Browse Prior Art Database

IKEv2-Derived Shared Secret Key for the One-Way Active Measurement Protocol (OWAMP) and Two-Way Active Measurement Protocol (TWAMP) (RFC7717) Disclosure Number: IPCOM000245072D
Original Publication Date: 2015-Dec-01
Included in the Prior Art Database: 2016-Feb-07
Document File: 30 page(s) / 35K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

K. Pentikousis: AUTHOR [+3]


The One-Way Active Measurement Protocol (OWAMP) [RFC4656] and the Two-Way Active Measurement Protocol (TWAMP) [RFC5357] can be used to measure network performance parameters such as latency, bandwidth, and packet loss by sending probe packets and monitoring their experience in the network. In order to guarantee the accuracy of network measurement results, security aspects must be considered. Otherwise, attacks may occur and the authenticity of the measurement results may be violated. For example, if no protection is provided, an adversary in the middle may modify packet timestamps, thus altering the measurement results.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 8% of the total text.

Internet Engineering Task Force (IETF)               K. Pentikousis, Ed. Request for Comments: 7717                                          EICT Updates: 4656, 5357                                             E. Zhang Category: Standards Track                                         Y. Cui ISSN: 2070-1721                                      Huawei Technologies                                                            December 2015

                   IKEv2-Derived Shared Secret Key for           the One-Way Active Measurement Protocol (OWAMP) and               Two-Way Active Measurement Protocol (TWAMP)


   The One-Way Active Measurement Protocol (OWAMP) and Two-Way Active    Measurement Protocol (TWAMP) security mechanisms require that both    the client and server endpoints possess a shared secret.  This    document describes the use of keys derived from an IKEv2 security    association (SA) as the shared key in OWAMP or TWAMP.  If the shared    key can be derived from the IKEv2 SA, OWAMP or TWAMP can support    certificate-based key exchange; this would allow for more operational    flexibility and efficiency.  The key derivation presented in this    document can also facilitate automatic key management.

Status of This Memo

   This is an Internet Standards Track document.

   This document is a product of the Internet Engineering Task Force    (IETF).  It represents the consensus of the IETF community.  It has    received public review and has been approved for publication by the    Internet Engineering Steering Group (IESG).  Further information on    Internet Standards is available in Section 2 of RFC 5741.

   Information about the current status of this document, any errata,    and how to provide feedback on it may be obtained at

 Pentikousis, et al.          Standards Track                    [Page 1]
 RFC 7717              Shared Secret Key for O/TWAMP        December 2015

 Copyright Notice

   Copyright (c) 2015 IETF Trust and the persons identified as the    document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal    Provisions Relating to IETF Documents    ( in effect on the date of    publication of this document.  Please review these documents    carefully, as they describe your rights and restrictions with respect    to this document.  Code Components extracted from this document must    include Simplified BSD License text as described in Section 4.e of    the Trust Legal Provisions and a...