[IPsec] Review of draft-ietf-ipsecme-rfc8229bis
Paul Wouters <paul.wouters@aiven.io> Mon, 10 January 2022 03:42 UTC
Return-Path: <paul.wouters@aiven.io>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2711A3A0C40 for <ipsec@ietfa.amsl.com>; Sun, 9 Jan 2022 19:42:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=aiven.io
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wFsV-f4sbG7Y for <ipsec@ietfa.amsl.com>; Sun, 9 Jan 2022 19:42:53 -0800 (PST)
Received: from mail-ed1-x534.google.com (mail-ed1-x534.google.com [IPv6:2a00:1450:4864:20::534]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 714FA3A0C3B for <ipsec@ietf.org>; Sun, 9 Jan 2022 19:42:53 -0800 (PST)
Received: by mail-ed1-x534.google.com with SMTP id u21so25653882edd.5 for <ipsec@ietf.org>; Sun, 09 Jan 2022 19:42:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aiven.io; s=google; h=date:from:to:subject:message-id:mime-version; bh=TUKRETawA0wCSXWMjZsg2BHif4kiaE73omjfgFNmw3g=; b=bocEArDLr2aClRfmyaoA0Q3ab6LwVMQF5s9k5mXoT1MqXIRzbuMXrLhp/X20BzPX9C q3sbyOZVY2E64QYopC/u4YEhMK/NRRqieWbGJ/HIUht3gD8kWQaYzy9eC2pwYN6QJ9LR HI9qZJ+//JbthOPzySz/yIII5WWbRMSI1ARnI=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:subject:message-id:mime-version; bh=TUKRETawA0wCSXWMjZsg2BHif4kiaE73omjfgFNmw3g=; b=44+GBZ5vJxdgbuv7ydXGAmubOz6VZS73oxG8qljkC7i8aa+jiNfW3rs2Bqup0/1Nd5 OM8C/1aFNe8TreEML3H2TRbl5ny7Us4xAgKft4x7IT47wPi2yM4+ZbbLvlkOLZ8sd6he AglYVweSLP0XHzVBRekPSOpwtKarOdbq2AUSg0l1YRNdopgeelDEkVL9q34SEv8Yr0/Z Z6ClNZoxgciFV8Cd4L9HUXwq/LroEIsnw7ttNlksRcbNBaw0SEh7zKkZUnW5HN7Xe0Qm pVo/lwTGlin/tFAK/GZmva4zrNP2GzKAHfZdN4RAac10swCmHFsf8WecyarHotfQIq5T yeyg==
X-Gm-Message-State: AOAM532EYjHPUz973XvfnPzsZaDZnFfAyWcSYbwyNpyaMpIJYdYibsF+ LCHiRiMYbAmR0sY9tldfKK1UTXIPWVlIGGhe/HA=
X-Google-Smtp-Source: ABdhPJzGeeRhG3iIgqfL2n+420sOcK+P0jPv4WxBX772TkraZb19lx2VlacVT+zjNTIIPBTAJmxZ/A==
X-Received: by 2002:a17:906:35db:: with SMTP id p27mr6520386ejb.143.1641786169774; Sun, 09 Jan 2022 19:42:49 -0800 (PST)
Received: from bofh.nohats.ca (bofh.nohats.ca. [193.110.157.194]) by smtp.gmail.com with ESMTPSA id eb14sm2867237edb.16.2022.01.09.19.42.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 09 Jan 2022 19:42:49 -0800 (PST)
Date: Sun, 09 Jan 2022 22:42:43 -0500
From: Paul Wouters <paul.wouters@aiven.io>
To: "ipsec@ietf.org WG" <ipsec@ietf.org>
Message-ID: <acea85f6-1c72-3b79-a7f6-d4c234b9e7c@nohats.ca>
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"; charset="US-ASCII"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/8DB-i0afGewqFAhsgGBRg_6vAHM>
Subject: [IPsec] Review of draft-ietf-ipsecme-rfc8229bis
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Jan 2022 03:42:58 -0000
I have reviewed the changed between draft-ietf-ipsecme-rfc8229bis and RFC 8229. I agree with most of these changes. I have some comments below. If others want to compare the draft with the RFC, see: https://nohats.ca/draft-ietf-ipsecme-rfc8229bis-01-from-rfc8229.diff.html that may block IKE negotiation over UDP. I would say: that may not transport IKE negotiation over UDP. Blocking sounds like an active administrative action. Most networks just accidentally happen to not pass UDP. I might also change "for traversing network middleboxes" to be more neutral, eg "in case routers or network middleboxes do not handle UDP". o if the Responder chooses to send Cookie request (possibly along with Puzzle request), then the TCP connection that the IKE_SA_INIT request message was received over SHOULD be closed, so that the Responder remains stateless at least until the Cookie (or Puzzle Solution) is returned. Note that if this TCP connection is closed, the Responder MUST NOT include the Initiator's TCP port into the Cookie calculation (*), since the Cookie will be returned over a new TCP connection with a different port. I am not sure this is a good idea. Tearing down and requiring a new 3way handshake just to deliver