IETF Logo Mail Archive

Re: [IPsec] Comments on draft-ietf-ipsecme-tcp-encaps

Tommy Pauly <tpauly@apple.com> Sun, 19 March 2017 18:25 UTC

Return-Path: <tpauly@apple.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E8A7E1288B8 for <ipsec@ietfa.amsl.com>; Sun, 19 Mar 2017 11:25:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.3
X-Spam-Level:
X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=apple.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id imvTiF4mWFye for <ipsec@ietfa.amsl.com>; Sun, 19 Mar 2017 11:25:54 -0700 (PDT)
Received: from mail-in2.apple.com (mail-out2.apple.com [17.151.62.25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B5F00126C23 for <ipsec@ietf.org>; Sun, 19 Mar 2017 11:25:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; d=apple.com; s=mailout2048s; c=relaxed/simple; q=dns/txt; i=@apple.com; t=1489947954; h=From:Sender:Reply-To:Subject:Date:Message-id:To:Cc:MIME-version:Content-type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-reply-to:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=gBqtYgakPsBRkFHqKQkwMdW5KqpeBk8DlNgGib0azbg=; b=c1n6fOVfcB08SMNOFfvBecSnECGtD4uzSzBjOKBEof9bP/WOoA5aDaIx6sHoMPWS uZV7OnI0tBAVwPBiDKIC4ehrzBWdmt7GFCJjkFnrp/xgYK8X36O/8GyMK+2AHg5j yrnZShy+NaDZrnCgdTmwWgHmdkNrQTmG/vZ/E82gf2Qqe1EqapP9wEvQULwrQFZn 9bLt290UqLYG/jLPM+rc13spjRbx+t1FyJqsS6UFse284u3qp2Yq0Bbs7MQ5dwG/ iJC8o+LBpS/WZa81CG7fRHsfrQ585XGbr5S1c5+ts03MKaWVomcUs451bbYzdGaS fsDN8laaiyUFGIyBIHhSIA==;
Received: from relay5.apple.com (relay5.apple.com [17.128.113.88]) by mail-in2.apple.com (Apple Secure Mail Relay) with SMTP id E6.61.30096.F2DCEC85; Sun, 19 Mar 2017 11:25:54 -0700 (PDT)
X-AuditID: 11973e11-0d9ff70000007590-43-58cecd2f50ed
Received: from nwk-mmpp-sz10.apple.com (nwk-mmpp-sz10.apple.com [17.128.115.122]) by relay5.apple.com (Apple SCV relay) with SMTP id C5.5C.06491.E2DCEC85; Sun, 19 Mar 2017 11:25:51 -0700 (PDT)
MIME-version: 1.0
Content-type: multipart/alternative; boundary="Boundary_(ID_vMjDpTLUHB3BTcK71R/v6Q)"
Received: from [17.153.68.99] by nwk-mmpp-sz10.apple.com (Oracle Communications Messaging Server 8.0.1.2.20170210 64bit (built Feb 10 2017)) with ESMTPSA id <0ON2007J5R72BS60@nwk-mmpp-sz10.apple.com>; Sun, 19 Mar 2017 11:25:50 -0700 (PDT)
Sender: tpauly@apple.com
From: Tommy Pauly <tpauly@apple.com>
Message-id: <08CAB6F1-EA5C-4FA6-A9E9-1D7A87997470@apple.com>
Date: Sun, 19 Mar 2017 11:25:51 -0700
In-reply-to: <CABcZeBPiZmWBJEW5PYFDafS_v3dumEkS285MAifme85-ziu=ig@mail.gmail.com>
Cc: Yoav Nir <ynir.ietf@gmail.com>, ipsec@ietf.org, draft-ietf-ipsecme-tcp-encaps@ietf.org
To: Eric Rescorla <ekr@rtfm.com>
References: <CABcZeBPMR9m8zPdhG4Bc3DHWj9UmVq22Z7G4ApYjBGJeC7MU=A@mail.gmail.com> <A5D592C8-AEE0-4675-88AE-0064FD52B49B@gmail.com> <CABcZeBPiZmWBJEW5PYFDafS_v3dumEkS285MAifme85-ziu=ig@mail.gmail.com>
X-Mailer: Apple Mail (2.3263)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrILMWRmVeSWpSXmKPExsUi2FAYoWt09lyEwbM2FYv3f84wWqx4fY7d Yv+WF2wWS499YHJg8dg56y67x5IlP5k8Jj9uYw5gjuKySUnNySxLLdK3S+DK2Pn4AXvB45KK SU+3MDYwzk7uYuTkkBAwkXj2+TFrFyMXh5DAXkaJL2fussAktvUdYYdIHGKUWD6nkRUkwSsg KPFj8j2wImaBMIlN11ZCFX1hlPi9fRqQw8EhLCAhsXlPIkgNm4CKxPFvG5hBwrwCNhLbbhSA hIUF7CSurtnJDGKzCKhKXJu/CqyTUyBY4uUMX4jpMRJ7Zt4B2yoioCDx688JFohNZxgltq16 wwxxp6xE98JpzCAJCYHrbBL/nx1knMAoNAvJqbOQnDoLaAezgLrElCm5EGFtiSfvLrBC2GoS C38vYkIWX8DItopRKDcxM0c3M89IL7GgICdVLzk/dxMjKE6m2wnuYDy+yuoQowAHoxIP74/y sxFCrIllxZW5hxilOViUxHmnTwEKCaQnlqRmp6YWpBbFF5XmpBYfYmTi4JRqYBScv10kyOOV W9vvDOXb96rWSjY/2PSU75z6lVwvEe082dSImjqTM2Jn45oucj629jl7dFrLzpY5x1ia9xS9 vT4vb3pl8tLDsX1XC6QOZ91kr5HRTJh2ce/lGO3QbwqPNxmJl87WcNr6bZaKw3L7HfOWNvwx fFr+qHRX1gU5hZhNHCWiTPvknyixFGckGmoxFxUnAgDu9Qo1dAIAAA==
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrNIsWRmVeSWpSXmKPExsUi2FBcpat/9lyEQe97DYv3f84wWqx4fY7d Yv+WF2wWS499YHJg8dg56y67x5IlP5k8Jj9uYw5gjuKySUnNySxLLdK3S+DK2Pn4AXvB45KK SU+3MDYwzk7uYuTkkBAwkdjWd4S9i5GLQ0jgEKPE8jmNrCAJXgFBiR+T77GA2MwCYRKbrq2E KvrCKPF7+zQgh4NDWEBCYvOeRJAaNgEViePfNjCDhHkFbCS23SgACQsL2ElcXbOTGcRmEVCV uDZ/FVgnp0CwxMsZvhDTYyT2zLwDtlVEQEHi158TLBCbzjBKbFv1hhniTlmJ7oXTmCcw8s9C ct0sJNfNAhrLLKAuMWVKLkRYW+LJuwusELaaxMLfi5iQxRcwsq1iFChKzUmsNNVLLCjISdVL zs/dxAgO68KIHYz/l1kdYhTgYFTi4Q2oOhshxJpYVlyZCwwiDmYlEV61U+cihHhTEiurUovy 44tKc1KLDzFOZAR6ciKzlGhyPjDq8kriDU1MDEyMjc2Mjc1NzGkprCTOO/EI0EUC6Yklqdmp qQWpRTBHMXFwSjUwOty7+2PKig13Ne/UFxk9eNPyb+utihub3nmLPlvgP/tNs9Tk+1qepuW3 p7KnLQpxefdd+cJbJrcty3flyD17u8Tt4bn2aWutnUwqG3VcmfvjfENE95UbxzgU9Cd0/2zY V63jHvZy8rHNqnvX33NcUil9QuRpzz+7nC1VvZdC2vwmzt+ekpQXo8RSnJFoqMVcVJwIAPfa 9YveAgAA
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/159GZ5_OfkA17l43uAi2OMXi1sc>
Subject: Re: [IPsec] Comments on draft-ietf-ipsecme-tcp-encaps
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 19 Mar 2017 18:25:57 -0000

