Re: [IPsec] Fwd: Last Call: draft-ietf-ipsecme-ikev2-resumption (IKEv2 Session Resumption) to Proposed Standard
Hui Deng <denghui02@gmail.com> Tue, 22 September 2009 14:38 UTC
Return-Path: <denghui02@gmail.com>
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C62833A68D9; Tue, 22 Sep 2009 07:38:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.432
X-Spam-Level:
X-Spam-Status: No, score=-2.432 tagged_above=-999 required=5 tests=[AWL=0.167, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fMiEL-Ye6SFb; Tue, 22 Sep 2009 07:38:37 -0700 (PDT)
Received: from mail-qy0-f201.google.com (mail-qy0-f201.google.com [209.85.221.201]) by core3.amsl.com (Postfix) with ESMTP id 9C69428C102; Tue, 22 Sep 2009 07:38:37 -0700 (PDT)
Received: by qyk39 with SMTP id 39so3019620qyk.31 for <multiple recipients>; Tue, 22 Sep 2009 07:39:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type; bh=H2iWTji/CM+g4bFCL3Qr0fkuXEL9zC7C7c/spfrcIqs=; b=RjN06jJ4RkplLGz2Aap8IKkXKQVKK5eVWw8H8YubpZOuiekdOzbUYAz8LAqtcV0nJO LkDjdUKkB8sVIL9be0s4Dkb8QxWjf2gSBSfwGch0goiU0Hgr6HfspoHn0/jy5JX1QeOr bHKN9AvwkNcBQh6PCZFgn7tI/VNBEj4jBeSmM=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=RiNl3RJF/CRJ+qq8P9t1eC+xsg555R0VuuywzGaBeHJIqNdNdEjnq8154D9XFH7a/a xeMBvnv0089jGr7MapGupM/fwlBWwFIGNPNZ8qyG4qeiB1JONh76cP1pUJ5Sl6G6xV2L 3CXpyqLomakX+nMSL03Rwf58bSPdHLRE0jQCc=
MIME-Version: 1.0
Received: by 10.224.115.98 with SMTP id h34mr745299qaq.193.1253630378381; Tue, 22 Sep 2009 07:39:38 -0700 (PDT)
In-Reply-To: <19103.34893.896574.218235@fireball.kivinen.iki.fi>
References: <20090831140935.4752B3A6E46@core3.amsl.com> <4c5c7a6d0909011932g74decc2dq1ae2cb61b78b2b0a@mail.gmail.com> <4c5c7a6d0909020717r72ee57btaaa9bdafd39a12cd@mail.gmail.com> <7F9A6D26EB51614FBF9F81C0DA4CFEC80190A978EFBE@il-ex01.ad.checkpoint.com> <19103.34893.896574.218235@fireball.kivinen.iki.fi>
Date: Tue, 22 Sep 2009 22:39:38 +0800
Message-ID: <1d38a3350909220739y496159cexd4f82b1a40df9c31@mail.gmail.com>
Subject: Re: [IPsec] Fwd: Last Call: draft-ietf-ipsecme-ikev2-resumption (IKEv2 Session Resumption) to Proposed Standard
From: Hui Deng <denghui02@gmail.com>
To: Tero Kivinen <kivinen@iki.fi>
Content-Type: text/plain; charset="ISO-8859-1"
Cc: IPsecme WG <ipsec@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>, Yaron Sheffer <yaronf@checkpoint.com>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Sep 2009 14:38:38 -0000
Comments inline, thanks 2009/9/3 Tero Kivinen <kivinen@iki.fi>: > Yaron Sheffer writes: >> [YS] I see the merits of extending IKE_SA_INIT to support resumption, and in >> fact an early version of our work did exactly that. But the working group >> gave us a clear direction to use a separate exchange, and this is where we >> disagree: I believe we did have a strong WG consensus that the >> implementation benefits of having a separate exchange (i.e. not overloading >> even more the non-trivial IKE_SA_INIT exchange) outweigh the benefits of the >> alternative. > > I agree on that (both to the WG having consensus and also that using > separate exchange is better). [Hui] I don't think so. IMO, in the list, the comparison of extended IKE_SA_INIT exchange and IKE_SESSION_RESUME still did not have a consensus yet. It was a ballot in the mailing list in the begining, and it is quite clear more people opposing sepaparate exchange, we could do one more round ballot if needed. > >> > I know that how a client detects the need for resumption is out of the >> > scope of this draft. But, there is the possibility that IPsec client >> > may be continuously deceived and believe the fail of IPsec gateway. It >> > may continuously present the ticket and update the ticket. In this >> > sense, IMHO, this draft should take care of this case. >> > >> [YS] If I understand the scenario correctly, it is similar to an attacker >> repeatedly sending notifications to an IKE client, making it believe that >> the IKE exchange has failed and needs to be reinitiated. This attack against >> plain-vanilla IKE would be much more CPU-intensive to the client and to the >> (real) gateway, compared to repeated session resumption. Even when you >> factor in the cost of generating a new ticket. Moreover, the regular IKEv2 >> anti-DOS cookie mechanism is supported by IKE_SESSION_RESUME as well. > > Regardless what notifications or ICMP messages you send to any of the > IKE end points that MUST NOT cause them to consider IKE SA failed. It > "MUST conclude that the other endpoind has failed only when repeated > attemtps to contact it have gone unanswered for timeout period or when > a cryptographically protected INITIAL_CONTACT notification is received > on a different IKE SA to the same authenticated identity." (RFC 4306 > section 2.4) > > Notifications and ICMP messages may trigger other end to send empty > INFORMATIONAL message to check whether the other end is alive or not > and only if that times out then the other end is considered dead. > > This means this kind of attack is not possible with notifications and > ICMP. > > On the other hand I do agree with Peny that, as resumption draft makes > it out of scope for this draft, how a client detects the need of > resumption, we might need more text explaining this attack. I.e. we > might need to add text to security considerations which says that the > client implementations should not trust any untrusted source when they > are trying to detect whether the resumption is needed. [Hui] I also agree with Peny and Tero. Although way of detecting failure of gateways is out of the scope of current charter, WG draft should at least handle the issues incurred by mis-judgement of client. thanks -Hui
- RE: [IPsec] Fwd: Last Call: draft-ietf-ipsecme-ik… Yaron Sheffer
- Re: [IPsec] Last Call: draft-ietf-ipsecme-ikev2-r… Peny Yang
- Re: [IPsec] Fwd: Last Call: draft-ietf-ipsecme-ik… Tero Kivinen
- Re: [IPsec] Fwd: Last Call: draft-ietf-ipsecme-ik… Peny Yang
- Re: [IPsec] Fwd: Last Call: draft-ietf-ipsecme-ik… Peny Yang
- Re: [IPsec] Fwd: Last Call: draft-ietf-ipsecme-ik… Hui Deng
- RE: [IPsec] Fwd: Last Call: draft-ietf-ipsecme-ik… Yaron Sheffer