the cookie seems useless. What is wrong with using the existing TCP stream to reply? This might also make the code more complex, as currently, the TCP state is kept during the entire negotiation. Additionally, a NAT router could give the client a different IP address for a new TCP stream, making the COOKIE invalid. Thus, in case of TCP encapsulation, an Initiator SHOULD NOT wait for additional messages in case it receives error notification from the Responder in the IKE_SA_INIT exchange. This is true, but the code handlling this might not be aware of the transport used. I'd rather see "an Initiator MAY skip the waiting time for additional messages" so that this advice becomes "a good idea" and not a "RFC violation" if not done. 7.6. Keep-Alives and Dead Peer Detection This section tells us to not send NAT keepalives. It also tells us to not rely on TCP keepalives. That left me puzzled on how to ensure the peer is alive until I remembered that NAT keepalives are not the same as IKE keepalives. I would briefly mention in this section that IKE keepalives should be used "as normal". Implementations that implement both MOBIKE and TCP encapsulation MUST support dynamically enabling and disabling TCP encapsulation as interfaces change. I'm not sure of the MUST here. Nice for sure, but perhaps the implementation supports MOBIKE or TCP and not both at once ? Perhaps restate as "if MOBIKE and TCP encapsulation are allowed for a configuration, the implementation MUST support ...... In case of TCP the NO_NATS_ALLOWED notification SHOULD be ignored because TCP generally has no problems with NAT boxes. I would re-state it as: In case of TCP the NO_NATS_ALLOWED notification MUST be ignored. Although, re-reading why NO_NATS_ALLOWED was introduced, I think in general this payload should be retired entirely, both for UDP and TCP. (disclosure: libreswan completely ignores it) 8.3. IKEv2 Session Resumption This section says that if a TCP encap session was suspended, that the client MUST use TCP to resume this. I don't understand why. It is likely that a resuming client has moved networks, and might be on a network that would properly support ESP or ESPinUDP. The resumption is really mostly meant to skip over DH and AUTH phases as these are costly. I see no reason to tie the transport to this. If I missed a valid reason for this to be needed, clarify what needs to happen when the server no longer can or wants to resume the session. Does the client close the TCP and go back to UDP? NITS: This document updates specification for change to: This document updates the specification for MOBIKE protocol, that allows IKEv2 SA change to: The MOBIKE protocol that allows SA's New INFORMATIONAL exchange MUST NOT bestarted in this situation. change to: A new INFORMATIONAL exchange MUST NOT bestarted in this situation. (or maybe say something like "the INFORMATIONAL exchange is then retransmitted over TCP") Since switching from UDP to TCP happens can occur during a single INFORMATIONAL message exchange, change to: Since switching from UDP to TCP can happen during a single INFORMATIONAL message exchange, MOBIKE protocol defined the NO_NATS_ALLOWED change to: The MOBIKE protocol defines the NO_NATS_ALLOWED
- [IPsec] Review of draft-ietf-ipsecme-rfc8229bis Paul Wouters
- Re: [IPsec] Review of draft-ietf-ipsecme-rfc8229b… Valery Smyslov
- Re: [IPsec] Review of draft-ietf-ipsecme-rfc8229b… Paul Wouters
- Re: [IPsec] Review of draft-ietf-ipsecme-rfc8229b… Tero Kivinen
- Re: [IPsec] Review of draft-ietf-ipsecme-rfc8229b… Valery Smyslov
- Re: [IPsec] Review of draft-ietf-ipsecme-rfc8229b… Valery Smyslov
- Re: [IPsec] Review of draft-ietf-ipsecme-rfc8229b… Tero Kivinen
- Re: [IPsec] Review of draft-ietf-ipsecme-rfc8229b… Valery Smyslov
- Re: [IPsec] Review of draft-ietf-ipsecme-rfc8229b… Valery Smyslov
- Re: [IPsec] Review of draft-ietf-ipsecme-rfc8229b… Paul Wouters