> On Mar 19, 2017, at 6:47 AM, Eric Rescorla <ekr@rtfm.com> wrote:
> 
> 
> 
> On Sat, Mar 18, 2017 at 11:29 PM, Yoav Nir <ynir.ietf@gmail.com <mailto:ynir.ietf@gmail.com>> wrote:
> Hi, Eric.
> 
>> On 19 Mar 2017, at 4:04, Eric Rescorla <ekr@rtfm.com <mailto:ekr@rtfm.com>> wrote:
>> 
>> [Now with the right address]
>> 
>> I just finished reading this document. Some comments below.
>> 
>> 
>> - You have a uniform 16 bit length field followed by a 4 byte all-zeros
>>    sentinel value to indicate that a packet is IKE rather than ESP.
>>    Given that in S 3 graf 2 you have a SHOULD-level requirement
>>    to use typical UDP payload lengths, why not instead explicitly
>>    limit lengths to 15 bits and use the top bit to indicate IKE versus
>>    ESP. This would be slightly more efficient and seems simpler.
>>    I suppose that the counterargument is that IKE over UDP behaves
>>    differently, but in terms of implementation, that doesn't seem like
>>   much of an argument.
> 
> Another counter-argument is that we sometimes need the entire theoretical length of a UDP packet. The IKE_AUTH messages typically carry a certificate chain and sometimes even a CRL. And there is no way to split a certificate chain over several messages. With remote access VPN you also get a CFG payload with configuration information that can also encode an unbounded amount of data. So I would not want to constrain the certificate chains that we are able to send any more than the IP packet length already does.
> 
> OK.
> 
> 
> 
> Early on there was a proposal to increase the length field to 4 bytes to do away with these IKE limitations, but that was rejected.
> 
>> - If you're going to have a framing disambiguator, why not choose
>>   one that has higher entropy. If there is a protocol with a random
>>   start, then you are going to get some collisions with 2^48 bits.
> 
> I don’t think anyone plans to implement this on any port other than 443. And on that port we’re worrying about exactly one protocol and it doesn’t start with “IKETCP"
> 
> Fair enough.
>  
>> - It seems like IKE associations can span TCP connections (S 6)
>>   so why not instead of doing UDP first then TCP, do happy eyeballs.
> 
> I don’t think it’s necessary to prescribe for or against this, but that is what we do, and I think that is what Apple intends to do.
> 
> Right, but the text here actively discourages this.
> https://tools.ietf.org/html/draft-ietf-ipsecme-tcp-encaps-09#section-5.1 <https://tools.ietf.org/html/draft-ietf-ipsecme-tcp-encaps-09#section-5.1> 
> 
> "   to reduce connection setup delays. It is recommended that theinitial message over UDP is retransmitted at least once before falling back to TCP, unless the Initiator knows beforehand that the   network is likely to block UDP."

