Re: WG Review: Recharter of IP Security Maintenance and Extensions (ipsecme)

Bernard Aboba <bernard_aboba@hotmail.com> Sun, 21 February 2010 22:15 UTC

Return-Path: <bernard_aboba@hotmail.com>
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1CC343A6A8A for <ietf@core3.amsl.com>; Sun, 21 Feb 2010 14:15:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.018
X-Spam-Level:
X-Spam-Status: No, score=-2.018 tagged_above=-999 required=5 tests=[AWL=0.580, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2oOmE8tdDfui for <ietf@core3.amsl.com>; Sun, 21 Feb 2010 14:15:42 -0800 (PST)
Received: from blu0-omc2-s33.blu0.hotmail.com (blu0-omc2-s33.blu0.hotmail.com [65.55.111.108]) by core3.amsl.com (Postfix) with ESMTP id 821BB3A6842 for <ietf@ietf.org>; Sun, 21 Feb 2010 14:15:41 -0800 (PST)
Received: from BLU137-W6 ([65.55.111.73]) by blu0-omc2-s33.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959); Sun, 21 Feb 2010 14:17:37 -0800
Message-ID: <BLU137-W6D7911F42BDF5A13E744793440@phx.gbl>
Content-Type: multipart/alternative; boundary="_5dd0e60f-eafd-4da5-91a8-495d4ebce2f9_"
X-Originating-IP: [64.134.22.228]
From: Bernard Aboba <bernard_aboba@hotmail.com>
To: ietf@ietf.org
Subject: Re: WG Review: Recharter of IP Security Maintenance and Extensions (ipsecme)
Date: Sun, 21 Feb 2010 14:17:37 -0800
Importance: Normal
MIME-Version: 1.0
X-OriginalArrivalTime: 21 Feb 2010 22:17:37.0315 (UTC) FILETIME=[AC95A730:01CAB343]
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 21 Feb 2010 22:15:44 -0000






I agree with Dan.   The added complexity seems to have very little if any benefit. 

Moreover, the existing IKEv2/EAP design has some very desirable cryptographic properties (such as the ability to support
PFS even in situations where weak EAP methods are used) that could go by the wayside.  

Dan Harkins said:

> 
>   Hi Jari,
> 
>   I don't believe the simpler solution will increase code size or
> complexity when compared to the the reuse EAP solution. In fact,
> it will be less on both counts.
> 
>   In both cases the core key exchange will have to be implemented
> and in both cases some configuration glue will be needed. But in the
> reuse EAP solution there is the added code to implement an EAP client
> and its accompanying state machine, which no IKEv2 gateway currently
> needs to implement. In addition, a true EAP server, and accompanying
> state machine, will need to be implemented and IKEv2 gateways will
> no longer get away with just being a "pass through authenticator".
> The reuse EAP solution will also have to implement some new
> fragmentation/reassembly code since EAP methods (like ones supporting
> "weak" shared secrets) have to roll-their-own. The reuse EAP solution
> will also have to implement other, unneeded, exchanges (which is why the
> roundtrips/overhead are greater). When you compare the two, it really
> is obvious that trying to use EAP in this case increases code size and
> complexity versus just doing the exchange as part of IKE.
> 
>   EAP is attractive because it provides a generic authentication solution,
> but here there is really only one type of authentication to do-- using a
> "weak" shared secret. It is also attractive because authentication can be
> centralized with one server serving many network access points. But in
> this case both sides must have possession of the shared secret and both
> sides must be capable of initiating the exchange so use of a centralized
> server is not possible. So all of the attractive features of EAP do not
> apply and we're left with the undesirable features of EAP-- duplicate
> identity exchanges, yet more fragmentation/reassembly code, and
> pointless overhead.
> 
>   I don't think it's better architecturally to reuse EAP in this situation.
> EAP is a network access protocol where one side attempts to obtain network
> access from another. There are strict roles played in EAP. In this
> situation there are no roles and creating a host-to-host SA or network-
> to-network SA is not really the same thing as obtaining network access.
> 
>   There are some things that EAP is not appropriate for and this is
> one of them.
> 
>   regards,
> 
>   Dan.
> 
> On Fri, February 19, 2010 5:39 am, Jari Arkko wrote:
> > Pasi,
> >
> > (Adding the working group mailing list to the discussion; previous
> > discussion has been at ietf@ietf.org.)
> >
> >> You're right that implementing a "weak shared secret" EAP method (both
> >> the EAP peer and EAP server roles) on both IPsec nodes, combined with
> >> the "EAP mutual authentication" work item (also in the new charter)
> >> could be used in this situation, and would result in roughly the same
> >> functionality (perhaps with slightly more roundtrips/other overhead --
> >> but that's probably not a critical factor here).
> >>
> >
> > OK. And yes, I agree about the significance of roundtrips.
> >
> >> NEW:
> >>    However, user-configured shared secrets are still useful for many
> >>    other IPsec scenarios, such as authentication between two servers
> >>    or routers. These scenarios are usually symmetric: both peers know
> >>    the shared secret, no back-end authentication servers are involved,
> >>    and either peer can initiate an IKEv2 SA. While it would be
> >>    possible to use EAP in such situations (by having both peers
> >>    implement both the EAP peer and the EAP server roles of an EAP
> >>    method intended for "weak" shared secrets) with the mutual
> >>    EAP-based authentication work item (above), a simpler solution may
> >>    be desirable in many situations.
> >>
> >
> > This formulation is better than what we had previously. I can live with
> > this.
> >
> > But for the record, I am still surprised that I am the only one worried
> > about this. In my view this additional solution, while perhaps simpler
> > on its own, will increase code size and complexity for most
> > implementations. For instance, a device that serves remote access
> > clients has to implement at least parts of EAP. To support
> > gateway-gateway weak secrets it now has to add support for another,
> > completely different authentication mode and associated configuration
> > mechanisms & policies. Architecturally, it would be better to rely on
> > few general solutions than to build special case "simpler" solutions
> > that taken together, actually become more complex. Not to mention the
> > impact on interoperability.
> >
> > Jari
> >
> > _______________________________________________
> > Ietf mailing list
> > Ietf@ietf.org
> > https://www.ietf.org/mailman/listinfo/ietf
> >
> 
> 
> 
> 
> ------------------------------
> 
> _______________________________________________
> Ietf mailing list
> Ietf@ietf.org
> https://www.ietf.org/mailman/listinfo/ietf
> 
> 
> End of Ietf Digest, Vol 21, Issue 38
> ************************************