Re: [IPsec] Comments on draft-ietf-ipsecme-tcp-encaps
Yoav Nir <ynir.ietf@gmail.com> Sun, 19 March 2017 06:29 UTC
Return-Path: <ynir.ietf@gmail.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ED06E127071; Sat, 18 Mar 2017 23:29:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fy5Lzkc-zbgn; Sat, 18 Mar 2017 23:29:31 -0700 (PDT)
Received: from mail-wr0-x243.google.com (mail-wr0-x243.google.com [IPv6:2a00:1450:400c:c0c::243]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 74D1A1242EA; Sat, 18 Mar 2017 23:29:31 -0700 (PDT)
Received: by mail-wr0-x243.google.com with SMTP id g10so14162853wrg.0; Sat, 18 Mar 2017 23:29:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=Cwf6dHdzBsbHs75ScAtL6QYiwbVkpeqwE1CDa4euPGQ=; b=DbiWhTW5FMYfiN6Wm7lqbYSUg/8y6epGwKOa5pXce68MpXR8mHQquhIx14DjJKH4yV wjVgX7o0UXkdLij+dOzrnGjX4RSF8dQNmRffy/6lgWc0NzISLbv1z1r3VDXsn1ln3RXw n/lSYoUte6cXTKRhnPteA/ARZQ+P80GIMmpadFi5UXmGSmvOsFoQ9IaLf80pcUa1GxdM xAbmD1IEQl/rQFRSaMXbAlKAog6zma7kVSc8mHHNmEKkrSlG0EowIY1vBzx/ZqPaEd9P t8XqgzxbDtYfjU/QRrJ2dM+b8nPfBrzmnElkNxBgs/oCHH5bZnWoMqQRD6/3uM1fiSW8 BQTA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=Cwf6dHdzBsbHs75ScAtL6QYiwbVkpeqwE1CDa4euPGQ=; b=E0sj5lPtve7BMDLtKmcPGqt15//uS4xrX1Io0iQYT7ifb0ZKPhd4ijGaPaTPC+484Z w1vlo7qNPZICAPaK/3cc2952mX1+2LA0gNdVqW5srPm21T1WIxdZoPomvxz9G+GdFzhv IcJ/WfGHVyHg/Sz0q6XMYsjmD35WtYi/7lETRJrnA3tDREOp6zfQ8I/DDBiQzBSpYOz+ ihvMs847D6GlQbgY1F6sbQ86kHp/OgkPVWxnQmLzSBzj2jtuwitklepE+ZERAkcfyK3Z sOAo62eXBcw5vv/kYOWr+FSZkJMWktWKoEnQER77py4LTewz6tIS6zATtXwu29a7xr+g hf1w==
X-Gm-Message-State: AFeK/H3fRdcX0FdrCAmVFDZBa6hM9mRZRAk7XPiFn/MGeyfYIdRnf2dy9ARbWZK+X82bdg==
X-Received: by 10.223.138.134 with SMTP id y6mr19700714wry.118.1489904969935; Sat, 18 Mar 2017 23:29:29 -0700 (PDT)
Received: from [192.168.1.18] ([46.120.57.147]) by smtp.gmail.com with ESMTPSA id o26sm4413228wmi.18.2017.03.18.23.29.28 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 18 Mar 2017 23:29:29 -0700 (PDT)
From: Yoav Nir <ynir.ietf@gmail.com>
Message-Id: <A5D592C8-AEE0-4675-88AE-0064FD52B49B@gmail.com>
Content-Type: multipart/signed; boundary="Apple-Mail=_6ABBBF37-6F52-46B9-A709-EC1822FE28A4"; protocol="application/pgp-signature"; micalg="pgp-sha512"
Mime-Version: 1.0 (Mac OS X Mail 10.2 \(3259\))
Date: Sun, 19 Mar 2017 08:29:25 +0200
In-Reply-To: <CABcZeBPMR9m8zPdhG4Bc3DHWj9UmVq22Z7G4ApYjBGJeC7MU=A@mail.gmail.com>
Cc: draft-ietf-ipsecme-tcp-encaps@ietf.org, ipsec@ietf.org
To: Eric Rescorla <ekr@rtfm.com>
References: <CABcZeBPMR9m8zPdhG4Bc3DHWj9UmVq22Z7G4ApYjBGJeC7MU=A@mail.gmail.com>
X-Mailer: Apple Mail (2.3259)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/6oHKu2kRH-PVtdf-7Lna3SO2saM>
Subject: Re: [IPsec] Comments on draft-ietf-ipsecme-tcp-encaps
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 19 Mar 2017 06:29:34 -0000
