="RFC4072"></xref> support), it discards the EAP packets with an
+				unknown ERP-specific code (EAP-Initiate). The peer may fallback to full
+				EAP authentication in this case.
+				<vspace blankLines="1"/>
+				When the authenticator receives an EAP-Initiate/Re-auth message from
+				the peer, it process as described in <xref target="RFC5296"></xref> with
+				regards to the EAP state machine. It creates a Diameter EAP Request
+				message following the general process of 
+				<xref target="RFC4072">DiameterEAP</xref>, with the following differences:
+				<list>
+					<t>
+						The Application Id in the header is set to Diameter ERP (code TBD).
+					</t>
+					<t>
+						The value in Auth-Application-Id AVP is also set to Diameter ERP
+						Application.
+					</t>
+					<t>
+						The keyName-NAI attribute from ERP message is used to create the
+						content of User-Name AVP and Destination-Realm AVP.
+					</t>
+					<t>
+						<list style="hanging">
+							<t hangText="FFS:">
+								<vspace blankLines="0"/>
+								 What about Session-ID AVP -- in case of re-auth at the
+								same place, and in case of handover?
+							</t>
+						</list>
+					</t>
+					<t>
+						The Auth-Request-Type AVP content is set to [Editor's note:
+						FFS].
+						<list style="hanging">
+							<t hangText="QUESTION:">
+								<vspace blankLines="0"/>
+								Do we really do authorization with Diameter ERP ? -- need
+								to pass the authorization attrs to the ER server in that case. Idea
+								FFS: we do authorization only for explicit bootstrapping
+								exchanges...
+							</t>
+						</list>
+					</t>
+					<t>
+						The EAP-Payload AVP contains the ERP message,
+						EAP-Initiate/Re-Auth.
+					</t>
+				</list>
+				Then this ERP/DER message is sent as described in <xref target="Overview"></xref>.
+				<vspace blankLines="1"/>
+				The ER server receives and processes this request as described in
+				<xref target="Overview"></xref>. It then creates an
+				ERP/DEA message following the general processing described in 
+				<xref target="RFC4072">RFC 4072</xref>, with the following differences:
+				<list>
+					<t>
+						The Application Id in the header is set to Diameter ERP (code
+						TBD).
+					</t>
+					<t>
+						The value of the Auth-Application-Id AVP is also set to Diameter ERP
+					Application.
+				</t>
+				<t>
+					The EAP-Payload AVP contains the ERP message,
+					EAP-Finish/Re-auth.
+				</t>
+				<t>
+					In case of successful authentication, an instance of the Key
+					AVP containing the Re-authentication Master Session Key (rMSK) derived
+					by ERP is included.
+					<list style="hanging">
+						<t hangText="QUESTION:">
+							<vspace blankLines="0"/>
+							What about all the authorization attributes? If we want to
+							include them, they have to be present on the ER server...
+						</t>
+					</list>
+				</t>
+			</list>
+			When the authenticator receives this ERP/DEA answer, it processes it
+			as described in <xref target="RFC4072">Diameter EAP</xref> 
+			and <xref target="RFC5296">RFC 5296</xref>: the content of EAP-Payload AVP content is
+			forwarded to the peer, and the contents of the Keying-Material AVP <xref target="I-D.ietf-dime-local-keytran"/>
+			is used as a shared secret for Secure Association Protocol.</t>
+		</section>
+
+		<section anchor="ApplicationId" title="Application Id">
+			<t>
+				We define a new Diameter application in this document, Diameter ERP
+				Application, with an Application Id value of TBD.
+				Diameter nodes conforming to this specification in the role of ER server
+				MUST advertise support by including an Auth-Application-Id AVP with a
+				value of Diameter ERP Application in the of the
+				Capabilities-Exchange-Request and Capabilities-Exchange-Answer commands
+				<xref target="RFC3588"></xref>.
+				<vspace blankLines="1"/>
+				The primary use of the Diameter ERP Application Id is to ensure
+				proper routing of the messages, and that the nodes that advertise the
+				support for this application do understand the new AVPs defined in
+				section <xref target="AVPs"></xref>, although these AVP have the 'M'
+				flag cleared.
+			</t>
+		</section>
+
+		<section anchor="AVPs" title="AVPs">
+			<t>
+				This section discusses the AVPs used by the Diameter ERP application.
+			</t>
+
+			<section title="ERP-RK-Request AVP">
+				<t>
+					The ERP-RK-Request AVP (AVP Code TBD) is of
+					type grouped AVP. This AVP is used by the ER server to indicate its
+					willingness to act as ER server for a particular session.
+					<vspace blankLines="1"/>
+					This AVP has the M and V bits cleared.
+<figure align="center" anchor="ERRABNF" title="ERP-RK-Request ABNF"><artwork><![CDATA[
+      ERP-RK-Request ::= < AVP Header: TBD >
+                         { ERP-Realm }
+                       * [ AVP ]
+]]></artwork></figure>
+				</t>
+			</section>
+
+			<section title="ERP-Realm AVP">
+				<t>
+					The ERP-Realm AVP (AVP Code TBD) is of type
+					DiameterIdentity. It contains the name of the realm in which the ER
+					server is located.
+					<list style="hanging">
+						<t hangText="FFS:">
+							<vspace blankLines="0"/>
+							We may re-use Origin-Realm here instead? On the other
+							hand, ERP-Realm may be useful if the ER server is in a third-party
+							realm, if this is possible.
+						</t>
+					</list>
+					<vspace blankLines="1"/>
+					This AVP has the M and V bits cleared.
+				</t>
+			</section>
+
+			<section anchor="KAVP" title="Key AVP">
+				<t>
+					The Key AVP <xref target="I-D.ietf-dime-local-keytran"/> is of type "Grouped" and is used to carry the rMSK
+					and associated attributes.  The usage of the Key AVP and its constituent AVPs in this application is specified in the following sub-sections.
+				</t>
+				<section title="Key-Type AVP">
+					<t>
+						The value of the Key-Type AVP MUST be set to 3 for rRK.
+					</t>
+				</section>
+				<section title="Keying-Material AVP">
+					<t>
+						The Keying-Material AVP contains rRK sent by
+						the home EAP server to the ER server, in answer to a request containing
+						an ERP-RK-Request AVP. How this material is derived and used is
+						specified in <xref target="RFC5296">RFC 5296</xref>.
+					</t>
+				</section>
+				<section title="Key-Name AVP">
+					<t>
+						This AVP contains the EMSKname which identifies the
+						keying material. 
+						The derivation of this name is specified in <xref target="RFC5296">RGC 5296</xref>.
+					</t>
+				</section>
+				<section title="Key-Lifetime AVP">
+					<t>
+						The Key-Lifetime AVP contains the lifetime of the keying material in
+						seconds. It MUST NOT be greater than the remaining lifetime of the
+						EMSK from which the material was derived.
+					</t>
+				</section>
+			</section>
+		</section>
+
+		<section anchor="Issues" title="Open issues">
+			<t>
+				This document does not address some known issues in Diameter ERP
+				mechanism. The authors would like to hear ideas about how to address
+				them.
+				<vspace blankLines="1"/>
+				The main issue is the use of ERP for authentication after a handover
+				of the peer to a new authenticator (or different authenticator port).
+				Diameter ERP is not meant to be a mobility protocol. A number of issues
+				appear when we try to do handover in Diameter ERP (alone): how to manage
+				the Session-Id AVP; how does the ER server provide the Authorization
+				AVPs; how does the peer learn the ERP domain of the new authenticator;
+				how does the home server reachs the peer to for example terminate the
+				session; and so on... Therefore, the management of the session for a
+				mobile peer is not (yet) addressed in this document. It must be studied
+				how Diameter ERP can be for example used in conjunction with a mobility
+				application (Diameter MIP4, Diameter MIP6) to support the optimized
+				re-authentication in such situation.
+				<vspace blankLines="1"/>
+				Another issue concerns the case where the home realm contains several
+				EAP servers. In multi rounds full EAP authentication, the
+				 Destination-Host AVP provides the solution to reach the same server
+				across the exchanges. Only this server possess the EMSK for the session.
+				In case of explicit bootstrapping, the ER server must therefore be able
+				to reach the correct server to request the DSRK. A solution might
+				consist in saving the Origin-Host AVP of all successful EAP/DEA in the
+				ER server, which is a bit similar to the implicit bootstrapping scenario
+				described here -- only we save the server name instead of the root key,
+				and we must then be able to match the DSRK with the user name.
+				<vspace blankLines="1"/>
+				Finally, this document currently lacks a description of what happens
+				when a Re-Auth-Request is received for a peer on the authenticator.
+			</t>
+		</section>
+
+		<section anchor="Acknowledgements" title="Acknowledgements">
+			<t>
+				Hannes Tschofenig wrote the initial draft for this document and
+				provided useful reviews.
+				<vspace blankLines="1"/>		 
+				Vidya Narayanan reviewed a rough draft version of the document and
+				found some errors.
+				<vspace blankLines="1"/>
+				Lakshminath Dondeti contributed to the early versions of the
+				document.
+				<vspace blankLines="1"/>
+				Many thanks to these people!
+			</t>
+		</section>
+
+		<section anchor="IANA" title="IANA Considerations">
+			<t>
+				This document requires IANA registration of the following new
+				elements in the <eref target="http://www.iana.org/assignments/aaa-parameters/">Authentication,
+				Authorization, and Accounting (AAA) Parameters</eref> registries.
+			</t>
+			<section title="Diameter Application Identifier">
+				<t>
+					This specification requires IANA to allocate a new value "Diameter
+					ERP" in the "Application IDs" registry 
+					<xref target="RFC3588">using the policy specified in Section 11.3 of RFC 3588</xref>.
+				</t>
+			</section>
+
+			<section title="New AVPs">
+				<t>
+					This specification requires IANA to allocate new values from the
+					"AVP Codes" registry
+					<xref target="RFC3588">according to the policy specified in Section 11.1 of RFC 3588</xref>
+					for the
+					following AVPs:
+					<list>
+						<t>ERP-RK-Request</t>
+						<t>ERP-Realm</t>
+					</list>These AVPs are defined in section <xref target="AVPs"></xref>.
+				</t>
+			</section>
+		</section>
+
+		<section anchor="Security" title="Security Considerations">
+			<t>
+				The security considerations from the following documents also apply here: 
+				<list style="symbols">
+					<t><xref target="RFC3588">RFC 3588</xref></t>
+					<t><xref target="RFC4072">RFC 4072</xref></t>
+					<t><xref target="RFC5247">RFC 5247</xref></t>
+					<t><xref target="RFC5295">RFC 5295</xref></t>
+					<t><xref target="RFC5296"></xref></t>
+				</list>
+				<list style="hanging">
+					<t hangText="FFS:">
+						<vspace blankLines="0"/>
+						Do we really respect these security considerations with
+						the mechanism we describe here? 
+						Is it safe to use ERP-RK-Request /
+						Answer AVPs? What is the worst case?
+					</t>
+				</list>
+				EAP channel bindings may be necessary to ensure that the Diameter
+				client and the server are in sync regarding the key Requesting Entity's
+				Identity. Specifically, the Requesting Entity advertises its identity
+				through the EAP lower layer, and the user or the EAP peer communicates
+				that identity to the EAP server (and the EAP server communicates that
+				identity to the Diameter server) via the EAP method for user/peer to
+				server verification of the Requesting Entity's Identity.
+				<list style="hanging">
+					<t hangText="QUESTION:">
+						<vspace blankLines="0"/>
+						What does this paragraph actually mean?
+					</t>
+				</list>
+			</t>
+		</section>
+	</middle>
+
+	<back>
+		<references title="Normative References">
+			&RFC2119;
+			&RFC3588;
+			&RFC4072;
+			&RFC5295;
+			&RFC5296;
+			&I-D.ietf-dime-local-keytran;
+			&RFC3748;
+		</references>
+
+		<references title="Informative References">
+			&RFC5247;
+		</references>
+	</back>
+</rfc>
diff -r 6ac9daa8c775 -r 9d8dd59747f4 DiME/drafts/draft-sdecugis-dime-diameter-erp.xml
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/DiME/drafts/draft-sdecugis-dime-diameter-erp.xml	Fri Nov 05 12:39:03 2010 +0900
@@ -0,0 +1,796 @@
+<?xml version="1.0" encoding="US-ASCII"?>
+<!DOCTYPE rfc SYSTEM "rfc2629.dtd" [
+<!ENTITY RFC2119 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.2119.xml">
+<!ENTITY RFC3748 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.3748.xml">
+<!ENTITY RFC3588 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.3588.xml">
+<!ENTITY RFC4072 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.4072.xml">
+<!ENTITY RFC4187 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.4187.xml">
+<!ENTITY RFC5247 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.5247.xml">
+<!ENTITY RFC5295 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.5295.xml">
+<!ENTITY RFC5296 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.5296.xml">
+<!ENTITY I-D.ietf-hokey-key-mgm SYSTEM "http://xml.resource.org/public/rfc/bibxml3/reference.I-D.draft-ietf-hokey-key-mgm-06.xml">
+<!ENTITY I-D.ietf-dime-app-design-guide SYSTEM "http://xml.resource.org/public/rfc/bibxml3/reference.I-D.draft-ietf-dime-app-design-guide-08.xml">
+<!ENTITY I-D.gaonkar-radext-erp-attrs SYSTEM "http://xml.resource.org/public/rfc/bibxml3/reference.I-D.draft-gaonkar-radext-erp-attrs-03.xml">
+<!ENTITY I-D.ietf-dime-erp SYSTEM "http://xml.resource.org/public/rfc/bibxml3/reference.I-D.draft-ietf-dime-erp-00.xml">
+<!ENTITY I-D.wu-dime-local-keytran SYSTEM "http://xml.resource.org/public/rfc/bibxml3/reference.I-D.draft-wu-dime-local-keytran-00.xml">
+<!ENTITY nbsp "&#160;">
+]>
+<?xml-stylesheet type='text/xsl' href='rfc2629.xslt' ?>
+<?rfc strict="yes"?>
+<?rfc comments="yes"?>
+<?rfc inline="yes"?>
+<?rfc editing="no"?>
+<?rfc toc="yes"?>
+<?rfc tocompact="yes"?>
+<?rfc tocdepth="3"?>
+<?rfc symrefs="yes"?>
+<?rfc sortrefs="yes"?>
+<?rfc compact="yes"?>
+<?rfc subcompact="no"?>
+<?rfc rfcedstyle="yes"?>
+<?rfc rfcprocack="no"?>
+<?rfc tocindent="yes"?>
+<rfc category="std" docName="draft-sdecugis-dime-diameter-erp-01"
+     ipr="trust200902">
+  <front>
+    <title abbrev="Diameter ERP support">Diameter support for EAP
+    Re-authentication Protocol (ERP)</title>
+
+    <author fullname="Sebastien Decugis" initials="S." role="editor"
+            surname="Decugis">
+      <organization abbrev="NICT">NICT</organization>
+
+      <address>
+        <postal>
+          <street>4-2-1 Nukui-Kitamachi</street>
+
+          <city>Koganei, Tokyo</city>
+
+          <code>184-8795</code>
+
+          <country>JP</country>
+        </postal>
+
+        <email>sdecugis@nict.go.jp</email>
+      </address>
+    </author>
+
+    <date year="2009" />
+
+    <area>Operations &amp; Management</area>
+
+    <workgroup>Diameter Maintenance and Extensions (DIME)</workgroup>
+
+    <keyword>Internet-Draft</keyword>
+
+    <keyword>ERP</keyword>
+
+    <keyword>Diameter</keyword>
+
+    <keyword>Re-authentication</keyword>
+
+    <abstract>
+      <t>The EAP Re-authentication Protocol (ERP) provides a mechanism to
+      optimize EAP authentication delay in the case of re-authentication,
+      which can be significant in roaming mobile situation. This mechanism
+      assumes that a protocol for Authentication, Authorization and Accounting
+      (AAA) is available to transport ERP between the authenticator(s) and the
+      EAP/ERP server. draft-gaonkar-radext-erp-attrs-03 specifies the
+      transport of ERP using RADIUS. This document specifies the transport of
+      ERP using Diameter.</t>
+    </abstract>
+  </front>
+
+  <middle>
+    <section anchor="Introduction" title="Introduction">
+      <t><xref target="RFC5296"></xref> defines the EAP Re-authentication
+      Protocol (ERP) and mechanism that consists in the two following
+      steps:<list style="numbers">
+          <t>Bootstrapping: creation of a root key for re-authentication,
+          after initial EAP authentication of the peer. This root key is
+          distributed from the EAP server to the ER server. How this key is
+          tranported is not specified in the ERP mechanism.</t>
+
+          <t>Re-authentication: one-round-trip exchange between the peer and
+          the ER server, functionally equivalent to a full EAP
+          authentication.</t>
+        </list></t>
+
+      <t>This document specifies how Diameter is used to carry the
+      re-authentication exchange (second step). For this purpose, we define a
+      new Application Id for ERP, and re-use the Diameter EAP commands
+      (DER/DEA).</t>
+
+      <t>We also discuss the key distribution (first step, bootstrapping) and
+      propose some solutions for different architectures. Anyway, implementors
+      are free to choose a different mechanism for key distribution, as for
+      example using RADIUS <xref target="I-D.ietf-hokey-key-mgm"></xref>.
+      Security considerations for key distribution are explained in <xref
+      target="RFC5295"></xref>.</t>
+
+      <section title="Differences with other documents">
+        <t>This document differs from <xref target="I-D.ietf-dime-erp"></xref>
+        in its design and scope. In this new version, we use a new Diameter
+        application id for messages with ERP payload exchanged between
+        authenticator and ER server. This simplifies the routing of Diameter
+        messages to the appropriate server, and allows more flexibility in the
+        deployment of ERP.</t>
+
+        <t>The scope of previous documents (<xref
+        target="I-D.ietf-dime-erp"></xref> and <xref
+        target="I-D.wu-dime-local-keytran"></xref>) was focused on the
+        bootstrapping of the mechanism. In particular, these documents did not
+        consider the routing of Diameter message for re-authentication
+        exchanges (ERP exchange, and also <xref target="RFC4187"></xref> for
+        the second document). By re-using the Diameter EAP application, they
+        create implicit constraints on routing of messages that cannot be met
+        by standard Diameter routing algorithm, as defined in the <xref
+        target="RFC3588">Diameter Base Protocol</xref>.</t>
+
+        <t>A separate Diameter application solves this routing issue, and can
+        also allow the authenticator to dynamically discover if the local
+        domain supports re-authentication or not.</t>
+      </section>
+    </section>
+
+    <section title="Terminology">
+      <t>We re-use in this document the terminology from <xref
+      target="RFC5296"></xref>. In particular, unless specified otherwise, the
+      EAP server has implicit support for ERP extensions for generation of ERP
+      keying material and its transmission to ER server. These terms
+      "authenticator", "ER server", "EAP server" designate logical functional
+      entities and make no assumption on the real implementation and
+      deployment.</t>
+
+      <t>"Root key" (RK) or "bootstrapping material" refer to the rRK or rDSRK
+      derived from an EMSK, depending on the location of the ER server in home
+      or foreign domain.</t>
+
+      <t>We re-use also some terminology and abbreviations from <xref
+      target="RFC4072"></xref>, for example DER/DEA.</t>
+
+      <section title="Requirements Language">
+        <t>The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
+        "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
+        document are to be interpreted as described in <xref
+        target="RFC2119"></xref>.</t>
+      </section>
+    </section>
+
+    <section anchor="Overview" title="Overview">
+      <t>During the lifetime of an EMSK (derived during a full EAP
+      authentication by compatible EAP methods), a peer may attach to several
+      authenticators. In this case, re-authentication is more efficient than
+      full authentication, especially in the case of roaming. ERP provides a
+      mechanism for re-authentication independent of the link layer, so it can
+      be used in case of multihoming or handovers between different access
+      technologies. The following figure shows the components involved in ERP,
+      and their interactions. When the peer attaches to a new authenticator,
+      the ER server involved in the transaction may change, for example in the
+      case of inter-domain roaming. The home EAP server is assumed to be
+      constant for a given peer.</t>
+
+      <figure title="Figure 1. Diameter applications used in the ERP mechanism.">
+        <artwork><![CDATA[
+                        Diameter                    +--------+
+        +-------------+   ERP   +-----------+  (*)  |  Home  |
+Peer <->|Authenticator|<=======>| ER server | <---> |  EAP   |
+        +-------------+         +-----------+       | server |
+                                                    +--------+
+    (*) Several protocols can be used between ER server and 
+       home EAP server to transport bootstrapping material.
+]]></artwork>
+      </figure>
+
+      <t>The ER server may be located in the home domain (same as EAP server)
+      or the visited domain (same as authenticator, when it differs from the
+      home domain). <cref anchor="Editor1">Can the ER server be located in a
+      third domain (ex: broker's)?</cref></t>
+
+      <t>The bootstrapping of the ER server has to occur sometime between the
+      initial EAP authentication and the first ERP re-authentication with this
+      ER server. See section <xref target="Bootstrapping"></xref> for detail
+      on this process. Then, the peer re-authenticates, for example after a
+      movement that makes it attach to a new authenticator. The following
+      figure describes this re-authentication, and shows how Diameter is used
+      in this context. See section <xref target="Re-authentication"></xref>
+      for a detailed description, and following sections for details on the
+      Diameter messages format.</t>
+
+      <figure title="Figure 2. Diameter ERP exchange. ">
+        <artwork><![CDATA[
+                                                        ER server
+                                                      (bootstrapped)
+ Peer                 Authenticator               (local or home domain)
+ ====                 =============               ======================
+ [ <------------------------         ]               
+ [optional EAP-Initiate/Re-auth-start]               
+
+   ----------------------->
+     EAP-Initiate/Re-auth
+                           ==================================>
+                                Diameter ERP, cmd code DER
+                                  User-Name: Keyname-NAI
+                              EAP-Payload: EAP-Initiate/Re-auth
+ 
+                           <==================================
+                                Diameter ERP, cmd code DEA
+                              EAP-Payload: EAP-Finish/Re-auth
+                               EAP-Master-Session-Key: rMSK
+    <----------------------
+      EAP-Finish/Re-auth
+]]></artwork>
+      </figure>
+    </section>
+
+    <section anchor="ApplicationId" title="Application Id">
+      <t>We define a Diameter ERP Application in this document, with an
+      Application Id value of <cref anchor="IANA1">TBD</cref>. Diameter nodes
+      conforming to this specification (in the role of ER server or
+      authenticator) MUST advertise support by including the Diameter ERP
+      Application ID value in the Auth-Application-Id AVP of the
+      Capabilities-Exchange-Request and Capabilities-Exchange-Answer command
+      <xref target="RFC3588"></xref>.</t>
+
+      <t>The primary use of the Diameter ERP Application Id is to ensure
+      proper routing of the messages, and that the nodes that advertise the
+      support for this application do understand the new AVPs defined in the
+      next section (although these AVP have the 'M' flag cleared).</t>
+    </section>
+
+    <section anchor="AVPs" title="AVPs">
+      <t>This specification defines the following new AVPs.</t>
+
+      <section title="ERP-RK-Request AVP">
+        <t>The ERP-RK-Request AVP (AVP Code <cref anchor="IANA2">TBD</cref>)
+        is of type grouped AVP. It is used by the ER server to request root
+        key material used in ERP.</t>
+
+        <t>This AVP has the M and V bits cleared.</t>
+
+        <figure title="Figure 3. ERP-RK-Request ABNF">
+          <artwork><![CDATA[
+      ERP-RK-Request ::= < AVP Header: TBD >
+                         { ERP-Realm }
+                       * [ AVP ]
+]]></artwork>
+        </figure>
+      </section>
+
+      <section title="ERP-Realm AVP">
+        <t>The ERP-Realm AVP (AVP Code <cref anchor="IANA3">TBD</cref>) is of
+        type <cref anchor="Editor2">DiameterIdentity? OctetString?</cref>. It
+        contains the name of the realm in which the ER server is located.</t>
+
+        <t><cref anchor="Editor3">FFS: We may re-use Origin-Realm here
+        instead? On the other hand, ERP-Realm may be useful in CER/CEA with a
+        NAS...</cref></t>
+
+        <t>This AVP has the M and V bits cleared.</t>
+      </section>
+
+      <section title="ERP-RK-Answer AVP">
+        <t>The ERP-RK-Answer AVP (AVP Code <cref anchor="IANA4">TBD</cref>) is
+        of type grouped AVP. It is used by the home EAP server to provide ERP
+        root key material to the ER server.</t>
+
+        <t>This AVP has the M and V bits cleared.</t>
+
+        <figure title="Figure 4. ERP-RK-Answer ABNF">
+          <artwork><![CDATA[
+       ERP-RK-Answer ::= < AVP Header: TBD >
+                         { ERP-RK }
+                         { ERP-RK-Name }
+                         { ERP-RK-Lifetime }
+                       * [ AVP ]
+]]></artwork>
+        </figure>
+      </section>
+
+      <section title="ERP-RK AVP">
+        <t>The ERP-RK AVP (AVP Code <cref anchor="IANA5">TBD</cref>) is of
+        type OctetString. It contains the root key (either rRK or rDSRK) to be
+        used for ERP with the peer to which the current session belongs. How
+        this material is derived and used is specified in <xref
+        target="RFC5296"></xref>.</t>
+
+        <t><cref anchor="Editor4">Can we re-use EAP-Master-Session-Key
+        here?</cref></t>
+
+        <t>This AVP has the M and V bits cleared.</t>
+      </section>
+
+      <section title="ERP-RK-Name AVP">
+        <t>The ERP-RK AVP (AVP Code <cref anchor="IANA6">TBD</cref>) is of
+        type OctetString. This AVP contains the EMSKname which identifies the
+        keying material. How this name is derived is beyond the scope of this
+        document and defined in <xref target="RFC5296"></xref>.</t>
+
+        <t><cref anchor="Editor5">Can we re-use EAP-Key-Name here?</cref></t>
+
+        <t>This AVP has the M and V bits cleared.</t>
+      </section>
+
+      <section title="ERP-RK-Lifetime AVP">
+        <t>The ERP-RK-Lifetime AVP (AVP Code <cref anchor="IANA7">TBD</cref>)
+        is of type <cref anchor="Editor6">Unsigned64? 32?</cref> and contains
+        the root key material remaining lifetime in seconds. It MUST not be
+        greater than the remaining lifetime of the EMSK it is derived from.
+        <cref anchor="Editor7">FFS: is it better to pass an absolute value
+        here, for example expiration date? How to express it then (TZ, ...)?
