IETF Logo Mail Archive

Re: [IPsec] Starting two week working group adoptation call for draft-mglt-ipsecme-implicit-iv

"Brian Weis (bew)" <bew@cisco.com> Fri, 31 March 2017 15:23 UTC

Return-Path: <bew@cisco.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8D5481296A8 for <ipsec@ietfa.amsl.com>; Fri, 31 Mar 2017 08:23:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.521
X-Spam-Level:
X-Spam-Status: No, score=-14.521 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8zZDL52qaict for <ipsec@ietfa.amsl.com>; Fri, 31 Mar 2017 08:23:52 -0700 (PDT)
Received: from alln-iport-1.cisco.com (alln-iport-1.cisco.com [173.37.142.88]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 713FF1298B7 for <ipsec@ietf.org>; Fri, 31 Mar 2017 08:23:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=28866; q=dns/txt; s=iport; t=1490973825; x=1492183425; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=1xV6YzDv7T0NEj94Y5RL7I17p37JJ3PW8rhEEu6nYNA=; b=HIkYhqpPZC+BnjDo/AmXRzppfC4WnsxDerSsiZO9KPfnvYz0K/Lr5v5S UfOSC1LdYwEwElL3GvqtmuOvTowEkaClO5qldfyZfoBOo9OFiVP9W2TM6 xKcSaB85DUYzlUpGnHnIf0jBj0DDOSAMn5jqsj9ont71zycn8dP6XzEhi 4=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0DwAQA3c95Y/5tdJa1ZAxkBAQEBAQEBAQEBAQcBAQEBAYJuZmGBCweDW4oSkVWIGY03gg4fAQqFeAIagyw/GAECAQEBAQEBAWsohRUBAQEBAgEBARsGSwsFCwIBCBAIIAcDAgICHwYLFBECBA4FiXUDDQgOrWiCJocrDYMjAQEBAQEBAQEBAQEBAQEBAQEBAQEBHYhTgmqCUYFVEQEzChUICYI/LoIxBYoLkiQ7AYZ8hxuEOIF9hSyDWYY4inaIegEfOD4/CFsVQREBhH2BSnWHLYEhgQ0BAQE
X-IronPort-AV: E=Sophos;i="5.36,252,1486425600"; d="scan'208,217";a="402786116"
Received: from rcdn-core-4.cisco.com ([173.37.93.155]) by alln-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 31 Mar 2017 15:23:44 +0000
Received: from XCH-RTP-003.cisco.com (xch-rtp-003.cisco.com [64.101.220.143]) by rcdn-core-4.cisco.com (8.14.5/8.14.5) with ESMTP id v2VFNh4B019931 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Fri, 31 Mar 2017 15:23:44 GMT
Received: from xch-rtp-001.cisco.com (64.101.220.141) by XCH-RTP-003.cisco.com (64.101.220.143) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Fri, 31 Mar 2017 11:23:43 -0400
Received: from xch-rtp-001.cisco.com ([64.101.220.141]) by XCH-RTP-001.cisco.com ([64.101.220.141]) with mapi id 15.00.1210.000; Fri, 31 Mar 2017 11:23:43 -0400
From: "Brian Weis (bew)" <bew@cisco.com>
To: Tero Kivinen <kivinen@iki.fi>
CC: Tobias Guggemos <guggemos@nm.ifi.lmu.de>, Tommy Pauly <tpauly@apple.com>, IPsecme WG <ipsec@ietf.org>, Daniel Migault <daniel.migault@ericsson.com>, David Schinazi <dschinazi@apple.com>, Yoav Nir <ynir.ietf@gmail.com>
Thread-Topic: [IPsec] Starting two week working group adoptation call for draft-mglt-ipsecme-implicit-iv
Thread-Index: AQHSqjLIzAFriZEshUCTkL/cwAjVJg==
Date: Fri, 31 Mar 2017 15:23:43 +0000
Message-ID: <BD3CC4F0-AC29-44CF-9C34-1FF00C6778A0@cisco.com>
References: <22748.10958.314148.242611@fireball.acr.fi> <6BA2AA95-11A1-4A6E-B606-2DE8D4A07785@gmail.com> <60012DA8-3C6E-40A8-94DF-D6F97C9B7A1E@apple.com> <CADZyTknTOHVoM4=dnncJ_uqnyN=g05GSyQs1AL3ybP9XG1u=Gw@mail.gmail.com> <000001d2a971$eab31850$c01948f0$@nm.ifi.lmu.de> <05CD2FEE-2233-4049-84AD-471674150B6B@apple.com>
In-Reply-To: <05CD2FEE-2233-4049-84AD-471674150B6B@apple.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.24.48.48]
Content-Type: multipart/alternative; boundary="_000_BD3CC4F0AC2944CF9C341FF00C6778A0ciscocom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/924XhLgOUgVz8JetGLEpFI7k1fg>
Subject: Re: [IPsec] Starting two week working group adoptation call for draft-mglt-ipsecme-implicit-iv
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 31 Mar 2017 15:23:56 -0000

I support adoption, because I think it will be useful in some use cases. But I’m wary of implicit IVs being generally used with counter mode ciphers.

