[IPsec] DH Tests draft - failure behavior

Yaron Sheffer <yaronf.ietf@gmail.com> Tue, 12 March 2013 14:48 UTC

Return-Path: <yaronf.ietf@gmail.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 7241021F8C78 for <ipsec@ietfa.amsl.com>; Tue, 12 Mar 2013 07:48:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -100.829
X-Spam-Status: No, score=-100.829 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_HOST_EQ_D_D_D_D=0.765, RCVD_IN_PBL=0.905, RDNS_DYNAMIC=0.1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id tuh+73SbEFfM for <ipsec@ietfa.amsl.com>; Tue, 12 Mar 2013 07:48:51 -0700 (PDT)
Received: from mail-bk0-x234.google.com (mail-bk0-x234.google.com [IPv6:2a00:1450:4008:c01::234]) by ietfa.amsl.com (Postfix) with ESMTP id A317821F8C7C for <ipsec@ietf.org>; Tue, 12 Mar 2013 07:48:50 -0700 (PDT)
Received: by mail-bk0-f52.google.com with SMTP id jk13so2266373bkc.39 for <ipsec@ietf.org>; Tue, 12 Mar 2013 07:48:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:message-id:date:from:user-agent:mime-version:to:subject :content-type:content-transfer-encoding; bh=uYf2NryzJ0xJqw0L05FJ+Lf2mVxIFFcHJfpbkONkVFk=; b=k0tHzxuYTDGgxfueLgtAJVb7v38AR+BpT3WvqK+4yPbHj/w2fC74eIvrQiLECJHD46 ME4YiIP5ngyoTM+5+YyGfKsDeKOw1oPl846+Thrego6yuJccurgL7XMLjYKhWYkH0nc9 wnF/GiLzM4CqBLmK7OEcG3iv3FkM56hieQRu+R4uyQsIGGd1D7wCPqt8t+WU5IPzXjDd h9bak/k5neKRgzk835DffKttlg92fmRyk/uKpCbPkA/c4JRXgKBHxH6muLRyzJtd7oGr T7XWeHl2pA+6bQvCQeiFrCiCWNM0F96m7pIWMtH4M6pvN1+oZM4mQUk7E6KLGf+sJ+dr Z3WA==
X-Received: by with SMTP id pn1mr6216694bkb.114.1363099729533; Tue, 12 Mar 2013 07:48:49 -0700 (PDT)
Received: from [] (bzq-79-176-129-128.red.bezeqint.net. []) by mx.google.com with ESMTPS id go8sm5165479bkc.20.2013. (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 12 Mar 2013 07:48:48 -0700 (PDT)
Message-ID: <513F404E.5060608@gmail.com>
Date: Tue, 12 Mar 2013 16:48:46 +0200
From: Yaron Sheffer <yaronf.ietf@gmail.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130221 Thunderbird/17.0.3
MIME-Version: 1.0
To: IPsecme WG <ipsec@ietf.org>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: [IPsec] DH Tests draft - failure behavior
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Mar 2013 14:48:51 -0000

Following up on the discussion we just had:

Paul raised the question whether we should respond with an error message 
in case any of the tests fail. We know from many examples that errors 
can reveal secret information.

However in this particular case:

- All IKEv2 DH groups are public information.
- All of the proposed tests only depend on public information, plus the 
information received from the sender in the clear. In other words, the 
test could just as well be performed by an eavesdropper.

The only thing that such an error message does reveal is that the 
receiver implements the test, but this is something that an attacker can 
find out anyway.

Which is why I think we should treat such failures as a normal syntax 
error, and respond with an error message, as a courtesy to the sender.

We should make these considerations explicit in the draft, specifically 
that the groups are well known.