There's a tradeoff here between the Happy Eyeballs approach and the long-term benefits of choosing one option. I'm definitely a big proponent of Happy Eyeballs between address families, interfaces, and protocol options in general. However, these IKE connections will often be long-lived and tunnel a large amount of traffic used for many different applications. Since we view tunneling over UDP as so much preferable to tunneling over TCP, we want to weight the race more heavily in UDP's favor. The draft does not specifically say that attempts over UDP are ceased once the TCP attempt has begun, so there is room to keep 'racing' at this point. The main point we wanted to get across is that UDP should be given a fair shot, since it should be the preference.

Note that a Happy Eyeballs approach should always have one option be attempted first anyhow, since simultaneous racing just adds extra load to the network and servers.

Thanks,
Tommy
> 
>> " when TLS is used on the TCP connection, both the TCP Originator and TCP Responder SHOULD allow the NULL cipher to be selected for performance reasons."
>> 
>> This seems like you are going to have some problems with TLS 1.3
>> 
>> - If you are going to use TLS, shouldn't you be using ALPN?
> 
> The idea of using TLS (rather than just IKE on port 443) is to get past firewalls and IDP that examine the TCP traffic to determine that it “really looks like HTTPS”. There was some discussion about whether this was a good idea or whether we should in such a case either give up or standardize some kind of SSL-VPN. There was no consensus to go with SSL-VPN in either this group or any other (there was a bar bof a few IETFs ago)
> 
> OK. You're still going to have a problem with 1.3...
> 
> -Ekr
> _______________________________________________
> IPsec mailing list
> IPsec@ietf.org
> https://www.ietf.org/mailman/listinfo/ipsec

v2.23.0 | Report a Bug | By Email