+        Synchronization problems?</cref></t>
+
+        <t>This AVP has the M and V bits cleared.</t>
+      </section>
+    </section>
+
+    <section anchor="Commands" title="Commands">
+      <t>We do not define any new command in this specification. We reuse the
+      Diameter-EAP-Request and Diameter-EAP-Answer commands defined in <xref
+      target="RFC4072"></xref>.</t>
+
+      <t>The Application Id field in the command header <cref
+      anchor="Editor8">and the value in Auth-Application-Id AVP which is
+      redundant???</cref> can be set to Diameter EAP application or Diameter
+      ERP application, depending on the situation, as explained in the next
+      sections.</t>
+
+      <t>Since the original ABNF of these commands allow other optional AVPs
+      ("* [ AVP ]"), and the new AVPs defined in this specification do not
+      have the 'M' flag set, the ABNF does not need any change. Anyway, a
+      Diameter node that advertize support for the Diameter ERP application
+      MUST support the ERP-RK-Request and ERP-RK-Answer AVP <cref
+      anchor="Editor9">Therefore, in DER/DEA with Diameter ERP application ID,
+      do we set the 'M' flag to these AVPs?</cref>.</t>
+
+      <figure title="Figure 5. Command Codes">
+        <artwork><![CDATA[
+   Command-Name          Abbrev. Code Reference Application
+   ---------------------------------------------------------
+   Diameter-EAP-Request  DER     268  RFC 4072  Diameter ERP
+   Diameter-EAP-Answer   DEA     268  RFC 4072  Diameter ERP
+]]></artwork>
+      </figure>
+    </section>
+
+    <section anchor="Bootstrapping" title="Bootstrapping options">
+      <t>Bootstrapping involves the ER server and the EAP server directly, but
+      also indirectly the peer and the authenticator. For ERP to be
+      successful, the peer must derive the same keying material as the ER
+      server. To make this possible, it must learn the domain name of the ER
+      server. How this is achieved is outside the scope of this specification,
+      but it usually involves that the authenticator is configured to
+      advertize this domain name. This could be achieved for example by
+      including the ERP-Realm AVP in a CER/CEA exchange.</t>
+
+      <t>As stated in the <xref target="Overview"></xref>, the bootstrapping
+      of an ER server has to happen between the initial EAP authentication of
+      the peer, when the EMSK is created, and the moment the peer
+      re-authenticates with this ER server, when the bootstrapping material is
+      needed. While asynchrounous solutions are perfectly possible, it is
+      usually easier to bootstrap the ER server during one of these
+      events.</t>
+
+      <section title="Bootstrapping during initial EAP authentication">
+        <t>Bootstrapping an ER server during the initial EAP authentication
+        offers the advantage that the server is immediatly available for
+        re-authentication of the peer, thus minimizing the re-authentication
+        delay.</t>
+
+        <t>On the other hand, re-authentication may only concern a small
+        number of peers in the visited domain. Deriving and caching key
+        material for all the peers (for example, for the peers that do not
+        support ERP, or that are not mobile) is a waste of resources and
+        SHOULD be avoided. In addition, bootstrapping ERP during full EAP
+        authentication may prevent re-authentication in case of inter-domain
+        roaming. Hence, while this mecanism is useful in some situations, it
+        should be deployed with care.</t>
+
+        <t>In the case where ER server is collocated with the Home EAP server,
+        ER bootstrapping is transparent with regards to this specification,
+        although some sort of communication might be needed inside the node.
+        In this case, the server MUST advertise support of both the Diameter
+        EAP application and the Diameter ERP application, but the new AVPs
+        defined in this specification are not used.</t>
+
+        <t>When ER server and EAP server are different entities with regards
+        to Diameter, one or more Diameter EAP proxy(ies) is(are) needed in the
+        same domain as the ER server. While this(these) proxy(ies) might be
+        separate entity(ies) with secure communication channel with the ER
+        server, it is functionally equivalent to consider that the ER server
+        acts as a Diameter EAP proxy. In the rest of this section, we consider
+        that the ER server acts as a Diameter EAP proxy in its domain.</t>
+
+        <t>In order to bootstrap the ER server during full EAP authentication,
+        this server must be on the route, and act as a proxy, for the first
+        and last round of exchanges of the full EAP authentication, as
+        captured in the figure bellow.</t>
+
+        <figure title="Figure 6. ERP bootstrapping during full EAP authentication">
+          <artwork><![CDATA[
+                         ER server &
+Authenticator             EAP Proxy               Home EAP server
+=============            ===========              ===============
+     ------------------------->
+         Diameter EAP/DER
+          (EAP-Response)
+                               ------------------------->
+                                  Diameter EAP/DER
+                                   (EAP-Response)
+                                  (ERP-RK-Request)
+
+     <==================================================>
+        Multi-round Diameter EAP exchanges, unmodified
+
+                               <-------------------------
+                                   Diameter EAP/DEA
+                                    (EAP-Success)
+                                        (MSK)
+                                   (ERP-RK-Answer)
+     <-------------------------
+         Diameter EAP/DEA
+           (EAP-Success)
+               (MSK)
+            [ERP-Realm]
+]]></artwork>
+        </figure>
+
+        <t>The ER server proxies the first DER of the full EAP authentication
+        and adds the ERP-RK-Request AVP inside, if this AVP is not already in
+        the message, then forwards the request.</t>
+
+        <t>If the EAP server does not support ERP extensions, it will simply
+        ignore this grouped AVP and continue as specified in <xref
+        target="RFC4072"></xref>. If the server supports the ERP extensions,
+        it caches the ERP-Realm value with the session, and continues the EAP
+        authentication. When the authentication is complete, if it is
+        successful and the EAP method generated an EMSK, the server MUST
+        compute the rRK or rDSRK (depending on the value of ERP-Realm) as
+        specified in <xref target="RFC5296"></xref>, and add an ERP-RK-Answer
+        AVP in the Diameter-EAP-Request message, in addition to the MSK and
+        EAP-Success payload. <cref anchor="Editor10">FFS: is it important to
+        check that the server that added the ERP-RK-Request is in the path of
+        the answer? What's the worst that can happen?</cref></t>
+
+        <t>When the ER server proxies a Diameter-EAP-Answer message with a
+        Session-Id corresponding to a message to which it added an
+        ERP-RK-Answer, and the Result-Code is DIAMETER_SUCCESS, it MUST
+        examine the message and remove any ERP-RK-Answer AVP, and save its
+        content. If the message does not contain an ERP-RK-Answer AVP, the ER
+        server MAY save this information to avoid possible attempts later for
+        this session. In any case, the information stored SHOULD NOT have a
+        lifetime greater than the EMSK lifetime <cref anchor="Editor11">FFS:
+        how does the ER server knows the EMSK lifetime, if there is no
+        ERP-RK-Answer? What is the lifetime of the MSK for example?</cref></t>
+
+        <t>If the ER server is successfully bootstrapped, it MAY also add the
+        ERP-Realm AVP after removing the ERP-RK-Answer AVP in the
+        Diameter-EAP-Answer message. This could be used by the authenticator
+        to notify the peer that ERP is bootstrapped, with the ER domain
+        information. How this information can be transmitted to the peer is
+        outside the scope of this document. <cref anchor="Editor12">Is it
+        possible? It would be useful...</cref></t>
+      </section>
+
+      <section title="Bootstrapping during first re-authentication">
+        <t>Bootstrapping the ER server during the first re-authentication
+        offers several advantages: it saves resources, since we generate and
+        cache only useful keying material, it can also accomodate inter-domain
+        roaming or ER servers that loose their state (for example after
+        reboot).</t>
+
+        <t>On the other hand, the first re-authentication with the ER server
+        requires a one-round-trip with the home EAP server, which adds some
+        delay to the process (but it is more efficient than a full EAP
+        authentication in any case). Note that following re-authentications
+        for the same session with the same ER server will not have this
+        additional delay.</t>
+
+        <t><xref target="RFC5296"></xref> describes two types of bootstrapping
+        for ERP: implicit bootstrapping and explicit bootstrapping. In
+        implicit bootstrapping, the peer knows the domain it is located in,
+        and assumes that the ER server already possess the keying material for
+        the session. In this case, the peer uses a Keyname-NAI in the form
+        "EMSKname@localdomain". In explicit bootstrapping, the Keyname-NAI is
+        in the form "EMSKname@homedomain". As we will see in next section
+        <xref target="Re-authentication"></xref>, the domain part of the
+        Keyname-NAI becomes the Destination-Realm of the Diameter message, and
+        the Application Id is set to Diameter ERP application.</t>
+
+        <t>In the case of implicit bootstrapping (how the peer learns that the
+        ER server is bootstrapped is outside the scope of this specification)
+        or after a first succesful re-authentication in the visited domain,
+        the message is routed to the local ER server following normal Diameter
+        routing. If the ER server does not have key information corresponding
+        to this EMSKname, <cref anchor="Editor13">return an error to the peer?
+        proxy the request and send ERP-RK-Request to the home EAP server? How
+        do we learn which is the home domain?</cref>. See the next section
+        <xref target="Re-authentication"></xref> for detail.</t>
+
+        <t>In the case of explicit bootstrapping (the ERP message has its 'B'
+        flag set), if an ER server exists in the visited domain, it SHOULD be
+        configured for and act as a Diameter ERP proxy, and process the
+        messages as described below. If not, the ER server in the home domain
+        will be used, which is less efficient. The description that follow for
+        the ER server in the visited domain is also valid for the ER server in
+        the home domain.</t>
+
+        <t><cref anchor="Editor14">What should we do if the ER server receives
+        an explicit bootstrapping request but already possess the
+        rDSRK?</cref></t>
+
+        <t>The ER server proxies the request (DER with Diameter ERP
+        application code) as follow, in addition to standard proxy
+        operations:<list>
+            <t>Change the Application Id in the header of the message to
+            Diameter EAP Application (code 5). <cref anchor="Editor15">What
+            about the Application-Auth-Id AVP?</cref></t>
+
+            <t>Add the ERP-RK-Request AVP, which contains the name of the
+            domain the ER server is located in (with regards to ERP).</t>
+          </list>Then the request is forwarded as usual. With its Diameter EAP
+        application id and Destination-Realm set to the home domain of the
+        peer, the request reaches the home EAP server. If this server does not
+        support ERP extensions, it replies with an error since the
+        encapsulated EAP-Initiate/Re-auth command is not understood.
+        Otherwise, it processes the ERP request as described in <xref
+        target="RFC5296"></xref>. In particular, it includes the Domain-Name
+        TLV attribute with the content from the ERP-Realm AVP. It creates the
+        DEA reply message following standard processing from <xref
+        target="RFC4072"></xref> (in particular EAP-Master-Session-Key AVP is
+        used to transport the rMSK), and includes the ERP-RK-Answer AVP.</t>
+
+        <t>The ER server receives this DEA and proxies it as follow, in
+        addition to standard proxy operations:<list>
+            <t>Set the Application Id back to Diameter ERP (code <cref
+            anchor="IANA8">TBD</cref>)</t>
+
+            <t>Extract and cache the content of the ERP-RK-Answer.</t>
+          </list>The DEA is then forwarded to the authenticator, that can use
+        the rMSK as described in <xref target="RFC5296"></xref>.</t>
+
+        <t>The figure below captures this Diameter ERP Proxy behavior:</t>
+
+        <figure title="Figure 7. ERP explicit bootstrapping message flow">
+          <artwork><![CDATA[
+Authenticator            ER server             Home EAP server
+=============            =========             ===============
+      ----------------------->
+          Diameter ERP/DER
+           (EAP-Initiate)
+                              ------------------------>
+                                    Diameter EAP/DER
+                                     (EAP-Initiate)
+                                    (ERP-RK-Request)
+
+                              <------------------------
+                                    Diameter EAP/DEA
+                                      (EAP-Finish)
+                                     (ERP-RK-Answer)
+                                         (rMSK)
+      <----------------------
+          Diameter ERP/DEA
+            (EAP-Finish)
+               (rMSK)
+]]></artwork>
+        </figure>
+      </section>
+    </section>
+
+    <section anchor="Re-authentication" title="Re-Authentication">
+      <t>This section describes a re-authentication exchange with a
+      bootstrapped ER server. The peer is assumed to know the domain of the
+      bootstrapped ER server in advance. See previous section <xref
+      target="Bootstrapping"></xref> for more information.
+      EAP-Initiate/Re-auth-start with Domain-Name TLV is a possibility for the
+      peer to learn the domain of the ER server attached to the
+      authenticator.</t>
+
+      <t>The following figure describes the re-authentication exchange.</t>
+
+      <figure title="Figure 8. Diameter ERP exchange">
+        <artwork><![CDATA[
+                                                Bootstrapped ER server
+Peer                 Authenticator             (in local or home domain)
+====                 =============             =========================
+[ <------------------------         ]               
+[optional EAP-Initiate/Re-auth-start]               
+
+   ----------------------->
+    EAP-Initiate/Re-auth
+                           =================================>
+                               Diameter ERP, cmd code DER
+                                 User-Name: Keyname-NAI
+                            EAP-Payload: EAP-Initiate/Re-auth
+ 
+                           <=================================
+                               Diameter ERP, cmd code DEA
+                             EAP-Payload: EAP-Finish/Re-auth
+                              EAP-Master-Session-Key: rMSK
+   <----------------------
+     EAP-Finish/Re-auth
+]]></artwork>
+      </figure>
+
+      <t>The authenticator that does not support ERP <xref
+      target="RFC4072"></xref> discards EAP packets with unknown ERP-specific
+      code (EAP-Initiate). The peer falls back to full EAP authentication in
+      that case.</t>
+
+      <t>When the ERP-compatible authenticator receives an
+      EAP-Initiate/Re-auth message from the peer (or after having sent a
+      EAP-Initiate/Re-auth-start packet), it process as described in <xref
+      target="RFC5296"></xref> with regards to the EAP state machine, and
+      similarly to <xref target="RFC4072">Diameter EAP</xref>, with regards to
+      Diameter, with the following differences:<list>
+          <t>The application id is set to Diameter ERP instead of Diameter
+          EAP.</t>
+
+          <t>The User-Name and Destination-Realm are derived from the
+          Keyname-NAI.</t>
+
+          <t><cref anchor="Editor16">How do we create / retrieve the
+          Session-Id?</cref></t>
+        </list></t>
+
+      <t>The ER server receives this request and process the ERP payload as
+      described in <xref target="RFC5296"></xref>. If re-authentication is
+      successful, it creates a DEA answer as described in Diameter EAP, with
+      the following differences:<list>
+          <t>The application id is set to Diameter ERP.</t>
+
+          <t>The EAP-Payload AVP contains the ERP message:
+          EAP-Finish/Re-auth</t>
+
+          <t>The EAP-Master-Session-Key AVP contains the rMSK</t>
+
+          <t>The Result-Code AVP contains DIAMETER_SUCCESS.</t>
+        </list>In case the re-authentication fails, the Result-Code AVP
+      contains an error code, and no EAP-Master-Session-Key AVP is
+      included.</t>
+
+      <t>When the authenticator receives this answer, it processes it as
+      described in Diameter EAP: forwards the EAP payload to the peer, and use
+      the rMSK as a shared secret in Secure Association Protocol.</t>
+    </section>
+
+    <section anchor="Sessions" title="Sessions">
+      <t>This section describes how sessions are handled in case of
+      re-authentication.</t>
+
+      <t><cref anchor="Editor17">The content of this section is to be written,
+      I am just listing the ideas here.</cref></t>
+
+      <t>See guidelines in <xref
+      target="I-D.ietf-dime-app-design-guide"></xref>.</t>
+
+      <t>During initial full EAP authentication, the identity of the peer is
+      used to create the Session-Id AVP, which is then used during accounting.
+      When the peer attaches to a new authenticator and performs ERP, its
+      identity is not disclosed to the authenticator. Instead, the peer
+      presents the Keyname-NAI. This identifiers contains the EMSKName as user
+      part. The new authenticator will therefore derive the new Session-Id
+      from this EMSKName and use this for accounting purpose.</t>
+
+      <t>Although the home EAP server is able to link EMSKName with the peer's
+      identity, the other Diameter entities do not have this mapping. In
+      particular, the realm part of Keyname-NAI is the visited network. How
+      does the authenticator figures out that the account records must be sent
+      to the home domain of the peer?</t>
+
+      <t>It is possible to cache the necessary information at the ER server
+      level. Is it useful to specify this mechanism in this document? It would
+      involve:<list>
+          <t>An additional AVP during bootstrapping of ER server, in the
+          ERP-RK-Answer, to pass the real User-Name and Session-Id (only in
+          case of explicit bootstrapping)</t>
+
+          <t>An additional AVP in Diameter ERP/DEA (EAP-Finish/Re-Auth) to
+          pass the real Session-Id and User-Name and Destination-Realm of the
+          re-authenticated peer, for accounting messages.</t>
+        </list></t>
+    </section>
+
+    <section title="Contributors">
+      <t>Hannes Tschofenig, Lakshminath Dondeti, Julien Bournelle, and Lionel
+      Morand wrote the initial Diameter ERP draft document.</t>
+    </section>
+
+    <section anchor="Acknowledgements" title="Acknowledgements">
+      <t>Vidya Narayanan reviewed a rough draft version of the previous
+      document and found some errors.</t>
+
+      <t>Qin Wu and Glen Zorn actively participated in the discussions on the
+      design for Diameter ERP, providing the point of view and experience from
+      HOKEY workgroup.</t>
+
+      <t>Hannes Tschofenig provided useful advices for the writing of this
+      document.</t>
+
+      <t>Many thanks to these people!</t>
+    </section>
+
+    <section anchor="IANA" title="IANA Considerations">
+      <t>This document requires IANA registration of the following new
+      elements in the <eref
+      target="http://www.iana.org/assignments/aaa-parameters/">Authentication,
+      Authorization, and Accounting (AAA) Parameters</eref> registries.</t>
+
+      <section title="Diameter ERP application">
+        <t>This specification requires IANA to allocate a new value "Diameter
+        ERP" in the "Application IDs" registry created by in <xref
+        target="RFC3588"></xref>.</t>
+
+        <figure title="IANA consideration for Diameter ERP application">
+          <artwork><![CDATA[
+   Application Identifier             | Value
+   -----------------------------------+------
+   Diameter ERP                       | TBD
+]]></artwork>
+        </figure>
+      </section>
+
+      <section title="New AVPs">
+        <t>This specification requires IANA to allocate new values from the
+        "AVP Codes" registry defined in <xref target="RFC3588"></xref> for the
+        following AVPs:<list>
+            <t>ERP-RK-Request</t>
+
+            <t>ERP-Realm</t>
+
+            <t>ERP-RK-Answer</t>
+
+            <t>ERP-RK</t>
+
+            <t>ERP-RK-Name</t>
+
+            <t>ERP-RK-Lifetime</t>
+          </list>These AVPs are defined in section <xref
+        target="AVPs"></xref>.</t>
+      </section>
+    </section>
+
+    <section anchor="Security" title="Security Considerations">
+      <t>The security considerations from the following RFC apply here: <xref
+      target="RFC3588"></xref>, <xref target="RFC4072"></xref>, <xref
+      target="RFC5247"></xref>, <xref target="RFC5295"></xref>, and <xref
+      target="RFC5296"></xref>.</t>
+
+      <t><cref anchor="Editor18">FFS: Do we really respect these security
+      considerations with the mechanism we describe here? Is it safe to use
+      ERP-RK-Request / Answer AVPs? What is the worst case?</cref></t>
+    </section>
+  </middle>
+
+  <back>
+    <references title="Normative References">
+      &RFC2119;
+
+      &RFC3588;
+
+      &RFC4072;
+
+      &RFC5295;
+
+      &RFC5296;
+    </references>
+
+    <references title="Informative References">
+      &RFC3748;
+
+      &RFC4187;
+
+      &RFC5247;
+
+      &I-D.ietf-hokey-key-mgm;
+
+      &I-D.gaonkar-radext-erp-attrs;
+
+      &I-D.ietf-dime-erp;
+
+      &I-D.wu-dime-local-keytran;
+
+      &I-D.ietf-dime-app-design-guide;
+    </references>
+  </back>
+</rfc>
diff -r 6ac9daa8c775 -r 9d8dd59747f4 DiME/presentations/ERP-IETF74.odp
Binary file DiME/presentations/ERP-IETF74.odp has changed
diff -r 6ac9daa8c775 -r 9d8dd59747f4 DiME/presentations/ERP-IETF75.pptx
Binary file DiME/presentations/ERP-IETF75.pptx has changed
diff -r 6ac9daa8c775 -r 9d8dd59747f4 DiME/presentations/ERP-IETF76.pptx
Binary file DiME/presentations/ERP-IETF76.pptx has changed
diff -r 6ac9daa8c775 -r 9d8dd59747f4 DiME/presentations/ERP-IETF77.pptx
Binary file DiME/presentations/ERP-IETF77.pptx has changed
diff -r 6ac9daa8c775 -r 9d8dd59747f4 DiME/presentations/ERP-Interim-2009-02-20.odp
Binary file DiME/presentations/ERP-Interim-2009-02-20.odp has changed
diff -r 6ac9daa8c775 -r 9d8dd59747f4 IETF74-ERP.odp
Binary file IETF74-ERP.odp has changed
diff -r 6ac9daa8c775 -r 9d8dd59747f4 IETF75-ERP.pptx
Binary file IETF75-ERP.pptx has changed
diff -r 6ac9daa8c775 -r 9d8dd59747f4 IETF76-ERP.pptx
Binary file IETF76-ERP.pptx has changed
diff -r 6ac9daa8c775 -r 9d8dd59747f4 IETF77-ERP.pptx
Binary file IETF77-ERP.pptx has changed
diff -r 6ac9daa8c775 -r 9d8dd59747f4 Makefile
--- a/Makefile	Mon Oct 25 17:07:09 2010 +0900
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,14 +0,0 @@
-all: New_ERP_draft.txt
-
-clean:
-	rm -f New_ERP_draft.txt
-
-New_ERP_draft.txt: New_ERP_draft_src.txt Makefile
-	fold -s New_ERP_draft_src.txt > New_ERP_draft.txt
-	echo "=====================" >> New_ERP_draft.txt
-	echo "  History:" >> New_ERP_draft.txt
-	hg log New_ERP_draft_src.txt >> New_ERP_draft.txt
-	echo "=====================" >> New_ERP_draft.txt
-	fromdos New_ERP_draft.txt
-
-
diff -r 6ac9daa8c775 -r 9d8dd59747f4 New_ERP_draft.txt
--- a/New_ERP_draft.txt	Mon Oct 25 17:07:09 2010 +0900
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,431 +0,0 @@
-*Status of this Memo*
-
-This is a work document intended to present ideas for a possible future 
-Internet-Draft in the DIME working-group.
-The copyright for this memo is writen by the end of the document (same as 
-Internet-Drafts)
-
-
-
-*Abstract*
-
-The EAP Re-authentication Protocol [RFC5296] provides an optimization for EAP 
-authentication when a peer moves from an authenticator to another. This 
-protocol assumes that a AAA protocol is available to transport the ERP messages 
-between authenticator and ER server. [draft-gaonkar-radext-erp-attrs-03] 
-specifies the transport of ERP using RADIUS. This document specifies the 
-transport of ERP using Diameter [RFC3588].
-
-
-
-*Differences with [draft-ietf-dime-erp-00]*
-
-In this document, we specify a new Diameter application ID for Diameter 
-messages transporting ERP exchanges between authenticator and ER server. We 
-re-use the mechanism described in [draft-ietf-dime-erp-00] as an option 
-available to provide implicit bootstrapping to the ER server.
-
-
-
-*Introduction.*
-
-During full EAP authentication, both the peer and the home EAP server derive 
-EMSK material in addition to MSK. The EMSK can be used to derive a 
-re-authentication root key (rRK or rDSRK) as described in [RFC5296]. This root 
-key is transported to an ER server, this is called bootstrapping the ER server. 
-When the peer re-authenticates using ERP, a one round-trip exchange occurs 
-between the authenticator and the ER server, where new rMSK material is 
-derived. The ER server may be located in the visited domain or home domain.
-
-There are two types of exchanges between AAA entities in the Re-authentication 
-mechanism: transport of the re-authentication root key between the home EAP 
-server and the ER server to bootstrap the mechanism, and transport of ERP 
-messages and rMSK material between ER server and authenticator. This document 
-specifies how the re-authentication exchange is transported using Diameter. It 
-also provides information on how bootstrapping can be achieved in several 
-situations.
-
-                        Diameter                    +--------+
-        +-------------+   ERP   +-----------+  (*)  |  Home  |
-Peer <->|Authenticator|<=======>| ER server | <---> |  EAP   |
-        +-------------+         +-----------+       | server |
-                                                    +--------+
-(*) Several protocols can be used between ER server and home EAP server to 
-transport bootstrapping material. Diameter EAP is one of the possibilities.
-
-    Figure 1. Diameter applications used in the ERP mechanism.
-
-
-
-*Assumptions.*
-
-For the peer to start an ERP exchange when attaching to a new authenticator, 
-the following assumptions must be verified. Note that the peer can always fall 
-back to full EAP authentication if one of these conditions is not met. These 
-assumptions are implicit from [RFC5296].
-
-The peer must have non-expired keying material (EMSK) derived from a previous 
-full EAP authentication.
-
-The peer must learn the realm of the new authenticator before starting the 
-exchange, for example using L2-dependent mechanism. If this condition is not 
-met, the peer cannot assume that an ER server is available and bootstrapped in 
-the realm of this authenticator. It should start an ERP bootstrapping exchange 
-as described in [RFC5296]. In addition, if the peer is attaching to this realm 
-for the first time since the EMSK was derived (inter-domain handover), an ERP 
-bootstrapping exchange must be initiated.
-
-The authenticator must support ERP extensions. If this condition is not met, 
-the ERP messages will be dropped by the authenticator conforming to [RFC4072] 
-and ERP will fail.
-
-
-
-*Overview*
-
-We define a new Diameter Application ID for ERP. When the authenticator 
-receives an EAP-Initiate/Re-auth message, it encapsulates it in a DER message 
-following the rules described in [RFC4072]. The application id of the DER 
-message is set to the Diameter ERP application ID. The User-Name and 
-Destination-Realm AVPs are extracted from the keyName-NAI included in the ERP 
-message, as described in [RFC5296]. In the case were ERP is already 
-bootstrapped in this domain, and the peer knows it, the Destination-Realm of 
-the message is the local domain. In other cases, the peer is initiating a 
-bootstrapping ERP exchange, and the Destination-Realm is the home domain.
-
-When ERP is already bootstrapped, the message is routed to the bootstrapped ER 
-server. This server processes the ERP message as described in [RFC5296] then 
-derives a new rMSK and answers a DEA encapsulating the EAP-Finish/Re-auth 
-answer and the rMSK for the authenticator. Re-authentication is complete {see 
-pending question in the end of this document}. This exchange is described in 
-Figure 2 bellow.
-
-There are several options to bootstrap the ER server. This document discusses 
-some of the options, but a different mechanism not described here may be 
-deployed as well. See the following sections for more details about 
-bootstrapping scenarii.