The Security Considerations needs to provide some intense warnings against the reuse of counters. As Section 4 says, "With the algorithms listed in Section 2, the 8 byte nonce MUST NOT repeat.” But if an implementation is not careful, there are at least two ways in which an implementation can do this, perhaps unwittingly.

(1) When the sequence number generation logic is outside of the same crypto boundary as the cipher processing, then there is the risk that cipher can be fooled into nonce reuse by an attacker who sets the sequence number to a smaller value.

(2) There may be management operations allowing the setting or re-setting the sequence number for an SA, which for an SA with an implicit IV will also cause the counter mode to reuse values when it is set to a smaller value.

In both of these cases, the cipher code itself will no longer be able to guarantee that that the nonce is not reused. This is a serious real-world issue.

Thanks,
Brian


On Mar 31, 2017, at 9:47 AM, Tommy Pauly <tpauly@apple.com<mailto:tpauly@apple.com>> wrote:

+1 supporting adoption

—Tommy

On Mar 30, 2017, at 11:23 AM, Tobias Guggemos <guggemos@nm.ifi.lmu.de<mailto:guggemos@nm.ifi.lmu.de>> wrote:

Hy,
We’ve started implementing the Implicit IV draft as a part of a minimal implementation of ESP for the RIOT operating system [1].
We’re also planning on an implementation for Linux.
For that reason (and because I’m also co-author ;-) ) I support adoption!
Regards
Tobias

[1] http://riot-os.org/


Von: IPsec [mailto:ipsec-bounces@ietf.org] Im Auftrag von Daniel Migault
Gesendet: Donnerstag, 30. März 2017 02:22
An: David Schinazi <dschinazi@apple.com<mailto:dschinazi@apple.com>>
Cc: IPsecme WG (ipsec@ietf.org<mailto:ipsec@ietf.org>) <ipsec@ietf.org<mailto:ipsec@ietf.org>>; Tero Kivinen <kivinen@iki.fi<mailto:kivinen@iki.fi>>; Yoav Nir <ynir.ietf@gmail.com<mailto:ynir.ietf@gmail.com>>
Betreff: Re: [IPsec] Starting two week working group adoptation call for draft-mglt-ipsecme-implicit-iv

Hi,
I am also supporting the draft as a co-author.
Yours,
Daniel

On Wed, Mar 29, 2017 at 5:03 PM, David Schinazi <dschinazi@apple.com<mailto:dschinazi@apple.com>> wrote:
Hello all,

I strongly support adoption of this document.
I have read it and implemented it.
The document reads well, and allows independent implementations.
I personally think Implicit IV is a great step forward for IKEv2/IPsec, even outside of IoT.

Regards,
David Schinazi


> On Mar 29, 2017, at 16:58, Yoav Nir <ynir.ietf@gmail.com<mailto:ynir.ietf@gmail.com>> wrote:
>
> Not surprising (me being a co-author) but I support adoption.
>
>> On 29 Mar 2017, at 16:44, Tero Kivinen <kivinen@iki.fi<mailto:kivinen@iki.fi>> wrote:
>>
>> As discussed in the meeting, we are starting two week working group
>> adoptation call for the draft-mglt-ipsecme-implicit-iv.
>>
>> Please read the draft and send your comments to this list, and also
>> tell if you support adoptation of this draft as WG draft.
>>
>> The document is available at
>> https://datatracker.ietf.org/doc/draft-mglt-ipsecme-implicit-iv/
>> --
>> kivinen@iki.fi<mailto:kivinen@iki.fi>
>>
>> _______________________________________________
>> IPsec mailing list
>> IPsec@ietf.org<mailto:IPsec@ietf.org>
>> https://www.ietf.org/mailman/listinfo/ipsec
>
> _______________________________________________
> IPsec mailing list
> IPsec@ietf.org<mailto:IPsec@ietf.org>
> https://www.ietf.org/mailman/listinfo/ipsec

_______________________________________________
IPsec mailing list
IPsec@ietf.org<mailto:IPsec@ietf.org>
https://www.ietf.org/mailman/listinfo/ipsec

_______________________________________________
IPsec mailing list
IPsec@ietf.org<mailto:IPsec@ietf.org>
https://www.ietf.org/mailman/listinfo/ipsec

_______________________________________________
IPsec mailing list
IPsec@ietf.org<mailto:IPsec@ietf.org>
https://www.ietf.org/mailman/listinfo/ipsec

--
Brian Weis
Security, CSG, Cisco Systems
Telephone: +1 408 526 4796
Email: bew@cisco.com<mailto:bew@cisco.com>

v2.23.0 | Report a Bug | By Email