Hi, Eric. > On 19 Mar 2017, at 4:04, Eric Rescorla <ekr@rtfm.com> wrote: > > [Now with the right address] > > I just finished reading this document. Some comments below. > > > - You have a uniform 16 bit length field followed by a 4 byte all-zeros > sentinel value to indicate that a packet is IKE rather than ESP. > Given that in S 3 graf 2 you have a SHOULD-level requirement > to use typical UDP payload lengths, why not instead explicitly > limit lengths to 15 bits and use the top bit to indicate IKE versus > ESP. This would be slightly more efficient and seems simpler. > I suppose that the counterargument is that IKE over UDP behaves > differently, but in terms of implementation, that doesn't seem like > much of an argument. Another counter-argument is that we sometimes need the entire theoretical length of a UDP packet. The IKE_AUTH messages typically carry a certificate chain and sometimes even a CRL. And there is no way to split a certificate chain over several messages. With remote access VPN you also get a CFG payload with configuration information that can also encode an unbounded amount of data. So I would not want to constrain the certificate chains that we are able to send any more than the IP packet length already does. Early on there was a proposal to increase the length field to 4 bytes to do away with these IKE limitations, but that was rejected. > - If you're going to have a framing disambiguator, why not choose > one that has higher entropy. If there is a protocol with a random > start, then you are going to get some collisions with 2^48 bits. I don’t think anyone plans to implement this on any port other than 443. And on that port we’re worrying about exactly one protocol and it doesn’t start with “IKETCP" > - It seems like IKE associations can span TCP connections (S 6) > so why not instead of doing UDP first then TCP, do happy eyeballs. I don’t think it’s necessary to prescribe for or against this, but that is what we do, and I think that is what Apple intends to do. > " when TLS is used on the TCP connection, both the TCP Originator and TCP Responder SHOULD allow the NULL cipher to be selected for performance reasons." > > This seems like you are going to have some problems with TLS 1.3 > > - If you are going to use TLS, shouldn't you be using ALPN? The idea of using TLS (rather than just IKE on port 443) is to get past firewalls and IDP that examine the TCP traffic to determine that it “really looks like HTTPS”. There was some discussion about whether this was a good idea or whether we should in such a case either give up or standardize some kind of SSL-VPN. There was no consensus to go with SSL-VPN in either this group or any other (there was a bar bof a few IETFs ago) Yoav
- Re: [IPsec] Comments on draft-ietf-ipsecme-tcp-en… Valery Smyslov
- [IPsec] Comments on draft-ietf-ipsecme-tcp-encaps Eric Rescorla
- Re: [IPsec] Comments on draft-ietf-ipsecme-tcp-en… Yoav Nir
- Re: [IPsec] Comments on draft-ietf-ipsecme-tcp-en… Yoav Nir
- Re: [IPsec] Comments on draft-ietf-ipsecme-tcp-en… Valery Smyslov
- Re: [IPsec] Comments on draft-ietf-ipsecme-tcp-en… Yoav Nir
- Re: [IPsec] Comments on draft-ietf-ipsecme-tcp-en… Eric Rescorla
- Re: [IPsec] Comments on draft-ietf-ipsecme-tcp-en… Tommy Pauly
- Re: [IPsec] Comments on draft-ietf-ipsecme-tcp-en… Eric Rescorla
- Re: [IPsec] Comments on draft-ietf-ipsecme-tcp-en… Tommy Pauly
- Re: [IPsec] Comments on draft-ietf-ipsecme-tcp-en… Eric Rescorla
- Re: [IPsec] Comments on draft-ietf-ipsecme-tcp-en… Paul Wouters