-
-                                                           ER server
-                                                         (bootstrapped)
- Peer                 Authenticator                  (local or home domain)
- ====                 =============                  ======================
- [ <------------------------         ]               
- [optional EAP-Initiate/Re-auth-start]               
-
-   ----------------------->
-     EAP-Initiate/Re-auth
-                           =====================================>
-                                 Diameter ERP, cmd code DER
-                                   User-Name: Keyname-NAI
-                               EAP-Payload: EAP-Initiate/Re-auth
- 
-                           <=====================================
-                                 Diameter ERP, cmd code DEA
-                               EAP-Payload: EAP-Finish/Re-auth
-                                EAP-Master-Session-Key: rMSK
-    <----------------------
-      EAP-Finish/Re-auth
-
-    Figure 2. Diameter ERP exchange.
-
-
-
-*Bootstrapping*
-
-The purpose of bootstrapping is to provide the keying material to the ER 
-server. This keying material is rRK (directly derived from EMSK) when the ER 
-server is in the peer's home domain. The keying material is rDSRK (derived from 
-DSRK, itself derived from EMSK) when the ER server is in the visited domain.
-
-
-
-*Scenario 1: explicit bootstrapping*
-
-As described in [RFC5296], an explicit bootstrapping exchange can be initiated 
-by the peer. In this case, the realm part of the Keyname-NAI is the home domain 
-of the peer.
-
-The authenticator processes the ERP as described in the overview: encapsulate 
-the ERP message in a DER command with application-id set to Diameter ERP. The 
-Destination-Realm extracted from Keyname-NAI is the home domain.
-
-If an ER server is located in the local domain, it should proxy the request and 
-process as described bellow. Otherwise the request is sent to the ER server in 
-the home domain.
-
-When the ER server (in local or home domain) receives the ERP/DER request, it 
-must process as follow:
-- Check in the local key store if a key with same name is available. If such 
-key is found, process the request locally and answer.
-- Check if the EAP-Initiate/Re-auth message has the [B] (bootstrapping) flag 
-set. If this flag is not set, relay the message without altering it (except 
-adding the Route-Record information) or reply with an error if no other 
-Diameter node is available to handle the request, following the rules of 
-Diameter Base Protocol.
-- If the [B] flag was set, the message is proxied locally and modified as 
-follow:
- * Change the application-id of the message from Diameter ERP to Diameter EAP 
-(so that the message will reach the Home EAP server).
- * Add the ERP-RK-Request AVP, defined in this document.
- * Send the new message. It will reach the Home EAP server.
-
-If the home EAP server does not support ERP extensions, it replies with an 
-error since encapsulated EAP-Initiate/Re-auth command is not understood. 
-Otherwise, it processes the EAP-Initiate/Re-auth message as described in 
-[RFC5296] and derives the requested rDSRK or rRK, and new rMSK. It sends this 
-material using the new ERP-RK-Answer AVP described in this document. It also 
-includes the realm of the ER server in the EAP-Finish/Re-auth message to inform 
-the peer of the location of the ER server.
-
-The ER server receives this DEA, extracts and cache the rRK or rDSRK material, 
-restores the application-id to Diameter ERP and forwards the message to the 
-authenticator.
-
-This flow is captured figure 3.
-
-Authenticator            ER server             Home EAP server
-=============            =========             ===============
-      ----------------------->
-          Diameter ERP/DER
-           (EAP-Initiate)
-                              ------------------------>
-                                    Diameter EAP/DER
-                                     (EAP-Initiate)
-                                    (ERP-RK-Request)
-
-                              <------------------------
-                                    Diameter EAP/DEA
-                                      (EAP-Finish)
-                                     (ERP-RK-Answer)
-                                         (rMSK)
-      <----------------------
-          Diameter ERP/DEA
-            (EAP-Finish)
-               (rMSK)
-
-    Figure 3. ERP explicit bootstrapping message flow.
-
-
-
-*Scenario 2: implicit bootstrapping during full EAP authentication*
-
-In some deployment scenarii, the ER server may be collocated with an EAP proxy 
-or server. In that case, the optional ERP AVPs defined in this document may be 
-used during initial full EAP authentication to provide implicit bootstrapping 
-(section 5.1 of [RFC5296]) as described bellow. 
-
-In this scenario, the ERP key material is derived and cached regardless of the 
-peer support and willingness for ERP. This may lead to scalability and other 
-issues. Implementors may provide other ways to select which sessions should use 
-implicit bootstrapping.
-
-In the first round of full EAP exchange, the ER server adds the ERP-RK-Request 
-AVP to the DER message. 
-If the home EAP server supports ERP extensions, it caches this request and 
-continues the normal EAP authentication until completion. Otherwise, the 
-optional AVP is simply ignored.
-When the authentication is successful and EMSK is generated, the home EAP 
-server derives the rRK or rDSRK as requested, and adds this material to the 
-last DEA in the ERP-RK-Answer AVP defined in this document. The server may 
-check that the ER server that requested the material is in the Route-Record 
-list of the last DER, but this is not mandatory.
-
-When the ER server collocated with EAP proxy receives the DEA containing 
-ERP-RK-Answer AVP, it extracts this AVP and saves the rRK or rDSRK material for 
-later use.
-
-                         EAP Proxy /
-Authenticator             ER server               Home EAP server
-=============            ===========              ===============
-     ------------------------->
-         Diameter EAP/DER
-          (EAP-Response)
-                               ------------------------->
-                                  Diameter EAP/DER
-                                   (EAP-Response)
-                                  (ERP-RK-Request)
-
-     <==================================================>
-        Multi-round Diameter EAP exchanges, unmodified
-
-                               <-------------------------
-                                   Diameter EAP/DEA
-                                    (EAP-Success)
-                                        (MSK)
-                                   (ERP-RK-Answer)
-     <-------------------------
-         Diameter EAP/DEA
-           (EAP-Success)
-               (MSK)
-
-    Figure 4. Implicit ERP bootstrapping during full EAP authentication.
-
-
-
-*Scenario 3: Case of MIP6*
-
-{TODO: study this case ?}
-
-
-
-*Scenario 4: Other possibilities*
-
-{In case implementation-specific solution is retained, list here the 
-constraints?}
-
-
-
-*Commands and AVPs*
-
-This document does not define a new command. It reuses the Diameter-EAP-Request 
-and Diameter-EAP-Answer as defined in [RFC4072]. It is also compatible with 
-extensions defined in [draft-ietf-dime-mip6-split-16].
-
-   Command-Name          Abbrev. Code Reference Application
-   ---------------------------------------------------------
-   Diameter-EAP-Request  DER     268  RFC 4072  Diameter ERP
-   Diameter-EAP-Answer   DEA     268  RFC 4072  Diameter ERP
-
-                          Figure 5: Command Codes
-The following new AVPs are defined in this document.
-
-
-
-*ERP-RK-Request AVP*
-
-The ERP-RK-Request AVP (AVP Code TBD) is of type grouped AVP. It is used by the 
-ER server to request root key material used in ERP.
-
-This AVP has the M and V bits cleared.
-
-      ERP-RK-Request ::= < AVP Header: TBD >
-                         { ERP-Realm }
-                       * [ AVP ]
-
-
-
-*ERP-Realm AVP*
-
-The ERP-Realm AVP (AVP Code TBD) is of type {DiameterIdentity? OctetString?}. 
-It contains the name of the realm in which the ER server is located.
-{FFS: We may re-use Origin-Realm here instead?}
-
-
-
-*ERP-RK-Answer AVP*
-
-The ERP-RK-Answer AVP (AVP Code TBD) is of type grouped AVP. It is used by the 
-home EAP server to provide ERP root key material to the ER server.
-
-This AVP has the M and V bits cleared.
-
-       ERP-RK-Answer ::= < AVP Header: TBD >
-                         { ERP-RK }
-                         { ERP-RK-Name }
-                         { ERP-RK-Lifetime }
-                       * [ AVP ]
-
-
-
-*ERP-RK AVP*
-
-The ERP-RK AVP (AVP Code TBD) is of type OctetString. It contains the root key 
-(either rRK or rDSRK) to be used for ERP with the peer to which this session 
-belongs. How this material is derived and used is specified in [RFC5296].
-
-
-
-*ERP-RK-Name AVP*
-
-The ERP-RK AVP (AVP Code TBD) is of type OctetString. This AVP contains the 
-EMSKname which identifies the keying material. How this name is derived is 
-beyond the scope of this document and defined in [RFC5296].
-
-
-
-*ERP-RK-Lifetime AVP*
-
-The ERP-RK-Lifetime AVP (AVP Code TBD) is of type {Unsigned64? 32?} and 
-contains the root key material lifetime in seconds.
-
-
-
-*Pending question on accounting and sessions.*
-
-During initial full EAP authentication, the identity of the peer is used to 
-create the Session-Id AVP, which is then used during accounting.
-When the peer attaches to a new authenticator and performs ERP, its identity is 
-not disclosed to the authenticator. Instead, the peer presents the Keyname-NAI. 
-This identifiers contains the EMSKName as user part.
-
-The new authenticator will therefore derive the new Session-Id from this 
-EMSKName and use this for accounting purpose.
-
-Although the home EAP server is able to link EMSKName with the peer's identity, 
-the other Diameter entities do not have this mapping. In particular, the realm 
-part of Keyname-NAI is the visited network. How does the authenticator figures 
-out that the account records must be sent to the home domain of the peer?
-
-It is possible to cache the necessary information at the ER server level. Is it 
-useful to specify this mechanism in this document?
-
-
-
-*Full Copyright Statement*
-
-   Copyright (C) The IETF Trust (2008).
-
-   This document is subject to the rights, licenses and restrictions
-   contained in BCP 78, and except as set forth therein, the authors
-   retain all their rights.
-
-   This document and the information contained herein are provided on an
-   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
-   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
-   THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
-   OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
-   THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
-   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
-
-
-=====================
-  History:
-changeset:   17:8b6e98eec7ef
-parent:      14:1c2d1b7327af
-user:        Sebastien Decugis <sdecugis@nict.go.jp>
-date:        Thu Mar 19 10:46:29 2009 +0900
-summary:     Added copyright and status before publishing.
-
-changeset:   13:aa31cf892b1b
-parent:      11:c8dd0bdbd9e6
-user:        Sebastien Decugis <sdecugis@nict.go.jp>
-date:        Wed Mar 18 14:21:19 2009 +0900
-summary:     Yet more cleanups...
-
-changeset:   11:c8dd0bdbd9e6
-user:        Sebastien Decugis <sdecugis@nict.go.jp>
-date:        Wed Mar 18 14:16:22 2009 +0900
-summary:     More cleanups.
-
-changeset:   9:5fdd3345477f
-user:        Sebastien Decugis <sdecugis@nict.go.jp>
-date:        Wed Mar 18 14:06:05 2009 +0900
-summary:     Cleanups.
-
-changeset:   8:45a13fe6e0be
-user:        Sebastien Decugis <sdecugis@nict.go.jp>
-date:        Wed Mar 18 13:21:39 2009 +0900
-summary:     Completed initial description of the mechanism for explicit bootstrapping and implicit during Diameter EAP authentication.
-
-changeset:   5:5fc766d71da4
-parent:      3:e7bcb9ee39b5
-user:        Sebastien Decugis <sdecugis@nict.go.jp>
-date:        Tue Mar 17 17:22:52 2009 +0900
-summary:     Temporary status, scenarios must be developped a little more. The basic ideas are present already. For early comments.
-
-changeset:   3:e7bcb9ee39b5
-user:        Sebastien Decugis <sdecugis@nict.go.jp>
-date:        Tue Mar 17 14:20:38 2009 +0900
-summary:     Document to present alternative design for Diameter ERP, initial commit (incomplete work)
-
-=====================
diff -r 6ac9daa8c775 -r 9d8dd59747f4 New_ERP_draft_src.txt
--- a/New_ERP_draft_src.txt	Mon Oct 25 17:07:09 2010 +0900
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,283 +0,0 @@
-*Status of this Memo*
-
-This is a work document intended to present ideas for a possible future Internet-Draft in the DIME working-group.
-The copyright for this memo is writen by the end of the document (same as Internet-Drafts)
-
-
-
-*Abstract*
-
-The EAP Re-authentication Protocol [RFC5296] provides an optimization for EAP authentication when a peer moves from an authenticator to another. This protocol assumes that a AAA protocol is available to transport the ERP messages between authenticator and ER server. [draft-gaonkar-radext-erp-attrs-03] specifies the transport of ERP using RADIUS. This document specifies the transport of ERP using Diameter [RFC3588].
-
-
-*** TODO ***
--> Add a Session-Id AVP in the ERP-RK-Answer grouped AVP. This AVP contains the Session ID corresponding to the full EAP authentication. The ER server learns this Session ID and is able to send it to the NAS (how? TBD) when the peer re-authenticates. Then, on successful re-authentication, the NAS can send accounting records containing the proper Session-Id information (is it OK?)
-
-
-*Differences with [draft-ietf-dime-erp-00]*
-
-In this document, we specify a new Diameter application ID for Diameter messages transporting ERP exchanges between authenticator and ER server. We re-use the mechanism described in [draft-ietf-dime-erp-00] as an option available to provide implicit bootstrapping to the ER server.
-
-
-
-*Introduction.*
-
-During full EAP authentication, both the peer and the home EAP server derive EMSK material in addition to MSK. The EMSK can be used to derive a re-authentication root key (rRK or rDSRK) as described in [RFC5296]. This root key is transported to an ER server, this is called bootstrapping the ER server. When the peer re-authenticates using ERP, a one round-trip exchange occurs between the authenticator and the ER server, where new rMSK material is derived. The ER server may be located in the visited domain or home domain.
-
-There are two types of exchanges between AAA entities in the Re-authentication mechanism: transport of the re-authentication root key between the home EAP server and the ER server to bootstrap the mechanism, and transport of ERP messages and rMSK material between ER server and authenticator. This document specifies how the re-authentication exchange is transported using Diameter. It also provides information on how bootstrapping can be achieved in several situations.
-
-                        Diameter                    +--------+
-        +-------------+   ERP   +-----------+  (*)  |  Home  |
-Peer <->|Authenticator|<=======>| ER server | <---> |  EAP   |
-        +-------------+         +-----------+       | server |
-                                                    +--------+
-(*) Several protocols can be used between ER server and home EAP server to transport bootstrapping material. Diameter EAP is one of the possibilities.
-
-    Figure 1. Diameter applications used in the ERP mechanism.
-
-
-
-*Assumptions.*
-
-For the peer to start an ERP exchange when attaching to a new authenticator, the following assumptions must be verified. Note that the peer can always fall back to full EAP authentication if one of these conditions is not met. These assumptions are implicit from [RFC5296].
-
-The peer must have non-expired keying material (EMSK) derived from a previous full EAP authentication.
-
-The peer must learn the realm of the new authenticator before starting the exchange, for example using L2-dependent mechanism. If this condition is not met, the peer cannot assume that an ER server is available and bootstrapped in the realm of this authenticator. It should start an ERP bootstrapping exchange as described in [RFC5296]. In addition, if the peer is attaching to this realm for the first time since the EMSK was derived (inter-domain handover), an ERP bootstrapping exchange must be initiated.
-
-The authenticator must support ERP extensions. If this condition is not met, the ERP messages will be dropped by the authenticator conforming to [RFC4072] and ERP will fail.
-
-
-
-*Overview*
-
-We define a new Diameter Application ID for ERP. When the authenticator receives an EAP-Initiate/Re-auth message, it encapsulates it in a DER message following the rules described in [RFC4072]. The application id of the DER message is set to the Diameter ERP application ID. The User-Name and Destination-Realm AVPs are extracted from the keyName-NAI included in the ERP message, as described in [RFC5296]. In the case were ERP is already bootstrapped in this domain, and the peer knows it, the Destination-Realm of the message is the local domain. In other cases, the peer is initiating a bootstrapping ERP exchange, and the Destination-Realm is the home domain.
-
-When ERP is already bootstrapped, the message is routed to the bootstrapped ER server. This server processes the ERP message as described in [RFC5296] then derives a new rMSK and answers a DEA encapsulating the EAP-Finish/Re-auth answer and the rMSK for the authenticator. Re-authentication is complete {see pending question in the end of this document}. This exchange is described in Figure 2 bellow.
-
-There are several options to bootstrap the ER server. This document discusses some of the options, but a different mechanism not described here may be deployed as well. See the following sections for more details about bootstrapping scenarii.
-
-                                                           ER server
-                                                         (bootstrapped)
- Peer                 Authenticator                  (local or home domain)
- ====                 =============                  ======================
- [ <------------------------         ]               
- [optional EAP-Initiate/Re-auth-start]               
-
-   ----------------------->
-     EAP-Initiate/Re-auth
-                           =====================================>
-                                 Diameter ERP, cmd code DER
-                                   User-Name: Keyname-NAI
-                               EAP-Payload: EAP-Initiate/Re-auth
- 
-                           <=====================================
-                                 Diameter ERP, cmd code DEA
-                               EAP-Payload: EAP-Finish/Re-auth
-                                EAP-Master-Session-Key: rMSK
-    <----------------------
-      EAP-Finish/Re-auth
-
-    Figure 2. Diameter ERP exchange.
-
-
-
-*Bootstrapping*
-
-The purpose of bootstrapping is to provide the keying material to the ER server. This keying material is rRK (directly derived from EMSK) when the ER server is in the peer's home domain. The keying material is rDSRK (derived from DSRK, itself derived from EMSK) when the ER server is in the visited domain.
-
-
-
-*Scenario 1: explicit bootstrapping*
-
-As described in [RFC5296], an explicit bootstrapping exchange can be initiated by the peer. In this case, the realm part of the Keyname-NAI is the home domain of the peer.
-
-The authenticator processes the ERP as described in the overview: encapsulate the ERP message in a DER command with application-id set to Diameter ERP. The Destination-Realm extracted from Keyname-NAI is the home domain.
-
-If an ER server is located in the local domain, it should proxy the request and process as described bellow. Otherwise the request is sent to the ER server in the home domain.
-
-When the ER server (in local or home domain) receives the ERP/DER request, it must process as follow:
-- Check in the local key store if a key with same name is available. If such key is found, process the request locally and answer.
-- Check if the EAP-Initiate/Re-auth message has the [B] (bootstrapping) flag set. If this flag is not set, relay the message without altering it (except adding the Route-Record information) or reply with an error if no other Diameter node is available to handle the request, following the rules of Diameter Base Protocol.
-- If the [B] flag was set, the message is proxied locally and modified as follow:
- * Change the application-id of the message from Diameter ERP to Diameter EAP (so that the message will reach the Home EAP server).
- * Add the ERP-RK-Request AVP, defined in this document.
- * Send the new message. It will reach the Home EAP server.
-
-If the home EAP server does not support ERP extensions, it replies with an error since encapsulated EAP-Initiate/Re-auth command is not understood. Otherwise, it processes the EAP-Initiate/Re-auth message as described in [RFC5296] and derives the requested rDSRK or rRK, and new rMSK. It sends this material using the new ERP-RK-Answer AVP described in this document. It also includes the realm of the ER server in the EAP-Finish/Re-auth message to inform the peer of the location of the ER server.
-
-The ER server receives this DEA, extracts and cache the rRK or rDSRK material, restores the application-id to Diameter ERP and forwards the message to the authenticator.
-
-This flow is captured figure 3.
-
-Authenticator            ER server             Home EAP server
-=============            =========             ===============
-      ----------------------->
-          Diameter ERP/DER
-           (EAP-Initiate)
-                              ------------------------>
-                                    Diameter EAP/DER
-                                     (EAP-Initiate)
-                                    (ERP-RK-Request)
-
-                              <------------------------
-                                    Diameter EAP/DEA
-                                      (EAP-Finish)
-                                     (ERP-RK-Answer)
-                                         (rMSK)
-      <----------------------
-          Diameter ERP/DEA
-            (EAP-Finish)
-               (rMSK)
-
-    Figure 3. ERP explicit bootstrapping message flow.
-
-
-
-*Scenario 2: implicit bootstrapping during full EAP authentication*
-
-In some deployment scenarii, the ER server may be collocated with an EAP proxy or server. In that case, the optional ERP AVPs defined in this document may be used during initial full EAP authentication to provide implicit bootstrapping (section 5.1 of [RFC5296]) as described bellow. 
-
-In this scenario, the ERP key material is derived and cached regardless of the peer support and willingness for ERP. This may lead to scalability and other issues. Implementors may provide other ways to select which sessions should use implicit bootstrapping.
-
-In the first round of full EAP exchange, the ER server adds the ERP-RK-Request AVP to the DER message. 
-If the home EAP server supports ERP extensions, it caches this request and continues the normal EAP authentication until completion. Otherwise, the optional AVP is simply ignored.
-When the authentication is successful and EMSK is generated, the home EAP server derives the rRK or rDSRK as requested, and adds this material to the last DEA in the ERP-RK-Answer AVP defined in this document. The server may check that the ER server that requested the material is in the Route-Record list of the last DER, but this is not mandatory.
-
-When the ER server collocated with EAP proxy receives the DEA containing ERP-RK-Answer AVP, it extracts this AVP and saves the rRK or rDSRK material for later use.
-
-                         EAP Proxy /
-Authenticator             ER server               Home EAP server
-=============            ===========              ===============
-     ------------------------->
-         Diameter EAP/DER
-          (EAP-Response)
-                               ------------------------->
-                                  Diameter EAP/DER
-                                   (EAP-Response)
-                                  (ERP-RK-Request)
-
-     <==================================================>
-        Multi-round Diameter EAP exchanges, unmodified
-
-                               <-------------------------
-                                   Diameter EAP/DEA
-                                    (EAP-Success)
-                                        (MSK)
-                                   (ERP-RK-Answer)
-     <-------------------------
-         Diameter EAP/DEA
-           (EAP-Success)
-               (MSK)
-
-    Figure 4. Implicit ERP bootstrapping during full EAP authentication.
-
-
-
-*Scenario 3: Case of MIP6*
-
-{TODO: study this case ?}
-
-
-
-*Scenario 4: Other possibilities*
-
-{In case implementation-specific solution is retained, list here the constraints?}
-
-
-
-*Commands and AVPs*
-
-This document does not define a new command. It reuses the Diameter-EAP-Request and Diameter-EAP-Answer as defined in [RFC4072]. It is also compatible with extensions defined in [draft-ietf-dime-mip6-split-16].
-
-   Command-Name          Abbrev. Code Reference Application
-   ---------------------------------------------------------
-   Diameter-EAP-Request  DER     268  RFC 4072  Diameter ERP
-   Diameter-EAP-Answer   DEA     268  RFC 4072  Diameter ERP
-
-                          Figure 5: Command Codes
-The following new AVPs are defined in this document.
-
-
-
-*ERP-RK-Request AVP*
-
-The ERP-RK-Request AVP (AVP Code TBD) is of type grouped AVP. It is used by the ER server to request root key material used in ERP.
-
-This AVP has the M and V bits cleared.
-
-      ERP-RK-Request ::= < AVP Header: TBD >
-                         { ERP-Realm }
-                       * [ AVP ]
-
-
-
-*ERP-Realm AVP*
-
-The ERP-Realm AVP (AVP Code TBD) is of type {DiameterIdentity? OctetString?}. It contains the name of the realm in which the ER server is located.
-{FFS: We may re-use Origin-Realm here instead?}
-
-
-
-*ERP-RK-Answer AVP*
-
-The ERP-RK-Answer AVP (AVP Code TBD) is of type grouped AVP. It is used by the home EAP server to provide ERP root key material to the ER server.
-
-This AVP has the M and V bits cleared.
-
-       ERP-RK-Answer ::= < AVP Header: TBD >
-                         { ERP-RK }
-                         { ERP-RK-Name }
-                         { ERP-RK-Lifetime }
-                       * [ AVP ]
-
-
-
-*ERP-RK AVP*
-
-The ERP-RK AVP (AVP Code TBD) is of type OctetString. It contains the root key (either rRK or rDSRK) to be used for ERP with the peer to which this session belongs. How this material is derived and used is specified in [RFC5296].
-
-
-
-*ERP-RK-Name AVP*
-
-The ERP-RK AVP (AVP Code TBD) is of type OctetString. This AVP contains the EMSKname which identifies the keying material. How this name is derived is beyond the scope of this document and defined in [RFC5296].
-
-
-
-*ERP-RK-Lifetime AVP*
-
-The ERP-RK-Lifetime AVP (AVP Code TBD) is of type {Unsigned64? 32?} and contains the root key material lifetime in seconds.
-
-
-
-*Pending question on accounting and sessions.*
-
-During initial full EAP authentication, the identity of the peer is used to create the Session-Id AVP, which is then used during accounting.
-When the peer attaches to a new authenticator and performs ERP, its identity is not disclosed to the authenticator. Instead, the peer presents the Keyname-NAI. This identifiers contains the EMSKName as user part.
-
-The new authenticator will therefore derive the new Session-Id from this EMSKName and use this for accounting purpose.
-
-Although the home EAP server is able to link EMSKName with the peer's identity, the other Diameter entities do not have this mapping. In particular, the realm part of Keyname-NAI is the visited network. How does the authenticator figures out that the account records must be sent to the home domain of the peer?
-
-It is possible to cache the necessary information at the ER server level. Is it useful to specify this mechanism in this document?
-
-
-
-*Full Copyright Statement*
-
-   Copyright (C) The IETF Trust (2008).
-
-   This document is subject to the rights, licenses and restrictions
-   contained in BCP 78, and except as set forth therein, the authors
-   retain all their rights.
-
-   This document and the information contained herein are provided on an
-   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
-   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
-   THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
-   OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
-   THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
-   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
-
-
diff -r 6ac9daa8c775 -r 9d8dd59747f4 draft-ietf-dime-erp-00.xml
--- a/draft-ietf-dime-erp-00.xml	Mon Oct 25 17:07:09 2010 +0900
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,560 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
- <?xml-stylesheet type='text/xsl' href='../../../rfc2629.xslt' ?>
- <!DOCTYPE rfc SYSTEM "rfc2629.dtd"[
- <!ENTITY rfc2119 PUBLIC '' 
- 'http://xml.resource.org/public/rfc/bibxml/reference.RFC.2119.xml'>
- <!ENTITY rfc3748 PUBLIC '' 
- 'http://xml.resource.org/public/rfc/bibxml/reference.RFC.3748.xml'>
- <!ENTITY rfc4072 PUBLIC '' 
- 'http://xml.resource.org/public/rfc/bibxml/reference.RFC.4072.xml'>
- <!ENTITY rfc3588 PUBLIC '' 
- 'http://xml.resource.org/public/rfc/bibxml/reference.RFC.3588.xml'>
- <!ENTITY rfc5295 PUBLIC ''
- 'http://xml.resource.org/public/rfc/bibxml/reference.RFC.5295.xml'>
- <!ENTITY rfc5296 PUBLIC ''
- 'http://xml.resource.org/public/rfc/bibxml/reference.RFC.5296.xml'>
- ]>
- <?rfc toc="yes"?>
- <?rfc compact="yes"?>
- <?rfc subcompact="no"?>
- <?rfc sortrefs="yes" ?>
- <?rfc symrefs="no"?>
- <?rfc comments="yes"?>
- <?rfc inline="no"?>
-<rfc ipr="trust200811" docName="draft-ietf-dime-erp-00.txt" category="std">
-    <front>
-        <title abbrev="Diameter Support for ERP">Diameter Support for EAP Re-authentication Protocol</title>
-
-        <author fullname="Lakshminath Dondeti" initials="L" surname="Dondeti">
-            <organization>QUALCOMM, Inc.</organization>
-            <address> <postal> 
-                <street>5775 Morehouse Dr</street> 
-                <city>San Diego</city>
-                <region>CA</region>
-                <country>USA</country>
-            </postal>
-                <phone>+1 858-845-1267</phone>
-                <email>ldondeti@qualcomm.com</email>
-            </address>
-        </author>
-
-    	<author initials="J." surname="Bournelle (Editor)" fullname="Julien Bournelle">
-	    <organization abbrev="Orange Labs">Orange Labs</organization>
-	    <address>
-		<postal>
-		    <street>38-40 rue du general Leclerc</street>
-		    <city>Issy-Les-Moulineaux</city>
-		    <code>92794</code>
-		    <country>France</country>
-		</postal>
-		<email>julien.bournelle@orange-ftgroup.com</email>
-	    </address>
-	</author>
-
-	<author initials="L." surname="Morand" fullname="Lionel Morand">
-	    <organization abbrev="Orange Labs">Orange Labs</organization>
-	    <address>
-		<postal>
-		    <street>38-40 rue du general Leclerc</street>
-		    <city>Issy-Les-Moulineaux</city>
-		    <code>92794</code>
-		    <country>France</country>
-		</postal>
-		<email>lionel.morand@orange-ftgroup.com</email>
-	    </address>
-	</author>
-
-	<author initials="S." surname="Decugis" fullname="Sebastien Decugis">
-	    <organization abbrev="NICT">NICT</organization>
-	    <address>
-		<postal>
-		    <street>4-2-1 Nukui-Kitamachi</street>
-		    <city>Tokyo</city>
-		    <code>184-8795</code>
-		    <country>Koganei, Japan</country>
-		</postal>
-		<email>sdecugis@nict.go.jp</email>
-	    </address>
-	</author>
-
-
-
-	<date year="2009"/> 
-	<area>Operations and Management</area>
-	<workgroup>Diameter Maintenance and Extensions (DIME)</workgroup>
-	<keyword>Internet-Draft</keyword> <keyword>EAP</keyword>
-	<keyword>Diameter</keyword> <keyword>Re-authentication</keyword>
-	<keyword>inter-authenticator roaming</keyword> 
-	
-	<abstract> 
-	    
-	    <t> EAP Re-authentication Protocol (ERP) defines extensions to
-		the Extensible Authentication Protocol (EAP) to support efficient
-		re-authentication between the EAP peer and an EAP
-		re-authentication server through any EAP/ERP authenticator.
-		This document specifies Diameter support for ERP. The Diameter
-		EAP application is re-used for encapsulating the newly defined
-		EAP codes specified in the ERP specification. Additionally,
-		this document also defines specific Diameter processing rules
-		relevant to ERP.</t> 
-	    
-	    </abstract> 
-		
-	</front> 
-		
-	<middle> 
-		    
-	   <section title="Introduction" anchor="intro">
-
-	    <t>RFC 4072 <xref target="RFC4072"/> specifies a Diameter
-		application that carries EAP packets between a Diameter client
-		and the Diameter Server/EAP server. RFC 5296 <xref
-		    target="RFC5296"/> defines the EAP Re-authentication
-		Protocol to allow faster re-authentication of a previously
-		authenticated peer.</t> 
-
-	    <!--
-	    <t> In ERP, a peer is authenticated by the network by proving
-		possession of key material derived during a previous EAP
-		exchange. For this purpose, an Extended Master Session Key
-		(EMSK) based re-authentication key hierarchy has been defined
-		<xref target="RFC5295"/>. ERP may be
-		executed between the ER peer and an ER server in the peer's
-		home domain or the local domain visited by the peer. In the
-		latter case, a Domain Specific Root Key (DSRK), derived from
-		the EMSK, is provided by the home ER server to the local domain
-		ER server. 
-		<t/>
-
-	    <t> To accomplish the reauthentication functionality, ERP defines
-		two new EAP codes - EAP-Initiate and EAP Finish.  This document
-		specifies the reuse of Diameter EAP application to carry these
-		new EAP messages.</t> 
-	    
-	    <t>The DSRK can be obtained as part of the regular EAP exchange or
-		as part of an ERP bootstrapping exchange. The local ER server
-		requesting the DSRK needs to be in the path of the EAP or ERP
-		bootstrapping exchange in order to request and obtain the DSRK.
-		This document also specifies how the DSRK is transported to the
-		local ER server using Diameter. </t> </section> <section
-	    title="Terminology"> <t> The key words "MUST", "MUST NOT",
-		"REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT",
-		"RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be
-		interpreted as described in RFC 2119 <xref target="RFC2119"/>.
-	    </t> <t> This document uses terminology defined in <xref
-	    target="RFC3748"/>, <xref target="RFC5295"/>,
-	<xref target="RFC5296"/>, and <xref target="RFC4072"/>.  </t> --> 
-    
-	     <t> In ERP, a peer is authenticated by the network thanks to
-		 keying material obtained during a previous EAP exchange.  This
-		 keying material is derived from the Extended Master Session
-		 Key (EMSK) as defined in the RFC 5295 <xref
-		     target="RFC5295"/>.  To accomplish
-		 the EAP reauthentication functionality, ERP defines two new
-		 EAP codes - EAP-Initiate and EAP Finish.  This document
-		 specifies the reuse of Diameter EAP Application to carry these
-		 new EAP messages.  </t>
-
-	    <t> ERP is executed between the peer and a server located either in
-		the peer's home domain or in the local domain visited by the
-		peer. In the latter case, a Domain Specific Root Key (DSRK) is
-		derived from the EMSK, as defined in the RFC 5295 <xref
-		    target="RFC5295"/>, and is provided
-		by the Home EAP server to the local domain server. For that
-		purpose, this document specifies the transport of the DSRK
-		using the Diameter EAP Application.  </t>
-
-	</section>
-
-        <section title="Assumptions">
-	    <!--
-	    <t>This document defines additional optional AVPs for usage with
-		the Diameter EAP application. Routing of these messages is
-		therefore provided via the Diameter Application Identifier
-		(among other elements), as specified by the Diameter Base
-		protocol <xref target="RFC3588"/>. Based on the deployment of
-		ERP, a local Diameter server (the same entity serves as a
-		Diameter proxy during the full EAP authentication) may play the
-		role of the ER server for future re-authentication attempts. As
-		such, the local Diameter server requesting the DSRK needs to be
-		in the path of the current EAP exchange between the peer and
-		the EAP server and also along in the future. The Diameter
-		client is furthermore assumed to be able to route the
-		re-authentication messages to the ER server. </t>
-	    -->
-
-	    <t> This document defines only additional optional AVPs for usage
-		with the Diameter EAP application. This document does not
-		define a new Diameter application and therefore a new
-		Application ID is not required, as described in the Diameter
-		Base protocol <xref target="RFC3588"/>.
-	    </t>
-	    
-	    <t> In this document, when EAP re-authentication is performed in
-		the domain visited by the peer, it is assumed that the local ER
-		server is co-located with a Diameter agent in the visited
-		domain present in the path of the full EAP exchange. (Editor's
-		Note: it is not clear at the time of writing wether this
-		document must require this local AAA server to be on the path.)
-	    </t>
-
-        </section>
-
-        <section title="Diameter Support for ERP" anchor="diameter_support">
-
-            <section title="Protocol Overview" anchor="overview">
-
-		<t>The Diameter EAP Application is used to transport ERP
-		    messages between the NAS (authenticator) and an
-		    authentication server (ER server).</t>
-
-
-		<t>In ERP, the peer sends an EAP-Initiate/Re-auth message to
-		    the ER server via the authenticator. Alternatively, the NAS
-		    may send an EAP-Initiate/Re-auth-Start message to the peer
-		    to trigger the start of ERP. In this case, the peer responds with an
-		    EAP-Initiate/Re-auth message to the NAS.</t>
-
-		<t>The general guidelines for encapsulating EAP messages in
-		    Diameter from RFC 4072 <xref target="RFC4072"/> apply to
-		    the new EAP codes defined for ERP as well. The
-		    EAP-Initiate/Re-auth message is encapsulated in an
-		    EAP-Payload AVP of a Diameter EAP Request (DER) message by the
-		    NAS and sent to the Diameter server. The NAS MUST copy the
-		    contents of the value field of the 'KeyName-NAI' TLV or
-		    the 'peer-id' TLV (when the former is not present) of the EAP
-		    Initiate/Re-auth message into a User-Name AVP of the
-		    Diameter EAP-Request.</t>
-
-		<!-- To be checked: peer-id presence ? -->
-
-		<!--
-                <t>The ER server processes the EAP-Initiate/Re-auth message in accordance with <xref
-                        target="RFC5296"/>, and if that is successful, it responds with
-                    an EAP-Finish/Re-auth message indicating a success (R flag set to '0'). The
-                    Diameter server MUST encapsulate the EAP-Finish/Re-auth message 
-                    in an EAP-Payload AVP attribute of a Diameter EAP-Answer message. An
-                    EAP-Master-Session-Key AVP included in the Diameter EAP-Answer contains the
-                    Re-authentication Master Session Key (rMSK). The Diameter Result Code, if any,
-                    SHOULD be a success Result Code. </t>
-
-                <t>If the processing of the EAP-Initiate/Re-auth message resulted in a failure, the
-                    Diameter server MUST encapsulate an EAP-Finish/Re-auth message indicating failure
-                    ('R' flag set to 1) in an EAP-Payload AVP of a Diameter EAP-Answer message. The
-                    Diameter Result Code, if any, SHOULD be a failure Result Code. Whether an EAP
-                    Finish Reauth message is sent at all is specified in <xref
-                        target="I-D.ietf-hokey-erx"/>.</t>
-		-->
-
-		<t> The ER server processes the EAP-Initiate/Re-auth message in
-		    accordance with <xref target="RFC5296"/> and responds with
-		    an EAP-Finish/Re-auth message. The Diameter server MUST
-		    encapsulate the EAP-Finish/Re-auth message within an
-		    EAP-Payload AVP of a Diameter EAP Answer message.  In an
-		    EAP re-authentication successful case, an
-		    EAP-Master-Session-Key AVP is included in the Diameter EAP
-		    Answer (DEA) message that contains the Re-authentication
-		    Master Session Key (rMSK).  The Diameter Result-Code SHOULD
-		    be a success Result-Code. In an EAP re-authentication
-		    failure case, the Diameter Result-Code AVP of the a
-		    Diameter EAP Answer (DEA) message SHOULD be a failure
-		    Result-Code and no EAP-Master-Session-Key AVP is present.
-		    (Editor's Note: it is FFS if a SHOULD is sufficient) (2nd
-		    Editor's Note: add a figure ?) </t>
-
-            </section>
-
-            <section title="DSRK Request and Delivery" anchor="dsrk">
-
-		<t>A local ER server, collocated with a Diameter proxy in the
-		    domain visited by the peer, may request a DSRK from the home EAP/ERP
-		    server, either in the initial EAP exchange (implicit
-		    bootstrapping) or in an ERP bootstrapping exchange
-		    (explicit bootstrapping). This is done by including the
-		    EAP-DSRK-Request AVP in the Diameter EAP Request (DER) message.
-		    The EAP-DSRK-Request AVP contains the domain or server
-		    identity required to derive the DSRK.</t>
-
-		<!--
-		<t>An EAP/ER server MAY send the DSRK when it receives a valid Diameter EAP-Request
-		    message containing an EAP-DSRK-Request AVP. An EAP/ER server MUST send the DSRK (or
-                    send a failure result) when it receives a valid Diameter EAP-Request message
-                    containing an EAP-DSRK-Request AVP along with a valid EAP-Initiate/Re-auth
-                    packet with the bootstrapping flag turned on. If an EAP-DSRK-Request AVP is
-                    included in any other Diameter EAP Request message, the Diameter server MUST
-                    reply with a failure result. An EAP-DSRK AVP MUST be used to send a DSRK; an
-                    EAP-DSRK-Name AVP MUST be used to send the DSRK's keyname; and an
-                    EAP-DSRK-Lifetime AVP MUST be used to send the DSRK's lifetime.</t>
-		-->
-
-		<t> In successful case, the DSRK is carried by the EAP-DSRK AVP
-		    in the Diameter EAP Answer (DEA) message. Along with the
-		    EAP-DSRK AVP, an EAP-DSRK-Name AVP MUST be used to send the
-		    DSRK's keyname and an EAP-DSRK-Lifetime AVP MUST be used to
-		    send the DSRK's lifetime. (Editor's Note: add a figure ?).</t>
-
-
-            </section>
-        </section>
-
-        <section title="Command Codes">
-
-	    <t> This document re-uses the EAP application commands <xref
-		    target="RFC4072"/> and does not define new command
-		codes.</t>
-
-	    <!--
-            <t>
-                <figure anchor="cmd" title="ERP Command Codes">
-                    <artwork><![CDATA[
-Command-Name             Abbrev.   Code     Reference  Application
-
-Diameter-EAP-Request      DER       268      RFC 4072   EAP
-Diameter-EAP-Answer       DEA       268      RFC 4072   EAP
-]]></artwork>
-                </figure>
-            </t>
-
-            <t>Re-Auth-Request (RAR) may trigger ERP.</t>
-            <t>Session-Termination-Request
-                (STR), Session-Termination-Answer (STA), Abort-Session-Request (ASR),
-                Abort-Session-Answer (ASA), Accounting-Request (ACR), and Accounting-Answer (ACA)
-                commands are used together with Diameter ERP, they follow the rules in the Diameter
-                EAP application <xref target="RFC4072"/> and the Diameter Base specification <xref
-                    target="RFC3588"/>. The accounting commands use the Application Identifier value
-                of 3 (Diameter Base Accounting); the others use 0 (Diameter Common Messages). </t>
-
-            <section title="Diameter-EAP-Request (DER)">
-
-                <t>The Diameter-EAP-Request (DER) message <xref target="RFC4072"/>, indicated by the
-                    Command- Code field set to 268 and the 'R' bit set in the Command Flags field,
-                    is sent by the NAS to the Diameter server to initiate a network access
-                    authentication and authorization procedure.</t>
-
-                <t>The DEA message format is the same as defined in <xref target="RFC4072"/> with an
-                    addition of optional EAP Re-authentication Protocol (ERP) AVPs. The addition of
-                    the EAP-DSRK-Request AVP to the Diameter-EAP-Request message indicates that an
-                    ERP server is present and willing to participate in the ERP protocol for this
-                    session. Furthermore, the EAP-DSRK-Request AVP provides identity information
-                    about the domain of the ERP server. </t>
-                <t>
-                    <figure>
-                        <artwork><![CDATA[
-  <Diameter-EAP-Request> ::= < Diameter Header: 268, REQ, PXY >
-                             < Session-Id >
-                             { Auth-Application-Id }
-                             { Origin-Host }
-                             { Origin-Realm }
-                             { Destination-Realm }
-                             { Auth-Request-Type }
-
-                             [ EAP-DSRK-Request ]
-
-                             [ User-Name ]
-                             [ Destination-Host ]
-                             ...
-                           * [ AVP ]
-                    ]]></artwork>
-                    </figure>
-                </t>
-            </section>
-            <section title="Diameter-EAP-Answer (DEA)">
-                <t>The Diameter-EAP-Answer (DEA) message defined in <xref target="RFC4072"/>,
-                    indicated by the Command-Code field set to 268 and 'R' bit cleared in the
-                    Command Flags field, is sent in response to the Diameter-EAP-Request message
-                    (DER). </t>
-                <t>The DEA message format is the same as defined in <xref target="RFC4072"/> with an
-                    addition of optional EAP Re-authentication Protocol (ERP) AVPs. The addition of
-                    the EAP-DSRK, EAP-DSRK-Name and the EAP-DSRK-Lifetime AVP to the
-                    Diameter-EAP-Answer message indicates that an Diameter / ER server is able to
-                    provide ERP support for this session and delivers keying material, lifetime and
-                    a key name. </t>
-                <t>
-                    <figure>
-                        <artwork><![CDATA[
-  <Diameter-EAP-Answer> ::= < Diameter Header: 268, PXY >
-                            < Session-Id >
-                            { Auth-Application-Id }
-                            { Auth-Request-Type }
-                            { Result-Code }
-                            { Origin-Host }
-                            { Origin-Realm }
-
-                            [ EAP-DSRK ]
-                            [ EAP-DSRK-Name ]
-                            [ EAP-DSRK-Lifetime ] 
-
-                            [ User-Name ]
-                            ...
-                          * [ AVP ]                                     
-                    ]]></artwork>
-                    </figure>
-                </t>
-	    
-	    </section>
-	    -->
-
-        </section>
-        <!-- ====================================================================== -->
-
-        <section title="Attribute Value Pair Definitions">
-
-	    <t>This section defines new AVPs for the ERP support within
-		Diameter EAP Application.
-	    </t>
-
-            <section title="EAP-DSRK-Request AVP">
-
-		<t>The EAP-DSRK Request AVP (AVP Code TBD) is of type
-		    DiameterIdentity. This AVP fulfills two purposes: first, it
-		    indicates that a ERP server is located in the local domain
-		    that is willing to play the role of an ERP server for a
-		    particular session. Second, it conveys information about
-		    the domain name <!--and ER server identity--> to the
-		    Diameter/EAP/ERP server. (Editor's Note: it is FFS if
-		    DiameterIdentity is the correct type).</t>
-
-            </section>
-
-            <section title="EAP-DSRK AVP">
-
-		<t>The EAP-DSRK AVP (AVP Code TBD) is of type OctetString. This
-		    AVP contains keying material to be used by the visited
-		    domain (i.e. the DSRK). Exactly how this keying material is
-		    derived is beyond the scope of this document.</t>
-
-            </section>
-
-            <section title="EAP-DSRK-Name AVP">
-
-		<t>The EAP-DSRK-Name AVP (AVP Code TBD) is of type OctetString.
-		    This AVP contains the EMSKname which identifies the keying
-		    material. How this name is derived is beyond the scope
-		    of this document and defined in <xref
-			target="RFC5295"/>.</t>
-
-	    </section>
-
-            <section title="EAP-DSRK-Lifetime AVP">
-
-		<t>The EAP-DSRK-Lifetime AVP (AVP Code TBD) is of type
-		    Unsigned64 and contains the DSRK lifetime in
-		    seconds. (Editor's Note: it is FFS if Unsigned32 is not
-		    sufficient). (Editor's Note: it is FFS default value)</t>
-
-            </section>
-
-        </section>
-
-
-        <!-- ====================================================================== -->
-        <section title="AVP Occurrence Table">
-
-            <t>The following table lists the AVPs that may optionally be present in the DER and DEA
-                commands <xref target="RFC4072"/>. </t>
-
-            <t>
-                <figure anchor="naspavptable"
-                    title="DER and
-                        DEA Commands AVP Table">
-                    <artwork><![CDATA[
-                                +---------------+
-                                |  Command-Code | 
-                                +-+-----+-----+-+
-   Attribute Name                 | DER | DEA |
-   -------------------------------|-----+-----+
-   EAP-DSRK-Request               | 0-1 |  0  |
-   EAP-DSRK                       |  0  | 0-1 |
-   EAP-DSRK-Name                  |  0  | 0-1 |
-   EAP-DSRK-Lifetime              |  0  | 0-1 |
-                                  +-----+-----+
-                  ]]></artwork>
-                </figure>
-            </t>
-
-	    <t>When the EAP-DSRK AVP is present in the DEA then the
-		EAP-DSRK-Name and the EAP-DSRK-Lifetime MUST also be
-		present.</t>
-
-        </section>
-
-        <section title="AVP Flag Rules">
-
-	    <t>The following table describes the Diameter AVPs, their AVP Code
-		values, types, possible flag values, and whether the AVP MAY be
-		encrypted. The Diameter base <xref target="RFC3588"/> specifies
-		the AVP Flag rules for AVPs in Section 4.5. </t>
-
-            <t>
-                <figure anchor="flagstable" title="AVP Flag Rules Table">
-                    <artwork><![CDATA[
-                                          +---------------------+
-                                          |    AVP Flag Rules   |
-                                          +----+-----+----+-----+----+
-                   AVP  Section           |    |     |SHLD|MUST |    |
-Attribute Name     Code Defined Data Type |MUST| MAY |NOT |NOT  |Encr|
-------------------------------------------+----+-----+----+-----+----+
-EAP-DSRK-Request   TBD  4.7.1  DiamIdent  |    |  P  |    | V,M | Y  |
-EAP-DSRK           TBD  4.7.2  OctetString|    |  P  |    | V,M | Y  |
-EAP-DSRK-Name      TBD  4.7.3  OctetString|    |  P  |    | V,M | Y  |
-EAP-DSRK-Lifetime  TBD  4.7.4  Unsigned64 |    |  P  |    | V,M | Y  |
-------------------------------------------+----+-----+----+-----+----+
-
-Due to space constraints, the short form DiamIdent is used to
-represent DiameterIdentity.
-                        ]]></artwork>
-                </figure>
-            </t>
-        </section>
-
-        <!-- ====================================================================== -->
-
-        <section title="Security Considerations" anchor="SecCons">
-
-	    <t>The security considerations specified in RFC 4072 <xref
-		    target="RFC4072"/>, and RFC 3588 <xref target="RFC3588"/>
-		are applicable to this document. </t>
-
-	    <t>EAP channel bindings may be necessary to ensure that the
-		Diameter client and the server are in sync regarding the key
-		Requesting Entity's Identity. Specifically, the Requesting
-		Entity advertises its identity through the EAP lower layer, and
-		the user or the EAP peer communicates that identity to the EAP
-		server (and the EAP server communicates that identity to the
-		Diameter server) via the EAP method for user/peer to server
-		verification of the Requesting Entity's Identity. </t>
-
-	</section>
-
-        <!-- ====================================================================== -->
-
-        <section title="IANA Considerations" anchor="ianaCons">
-
-            <t>This document requires IANA registration of the following new AVPs to the AVP
-                registry established by RFC 3588 <xref target="RFC3588"/>: <list style="symbols">
-                    <t>EAP-DSRK-Request</t>
-                    <t>EAP-DSRK</t>
-                    <t>EAP-DSRK-Name</t>
-                    <t>EAP-DSRK-Lifetime</t>
-                </list>
-            </t>
-
-        </section>
-
-        <section title="Acknowledgments" anchor="ack">
-
-	    <t>Vidya Narayanan reviewed a rough draft version and found some
-		errors. Many thanks for her input.</t>
-
-        </section>
-    </middle>
-
-    <back>
-
-        <references title="Normative References"> &rfc2119; &rfc3588; 
-            &rfc4072; &rfc5296; </references>
-
-        <references title="Informative References"> &rfc3748; &rfc5295;
-            </references>
-    </back>
-</rfc>
diff -r 6ac9daa8c775 -r 9d8dd59747f4 draft-ietf-dime-erp-06.xml
--- a/draft-ietf-dime-erp-06.xml	Mon Oct 25 17:07:09 2010 +0900
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,723 +0,0 @@
-<?xml version="1.0" encoding="US-ASCII"?>
-<!DOCTYPE rfc SYSTEM "rfc2629.dtd" [
-<!ENTITY RFC2119 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.2119.xml">
-<!ENTITY RFC3748 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.3748.xml">
-<!ENTITY RFC3588 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.3588.xml">
-<!ENTITY RFC4072 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.4072.xml">
-<!ENTITY RFC5247 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.5247.xml">
-<!ENTITY RFC5295 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.5295.xml">
-<!ENTITY RFC5296 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.5296.xml">
-<!ENTITY I-D.ietf-dime-local-keytran SYSTEM "http://xml.resource.org/public/rfc/bibxml3/reference.I-D.draft-ietf-dime-local-keytran-08.xml">
-]>
-<?xml-stylesheet type='text/xsl' href='rfc2629.xslt' ?>
-<?rfc strict="yes"?>
-<?rfc comments="no"?>
-<?rfc inline="yes"?>
-<?rfc editing="no"?>
-<?rfc toc="yes"?>
-<?rfc tocompact="yes"?>
-<?rfc tocdepth="3"?>
-<?rfc symrefs="yes"?>
-<?rfc sortrefs="yes"?>
-<?rfc compact="yes"?>
-<?rfc subcompact="no"?>
-<?rfc rfcedstyle="yes"?>
-<?rfc rfcprocack="no"?>
-<?rfc tocindent="yes"?>
-<rfc category="std" docName="draft-ietf-dime-erp-06.txt" ipr="trust200902">
-  <front>
-    <title abbrev="Diameter ERP Application">Diameter Support for the EAP
-    Re-authentication Protocol (ERP)</title>
-
-    <author fullname="Julien Bournelle" initials="J." surname="Bournelle">
-      <organization abbrev="Orange Labs">Orange Labs</organization>
-
-      <address>
-        <postal>
-          <street>38-40 rue du general Leclerc</street>
-
-          <city>Issy-Les-Moulineaux</city>
-
-          <code>92794</code>
-
-          <country>France</country>
-        </postal>
-
-        <email>julien.bournelle@orange-ftgroup.com</email>
-      </address>
-    </author>
-
-    <author fullname="Lionel Morand" initials="L." surname="Morand">
-      <organization abbrev="Orange Labs">Orange Labs</organization>
-
-      <address>
-        <postal>
-          <street>38-40 rue du general Leclerc</street>
-
-          <city>Issy-Les-Moulineaux</city>
-
-          <code>92794</code>
-
-          <country>France</country>
-        </postal>
-
-        <email>lionel.morand@orange-ftgroup.com</email>
-      </address>
-    </author>
-
-    <author fullname="Sebastien Decugis" initials="S." role="editor"
-            surname="Decugis">
-      <organization abbrev="NICT">NICT</organization>
-
-      <address>
-        <postal>
-          <street>4-2-1 Nukui-Kitamachi</street>
-
-          <city>Tokyo</city>
-
-          <code>184-8795</code>
-
-          <country>Koganei, Japan</country>
-        </postal>
-
-        <email>sdecugis@nict.go.jp</email>
-      </address>
-    </author>
-
-    <author fullname="Qin Wu" initials="Q." surname="Wu">
-      <organization abbrev="Huawei">Huawei Technologies Co.,
-      Ltd</organization>
-
-      <address>
-        <postal>
-          <street>Site B, Floor 12F, Huihong Mansion, No.91 Baixia
-          Rd.</street>
-
-          <city>Nanjing</city>
-
-          <code>210001</code>
-
-          <country>China</country>
-        </postal>
-
-        <email>sunseawq@huawei.com</email>
-      </address>
-    </author>
-
-    <author fullname="Glen Zorn" initials="G." role="editor" surname="Zorn">
-      <organization>Network Zen</organization>
-
-      <address>
-        <postal>
-          <street>1463 East Republican Street</street>
-
-          <city>Seattle</city>
-
-          <region>Washington</region>
-
-          <code>98112</code>
-
-          <country>USA</country>
-        </postal>
-
-        <phone>+1 206 931 0768</phone>
-
-        <email>gwz@net-zen.net</email>
-      </address>
-    </author>
-
-    <date year="2010" />
-
-    <area>Operations &amp; Management</area>
-
-    <keyword>Internet-Draft</keyword>
-
-    <keyword>EAP</keyword>
-
-    <keyword>Diameter</keyword>
-
-    <keyword>Re-authentication</keyword>
-
-    <keyword>AAA</keyword>
-
-    <keyword>inter-authenticator roaming</keyword>
-
-    <abstract>
-      <t>The EAP Re-authentication Protocol (ERP) defines extensions to the
-      Extensible Authentication Protocol (EAP) to support efficient
-      re-authentication between the peer and an EAP Re-authentication (ER)
-      server through a compatible authenticator. This document specifies
-      Diameter support for ERP. It defines a new Diameter ERP application to
-      transport ERP messages between an ER authenticator and the ER server,
-      and a set of new AVPs that can be used to transport the cryptographic
-      material needed by the re-authentication server.</t>
-    </abstract>
-  </front>
-
-  <middle>
-    <section anchor="Introduction" title="Introduction">
-      <t><xref target="RFC5296">RFC 5296</xref> defines the EAP
-      Re-authentication Protocol (ERP). It consists of the following steps:
-      <list style="hanging">
-          <t hangText="Bootstrapping"><vspace blankLines="0" /> A root key for
-          re-authentication is derived from the Extended Master Session Key
-          (EMSK) created during EAP authentication <xref
-          target="RFC5295"></xref>. This root key is transported from the EAP
-          server to the ER server.</t>
-
-          <t hangText="Re-authentication"><vspace blankLines="0" /> A
-          one-round-trip exchange between the peer and the ER server,
-          resulting in mutual authentication. To support the EAP
-          reauthentication functionality, ERP defines two new EAP codes -
-          EAP-Initiate and EAP-Finish.</t>
-        </list> This document defines how Diameter transports the ERP messages
-      during the re-authentication process. For this purpose, we define a new
-      Application Identifier for ERP, and re-use the Diameter EAP commands
-      (DER/DEA). <vspace blankLines="1" /> This document also discusses the
-      distribution of the root key during bootstrapping, in conjunction with
-      either the initial EAP authentication (implicit bootstrapping) or the
-      first ERP exchange (explicit bootstrapping). Security considerations for
-      this key distribution are detailed in <xref target="RFC5295">RFC
-      5295</xref>.</t>
-    </section>
-
-    <section title="Terminology">
-      <t>This document uses terminology defined in <xref target="RFC3748">RFC
-      3748</xref>, <xref target="RFC5295">RFC 5295</xref>, <xref
-      target="RFC5296">RFC 5296</xref>, and <xref target="RFC4072">RFC
-      4072</xref>. <vspace blankLines="1" /> "Root key" (RK) or "bootstrapping
-      material" refer to the rRK or rDSRK derived from an EMSK, depending on
-      the location of the ER server in home or foreign domain. <vspace
-      blankLines="1" /> We use the notation "ERP/DER" and "ERP/DEA" in this
-      document to refer to Diameter-EAP-Request and Diameter-EAP-Answer
-      commands with the Application Id set to "Diameter ERP Application" <xref
-      target="IANA_AppId"></xref>; the same commands are denoted "EAP/DER" and
-      "EAP/DEA" when the Application Id in the message is set to "Diameter EAP
-      Application" <xref target="RFC4072"></xref>.</t>
-
-      <section title="Requirements Language">
-        <t>The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
-        "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
-        document are to be interpreted as described in <xref
-        target="RFC2119"></xref>.</t>
-      </section>
-    </section>
-
-    <section title="Assumptions">
-      <t>This document assumes the existence of at most one logical ER server
-      entity in a domain. If several physical servers are deployed for
-      robustness, a replication mechanism must be deployed to synchronize the
-      ERP states (root keys) between these servers. This replication mechanism
-      is out of the scope of this document. If multiple ER servers are
-      deployed in the domain, we assume that they can be used
-      interchangeably.</t>
-    </section>
-
-    <section anchor="Overview" title="Protocol Overview">
-      <t>The following figure shows the components involved in ERP, and their
-      interactions. <figure align="center" anchor="Fig-Overview"
-          title="Diameter ERP Overview">
-          <artwork><![CDATA[
-                        Diameter                    +--------+
-        +-------------+   ERP   +-----------+  (*)  |  Home  |
-Peer <->|Authenticator|<=======>| ER server | <---> |  EAP   |
-        +-------------+         +-----------+       | server |
-                                                    +--------+
-(*) Diameter EAP application, explicit bootstrapping scenario only.
-]]></artwork>
-        </figure> The ER server is located either in the home domain (same as
-      EAP server) or in the visited domain (same as authenticator, when it
-      differs from the home domain). <vspace blankLines="1" /> When the peer
-      initiates an ERP exchange, the authenticator creates a
-      Diameter-EAP-Request message <xref target="RFC4072"></xref>. The
-      Application Id of the message is set to that of the Diameter ERP
-      application (code: TBD) in the message. The generation of the ERP/DER
-      message is detailed in <xref target="Re-authentication"></xref>. <vspace
-      blankLines="1" /> If there is an ER server in the same domain as the
-      authenticator (local domain), Diameter routing must be configured so
-      that this ERP/DER message reachs this server, even if the
-      Destination-Realm is not the local domain. <vspace blankLines="1" /> If
-      there is no local ER server, the message is routed according to its
-      Destination-Realm AVP content, extracted from the realm component of the
-      keyName-NAI attribute. As specified in <xref target="RFC5296">RFC
-      5296</xref>, this realm is the home domain of the peer in case of a
-      bootstrapping exchange (the 'B' flag is set in the ERP message) or the
-      domain of the bootstrapped ER server otherwise. <vspace
-      blankLines="1" /> If no ER server is available in the home domain
-      either, the ERP/DER message cannot be delivered, and an error
-      DIAMETER_UNABLE_TO_DELIVER is generated <xref target="RFC3588"></xref>
-      and returned to the authenticator. The authenticator may cache this
-      information (with limited duration) to avoid further attempts for ERP
-      with this realm. It may also fallback to full EAP authentication to
-      authenticate the peer. <vspace blankLines="1" /> When an ER server
-      receives the ERP/DER message, it searches its local database for a root
-      key matching the keyName part of the User-Name AVP. If such key is
-      found, the ER server processes the ERP message as described in <xref
-      target="RFC5296">RFC 5296</xref> then creates the ERP/DEA answer as
-      described in <xref target="Re-authentication"></xref>. The rMSK is
-      included in this answer. <vspace blankLines="1" /> Finally, the
-      authenticator extracts the rMSK from the ERP/DEA as described in <xref
-      target="RFC5296">RFC 5296</xref>, and forwards the content of the
-      EAP-Payload AVP, the EAP-Finish/Re-Auth message, to the peer. <vspace
-      blankLines="1" /> If the EAP-Initiate/Re-Auth message has its 'B' flag
-      set (Bootstrapping exchange), the ER server should not possess the root
-      key in its local database. In this case, the ER server acts as a proxy,
-      and forwards the message to the home EAP server after changing its
-      Application Id to Diameter EAP and adding the ERP-RK-Request AVP to
-      request the root key. See <xref target="Bootstrapping"></xref> for more
-      detail on this process.</t>
-    </section>
-
-    <section anchor="Bootstrapping" title="Bootstrapping the ER Server">
-      <t>The bootstrapping process involves the home EAP server and the ER
-      server, but also impacts the peer and the authenticator. In ERP, the
-      peer must derive the same keying material as the ER server. To achieve
-      this, it must learn the domain name of the ER server. How this
-      information is acquired is outside the scope of this specification, but
-      it may involves that the authenticator is configured to advertize this
-      domain name, especially in the case of re-authentication after a
-      handover. <vspace blankLines="1" /> The bootstrapping of an ER server
-      with a given root key happens either during the initial EAP
-      authentication of the peer when the EMSK -- from which the root key is
-      derived -- is created, during the first re-authentication, or sometime
-      between those events. We only consider the first two possibilities in
-      this specification, in the following sub-sections.</t>
-
-      <section title="Bootstrapping During the Initial EAP authentication">
-        <t>Bootstrapping the ER server during the initial EAP authentication
-        (also known as implicit bootstrapping) offers the advantage that the
-        server is immediatly available for re-authentication of the peer, thus
-        minimizing re-authentication delay. On the other hand, it is possible
-        that only a small number of peers will use re-authentication in the
-        visited domain. Deriving and caching key material for all the peers
-        (for example, for the peers that do not support ERP) is a waste of
-        resources and should be avoided. <vspace blankLines="1" /> To achieve
-        implicit bootstrapping, the ER server acts as a Diameter EAP Proxy,
-        and Diameter routing must be configured so that Diameter EAP
-        application messages are routed through this proxy. The figure bellow
-        illustrates this mechanism. <figure align="center" anchor="Implict"
-            title="ERP Bootstrapping During Full EAP Authentication">
-            <artwork><![CDATA[
-                         ER server &
-Authenticator             EAP Proxy               Home EAP server
-=============            ===========              ===============
-     ------------------------->
-         Diameter EAP/DER
-          (EAP-Response)
-                               ------------------------->
-                                  Diameter EAP/DER
-                                   (EAP-Response)
-                                  (ERP-RK-Request)
-
-     <==================================================>
-        Multi-round Diameter EAP exchanges, unmodified
-
-                               <-------------------------
-                                   Diameter EAP/DEA
-                                    (EAP-Success)
-                                        (MSK)
-                                   (Key AVP (rRK))
-     <-------------------------
-         Diameter EAP/DEA
-           (EAP-Success)
-               (MSK)
-           [ ERP-Realm ]
-]]></artwork>
-          </figure> The ER server proxies the first DER of the full EAP
-        authentication and adds the ERP-RK-Request AVP inside, if this AVP is
-        not already in the message (which might happen if there are several ER
-        servers on the path), then forwards the request. <vspace
-        blankLines="1" /> If the EAP server does not support the ERP
-        extensions, it simply ignores the ERP-RK-Request AVP and continues as
-        specified in <xref target="RFC4072">RFC 4072</xref>. If the server
-        supports the ERP extensions, it saves the value of the ERP-Realm AVP
-        found inside the ERP-RK-Request AVP, and continues with the EAP
-        authentication. When the authentication completes, if it is successful
-        and the EAP method has generated an EMSK, the server MUST derive the
-        rRK as specified in <xref target="RFC5296">RFC 5296</xref>, using the
-        saved domain name. It then includes the rRK inside a Key AVP <xref
-        target="KAVP"></xref> with the Key-Type AVP set to rRK, before sending
-        the DEA as usual.<vspace blankLines="1" /> When the ER server proxies
-        a Diameter-EAP-Answer message with a Session-Id corresponding to a
-        message to which it added an ERP-RK-Request AVP, and the Result-Code
-        is DIAMETER_SUCCESS, it MUST examine the message and save and remove
-        any Key AVP <xref target="KAVP"></xref> with Key-Type AVP set to rRK.
-        If the message does not contain such Key AVP, the ER server may cache
-        the information that ERP is not possible for this session to avoid
-        possible subsequent attempts. In any case, the information stored in
-        ER server concerning a session should not have a lifetime greater than
-        the EMSK for this session. <vspace blankLines="1" /> If the ER server
-        is successfully bootstrapped, it should also add the ERP-Realm AVP
-        after removing the Key AVP with Key-Type of rRK in the EAP/DEA
-        message. This ERP-Realm information can be used by the authenticator
-        to notify the peer that ER server is bootstrapped, and for which
-        domain. How this information can be transmitted to the peer is outside
-        the scope of this document. This information needs to be sent to the
-        peer if both implicit and explicit bootstrapping mechanisms are
-        possible, because the ERP message and the root key used for protecting
-        this message are different in bootstrapping exchanges and
-        non-bootstrapping exchanges.</t>
-      </section>
-
-      <section title="Bootstrapping During the First Re-authentication">
-        <t>Bootstrapping the ER server during the first re-authentication
-        (also known as explicit bootstrapping) is less resource-consuming,
-        since root keys are generated and cached only when needed. On the
-        other hand, in that case first re-authentication requires a
-        one-round-trip exchange with the home EAP server, which is less
-        efficient than the implicit bootstrapping scenario. <vspace
-        blankLines="1" /> The ER server receives the ERP/DER message
-        containing the EAP-Initiate/Re-Auth message with the 'B' flag set. It
-        proxies this message, and performs the following processing in
-        addition to standard proxy operations: <list>
-            <t>Changes the Application Id in the header of the message to
-            Diameter EAP Application (code 5).</t>
-
-            <t>Change the content of Application-Auth-Id accordingly. <list
-                style="hanging">
-                <t hangText="QUESTION:"><vspace blankLines="0" /> Is it better
-                to leave it unmodified, so that the server can easily
-                differenciate between ERP and standard EAP message ?</t>
-              </list></t>
-
-            <t>Add the ERP-RK-Request AVP, which contains the name of the
-            domain where the ER server is located.</t>
-
-            <t><list style="hanging">
-                <t hangText="PROBLEM:"><vspace blankLines="0" /> Add the
-                Destination-Host AVP to reach the appropriate Diameter EAP
-                server in case there is more than one in destination domain,
-                the one with the EMSK. How does the ER server know this
-                information? Or can we require that all Diameter EAP servers
-                can be used interchangeably for this purpose?</t>
-              </list></t>
-          </list> Then the proxied EAP/DER request is sent and routed to the
-        home Diameter EAP server. <vspace blankLines="1" /> If the home EAP
-        server does not support the ERP extensions, it replies with an error
-        since the encapsulated EAP-Initiate/Re-auth command is not understood.
-        Otherwise, it processes the ERP request as described in <xref
-        target="RFC5296"></xref>. In particular, it includes the Domain-Name
-        TLV attribute with the content from the ERP-Realm AVP. It creates the
-        EAP/DEA reply message <xref target="RFC4072"></xref>. including an
-        instance of the Key AVP <xref target="KAVP"></xref> with Key-Type AVP
-        set to rRK. <vspace blankLines="1" /> The ER server receives this
-        EAP/DEA and proxies it as follows, in addition to standard proxy
-        operations: <list>
-            <t>Set the Application Id back to Diameter ERP application Id
-            (code TBD)</t>
-
-            <t>Extract and cache the content of the Key AVP with Key-Type set
-            to rRK, as described in implicit scenario.</t>
-          </list> The ERP/DEA message is then forwarded to the authenticator,
-        that can use the rMSK as described in <xref target="RFC5296">RFC
-        5296</xref>. <vspace blankLines="1" /> The figure below captures this
-        proxy behavior: <figure align="center" anchor="FigExplicit"
-            title="ERP Explicit Bootstrapping Message Flow">
-            <artwork><![CDATA[
-Authenticator            ER server             Home EAP server
-=============            =========             ===============
-      ----------------------->
-          Diameter ERP/DER
-           (EAP-Initiate)
-                              ------------------------>
-                                    Diameter EAP/DER
-                                     (EAP-Initiate)
-                                    (ERP-RK-Request)
-
-                              <------------------------
-                                    Diameter EAP/DEA
-                                      (EAP-Finish)
-                                    (Key AVP (rRK))
-                                    (Key AVP (rMSK))
-      <----------------------
-          Diameter ERP/DEA
-            (EAP-Finish)
-          (Key AVP (rMSK))
-]]></artwork>
-          </figure></t>
-      </section>
-    </section>
-
-    <section anchor="Re-authentication" title="Re-Authentication">
-      <t>This section describes in detail a re-authentication exchange with an
-      ER server that was previously bootstrapped. The following figure
-      summarizes the re-authentication exchange. <figure align="center"
-          anchor="FigReauth" title="Diameter ERP Re-authentication Exchange">
-          <artwork><![CDATA[
-                                                      ER server
- Peer                 Authenticator                (bootstrapped)
- ====                 =============            ======================
- [ <------------------------          ]               
- [optional EAP-Initiate/Re-auth-start,] 
- [  possibly with ERP domain name     ]
-
-   ----------------------->
-     EAP-Initiate/Re-auth
-                           ===============================>
-                              Diameter ERP, cmd code DER
-                                User-Name: Keyname-NAI
-                           EAP-Payload: EAP-Initiate/Re-auth
- 
-                           <===============================
-                              Diameter ERP, cmd code DEA
-                            EAP-Payload: EAP-Finish/Re-auth
-                                     Key AVP: rMSK
-    <----------------------
-      EAP-Finish/Re-auth
-]]></artwork>
-        </figure> The peer sends an EAP-Initiate/Re-auth message to the ER
-      server via the authenticator. Alternatively, the authenticator may send
-      an EAP-Initiate/Re-auth-Start message to the peer to trigger the
-      mechanism. In this case, the peer responds with an EAP-Initiate/Re-auth
-      message. <vspace blankLines="1" /> If the authenticator does not support
-      ERP (pure <xref target="RFC4072">Diameter EAP</xref> support), it
-      discards the EAP packets with an unknown ERP-specific code
-      (EAP-Initiate). The peer should fallback to full EAP authentication in
-      this case. <vspace blankLines="1" /> When the authenticator receives an
-      EAP-Initiate/Re-auth message from the peer, it processes as described in
-      <xref target="RFC5296"></xref> with regards to the EAP state machine. It
-      creates a Diameter EAP Request message following the general process of
-      <xref target="RFC4072">Diameter EAP</xref>, with the following
-      differences: <list>
-          <t>The Application Id in the header is set to Diameter ERP (code
-          TBD).</t>
-
-          <t>The value in Auth-Application-Id AVP is also set to Diameter ERP
-          Application.</t>
-
-          <t>The keyName-NAI attribute from ERP message is used to create the
-          content of User-Name AVP and Destination-Realm AVP.</t>
-
-          <t><list style="hanging">
-              <t hangText="FFS:"><vspace blankLines="0" /> What about
-              Session-ID AVP ?</t>
-            </list></t>
-
-          <t>The Auth-Request-Type AVP content is set to [Editor's note: FFS
-          -- cf. open issues].</t>
-
-          <t>The EAP-Payload AVP contains the EAP-Initiate/Re-Auth
-          message.</t>
-        </list> Then this ERP/DER message is sent as described in <xref
-      target="Overview"></xref>. <vspace blankLines="1" /> The ER server
-      receives and processes this request as described in <xref
-      target="Overview"></xref>. It then creates an ERP/DEA message following
-      the general processing described in <xref target="RFC4072">RFC
-      4072</xref>, with the following differences: <list>
-          <t>The Application Id in the header is set to Diameter ERP (code
-          TBD).</t>
-
-          <t>The value of the Auth-Application-Id AVP is also set to Diameter
-          ERP Application.</t>
-
-          <t>The EAP-Payload AVP contains the EAP-Finish/Re-auth message.</t>
-
-          <t>In case of successful authentication, an instance of the Key AVP
-          containing the Re-authentication Master Session Key (rMSK) derived
-          by ERP is included.</t>
-        </list> When the authenticator receives this ERP/DEA answer, it
-      processes it as described in <xref target="RFC4072">Diameter EAP</xref>
-      and <xref target="RFC5296">RFC 5296</xref>: the content of EAP-Payload
-      AVP content is forwarded to the peer, and the contents of the
-      Keying-Material AVP <xref target="I-D.ietf-dime-local-keytran"></xref>
-      is used as a shared secret for Secure Association Protocol.</t>
-    </section>
-
-    <section anchor="ApplicationId" title="Application Id">
-      <t>We define a new Diameter application in this document, Diameter ERP
-      Application, with an Application Id value of TBD. Diameter nodes
-      conforming to this specification in the role of ER server MUST advertise
-      support by including an Auth-Application-Id AVP with a value of Diameter
-      ERP Application in the of the Capabilities-Exchange-Request and
-      Capabilities-Exchange-Answer commands <xref target="RFC3588"></xref>.
-      <vspace blankLines="1" /> The primary use of the Diameter ERP
-      Application Id is to ensure proper routing of the messages, and that the
-      nodes that advertise the support for this application do understand the
-      new AVPs defined in <xref target="AVPs"></xref>, although these AVP have
-      the 'M' flag cleared.</t>
-    </section>
-
-    <section anchor="AVPs" title="AVPs">
-      <t>This section discusses the AVPs used by the Diameter ERP
-      application.</t>
-
-      <section title="ERP-RK-Request AVP">
-        <t>The ERP-RK-Request AVP (AVP Code TBD) is of type grouped AVP. This
-        AVP is used by the ER server to indicate its willingness to act as ER
-        server for a particular session. <vspace blankLines="1" /> This AVP
-        has the M and V bits cleared. <figure align="center" anchor="ERRABNF"
-            title="ERP-RK-Request ABNF">
-            <artwork><![CDATA[
-      ERP-RK-Request ::= < AVP Header: TBD >
-                         { ERP-Realm }
-                       * [ AVP ]
-]]></artwork>
-          </figure></t>
-      </section>
-
-      <section title="ERP-Realm AVP">
-        <t>The ERP-Realm AVP (AVP Code TBD) is of type DiameterIdentity. It
-        contains the name of the realm in which the ER server is located.
-        <vspace blankLines="1" /> This AVP has the M and V bits cleared.</t>
-      </section>
-
-      <section anchor="KAVP" title="Key AVP">
-        <t>The Key AVP <xref target="I-D.ietf-dime-local-keytran"></xref> is
-        of type "Grouped" and is used to carry the rRK or rMSK and associated
-        attributes. The usage of the Key AVP and its constituent AVPs in this
-        application is specified in the following sub-sections.</t>
-
-        <section title="Key-Type AVP">
-          <t>The value of the Key-Type AVP MUST be set to 2 for rRK or 3 for
-          rMSK.</t>
-        </section>
-
-        <section title="Keying-Material AVP">
-          <t>The Keying-Material AVP contains rRK sent by the home EAP server
-          to the ER server, in answer to a request containing an
-          ERP-RK-Request AVP, or the rMSK sent by ER server to authenticator.
-          How this material is derived and used is specified in <xref
-          target="RFC5296">RFC 5296</xref>.</t>
-        </section>
-
-        <section title="Key-Name AVP">
-          <t>This AVP contains the EMSKname which identifies the keying
-          material. The derivation of this name is specified in <xref
-          target="RFC5296">RGC 5296</xref>.</t>
-        </section>
-
-        <section title="Key-Lifetime AVP">
-          <t>The Key-Lifetime AVP contains the lifetime of the keying material
-          in seconds. It MUST NOT be greater than the remaining lifetime of
-          the EMSK from which the material was derived.</t>
-        </section>
-      </section>
-    </section>
-
-    <section anchor="Issues" title="Open issues">
-      <t>This document does not address some known issues in Diameter ERP
-      mechanism. The authors would like to hear ideas about how to address
-      them. <vspace blankLines="1" /> The main issue is the use of ERP for
-      authentication after a handover of the peer to a new authenticator (or
-      different authenticator port). Diameter ERP is not meant to be a
-      mobility application. A number of issues appear when we try to do
-      handover while using Diameter ERP:<list>
-          <t>how to manage the Session-Id AVP -- is it a new session each
-          time, or do we try to reuse the same Diameter session?;</t>
-
-          <t>how does the ER authenticator acquire the Authorization AVPs? Is
-          it cached in the Diameter ER server (received during bootstrapping)
-          or do we use first Authenticate-Only with ER server, then
-          Authorize-Only with home domain (and in that case how does the ER
-          authenticator learn what the home domain is?)</t>
-
-          <t>how does the peer learn the ERP domain of the new authenticator
-          -- this is being addressed in HOKEY architecture draft;</t>
-
-          <t>how does the home server reachs the peer to for example terminate
-          the session if there is no notification sent to the home domain;</t>
-        </list><vspace blankLines="1" /> Another issue concerns the case where
-      the home realm contains several EAP servers. In multi rounds full EAP
-      authentication, the Destination-Host AVP provides the solution to reach
-      the same server across the exchanges. Only this server possess the EMSK
-      for the session. In case of explicit bootstrapping, the ER server must
-      therefore be able to reach the correct server to request the DSRK. A
-      solution might consist in saving the Origin-Host AVP of all successful
-      EAP/DEA in the ER server, which is a bit similar to the implicit
-      bootstrapping scenario described here -- only we save the server name
-      instead of the root key, and we must then be able to match the DSRK with
-      the user name. <vspace blankLines="1" />In roaming environments, it
-      might be useful that a broker provides ERP services. The security
-      implications of storing the DSRK generated for the visited domain into
-      the broker's server should be studied.<vspace blankLines="1" /> Finally,
-      this document currently lacks a description of what happens when a
-      Re-Auth-Request is received for a peer on the authenticator.</t>
-    </section>
-
-    <section anchor="Acknowledgements" title="Acknowledgements">
-      <t>Hannes Tschofenig wrote the initial draft for this document and
-      provided useful reviews. <vspace blankLines="1" /> Vidya Narayanan
-      reviewed a rough draft version of the document and found some errors.
-      <vspace blankLines="1" /> Lakshminath Dondeti contributed to the early
-      versions of the document. <vspace blankLines="1" /> Many thanks to these
-      people!</t>
-    </section>
-
-    <section anchor="IANA" title="IANA Considerations">
-      <t>This document requires IANA registration of the following new
-      elements in the <eref
-      target="http://www.iana.org/assignments/aaa-parameters/">Authentication,
-      Authorization, and Accounting (AAA) Parameters</eref> registries.</t>
-
-      <section anchor="IANA_AppId" title="Diameter Application Identifier">
-        <t>This specification requires IANA to allocate a new value "Diameter
-        ERP" in the "Application IDs" registry <xref target="RFC3588"> using
-        the policy specified in Section 11.3 of RFC 3588</xref>.</t>
-      </section>
-
-      <section anchor="IANA_AVP" title="New AVPs">
-        <t>This specification requires IANA to allocate new values from the
-        "AVP Codes" registry <xref target="RFC3588">according to the policy
-        specified in Section 11.1 of RFC 3588</xref> for the following AVPs:
-        <list>
-            <t>ERP-RK-Request</t>
-
-            <t>ERP-Realm</t>
-          </list>These AVPs are defined in <xref target="AVPs"></xref>.</t>
-      </section>
-    </section>
-
-    <section anchor="Security" title="Security Considerations">
-      <t>The security considerations from the following documents also apply
-      here: <list style="symbols">
-          <t><xref target="RFC3588">RFC 3588</xref></t>
-
-          <t><xref target="RFC4072">RFC 4072</xref></t>
-
-          <t><xref target="RFC5247">RFC 5247</xref></t>
-
-          <t><xref target="RFC5295">RFC 5295</xref></t>
-
-          <t><xref target="RFC5296"></xref></t>
-        </list> <list style="hanging">
-          <t hangText="FFS:"><vspace blankLines="0" /> Do we really respect
-          these security considerations with the mechanism we describe here?
-          Is it safe to use ERP-RK-Request &amp; Key AVPs? What is the worst
-          case? For example if a domain tricks the peer into beliving it is
-          located in a different domain?</t>
-        </list> EAP channel bindings may be necessary to ensure that the
-      Diameter client and the server are in sync regarding the key Requesting
-      Entity's Identity. Specifically, the Requesting Entity advertises its
-      identity through the EAP lower layer, and the user or the EAP peer
-      communicates that identity to the EAP server (and the EAP server
-      communicates that identity to the Diameter server) via the EAP method
-      for user/peer to server verification of the Requesting Entity's
-      Identity. <list style="hanging">
-          <t hangText="QUESTION:"><vspace blankLines="0" /> What does this
-          paragraph actually mean?</t>
-        </list></t>
-    </section>
-  </middle>
-
-  <back>
-    <references title="Normative References">
-      &RFC2119;
-
-      &RFC3588;
-
-      &RFC4072;
-
-      &RFC5295;
-
-      &RFC5296;
-
-      &I-D.ietf-dime-local-keytran;
-
-      &RFC3748;
-    </references>
-
-    <references title="Informative References">
-      &RFC5247;
-    </references>
-  </back>
-</rfc>
diff -r 6ac9daa8c775 -r 9d8dd59747f4 draft-ietf-dime-erp.xml
--- a/draft-ietf-dime-erp.xml	Mon Oct 25 17:07:09 2010 +0900
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,888 +0,0 @@
-<?xml version="1.0" encoding="US-ASCII"?>
-<!DOCTYPE rfc SYSTEM "rfc2629.dtd" [
-<!ENTITY RFC2119 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.2119.xml">
-<!ENTITY RFC3748 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.3748.xml">
-<!ENTITY RFC3588 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.3588.xml">
-<!ENTITY RFC4072 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.4072.xml">
-<!ENTITY RFC5247 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.5247.xml">
-<!ENTITY RFC5295 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.5295.xml">
-<!ENTITY RFC5296 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.5296.xml">
-<!ENTITY I-D.ietf-dime-local-keytran SYSTEM "http://xml.resource.org/public/rfc/bibxml3/reference.I-D.draft-ietf-dime-local-keytran-02.xml">
-]>
-<?xml-stylesheet type='text/xsl' href='rfc2629.xslt' ?>
-<?rfc strict="yes"?>
-<?rfc comments="no"?>
-<?rfc inline="yes"?>
-<?rfc editing="no"?>
-<?rfc toc="yes"?>
-<?rfc tocompact="yes"?>
-<?rfc tocdepth="3"?>
-<?rfc symrefs="yes"?>
-<?rfc sortrefs="yes"?>
-<?rfc compact="yes"?>
-<?rfc subcompact="no"?>
-<?rfc rfcedstyle="yes"?>
-<?rfc rfcprocack="no"?>
-<?rfc tocindent="yes"?>
-<rfc category="std" docName="draft-ietf-dime-erp-03.txt" ipr="trust200902">
-	<front>
-		<title abbrev="Diameter support for ERP">Diameter support for the EAP Re-authentication Protocol (ERP)</title>
-
-		<author fullname="Julien Bournelle" initials="J." surname="Bournelle">
-			<organization abbrev="Orange Labs">Orange Labs</organization>
-			<address>
-				<postal>
-					<street>38-40 rue du general Leclerc</street>
-					<city>Issy-Les-Moulineaux</city>
-					<code>92794</code>
-					<country>France</country>
-				</postal>
-				<email>julien.bournelle@orange-ftgroup.com</email>
-			</address>
-		</author>
-
-		<author fullname="Lionel Morand" initials="L." surname="Morand">
-			<organization abbrev="Orange Labs">Orange Labs</organization>
-			<address>
-				<postal>
-					<street>38-40 rue du general Leclerc</street>
-					<city>Issy-Les-Moulineaux</city>
-					<code>92794</code>
-					<country>France</country>
-				</postal>
-				<email>lionel.morand@orange-ftgroup.com</email>
-			</address>
-		</author>
-
-		<author fullname="Sebastien Decugis" initials="S." role="editor" surname="Decugis">
-			<organization abbrev="NICT">NICT</organization>
-			<address>
-				<postal>
-					<street>4-2-1 Nukui-Kitamachi</street>
-					<city>Tokyo</city>
-					<code>184-8795</code>
-					<country>Koganei, Japan</country>
-				</postal>
-				<email>sdecugis@nict.go.jp</email>
-			</address>
-		</author>
-
-		<author fullname="Qin Wu" initials="Q." surname="Wu">
-			<organization abbrev="Huawei">Huawei Technologies Co., Ltd</organization>
-			<address>
-				<postal>
-					<street>Site B, Floor 12F, Huihong Mansion, No.91 Baixia Rd.</street>
-					<city>Nanjing</city>
-					<code>210001</code>
-					<country>China</country>
-				</postal>
-				<email>sunseawq@huawei.com</email>
-			</address>
-		</author>
-
-		<author fullname="Glen Zorn" initials="G." surname="Zorn" role="editor">
-			<organization>Network Zen</organization>
-			<address>
-				<postal>
-					<street>1463 East Republican Street</street>
-					<city>Seattle</city>
-					<region>Washington</region>
-					<code>98112</code>
-					<country>USA</country>
-				</postal>
-				<phone>+1 206 931 0768</phone>
-				<email>gwz@net-zen.net</email>
-			</address>
-		</author>
-
-		<date year="2010" />
-
-		<area>Operations &amp; Management</area>
-
-		<keyword>Internet-Draft</keyword>
-
-		<keyword>EAP</keyword>
-
-		<keyword>Diameter</keyword>
-
-		<keyword>Re-authentication</keyword>
-
-		<keyword>inter-authenticator roaming</keyword>
-
-		<abstract>
-			<t>
-				The EAP Re-authentication Protocol (ERP) defines extensions to the
-				Extensible Authentication Protocol (EAP) to support efficient
-				re-authentication between the peer and an EAP Re-authentication (ER)
-				server through a compatible authenticator. This document specifies
-				Diameter support for ERP. It defines a new Diameter ERP application to
-				transport ERP messages between an ER authenticator and the ER server, and a set
-				of new AVPs that can be used to transport the cryptographic material
-				needed by the re-authentication server.
-			</t>
-		</abstract>
-	</front>
-
-	<middle>
-		<section anchor="Introduction" title="Introduction">
-			<t>
-				<xref target="RFC5296">RFC 5296</xref> defines the EAP Re-authentication
-				Protocol (ERP). It consists of the following steps:
-				<list style="hanging">
-					<t hangText="Bootstrapping">
-						<vspace blankLines="0"/>
-						A root key for re-authentication is derived from
-						the Extended Master Session Key (EMSK) created during EAP
-						authentication <xref target="RFC5295"></xref>. 
-						This root key is transported from the EAP server to the ER server.
-					</t>
-					<t hangText="Re-authentication">
-						<vspace blankLines="0"/>
-						A one-round-trip exchange between the peer and
-						the ER server, resulting in mutual authentication. To support the
-						EAP reauthentication functionality, ERP defines two new EAP codes -
-						EAP-Initiate and EAP-Finish.
-					</t>
-				</list>
-				This document defines how Diameter transports the ERP messages
-				during the re-authentication process. For this purpose, we define a new Application
-				Identifier for ERP, and re-use the Diameter EAP commands (DER/DEA).
-				<vspace blankLines="1"/>
-				This document also discusses the distribution of the root key
-				during bootstrapping, in conjunction with either the initial EAP authentication
-				(implicit bootstrapping) or the first ERP exchange (explicit
-				bootstrapping). Security considerations for this key distribution are
-				detailed in <xref target="RFC5295">RFC 5295</xref>.
-			</t>
-		</section>
-
-		<section title="Terminology">
-			<t>
-				This document uses terminology defined in <xref target="RFC3748">RFC 3748</xref>, 
-				<xref target="RFC5295">RFC 5295</xref>, 
-				<xref target="RFC5296">RFC 5296</xref>, 
-				and <xref target="RFC4072">RFC 4072</xref>.
-				<vspace blankLines="1"/>
-				"Root key" (RK) or "bootstrapping material" refer to the rRK or rDSRK
-				derived from an EMSK, depending on the location of the ER server in home
-				or foreign domain.
-				<vspace blankLines="1"/>
-				We use the notation "ERP/DER" in this document to refer to a
-				Diameter-EAP-Request command with its Application Id set to Diameter ERP
-				application. Similarly, we use the "ERP/DEA", "EAP/DER", and
-				"EAP/DEA".
-			</t>
-			<section title="Requirements Language">
-				<t>
-					The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
-					"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
-					document are to be interpreted as described in <xref target="RFC2119"></xref>.
-				</t>
-			</section>
-		</section>
-
-		<section title="Assumptions">
-			<t>
-				This document assumes the existence of at most one logical ER server entity in a domain. If
-				several physical servers are deployed for robustness, a replication
-				mechanism must be deployed to synchronize the ERP states 
-				(root keys<cref>FFS: authorization attributes</cref>) between these servers. This
-				replication mechanism is out of the scope of this document. If multiple
-				ER servers are deployed in the domain, we assume that they can be used
-				interchangeably.
-			</t>
-		</section>
-
-		<section anchor="Overview" title="Protocol Overview">
-			<t>
-				The following figure shows the components involved in ERP, and their
-				interactions.
-				
-<figure align="center" anchor="Fig-Overview" title="Diameter ERP Overview"><artwork><![CDATA[
-                        Diameter                    +--------+
-        +-------------+   ERP   +-----------+  (*)  |  Home  |
-Peer <->|Authenticator|<=======>| ER server | <---> |  EAP   |
-        +-------------+         +-----------+       | server |
-                                                    +--------+
-(*) Diameter EAP application, explicit bootstrapping scenario only.
-]]></artwork></figure>
-
-				The ER server is located either in the home domain (same as EAP
-				server) or in the visited domain (same as authenticator, when it differs
-				from the home domain). 
-				<list style="hanging">
-					<t hangText="QUESTION:">
-						<vspace blankLines="0"/>
-						Can the ER server be located in a third domain (ex: broker's) according to ERP mechanism?
-					</t>
-				</list>				
-				<vspace blankLines="1"/>
-				When the peer initiates an ERP exchange, the authenticator creates a
-				Diameter-EAP-Request message, as described in Diameter EAP application
-				<xref target="RFC4072"></xref>. The Application Id of the message is set
-				to that of the Diameter ERP application (code: TBD) in the
-				message. 
-				The generation of the ERP/DER message is
-				detailed in section <xref target="Re-authentication"></xref>.
-				<vspace blankLines="1"/>
-				If there is an ER server in the same domain as the authenticator
-				(local domain), Diameter routing MUST 
-				<list style="hanging">
-					<t hangText="QUESTION:">
-						<vspace blankLines="0"/>
-						Should this say "SHOULD: instead of "MUST"?
-					</t>
-				</list>
-				be
-				configured so that this ERP/DER message reachs this server, even if the
-				Destination-Realm is not the local domain.
-				<vspace blankLines="1"/>			
-				If there is no local ER server, the message is routed according to
-				its Destination-Realm AVP content, extracted from the realm component of
-				the keyName-NAI attribute. As specified in 
-				<xref target="RFC5296">RFC 5296</xref>, this realm is the home domain of the peer in
-				case of a bootstrapping exchange (the 'B' flag is set in the ERP message) or the
-				domain of the bootstrapped ER server otherwise.  
-				<list style="hanging">
-					<t hangText="NOTE:">
-						<vspace blankLines="0"/>					
-						This actually might allow the ER server to be in a third party realm.
-					</t>
-				</list>
-				<vspace blankLines="1"/>
-				If no ER server is available in the home domain either, the ERP/DER
-				message cannot be delivered, and an error DIAMETER_UNABLE_TO_DELIVER is
-				generated <xref target="RFC3588"/> and returned to
-				the authenticator. The authenticator may cache this information (with
-				limited duration) to avoid further attempts for ERP with this realm. It
-				may also fallback to full EAP authentication to authenticate the
-				peer.
-				<vspace blankLines="1"/>
-				When an ER server receives the ERP/DER message, it searches its local
-				database for a root key 
-				<list style="hanging">
-					<t hangText="FFS:">
-						<vspace blankLines="0"/>
-						and authorization state?
-					</t>
-				</list>
-				matching
-				the keyName part of the User-Name AVP. If such key is found, the ER
-				server processes the ERP message as described in 
-				<xref target="RFC5296">RFC 5296</xref> then creates the ERP/DEA answer as described in
-				<xref target="Re-authentication"></xref>. The rMSK is included in this
-				answer.
-				<vspace blankLines="1"/>
-				Finally, the authenticator extracts the rMSK from the ERP/DEA as
-				described in <xref target="RFC5296">RFC 5296</xref>, and forwards the content of
-				the EAP-Payload AVP, the EAP-Finish/Re-Auth message, to the peer.
-				<vspace blankLines="1"/>
-				If the EAP-Initiate/Re-Auth message has its 'B' flag set
-				(Bootstrapping exchange), the ER server should not possess the root key
-				in its local database 
-				<list style="hanging">
-					<t hangText="COMMENT:">
-						<vspace blankLines="0"/>
-						This may not be true in future RFC5296bis?
-					</t>
-				</list>
-				In this case, the ER server acts as a proxy, and forwards the
-				message to the home EAP server after changing its Application Id to
-				Diameter EAP and adding an AVP to request the root key. See section
-				<xref target="Bootstrapping"></xref> for more detail on this
-				process.
-			</t>
-		</section>
-
-		<section anchor="Bootstrapping" title="Bootstrapping the ER Server">
-			<t>
-				The bootstrapping process involves the home EAP server and the ER
-				server, but also impacts the peer and the authenticator. In ERP, the
-				peer must derive the same keying material as the ER server. To achieve
-				this, it must learn the domain name of the ER server. How this
-				information is acquired is outside the scope of this specification, but
-				it may involves that the authenticator is configured to advertize this
-				domain name, especially in the case of re-authentication after a
-				handover.
-				<vspace blankLines="1"/>
-				The bootstrapping of an ER server with a given root key happens
-				either during the initial EAP authentication of the peer when the EMSK
-				-- from which the root key is derived -- is created, during the first
-				re-authentication, or sometime between those events. We only consider
-				the first two possibilities in this specification, in the following
-				subsections.
-			</t>
-			<section title="Bootstrapping During the Initial EAP authentication">
-				<t>
-					Bootstrapping the ER server during the initial EAP authentication
-					(also known as implicit bootstrapping) offers the advantage that the
-					server is immediatly available for re-authentication of the peer, thus
-					minimizing re-authentication delay. On the other hand, it is
-					possible that only a small number of peers will use re-authentication
-					in the visited domain. Deriving and caching key material for all the
-					peers (for example, for the peers that do not support ERP) is a waste
-					of resources and SHOULD be avoided.
-					<vspace blankLines="1"/>
-					To achieve implicit bootstrapping, the ER server must act as a
-					Diameter EAP Proxy as defined in the Diameter Base Protocol <xref
-					target="RFC3588"></xref>, and routing must be configured so that
-					Diameter messages of a full EAP authentication are routed through this
-					proxy. The figure bellow illustrates this mechanism.
-<figure align="center" anchor="Implict" title="ERP Bootstrapping During Full EAP Authentication"><artwork><![CDATA[
-                         ER server &
-Authenticator             EAP Proxy               Home EAP server
-=============            ===========              ===============
-     ------------------------->
-         Diameter EAP/DER
-          (EAP-Response)
-                               ------------------------->
-                                  Diameter EAP/DER
-                                   (EAP-Response)
-                                  (ERP-RK-Request)
-
-     <==================================================>
-        Multi-round Diameter EAP exchanges, unmodified
-
-                               <-------------------------
-                                   Diameter EAP/DEA
-                                    (EAP-Success)
-                                        (MSK)
-                                   (Key AVP (rRK))
-     <-------------------------
-         Diameter EAP/DEA
-           (EAP-Success)
-               (MSK)
-            [ERP-Realm]
-]]></artwork></figure>
-					The ER server proxies the first DER of the full EAP authentication
-					and adds the ERP-RK-Request AVP inside, if this AVP is not already in
-					the message (which might happen if there are ER servers in the visited
-					and the home domains), then forwards the request.
-					<vspace blankLines="1"/>
-					If the EAP server does not support the ERP extensions, it will simply
-					ignore this grouped AVP and continue as specified in <xref
-					target="RFC4072">RFC 4072</xref>. If the server supports the ERP extensions,
-					it caches the ERP-Realm value with the session data, and continues the EAP
-					authentication. When the authentication is complete, if it is
-					successful and the EAP method generated an EMSK, the server MUST
-					derive the rRK as
-					specified in <xref target="RFC5296">RFC 5296</xref>, and include an instance of the Key
-					AVP <xref target="KAVP"/>
-					in the Diameter-EAP-Answer message.
-					<vspace blankLines="1"/>
-					When the ER server proxies a Diameter-EAP-Answer message with a
-					Session-Id corresponding to a message to which it added an
-					ERP-RK-Answer, and the Result-Code is DIAMETER_SUCCESS, it MUST
-					examine the message, extract and remove any Key AVP 
-					<xref target="KAVP"/>
-					from the
-					message, and save its content. If the message does not contain an
-					ERP-RK-Answer AVP, the ER server MAY cache this information to avoid
-					possible subsequent re-authentication attempts for this session. In
-					any case, the information stored SHOULD NOT have a lifetime greater
-					than the EMSK lifetime 
-					<list style="hanging">
-						<t hangText="QUESTION:">
-							<vspace blankLines="0"/>
-							How does the ER server knows the EMSK
-							lifetime, if there is no ERP-RK-Answer? What is the lifetime of the
-							MSK for example?
-						</t>
-					</list>
-					<vspace blankLines="1"/>
-					If the ER server is successfully bootstrapped, it MAY also add the
-					ERP-Realm AVP after removing the ERP-RK-Answer AVP in the EAP/DEA
-					message. This could be used by the authenticator to notify the peer
-					that ERP is bootstrapped, with the ER domain information. How this
-					information can be transmitted to the peer is outside the scope of
-					this document. 
-					<list style="hanging">
-						<t hangText="QUESTION:">
-							<vspace blankLines="0"/>
-							Is this possible? It might be useful...
-						</t>
-					</list>
-				</t>
-			</section>
-
-			<section title="Bootstrapping During the First Re-authentication">
-				<t>
-					Bootstrapping the ER server during the first re-authentication
-					(also known as explicit bootstrapping) offers several advantages: it
-					saves resources, since we generate and cache only root keys that we
-					actually need, and it can accomodate inter-domain handovers or ER
-					servers that lose their state (for example after reboot).
-					<list style="hanging">
-						<t hangText="COMMENT:">
-							<vspace blankLines="0"/>
-							This	last point might not be true currently, since the peer would not issue
-							a bootstrapping exchange... But this might change also with RFC5296bis
-							AFAIU						
-						</t>
-					</list>
-					On the other hand, the first re-authentication with the
-					ER server requires a one-round-trip exchange with the home EAP server,
-					which adds some delay to the process (but it is more efficient than a
-					full EAP authentication in any case). It also requires some
-					synchronization between the peer and the visited domain: since the ERP
-					message used is different
-					<list style="hanging">
-						<t hangText="QUESTION:">
-							<vspace blankLines="0"/>						
-							and the root key used also?	
-						</t>
-					</list>
-					for the
-					explicit bootstrapping exchange than for normal re-authentication;
-					explicit bootstrapping should not be used if implicit bootstrapping
-					was already performed.
-					<list style="hanging">
-						<t hangText="QUESTION:">
-							<vspace blankLines="0"/>
-							What should we do if the ER server receives an explicit
-							bootstrapping request but already possess the rDSRK? Can it answer
-							without going to the home server? That would be simpler -- planned in
-							rfc5296bis ?						
-						</t>
-					</list>
-					<vspace blankLines="1"/>
-					The ER server receives the ERP/DER message containing the
-					EAP-Initiate/Re-Auth message with the 'B' flag set. It proxies this
-					message, and performs the following processing in addition to standard proxy
-					operations:
-					<list>
-						<t>
-							Changes the Application Id in the header of the message to
-							Diameter EAP Application (code 5).
-					   </t>
-						<t>
-							Change the content of Application-Auth-Id accordingly. 
-							<list style="hanging">
-								<t hangText="QUESTION:">
-									<vspace blankLines="0"/>
-									Is t better to leave it unmodified?</t>
-							</list>
-						</t>
-						<t>
-							Add the ERP-RK-Request AVP, which contains the name of the
-							domain where the ER server is located.
-						</t>
-						<t>
-							<list style="hanging">
-								<t hangText="QUESTION:">
-									<vspace blankLines="0"/>
-									Add the Destination-Host to reach the appropriate EAP
-									server, the one with the EMSK. How does the ER server know this
-									information?
-								</t>
-							</list>
-						</t>
-					</list>
-					Then the server forwards the EAP/DER request, which is routed
-					to the home EAP server.
-					<vspace blankLines="1"/>
-					If the home EAP server does not support the ERP extensions, it replies
-					with an error since the encapsulated EAP-Initiate/Re-auth command is
-					not understood. Otherwise, it processes the ERP request as described
-					in <xref target="RFC5296"></xref>. 
-					In particular, it includes the
-					Domain-Name TLV attribute with the content from the ERP-Realm AVP. It
-					creates the EAP/DEA reply message
-					<xref target="RFC4072"></xref>. including an instance of the Key AVP <xref target="KAVP"/>. 
-					<list style="hanging">
-						<t hangText="QUESTION:">
-							<vspace blankLines="0"/>
-							What about authorization AVPs?
-						</t>
-					</list>
-					<vspace blankLines="1"/>
-					The ER server receives this EAP/DEA and proxies it as follows, in
-					addition to standard proxy operations:
-					<list>
-						<t>
-							Set the Application Id back to Diameter ERP (code TBD)
-						</t>
-						<t>
-							Extract and cache the content of the Key AVP. 
-							<list style="hanging">
-								<t hangText="QUESTION:">
-									<vspace blankLines="0"/>
-									And authorization AVPs ?
-								</t> 
-							</list>
-						</t>
-					</list>
-					The DEA is then forwarded to the authenticator, that can use
-					the rMSK as described in <xref target="RFC5296">RFC 5296</xref>.
-					<vspace blankLines="1"/>
-					The figure below captures this proxy behavior:
-
-<figure align="center" anchor="FigExplicit" title="ERP Explicit Bootstrapping Message Flow"><artwork><![CDATA[
-Authenticator            ER server             Home EAP server
-=============            =========             ===============
-      ----------------------->
-          Diameter ERP/DER
-           (EAP-Initiate)
-                              ------------------------>
-                                    Diameter EAP/DER
-                                     (EAP-Initiate)
-                                    (ERP-RK-Request)
-
-                              <------------------------
-                                    Diameter EAP/DEA
-                                      (EAP-Finish)
-                                       (Key AVP)
-      <----------------------
-          Diameter ERP/DEA
-            (EAP-Finish)
-             (Key AVP)
-]]></artwork></figure>
-					</t>
-				</section>
-			</section>
-
-		<section anchor="Re-authentication" title="Re-Authentication">
-			<t>
-				This section describes in detail a re-authentication exchange with a
-				(bootstrapped) ER server. The following figure summarizes the
-				re-authentication exchange.
-<figure align="center" anchor="FigReauth" title="Diameter ERP Re-authentication Exchange"><artwork><![CDATA[
-                                                     ER server
-                                                   (bootstrapped)
- Peer                 Authenticator            (local or home domain)
- ====                 =============            ======================
- [ <------------------------         ]               
- [optional EAP-Initiate/Re-auth-start]               
-
-   ----------------------->
-     EAP-Initiate/Re-auth
-                           ===============================>
-                              Diameter ERP, cmd code DER
-                                User-Name: Keyname-NAI
-                           EAP-Payload: EAP-Initiate/Re-auth
- 
-                           <===============================
-                              Diameter ERP, cmd code DEA
-                            EAP-Payload: EAP-Finish/Re-auth
-                                     Key AVP: rMSK
-    <----------------------
-      EAP-Finish/Re-auth
-]]></artwork></figure>
-			
-				In ERP, the peer sends an EAP-Initiate/Re-auth message to the ER
-				server via the authenticator. Alternatively, the authenticator may send an
-				EAP-Initiate/Re-auth-Start message to the peer to trigger the start of
-				ERP. 
-				In this case, the peer responds with an EAP-Initiate/Re-auth
-				message.
-				<vspace blankLines="1"/>
-				If the authenticator does not support ERP 
-				(pure <xref target="RFC4072"></xref> support), it discards the EAP packets with an
-				unknown ERP-specific code (EAP-Initiate). The peer may fallback to full
-				EAP authentication in this case.
-				<vspace blankLines="1"/>
-				When the authenticator receives an EAP-Initiate/Re-auth message from
-				the peer, it process as described in <xref target="RFC5296"></xref> with
-				regards to the EAP state machine. It creates a Diameter EAP Request
-				message following the general process of 
-				<xref target="RFC4072">DiameterEAP</xref>, with the following differences:
-				<list>
-					<t>
-						The Application Id in the header is set to Diameter ERP (code TBD).
-					</t>
-					<t>
-						The value in Auth-Application-Id AVP is also set to Diameter ERP
-						Application.
-					</t>
-					<t>
-						The keyName-NAI attribute from ERP message is used to create the
-						content of User-Name AVP and Destination-Realm AVP.
-					</t>
-					<t>
-						<list style="hanging">
-							<t hangText="FFS:">
-								<vspace blankLines="0"/>
-								 What about Session-ID AVP -- in case of re-auth at the
-								same place, and in case of handover?
-							</t>
-						</list>
-					</t>
-					<t>
-						The Auth-Request-Type AVP content is set to [Editor's note:
-						FFS].
-						<list style="hanging">
-							<t hangText="QUESTION:">
-								<vspace blankLines="0"/>
-								Do we really do authorization with Diameter ERP ? -- need
-								to pass the authorization attrs to the ER server in that case. Idea
-								FFS: we do authorization only for explicit bootstrapping
-								exchanges...
-							</t>
-						</list>
-					</t>
-					<t>
-						The EAP-Payload AVP contains the ERP message,
-						EAP-Initiate/Re-Auth.
-					</t>
-				</list>
-				Then this ERP/DER message is sent as described in <xref target="Overview"></xref>.
-				<vspace blankLines="1"/>
-				The ER server receives and processes this request as described in
-				<xref target="Overview"></xref>. It then creates an
-				ERP/DEA message following the general processing described in 
-				<xref target="RFC4072">RFC 4072</xref>, with the following differences:
-				<list>
-					<t>
-						The Application Id in the header is set to Diameter ERP (code
-						TBD).
-					</t>
-					<t>
-						The value of the Auth-Application-Id AVP is also set to Diameter ERP
-					Application.
-				</t>
-				<t>
-					The EAP-Payload AVP contains the ERP message,
-					EAP-Finish/Re-auth.
-				</t>
-				<t>
-					In case of successful authentication, an instance of the Key
-					AVP containing the Re-authentication Master Session Key (rMSK) derived
-					by ERP is included.
-					<list style="hanging">
-						<t hangText="QUESTION:">
-							<vspace blankLines="0"/>
-							What about all the authorization attributes? If we want to
-							include them, they have to be present on the ER server...
-						</t>
-					</list>
-				</t>
-			</list>
-			When the authenticator receives this ERP/DEA answer, it processes it
-			as described in <xref target="RFC4072">Diameter EAP</xref> 
-			and <xref target="RFC5296">RFC 5296</xref>: the content of EAP-Payload AVP content is
-			forwarded to the peer, and the contents of the Keying-Material AVP <xref target="I-D.ietf-dime-local-keytran"/>
-			is used as a shared secret for Secure Association Protocol.</t>
-		</section>
-
-		<section anchor="ApplicationId" title="Application Id">
-			<t>
-				We define a new Diameter application in this document, Diameter ERP
-				Application, with an Application Id value of TBD.
-				Diameter nodes conforming to this specification in the role of ER server
-				MUST advertise support by including an Auth-Application-Id AVP with a
-				value of Diameter ERP Application in the of the
-				Capabilities-Exchange-Request and Capabilities-Exchange-Answer commands
-				<xref target="RFC3588"></xref>.
-				<vspace blankLines="1"/>
-				The primary use of the Diameter ERP Application Id is to ensure
-				proper routing of the messages, and that the nodes that advertise the
-				support for this application do understand the new AVPs defined in
-				section <xref target="AVPs"></xref>, although these AVP have the 'M'
-				flag cleared.
-			</t>
-		</section>
-
-		<section anchor="AVPs" title="AVPs">
-			<t>
-				This section discusses the AVPs used by the Diameter ERP application.
-			</t>
-
-			<section title="ERP-RK-Request AVP">
-				<t>
-					The ERP-RK-Request AVP (AVP Code TBD) is of
-					type grouped AVP. This AVP is used by the ER server to indicate its
-					willingness to act as ER server for a particular session.
-					<vspace blankLines="1"/>
-					This AVP has the M and V bits cleared.
-<figure align="center" anchor="ERRABNF" title="ERP-RK-Request ABNF"><artwork><![CDATA[
-      ERP-RK-Request ::= < AVP Header: TBD >
-                         { ERP-Realm }
-                       * [ AVP ]
-]]></artwork></figure>
-				</t>
-			</section>
-
-			<section title="ERP-Realm AVP">
-				<t>
-					The ERP-Realm AVP (AVP Code TBD) is of type
-					DiameterIdentity. It contains the name of the realm in which the ER
-					server is located.
-					<list style="hanging">
-						<t hangText="FFS:">
-							<vspace blankLines="0"/>
-							We may re-use Origin-Realm here instead? On the other
-							hand, ERP-Realm may be useful if the ER server is in a third-party
-							realm, if this is possible.
-						</t>
-					</list>
-					<vspace blankLines="1"/>
-					This AVP has the M and V bits cleared.
-				</t>
-			</section>
-
-			<section anchor="KAVP" title="Key AVP">
-				<t>
-					The Key AVP <xref target="I-D.ietf-dime-local-keytran"/> is of type "Grouped" and is used to carry the rMSK
-					and associated attributes.  The usage of the Key AVP and its constituent AVPs in this application is specified in the following sub-sections.
-				</t>
-				<section title="Key-Type AVP">
-					<t>
-						The value of the Key-Type AVP MUST be set to 3 for rRK.
-					</t>
-				</section>
-				<section title="Keying-Material AVP">
-					<t>
-						The Keying-Material AVP contains rRK sent by
-						the home EAP server to the ER server, in answer to a request containing
-						an ERP-RK-Request AVP. How this material is derived and used is
-						specified in <xref target="RFC5296">RFC 5296</xref>.
-					</t>
-				</section>
-				<section title="Key-Name AVP">
-					<t>
-						This AVP contains the EMSKname which identifies the
-						keying material. 
-						The derivation of this name is specified in <xref target="RFC5296">RGC 5296</xref>.
-					</t>
-				</section>
-				<section title="Key-Lifetime AVP">
-					<t>
-						The Key-Lifetime AVP contains the lifetime of the keying material in
-						seconds. It MUST NOT be greater than the remaining lifetime of the
-						EMSK from which the material was derived.
-					</t>
-				</section>
-			</section>
-		</section>
-
-		<section anchor="Issues" title="Open issues">
-			<t>
-				This document does not address some known issues in Diameter ERP
-				mechanism. The authors would like to hear ideas about how to address
-				them.
-				<vspace blankLines="1"/>
-				The main issue is the use of ERP for authentication after a handover
-				of the peer to a new authenticator (or different authenticator port).
-				Diameter ERP is not meant to be a mobility protocol. A number of issues
-				appear when we try to do handover in Diameter ERP (alone): how to manage
-				the Session-Id AVP; how does the ER server provide the Authorization
-				AVPs; how does the peer learn the ERP domain of the new authenticator;
-				how does the home server reachs the peer to for example terminate the
-				session; and so on... Therefore, the management of the session for a
-				mobile peer is not (yet) addressed in this document. It must be studied
-				how Diameter ERP can be for example used in conjunction with a mobility
-				application (Diameter MIP4, Diameter MIP6) to support the optimized
-				re-authentication in such situation.
-				<vspace blankLines="1"/>
-				Another issue concerns the case where the home realm contains several
-				EAP servers. In multi rounds full EAP authentication, the
-				 Destination-Host AVP provides the solution to reach the same server
-				across the exchanges. Only this server possess the EMSK for the session.
-				In case of explicit bootstrapping, the ER server must therefore be able
-				to reach the correct server to request the DSRK. A solution might
-				consist in saving the Origin-Host AVP of all successful EAP/DEA in the
-				ER server, which is a bit similar to the implicit bootstrapping scenario
-				described here -- only we save the server name instead of the root key,
-				and we must then be able to match the DSRK with the user name.
-				<vspace blankLines="1"/>
-				Finally, this document currently lacks a description of what happens
-				when a Re-Auth-Request is received for a peer on the authenticator.
-			</t>
-		</section>
-
-		<section anchor="Acknowledgements" title="Acknowledgements">
-			<t>
-				Hannes Tschofenig wrote the initial draft for this document and
-				provided useful reviews.
-				<vspace blankLines="1"/>		 
-				Vidya Narayanan reviewed a rough draft version of the document and
-				found some errors.
-				<vspace blankLines="1"/>
-				Lakshminath Dondeti contributed to the early versions of the
-				document.
-				<vspace blankLines="1"/>
-				Many thanks to these people!
-			</t>
-		</section>
-
-		<section anchor="IANA" title="IANA Considerations">
-			<t>
-				This document requires IANA registration of the following new
-				elements in the <eref target="http://www.iana.org/assignments/aaa-parameters/">Authentication,
-				Authorization, and Accounting (AAA) Parameters</eref> registries.
-			</t>
-			<section title="Diameter Application Identifier">
-				<t>
-					This specification requires IANA to allocate a new value "Diameter
-					ERP" in the "Application IDs" registry 
-					<xref target="RFC3588">using the policy specified in Section 11.3 of RFC 3588</xref>.
-				</t>
-			</section>
-
-			<section title="New AVPs">
-				<t>
-					This specification requires IANA to allocate new values from the
-					"AVP Codes" registry
-					<xref target="RFC3588">according to the policy specified in Section 11.1 of RFC 3588</xref>
-					for the
-					following AVPs:
-					<list>
-						<t>ERP-RK-Request</t>
-						<t>ERP-Realm</t>
-					</list>These AVPs are defined in section <xref target="AVPs"></xref>.
-				</t>
-			</section>
-		</section>
-
-		<section anchor="Security" title="Security Considerations">
-			<t>
-				The security considerations from the following documents also apply here: 
-				<list style="symbols">
-					<t><xref target="RFC3588">RFC 3588</xref></t>
-					<t><xref target="RFC4072">RFC 4072</xref></t>
-					<t><xref target="RFC5247">RFC 5247</xref></t>
-					<t><xref target="RFC5295">RFC 5295</xref></t>
-					<t><xref target="RFC5296"></xref></t>
-				</list>
-				<list style="hanging">
-					<t hangText="FFS:">
-						<vspace blankLines="0"/>
-						Do we really respect these security considerations with
-						the mechanism we describe here? 
-						Is it safe to use ERP-RK-Request /
-						Answer AVPs? What is the worst case?
-					</t>
-				</list>
-				EAP channel bindings may be necessary to ensure that the Diameter
-				client and the server are in sync regarding the key Requesting Entity's
-				Identity. Specifically, the Requesting Entity advertises its identity
-				through the EAP lower layer, and the user or the EAP peer communicates
-				that identity to the EAP server (and the EAP server communicates that
-				identity to the Diameter server) via the EAP method for user/peer to
-				server verification of the Requesting Entity's Identity.
-				<list style="hanging">
-					<t hangText="QUESTION:">
-						<vspace blankLines="0"/>
-						What does this paragraph actually mean?
-					</t>
-				</list>
-			</t>
-		</section>
-	</middle>
-
-	<back>
-		<references title="Normative References">
-			&RFC2119;
-			&RFC3588;
-			&RFC4072;
-			&RFC5295;
-			&RFC5296;
-			&I-D.ietf-dime-local-keytran;
-			&RFC3748;
-		</references>
-
-		<references title="Informative References">
-			&RFC5247;
-		</references>
-	</back>
-</rfc>
diff -r 6ac9daa8c775 -r 9d8dd59747f4 draft-sdecugis-dime-diameter-erp.xml
--- a/draft-sdecugis-dime-diameter-erp.xml	Mon Oct 25 17:07:09 2010 +0900
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,796 +0,0 @@
-<?xml version="1.0" encoding="US-ASCII"?>
-<!DOCTYPE rfc SYSTEM "rfc2629.dtd" [
-<!ENTITY RFC2119 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.2119.xml">
-<!ENTITY RFC3748 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.3748.xml">
-<!ENTITY RFC3588 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.3588.xml">
-<!ENTITY RFC4072 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.4072.xml">
-<!ENTITY RFC4187 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.4187.xml">
-<!ENTITY RFC5247 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.5247.xml">
-<!ENTITY RFC5295 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.5295.xml">
-<!ENTITY RFC5296 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.5296.xml">
-<!ENTITY I-D.ietf-hokey-key-mgm SYSTEM "http://xml.resource.org/public/rfc/bibxml3/reference.I-D.draft-ietf-hokey-key-mgm-06.xml">
-<!ENTITY I-D.ietf-dime-app-design-guide SYSTEM "http://xml.resource.org/public/rfc/bibxml3/reference.I-D.draft-ietf-dime-app-design-guide-08.xml">
-<!ENTITY I-D.gaonkar-radext-erp-attrs SYSTEM "http://xml.resource.org/public/rfc/bibxml3/reference.I-D.draft-gaonkar-radext-erp-attrs-03.xml">
-<!ENTITY I-D.ietf-dime-erp SYSTEM "http://xml.resource.org/public/rfc/bibxml3/reference.I-D.draft-ietf-dime-erp-00.xml">
-<!ENTITY I-D.wu-dime-local-keytran SYSTEM "http://xml.resource.org/public/rfc/bibxml3/reference.I-D.draft-wu-dime-local-keytran-00.xml">
-<!ENTITY nbsp "&#160;">
-]>
-<?xml-stylesheet type='text/xsl' href='rfc2629.xslt' ?>
-<?rfc strict="yes"?>
-<?rfc comments="yes"?>
-<?rfc inline="yes"?>
-<?rfc editing="no"?>
-<?rfc toc="yes"?>
-<?rfc tocompact="yes"?>
-<?rfc tocdepth="3"?>
-<?rfc symrefs="yes"?>
-<?rfc sortrefs="yes"?>
-<?rfc compact="yes"?>
-<?rfc subcompact="no"?>
-<?rfc rfcedstyle="yes"?>
-<?rfc rfcprocack="no"?>
-<?rfc tocindent="yes"?>
-<rfc category="std" docName="draft-sdecugis-dime-diameter-erp-01"
-     ipr="trust200902">
-  <front>
-    <title abbrev="Diameter ERP support">Diameter support for EAP
-    Re-authentication Protocol (ERP)</title>
-
-    <author fullname="Sebastien Decugis" initials="S." role="editor"
-            surname="Decugis">
-      <organization abbrev="NICT">NICT</organization>
-
-      <address>
-        <postal>
-          <street>4-2-1 Nukui-Kitamachi</street>
-
-          <city>Koganei, Tokyo</city>
-
-          <code>184-8795</code>
-
-          <country>JP</country>
-        </postal>
-
-        <email>sdecugis@nict.go.jp</email>
-      </address>
-    </author>
-
-    <date year="2009" />
-
-    <area>Operations &amp; Management</area>
-
-    <workgroup>Diameter Maintenance and Extensions (DIME)</workgroup>
-
-    <keyword>Internet-Draft</keyword>
-
-    <keyword>ERP</keyword>
-
-    <keyword>Diameter</keyword>
-
-    <keyword>Re-authentication</keyword>
-
-    <abstract>
-      <t>The EAP Re-authentication Protocol (ERP) provides a mechanism to
-      optimize EAP authentication delay in the case of re-authentication,
-      which can be significant in roaming mobile situation. This mechanism
-      assumes that a protocol for Authentication, Authorization and Accounting
-      (AAA) is available to transport ERP between the authenticator(s) and the
-      EAP/ERP server. draft-gaonkar-radext-erp-attrs-03 specifies the
-      transport of ERP using RADIUS. This document specifies the transport of
-      ERP using Diameter.</t>
-    </abstract>
-  </front>
-
-  <middle>
-    <section anchor="Introduction" title="Introduction">
-      <t><xref target="RFC5296"></xref> defines the EAP Re-authentication
-      Protocol (ERP) and mechanism that consists in the two following
-      steps:<list style="numbers">
-          <t>Bootstrapping: creation of a root key for re-authentication,
-          after initial EAP authentication of the peer. This root key is
-          distributed from the EAP server to the ER server. How this key is
-          tranported is not specified in the ERP mechanism.</t>
-
-          <t>Re-authentication: one-round-trip exchange between the peer and
-          the ER server, functionally equivalent to a full EAP
-          authentication.</t>
-        </list></t>
-
-      <t>This document specifies how Diameter is used to carry the
-      re-authentication exchange (second step). For this purpose, we define a
-      new Application Id for ERP, and re-use the Diameter EAP commands
-      (DER/DEA).</t>
-
-      <t>We also discuss the key distribution (first step, bootstrapping) and
-      propose some solutions for different architectures. Anyway, implementors
-      are free to choose a different mechanism for key distribution, as for
-      example using RADIUS <xref target="I-D.ietf-hokey-key-mgm"></xref>.
-      Security considerations for key distribution are explained in <xref
-      target="RFC5295"></xref>.</t>
-
-      <section title="Differences with other documents">
-        <t>This document differs from <xref target="I-D.ietf-dime-erp"></xref>
-        in its design and scope. In this new version, we use a new Diameter
-        application id for messages with ERP payload exchanged between
-        authenticator and ER server. This simplifies the routing of Diameter
-        messages to the appropriate server, and allows more flexibility in the
-        deployment of ERP.</t>
-
-        <t>The scope of previous documents (<xref
-        target="I-D.ietf-dime-erp"></xref> and <xref
-        target="I-D.wu-dime-local-keytran"></xref>) was focused on the
-        bootstrapping of the mechanism. In particular, these documents did not
-        consider the routing of Diameter message for re-authentication
-        exchanges (ERP exchange, and also <xref target="RFC4187"></xref> for
-        the second document). By re-using the Diameter EAP application, they
-        create implicit constraints on routing of messages that cannot be met
-        by standard Diameter routing algorithm, as defined in the <xref
-        target="RFC3588">Diameter Base Protocol</xref>.</t>
-
-        <t>A separate Diameter application solves this routing issue, and can
-        also allow the authenticator to dynamically discover if the local
-        domain supports re-authentication or not.</t>
-      </section>
-    </section>
-
-    <section title="Terminology">
-      <t>We re-use in this document the terminology from <xref
-      target="RFC5296"></xref>. In particular, unless specified otherwise, the
-      EAP server has implicit support for ERP extensions for generation of ERP
-      keying material and its transmission to ER server. These terms
-      "authenticator", "ER server", "EAP server" designate logical functional
-      entities and make no assumption on the real implementation and
-      deployment.</t>
-
-      <t>"Root key" (RK) or "bootstrapping material" refer to the rRK or rDSRK
-      derived from an EMSK, depending on the location of the ER server in home
-      or foreign domain.</t>
-
-      <t>We re-use also some terminology and abbreviations from <xref
-      target="RFC4072"></xref>, for example DER/DEA.</t>
-
-      <section title="Requirements Language">
-        <t>The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
-        "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
-        document are to be interpreted as described in <xref
-        target="RFC2119"></xref>.</t>
-      </section>
-    </section>
-
-    <section anchor="Overview" title="Overview">
-      <t>During the lifetime of an EMSK (derived during a full EAP
-      authentication by compatible EAP methods), a peer may attach to several
-      authenticators. In this case, re-authentication is more efficient than
-      full authentication, especially in the case of roaming. ERP provides a
-      mechanism for re-authentication independent of the link layer, so it can
-      be used in case of multihoming or handovers between different access
-      technologies. The following figure shows the components involved in ERP,
-      and their interactions. When the peer attaches to a new authenticator,
-      the ER server involved in the transaction may change, for example in the
-      case of inter-domain roaming. The home EAP server is assumed to be
-      constant for a given peer.</t>
-
-      <figure title="Figure 1. Diameter applications used in the ERP mechanism.">
-        <artwork><![CDATA[
-                        Diameter                    +--------+
-        +-------------+   ERP   +-----------+  (*)  |  Home  |
-Peer <->|Authenticator|<=======>| ER server | <---> |  EAP   |
-        +-------------+         +-----------+       | server |
-                                                    +--------+
-    (*) Several protocols can be used between ER server and 
-       home EAP server to transport bootstrapping material.
-]]></artwork>
-      </figure>
-
-      <t>The ER server may be located in the home domain (same as EAP server)
-      or the visited domain (same as authenticator, when it differs from the
-      home domain). <cref anchor="Editor1">Can the ER server be located in a
-      third domain (ex: broker's)?</cref></t>
-
-      <t>The bootstrapping of the ER server has to occur sometime between the
-      initial EAP authentication and the first ERP re-authentication with this
-      ER server. See section <xref target="Bootstrapping"></xref> for detail
-      on this process. Then, the peer re-authenticates, for example after a
-      movement that makes it attach to a new authenticator. The following
-      figure describes this re-authentication, and shows how Diameter is used
-      in this context. See section <xref target="Re-authentication"></xref>
-      for a detailed description, and following sections for details on the
-      Diameter messages format.</t>
-
-      <figure title="Figure 2. Diameter ERP exchange. ">
-        <artwork><![CDATA[
-                                                        ER server
-                                                      (bootstrapped)
- Peer                 Authenticator               (local or home domain)
- ====                 =============               ======================
- [ <------------------------         ]               
- [optional EAP-Initiate/Re-auth-start]               
-
-   ----------------------->
-     EAP-Initiate/Re-auth
-                           ==================================>
-                                Diameter ERP, cmd code DER
-                                  User-Name: Keyname-NAI
-                              EAP-Payload: EAP-Initiate/Re-auth
- 
-                           <==================================
-                                Diameter ERP, cmd code DEA
-                              EAP-Payload: EAP-Finish/Re-auth
-                               EAP-Master-Session-Key: rMSK
-    <----------------------
-      EAP-Finish/Re-auth
-]]></artwork>
-      </figure>
-    </section>
-
-    <section anchor="ApplicationId" title="Application Id">
-      <t>We define a Diameter ERP Application in this document, with an
-      Application Id value of <cref anchor="IANA1">TBD</cref>. Diameter nodes
-      conforming to this specification (in the role of ER server or
-      authenticator) MUST advertise support by including the Diameter ERP
-      Application ID value in the Auth-Application-Id AVP of the
-      Capabilities-Exchange-Request and Capabilities-Exchange-Answer command
-      <xref target="RFC3588"></xref>.</t>
-
-      <t>The primary use of the Diameter ERP Application Id is to ensure
-      proper routing of the messages, and that the nodes that advertise the
-      support for this application do understand the new AVPs defined in the
-      next section (although these AVP have the 'M' flag cleared).</t>
-    </section>
-
-    <section anchor="AVPs" title="AVPs">
-      <t>This specification defines the following new AVPs.</t>
-
-      <section title="ERP-RK-Request AVP">
-        <t>The ERP-RK-Request AVP (AVP Code <cref anchor="IANA2">TBD</cref>)
-        is of type grouped AVP. It is used by the ER server to request root
-        key material used in ERP.</t>
-
-        <t>This AVP has the M and V bits cleared.</t>
-
-        <figure title="Figure 3. ERP-RK-Request ABNF">
-          <artwork><![CDATA[
-      ERP-RK-Request ::= < AVP Header: TBD >
-                         { ERP-Realm }
-                       * [ AVP ]
-]]></artwork>
-        </figure>
-      </section>
-
-      <section title="ERP-Realm AVP">
-        <t>The ERP-Realm AVP (AVP Code <cref anchor="IANA3">TBD</cref>) is of
-        type <cref anchor="Editor2">DiameterIdentity? OctetString?</cref>. It
-        contains the name of the realm in which the ER server is located.</t>
-
-        <t><cref anchor="Editor3">FFS: We may re-use Origin-Realm here
-        instead? On the other hand, ERP-Realm may be useful in CER/CEA with a
-        NAS...</cref></t>
-
-        <t>This AVP has the M and V bits cleared.</t>
-      </section>
-
-      <section title="ERP-RK-Answer AVP">
-        <t>The ERP-RK-Answer AVP (AVP Code <cref anchor="IANA4">TBD</cref>) is
-        of type grouped AVP. It is used by the home EAP server to provide ERP
-        root key material to the ER server.</t>
-
-        <t>This AVP has the M and V bits cleared.</t>
-
-        <figure title="Figure 4. ERP-RK-Answer ABNF">
-          <artwork><![CDATA[
-       ERP-RK-Answer ::= < AVP Header: TBD >
-                         { ERP-RK }
-                         { ERP-RK-Name }
-                         { ERP-RK-Lifetime }
-                       * [ AVP ]
-]]></artwork>
-        </figure>
-      </section>
-
-      <section title="ERP-RK AVP">
-        <t>The ERP-RK AVP (AVP Code <cref anchor="IANA5">TBD</cref>) is of
-        type OctetString. It contains the root key (either rRK or rDSRK) to be
-        used for ERP with the peer to which the current session belongs. How
-        this material is derived and used is specified in <xref
-        target="RFC5296"></xref>.</t>
-
-        <t><cref anchor="Editor4">Can we re-use EAP-Master-Session-Key
-        here?</cref></t>
-
-        <t>This AVP has the M and V bits cleared.</t>
-      </section>
-
-      <section title="ERP-RK-Name AVP">
-        <t>The ERP-RK AVP (AVP Code <cref anchor="IANA6">TBD</cref>) is of
-        type OctetString. This AVP contains the EMSKname which identifies the
-        keying material. How this name is derived is beyond the scope of this
-        document and defined in <xref target="RFC5296"></xref>.</t>
-
-        <t><cref anchor="Editor5">Can we re-use EAP-Key-Name here?</cref></t>
-
-        <t>This AVP has the M and V bits cleared.</t>
-      </section>
-
-      <section title="ERP-RK-Lifetime AVP">
-        <t>The ERP-RK-Lifetime AVP (AVP Code <cref anchor="IANA7">TBD</cref>)
-        is of type <cref anchor="Editor6">Unsigned64? 32?</cref> and contains
-        the root key material remaining lifetime in seconds. It MUST not be
-        greater than the remaining lifetime of the EMSK it is derived from.
-        <cref anchor="Editor7">FFS: is it better to pass an absolute value
-        here, for example expiration date? How to express it then (TZ, ...)?
-        Synchronization problems?</cref></t>
-
-        <t>This AVP has the M and V bits cleared.</t>
-      </section>
-    </section>
-
-    <section anchor="Commands" title="Commands">
-      <t>We do not define any new command in this specification. We reuse the
-      Diameter-EAP-Request and Diameter-EAP-Answer commands defined in <xref
-      target="RFC4072"></xref>.</t>
-
-      <t>The Application Id field in the command header <cref
-      anchor="Editor8">and the value in Auth-Application-Id AVP which is
-      redundant???</cref> can be set to Diameter EAP application or Diameter
-      ERP application, depending on the situation, as explained in the next
-      sections.</t>
-
-      <t>Since the original ABNF of these commands allow other optional AVPs
-      ("* [ AVP ]"), and the new AVPs defined in this specification do not
-      have the 'M' flag set, the ABNF does not need any change. Anyway, a
-      Diameter node that advertize support for the Diameter ERP application
-      MUST support the ERP-RK-Request and ERP-RK-Answer AVP <cref
-      anchor="Editor9">Therefore, in DER/DEA with Diameter ERP application ID,
-      do we set the 'M' flag to these AVPs?</cref>.</t>
-
-      <figure title="Figure 5. Command Codes">
-        <artwork><![CDATA[
-   Command-Name          Abbrev. Code Reference Application
-   ---------------------------------------------------------
-   Diameter-EAP-Request  DER     268  RFC 4072  Diameter ERP
-   Diameter-EAP-Answer   DEA     268  RFC 4072  Diameter ERP
-]]></artwork>
-      </figure>
-    </section>
-
-    <section anchor="Bootstrapping" title="Bootstrapping options">
-      <t>Bootstrapping involves the ER server and the EAP server directly, but
-      also indirectly the peer and the authenticator. For ERP to be
-      successful, the peer must derive the same keying material as the ER
-      server. To make this possible, it must learn the domain name of the ER
-      server. How this is achieved is outside the scope of this specification,
-      but it usually involves that the authenticator is configured to
-      advertize this domain name. This could be achieved for example by
-      including the ERP-Realm AVP in a CER/CEA exchange.</t>
-
-      <t>As stated in the <xref target="Overview"></xref>, the bootstrapping
-      of an ER server has to happen between the initial EAP authentication of
-      the peer, when the EMSK is created, and the moment the peer
-      re-authenticates with this ER server, when the bootstrapping material is
-      needed. While asynchrounous solutions are perfectly possible, it is
-      usually easier to bootstrap the ER server during one of these
-      events.</t>
-
-      <section title="Bootstrapping during initial EAP authentication">
-        <t>Bootstrapping an ER server during the initial EAP authentication
-        offers the advantage that the server is immediatly available for
-        re-authentication of the peer, thus minimizing the re-authentication
-        delay.</t>
-
-        <t>On the other hand, re-authentication may only concern a small
-        number of peers in the visited domain. Deriving and caching key
-        material for all the peers (for example, for the peers that do not
-        support ERP, or that are not mobile) is a waste of resources and
-        SHOULD be avoided. In addition, bootstrapping ERP during full EAP
-        authentication may prevent re-authentication in case of inter-domain
-        roaming. Hence, while this mecanism is useful in some situations, it
-        should be deployed with care.</t>
-
-        <t>In the case where ER server is collocated with the Home EAP server,
-        ER bootstrapping is transparent with regards to this specification,
-        although some sort of communication might be needed inside the node.
-        In this case, the server MUST advertise support of both the Diameter
-        EAP application and the Diameter ERP application, but the new AVPs
-        defined in this specification are not used.</t>
-
-        <t>When ER server and EAP server are different entities with regards
-        to Diameter, one or more Diameter EAP proxy(ies) is(are) needed in the
-        same domain as the ER server. While this(these) proxy(ies) might be
-        separate entity(ies) with secure communication channel with the ER
-        server, it is functionally equivalent to consider that the ER server
-        acts as a Diameter EAP proxy. In the rest of this section, we consider
-        that the ER server acts as a Diameter EAP proxy in its domain.</t>
-
-        <t>In order to bootstrap the ER server during full EAP authentication,
-        this server must be on the route, and act as a proxy, for the first
-        and last round of exchanges of the full EAP authentication, as
-        captured in the figure bellow.</t>
-
-        <figure title="Figure 6. ERP bootstrapping during full EAP authentication">
-          <artwork><![CDATA[
-                         ER server &
-Authenticator             EAP Proxy               Home EAP server
-=============            ===========              ===============
-     ------------------------->
-         Diameter EAP/DER
-          (EAP-Response)
-                               ------------------------->
-                                  Diameter EAP/DER
-                                   (EAP-Response)
-                                  (ERP-RK-Request)
-
-     <==================================================>
-        Multi-round Diameter EAP exchanges, unmodified
-
-                               <-------------------------
-                                   Diameter EAP/DEA
-                                    (EAP-Success)
-                                        (MSK)
-                                   (ERP-RK-Answer)
-     <-------------------------
-         Diameter EAP/DEA
-           (EAP-Success)
-               (MSK)
-            [ERP-Realm]
-]]></artwork>
-        </figure>
-
-        <t>The ER server proxies the first DER of the full EAP authentication
-        and adds the ERP-RK-Request AVP inside, if this AVP is not already in
-        the message, then forwards the request.</t>
-
-        <t>If the EAP server does not support ERP extensions, it will simply
-        ignore this grouped AVP and continue as specified in <xref
-        target="RFC4072"></xref>. If the server supports the ERP extensions,
-        it caches the ERP-Realm value with the session, and continues the EAP
-        authentication. When the authentication is complete, if it is
-        successful and the EAP method generated an EMSK, the server MUST
-        compute the rRK or rDSRK (depending on the value of ERP-Realm) as
-        specified in <xref target="RFC5296"></xref>, and add an ERP-RK-Answer
-        AVP in the Diameter-EAP-Request message, in addition to the MSK and
-        EAP-Success payload. <cref anchor="Editor10">FFS: is it important to
-        check that the server that added the ERP-RK-Request is in the path of
-        the answer? What's the worst that can happen?</cref></t>
-
-        <t>When the ER server proxies a Diameter-EAP-Answer message with a
-        Session-Id corresponding to a message to which it added an
-        ERP-RK-Answer, and the Result-Code is DIAMETER_SUCCESS, it MUST
-        examine the message and remove any ERP-RK-Answer AVP, and save its
-        content. If the message does not contain an ERP-RK-Answer AVP, the ER
-        server MAY save this information to avoid possible attempts later for
-        this session. In any case, the information stored SHOULD NOT have a
-        lifetime greater than the EMSK lifetime <cref anchor="Editor11">FFS:
-        how does the ER server knows the EMSK lifetime, if there is no
-        ERP-RK-Answer? What is the lifetime of the MSK for example?</cref></t>
-
-        <t>If the ER server is successfully bootstrapped, it MAY also add the
-        ERP-Realm AVP after removing the ERP-RK-Answer AVP in the
-        Diameter-EAP-Answer message. This could be used by the authenticator
-        to notify the peer that ERP is bootstrapped, with the ER domain
-        information. How this information can be transmitted to the peer is
-        outside the scope of this document. <cref anchor="Editor12">Is it
-        possible? It would be useful...</cref></t>
-      </section>
-
-      <section title="Bootstrapping during first re-authentication">
-        <t>Bootstrapping the ER server during the first re-authentication
-        offers several advantages: it saves resources, since we generate and
-        cache only useful keying material, it can also accomodate inter-domain
-        roaming or ER servers that loose their state (for example after
-        reboot).</t>
-
-        <t>On the other hand, the first re-authentication with the ER server
-        requires a one-round-trip with the home EAP server, which adds some
-        delay to the process (but it is more efficient than a full EAP
-        authentication in any case). Note that following re-authentications
-        for the same session with the same ER server will not have this
-        additional delay.</t>
-
-        <t><xref target="RFC5296"></xref> describes two types of bootstrapping
-        for ERP: implicit bootstrapping and explicit bootstrapping. In
-        implicit bootstrapping, the peer knows the domain it is located in,
-        and assumes that the ER server already possess the keying material for
-        the session. In this case, the peer uses a Keyname-NAI in the form
-        "EMSKname@localdomain". In explicit bootstrapping, the Keyname-NAI is
-        in the form "EMSKname@homedomain". As we will see in next section
-        <xref target="Re-authentication"></xref>, the domain part of the
-        Keyname-NAI becomes the Destination-Realm of the Diameter message, and
-        the Application Id is set to Diameter ERP application.</t>
-
-        <t>In the case of implicit bootstrapping (how the peer learns that the
-        ER server is bootstrapped is outside the scope of this specification)
-        or after a first succesful re-authentication in the visited domain,
-        the message is routed to the local ER server following normal Diameter
-        routing. If the ER server does not have key information corresponding
-        to this EMSKname, <cref anchor="Editor13">return an error to the peer?
-        proxy the request and send ERP-RK-Request to the home EAP server? How
-        do we learn which is the home domain?</cref>. See the next section
-        <xref target="Re-authentication"></xref> for detail.</t>
-
-        <t>In the case of explicit bootstrapping (the ERP message has its 'B'
-        flag set), if an ER server exists in the visited domain, it SHOULD be
-        configured for and act as a Diameter ERP proxy, and process the
-        messages as described below. If not, the ER server in the home domain
-        will be used, which is less efficient. The description that follow for
-        the ER server in the visited domain is also valid for the ER server in
-        the home domain.</t>
-
-        <t><cref anchor="Editor14">What should we do if the ER server receives
-        an explicit bootstrapping request but already possess the
-        rDSRK?</cref></t>
-
-        <t>The ER server proxies the request (DER with Diameter ERP
-        application code) as follow, in addition to standard proxy
-        operations:<list>
-            <t>Change the Application Id in the header of the message to
-            Diameter EAP Application (code 5). <cref anchor="Editor15">What
-            about the Application-Auth-Id AVP?</cref></t>
-
-            <t>Add the ERP-RK-Request AVP, which contains the name of the
-            domain the ER server is located in (with regards to ERP).</t>
-          </list>Then the request is forwarded as usual. With its Diameter EAP
-        application id and Destination-Realm set to the home domain of the
-        peer, the request reaches the home EAP server. If this server does not
-        support ERP extensions, it replies with an error since the
-        encapsulated EAP-Initiate/Re-auth command is not understood.
-        Otherwise, it processes the ERP request as described in <xref
-        target="RFC5296"></xref>. In particular, it includes the Domain-Name
-        TLV attribute with the content from the ERP-Realm AVP. It creates the
-        DEA reply message following standard processing from <xref
-        target="RFC4072"></xref> (in particular EAP-Master-Session-Key AVP is
-        used to transport the rMSK), and includes the ERP-RK-Answer AVP.</t>
-
-        <t>The ER server receives this DEA and proxies it as follow, in
-        addition to standard proxy operations:<list>
-            <t>Set the Application Id back to Diameter ERP (code <cref
-            anchor="IANA8">TBD</cref>)</t>
-
-            <t>Extract and cache the content of the ERP-RK-Answer.</t>
-          </list>The DEA is then forwarded to the authenticator, that can use
-        the rMSK as described in <xref target="RFC5296"></xref>.</t>
-
-        <t>The figure below captures this Diameter ERP Proxy behavior:</t>
-
-        <figure title="Figure 7. ERP explicit bootstrapping message flow">
-          <artwork><![CDATA[
-Authenticator            ER server             Home EAP server
-=============            =========             ===============
-      ----------------------->
-          Diameter ERP/DER
-           (EAP-Initiate)
-                              ------------------------>
-                                    Diameter EAP/DER
-                                     (EAP-Initiate)
-                                    (ERP-RK-Request)
-
-                              <------------------------
-                                    Diameter EAP/DEA
-                                      (EAP-Finish)
-                                     (ERP-RK-Answer)
-                                         (rMSK)
-      <----------------------
-          Diameter ERP/DEA
-            (EAP-Finish)
-               (rMSK)
-]]></artwork>
-        </figure>
-      </section>
-    </section>
-
-    <section anchor="Re-authentication" title="Re-Authentication">
-      <t>This section describes a re-authentication exchange with a
-      bootstrapped ER server. The peer is assumed to know the domain of the
-      bootstrapped ER server in advance. See previous section <xref
-      target="Bootstrapping"></xref> for more information.
-      EAP-Initiate/Re-auth-start with Domain-Name TLV is a possibility for the
-      peer to learn the domain of the ER server attached to the
-      authenticator.</t>
-
-      <t>The following figure describes the re-authentication exchange.</t>
-
-      <figure title="Figure 8. Diameter ERP exchange">
-        <artwork><![CDATA[
-                                                Bootstrapped ER server
-Peer                 Authenticator             (in local or home domain)
-====                 =============             =========================
-[ <------------------------         ]               
-[optional EAP-Initiate/Re-auth-start]               
-
-   ----------------------->
-    EAP-Initiate/Re-auth
-                           =================================>
-                               Diameter ERP, cmd code DER
-                                 User-Name: Keyname-NAI
-                            EAP-Payload: EAP-Initiate/Re-auth
- 
-                           <=================================
-                               Diameter ERP, cmd code DEA
-                             EAP-Payload: EAP-Finish/Re-auth
-                              EAP-Master-Session-Key: rMSK
-   <----------------------
-     EAP-Finish/Re-auth
-]]></artwork>
-      </figure>
-
-      <t>The authenticator that does not support ERP <xref
-      target="RFC4072"></xref> discards EAP packets with unknown ERP-specific
-      code (EAP-Initiate). The peer falls back to full EAP authentication in
-      that case.</t>
-
-      <t>When the ERP-compatible authenticator receives an
-      EAP-Initiate/Re-auth message from the peer (or after having sent a
-      EAP-Initiate/Re-auth-start packet), it process as described in <xref
-      target="RFC5296"></xref> with regards to the EAP state machine, and
-      similarly to <xref target="RFC4072">Diameter EAP</xref>, with regards to
-      Diameter, with the following differences:<list>
-          <t>The application id is set to Diameter ERP instead of Diameter
-          EAP.</t>
-
-          <t>The User-Name and Destination-Realm are derived from the
-          Keyname-NAI.</t>
-
-          <t><cref anchor="Editor16">How do we create / retrieve the
-          Session-Id?</cref></t>
-        </list></t>
-
-      <t>The ER server receives this request and process the ERP payload as
-      described in <xref target="RFC5296"></xref>. If re-authentication is
-      successful, it creates a DEA answer as described in Diameter EAP, with
-      the following differences:<list>
-          <t>The application id is set to Diameter ERP.</t>
-
-          <t>The EAP-Payload AVP contains the ERP message:
-          EAP-Finish/Re-auth</t>
-
-          <t>The EAP-Master-Session-Key AVP contains the rMSK</t>
-
-          <t>The Result-Code AVP contains DIAMETER_SUCCESS.</t>
-        </list>In case the re-authentication fails, the Result-Code AVP
-      contains an error code, and no EAP-Master-Session-Key AVP is
-      included.</t>
-
-      <t>When the authenticator receives this answer, it processes it as
-      described in Diameter EAP: forwards the EAP payload to the peer, and use
-      the rMSK as a shared secret in Secure Association Protocol.</t>
-    </section>
-
-    <section anchor="Sessions" title="Sessions">
-      <t>This section describes how sessions are handled in case of
-      re-authentication.</t>
-
-      <t><cref anchor="Editor17">The content of this section is to be written,
-      I am just listing the ideas here.</cref></t>
-
-      <t>See guidelines in <xref
-      target="I-D.ietf-dime-app-design-guide"></xref>.</t>
-
-      <t>During initial full EAP authentication, the identity of the peer is
-      used to create the Session-Id AVP, which is then used during accounting.
-      When the peer attaches to a new authenticator and performs ERP, its
-      identity is not disclosed to the authenticator. Instead, the peer
-      presents the Keyname-NAI. This identifiers contains the EMSKName as user
-      part. The new authenticator will therefore derive the new Session-Id
-      from this EMSKName and use this for accounting purpose.</t>
-
-      <t>Although the home EAP server is able to link EMSKName with the peer's
-      identity, the other Diameter entities do not have this mapping. In
-      particular, the realm part of Keyname-NAI is the visited network. How
-      does the authenticator figures out that the account records must be sent
-      to the home domain of the peer?</t>
-
-      <t>It is possible to cache the necessary information at the ER server
-      level. Is it useful to specify this mechanism in this document? It would
-      involve:<list>
-          <t>An additional AVP during bootstrapping of ER server, in the
-          ERP-RK-Answer, to pass the real User-Name and Session-Id (only in
-          case of explicit bootstrapping)</t>
-
-          <t>An additional AVP in Diameter ERP/DEA (EAP-Finish/Re-Auth) to
-          pass the real Session-Id and User-Name and Destination-Realm of the
-          re-authenticated peer, for accounting messages.</t>
-        </list></t>
-    </section>
-
-    <section title="Contributors">
-      <t>Hannes Tschofenig, Lakshminath Dondeti, Julien Bournelle, and Lionel
-      Morand wrote the initial Diameter ERP draft document.</t>
-    </section>
-
-    <section anchor="Acknowledgements" title="Acknowledgements">
-      <t>Vidya Narayanan reviewed a rough draft version of the previous
-      document and found some errors.</t>
-
-      <t>Qin Wu and Glen Zorn actively participated in the discussions on the
-      design for Diameter ERP, providing the point of view and experience from
-      HOKEY workgroup.</t>
-
-      <t>Hannes Tschofenig provided useful advices for the writing of this
-      document.</t>
-
-      <t>Many thanks to these people!</t>
-    </section>
-
-    <section anchor="IANA" title="IANA Considerations">
-      <t>This document requires IANA registration of the following new
-      elements in the <eref
-      target="http://www.iana.org/assignments/aaa-parameters/">Authentication,
-      Authorization, and Accounting (AAA) Parameters</eref> registries.</t>
-
-      <section title="Diameter ERP application">
-        <t>This specification requires IANA to allocate a new value "Diameter
-        ERP" in the "Application IDs" registry created by in <xref
-        target="RFC3588"></xref>.</t>
-
-        <figure title="IANA consideration for Diameter ERP application">
-          <artwork><![CDATA[
-   Application Identifier             | Value
-   -----------------------------------+------
-   Diameter ERP                       | TBD
-]]></artwork>
-        </figure>
-      </section>
-
-      <section title="New AVPs">
-        <t>This specification requires IANA to allocate new values from the
-        "AVP Codes" registry defined in <xref target="RFC3588"></xref> for the
-        following AVPs:<list>
-            <t>ERP-RK-Request</t>
-
-            <t>ERP-Realm</t>
-
-            <t>ERP-RK-Answer</t>
-
-            <t>ERP-RK</t>
-
-            <t>ERP-RK-Name</t>
-
-            <t>ERP-RK-Lifetime</t>
-          </list>These AVPs are defined in section <xref
-        target="AVPs"></xref>.</t>
-      </section>
-    </section>
-
-    <section anchor="Security" title="Security Considerations">
-      <t>The security considerations from the following RFC apply here: <xref
-      target="RFC3588"></xref>, <xref target="RFC4072"></xref>, <xref
-      target="RFC5247"></xref>, <xref target="RFC5295"></xref>, and <xref
-      target="RFC5296"></xref>.</t>
-
-      <t><cref anchor="Editor18">FFS: Do we really respect these security
-      considerations with the mechanism we describe here? Is it safe to use
-      ERP-RK-Request / Answer AVPs? What is the worst case?</cref></t>
-    </section>
-  </middle>
-
-  <back>
-    <references title="Normative References">
-      &RFC2119;
-
-      &RFC3588;
-
-      &RFC4072;
-
-      &RFC5295;
-
-      &RFC5296;
-    </references>
-
-    <references title="Informative References">
-      &RFC3748;
-
-      &RFC4187;
-
-      &RFC5247;
-
-      &I-D.ietf-hokey-key-mgm;
-
-      &I-D.gaonkar-radext-erp-attrs;
-
-      &I-D.ietf-dime-erp;
-
-      &I-D.wu-dime-local-keytran;
-
-      &I-D.ietf-dime-app-design-guide;
-    </references>
-  </back>
-</rfc>
diff -r 6ac9daa8c775 -r 9d8dd59747f4 peer and authenticator.txt
--- a/peer and authenticator.txt	Mon Oct 25 17:07:09 2010 +0900
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,208 +0,0 @@
-Interoperability and deployment issues for Diameter ERP.
-Author: s.decugis
-
-I - Peer and authenticator considerations.
-
-This draft document considers all possible situations between the peer and the authenticator, 
-with regards to ERP and feature supported on each entity.
-It is based on my understanding of ERP mechanism, which is not complete, so if you see big mistakes 
-please let me know.
-In the first section, I detail the different situations that can occur for interoperability issues.
-In the second section, I explain the sequence of events that are expected to occur in the different
-combinations of situations.
-In the third section, I give my views on what needs to be changed in the design so that some of the
-problems detailed here will be avoided.
-A separate document will be written later for: II - The backend considerations (interactions between ERP and EAP)
-
-
-1. The variables.
-
-1.1. Peer.
-
-a. ERP support.
-
-The peer may or may not support the ERP feature.
-Support means being able to derive a rRK and rIK material from a EMSK, 
-or from a DSRK derived from the EMSK and local domain name.
-Support means also ability to send and receive ERP messages (new EAP codes).
-
-Notation: 
-A1 = The peer supports ERP feature. 
-A2 = The peer does not support these features.
-
-
-b. Availability of keying material.
-
-When the peer supports the ERP feature, it must also have available 
-keying material, i.e. valid EMSK, to use the feature.
-
-Notation:
-B1 = The peer has a valid EMSK from a previous EAP authentication.
-B2 = The peer doesn't have such material available.
-
-
-1.2. Authenticator.
-
-a. ERP support.
-
-An authenticator that does not support ERP feature is supposed to drop all
-ERP packets. The support of ERP feature means that the authenticator is able
-to extract the keyName-NAI from ERP message to help routing the Diameter message.
-
-In some cases, the authenticator may also understand ERP messages but have determined
-that no backend is available (configuration, capability exchange, other...) to perform
-ERP operations and therefore simply reply errors to ERP messages from the peer. The 
-benefit of this situation is that the peer does not have to retransmit and timeout the
-ERP messages. On a functional point of view, this is equivalent to the case where the
-peer does not support ERP.
-
-Notation:
-C1 = The authenticator supports ERP features.
-C2 = The authenticator does not support ERP features or always sends Failure error codes.
-
-
-b. Local domain name publication.
-
-With some lower layers, the local domain name can be advertized to the peer
-during discovery phase, while some other LL do not allow this.
-
-It is always possible to advertise the local domain name in the EAP-Initiate/Re-auth-Start
-packet as a TLV, but the peer may initiate EAP-Initiate/Re-auth exchange previously to receiving
-the packet. Both situation have the same effect (peer not knowing the local domain name).
-
-We must consider both situations.
-
-Notation:
-D1 = The authenticator advertises the local domain name through the LL or Re-Auth-Start ERP message
-D2 = The peer does not receive this name.
-
-
-
-2. Sequence of events.
-
-This section is an attempt to describe the sequence of events that will occur when
-a peer attaches to a new authenticator, in order to highlight the requirements and
-possible issues for the ERP backend.
-
-Reminder: the first step is the discovery phase. During this phase, the peer and authenticator 
-may exchange information such as: ERP support, local domain name, who will start the exchange, ...
-Then the EAP or ERP exchange occurs. It may take several echanges of messages. When
-terminated, either the (re)authentication fails, or keying material (r)MSK is available to both
-the peer and the authenticator. In the later case, a Security Association Protocol is initiated 
-and uses the keying material to establish a protected connection to the network for the peer.
-
-The following cases are considered in this section:
-         --- authenticator ---
-         |   C1    |    C2   |
-         | D1 | D2 |  D1/D2  |
- |---------------------------|
- | A1 B1 |  1 |  2 |         |
- p-----------------|    5    |
- e A1 B2 |    3    |         |
- e---------------------------|
- r   A2  |         4         |
- | B1/B2 |                   |
- |---------------------------- 
-
-
-2.1. A1, B1, C1, D1 - all conditions OK for ERP.
-
-The peer receives the domain name from the new authenticator, and has a valid EMSK available.
-It may also receive a EAP-Initiate/Re-auth-Start packet from the authenticator. If domain name
-was not received during discovery phase, the peer should wait for the EAP-Initiate/Re-auth-Start
-message to check if it contains the domain name.
-
-Thanks to the domain name received from the authenticator, the peer can determine 
-if it is attaching to its home domain or a foreign domain.
-
-The peer must determine whether to start a bootstrapping ERP exchange or a normal ERP exchange.
-
-In the case where the peer is in its home domain, bootstrapping or normal exchanges are equivalent.
-(which one should be started?)
-
-In the case where the peer is in a visited domain, a normal exchange will succeed only if the local
-ER server possesses the DSRK material corresponding to the EMSK for this session of this peer.
-This happens when:
-- a previous ERP bootstrapping exchange already occurred in this domain.
-- a full EAP authentication occurred in this domain, and implicit bootstrapping was used 
- (how does the peer know???)
-- Alternatively, is it possible for the local ER server to request material from home ER server 
-  if it does not have the required DSRK? 
-  
-If the peer determines that a bootstrapping exchange is started, it uses the rIK derived from the EMSK to 
-protect the ERP message, and the keyName-NAI is EMSKname@homedomain. The local ER server adds a
-ERP-DSRK-Request AVP while forwarding to the home ER server. The home ER server answers and adds the DSRK
-(for the local ER server), the DS-rMSK (for the authenticator) and the domain name in the ERP message for the peer.
-The peer uses this domain name to compute DSRK, DS-rRK and DS-rMSK.
-
-If one of the conditions listed previously is matched, the peer may start a normal ERP exchange. In that case,
-the keyName-NAI is EMSKname@localdomain. The message is protected by the DS-rIK. The local ER server receives this
-request and provides a DS-rMSK to the authenticator.
-
-
-2.2. A1, B1, C1, D2 - The peer does not receive the local domain name.
-
-In this case, the peer will start an exchange with its home server. It may (should?) include the 'B' flag
-(indicating bootstrapping exchange) to discover the local domain name if any.
-
-
-2.3. A1, B2, C1 - No valid EMSK available to the peer.
-
-In this case, a full EAP authentication is started. If the peer receives a EAP-Initiate/Re-auth-Start
-from the authenticator, it ignores it and waits for a Request/Identity (how to avoid this 
-delay ??? not clear in ERP document).
-
-In the case where local domain name is received (D1), the peer can assume that this local domain
-have a DSRK available for further re-authentication, making the assumption that ERP implicit bootstrapping was used.
-
-What if no local ER server is available? The authenticator must not advertise the local domain? 
-
-
-2.4. A2 - The peer does not support ERP.
-
-In that case, the peer drops EAP-Initiate/Re-auth-Start packet if any and always uses full EAP authentication.
-Initiating ERP implicit bootstrapping in that case is just a waste of computational power (and energy)
-on the ER local and home servers. 
-
-It is not important to know what features are supported by the authenticator in that case.
-
-FFS: how to avoid implicit bootstrapping in that case? (to be "green")
-
-
-2.5. A1, C2 - Authenticator (or backend) does not support ERP.
-
-Any ERP message from the peer will be dropped or answered with failure code by the authenticator.
-As a result the peer's EAP-Initiate/Re-auth will fail and the peer should fall back to using 
-full EAP authentication.
-
-If there is a local ER server, it may start implicit bootstrapping. Note that it will re-do 
-implicit bootstrapping everytime the peer re-authenticates, using full EAP authentication each time.
-
-We have the same problem as in 2.3, the peer can not know when no local ER server is available, and therefore
-can not rely on implicit bootstrapping without more information.
-
-
-
-3. Conclusion.
-
-My conclusions with regards to the considerations from this document are as follow:
-
-- The peer should always wait for first message from the authenticator if it does not receive domain name from LL, 
-and the authenticator should always send a EAP-Initiate/Re-auth-Start message with domain-name TLV.
-
-Pro: no dependency on lower layer to provide local domain name to the peer
-Pro: reduces the number of possible situations to handle on the peer and authenticator.
-
-
-- The peer must choose between initiating normal or bootstrapping ERP exchange. We restrict normal exchanges
-to occur only after previous bootstrapping exchange in the same domain, that resulted in reception 
-of the domain name (proof that the home ER server has sent the DSRK to a local ER server) i.e. we do never rely
-on implicit bootstrapping.
-
-Pro: the peer can decide whether to do normal or bootstrapping ERP.
-Pro: no useless key derivation computation.
-Pro: allow to use different Diameter Application ID for ERP, elimitating all current constraints on Diameter routing (FFS).
-Pro: allow more flexibility in deployment scenario.
-Con: need to re-design the Diameter ERP almost from scratch (but currently it can't work anyway...)
-Con: one additional round-trip with home domain in the worst case.
-