Re: [IPsec] TCP and MOBIKE
"Valery Smyslov" <smyslov.ietf@gmail.com> Thu, 15 November 2018 07:13 UTC
Return-Path: <smyslov.ietf@gmail.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 62B8612872C for <ipsec@ietfa.amsl.com>; Wed, 14 Nov 2018 23:13:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.5
X-Spam-Level:
X-Spam-Status: No, score=-0.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_SORBS_WEB=1.5, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SAap-IUPYq1j for <ipsec@ietfa.amsl.com>; Wed, 14 Nov 2018 23:13:04 -0800 (PST)
Received: from mail-lj1-x231.google.com (mail-lj1-x231.google.com [IPv6:2a00:1450:4864:20::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3E772127B92 for <ipsec@ietf.org>; Wed, 14 Nov 2018 23:13:04 -0800 (PST)
Received: by mail-lj1-x231.google.com with SMTP id g11-v6so3740211ljk.3 for <ipsec@ietf.org>; Wed, 14 Nov 2018 23:13:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:references:in-reply-to:subject:date:message-id :mime-version:content-transfer-encoding:thread-index :content-language; bh=D+t2YU9jAkJZ2yq+uLEqr+m7NJ5rE6Tme4BQgqESYxQ=; b=NJ9G5g9uRVeSq4FkrlixLEV6jXhOA9u4sJF439dMNVud7zNeRtOJE230RUzD4GxLrT n8fhappnX24urrLG2jopczbaB74nM806ncb9BAKt/me3ZhSEz4VYXwwzk8Pv7btlVhns WFyCdRTOY3AdSEGZ9R7ibW51q4vPrpbc0RAepVXOafKGDvaTGMFwuPJZU2rZfaziGpMu dGc1x9R70ozi91MtH4rR5RChREK3YbikHaSdAlaKXHvY+sb5YBA2nO1yVUsgQ2YwHUU5 MiwgVjPtKHeeLm6SQfwKjfchDTMY3l5qWM2sizxKwuBBZ3le0W7DqhY5efGinoDRzKs1 gBYg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:references:in-reply-to:subject:date :message-id:mime-version:content-transfer-encoding:thread-index :content-language; bh=D+t2YU9jAkJZ2yq+uLEqr+m7NJ5rE6Tme4BQgqESYxQ=; b=XXRCoIPcFFSKWffrk0VXUBrkt+OHm3PzgnBRvyhnzxmXOQ4XVDRN3BopBRRSM8Pc8g nkjyFoEHyGJfbkO4axULYHDdj76KBd6ejbg69sIScCKngNL9RPJBwzsl2YjWG4uKPT3V tjqy4ykL77AynLeydUtURO92I9ZM3/ng9UORpzOq1uHBkhNXYGHNHyEnJmvWIyfWs+lU g23SDUOiD6EQPUizKM3qwKuysBasRQhvN6W3xpeTPcO2tGMTH4cqJPMOE0opK4248ET9 /xrc5jBQYP71w1sbJfZFX13R/n/7+EvNubhMSJTbhEkjj8CksfGft4pDgoPBDMWNE1fV ISRw==
X-Gm-Message-State: AGRZ1gJUgOYISXhSLXqXJU9/UQk5fghwh8UqprsBC4/TNLqrNI+dGFLF ndYF/qB+USOUXvJh7B4QsGw=
X-Google-Smtp-Source: AJdET5fEKOwcTj7jUXSpnUjuFAPACk0/RnXjKkN5pBKd1kVxT6j47VL7Mz8yiDy6Lglb0XItWffTzA==
X-Received: by 2002:a2e:5c86:: with SMTP id q128-v6mr3095168ljb.119.1542265982113; Wed, 14 Nov 2018 23:13:02 -0800 (PST)
Received: from buildpc ([82.138.51.4]) by smtp.gmail.com with ESMTPSA id q127-v6sm4661889ljq.45.2018.11.14.23.13.00 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 14 Nov 2018 23:13:01 -0800 (PST)
From: Valery Smyslov <smyslov.ietf@gmail.com>
To: 'Tero Kivinen' <kivinen@iki.fi>
Cc: 'David Schinazi' <dschinazi.ietf@gmail.com>, ipsec@ietf.org
References: <031f01d47720$e9fb8220$bdf28660$@gmail.com> <CAPDSy+6V3dVkrcX=Lgd-G47RaLug8fhR=SZcD-cBdAmXJeCXvA@mail.gmail.com> <032c01d47724$f906d6d0$eb148470$@gmail.com> <23531.54545.136222.41944@fireball.acr.fi> <01db01d47bf7$d4e34630$7ea9d290$@gmail.com> <23532.55468.578150.420475@fireball.acr.fi>
In-Reply-To: <23532.55468.578150.420475@fireball.acr.fi>
Date: Thu, 15 Nov 2018 10:12:53 +0300
Message-ID: <006e01d47cb2$a0e40cf0$e2ac26d0$@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQINC5x2IttgBeVJM8GBpgLrp7BrywFkiMAmAUp58kMBQ1c7HgIefhUlAv8mnAyklry5MA==
Content-Language: ru
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/AJcIdo8PUfzU8Sbxe1I1kgfwkV8>
Subject: Re: [IPsec] TCP and MOBIKE
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Nov 2018 07:13:06 -0000
> > There is no point to re-check the content of the replayed
> > packet, it's only waste of CPU resources.
>
> You do open yourself of (semi) blind reflection attacks if you do not
> check the frame. I.e., someone might send 28 byte empty IKEv2 packets
> having correct SPI and message ID, and cause you to resend much larger
> result.
>
> If you do check the incoming frame attacker needs to see original
> frame, and needs to also send as big packet than original sender sent.
It's much easier to rate limit responses, say no more than one per second.
You may also check the length.
> CPU is cheap, transmission of frames is more costly.
True, but still doesn't justify wasting CPU.
> > (*) From RFC 4555:
> > If the request to update the addresses is retransmitted using several
> > different source addresses, a new INFORMATIONAL request MUST be sent.
>
> Yes, this means that we need to start new exchange AFTER the one we
> are doing now finished. It does not mean that while we sent frame out
> using different source IP addresses used different message IDs.
>
> I.e., the exchange is as follows:
>
> Initiator Responder
> --------- ---------
>
> (IP_I1:500 -> IP_R1:500, MID=12I)
> HDR, SK { N(UPDATE_SA_ADDRESSES),
> N(NAT_DETECTION_SOURCE_IP),
> N(NAT_DETECTION_DESTINATION_IP) } -->
>
> (IP_I1:500 -> IP_R1:500, MID=12I)
> HDR, SK { N(UPDATE_SA_ADDRESSES),
> N(NAT_DETECTION_SOURCE_IP),
> N(NAT_DETECTION_DESTINATION_IP) } -->
>
> (IP_I2:500 -> IP_R1:500, MID=12I)
> HDR, SK { N(UPDATE_SA_ADDRESSES),
> N(NAT_DETECTION_SOURCE_IP),
> N(NAT_DETECTION_DESTINATION_IP) } -->
>
> (IP_I2:500 -> IP_R1:500, MID=12I)
> HDR, SK { N(UPDATE_SA_ADDRESSES),
> N(NAT_DETECTION_SOURCE_IP),
> N(NAT_DETECTION_DESTINATION_IP) } -->
>
> (IP_I1:500 -> IP_R1:500, MID=12I)
> HDR, SK { N(UPDATE_SA_ADDRESSES),
> N(NAT_DETECTION_SOURCE_IP),
> N(NAT_DETECTION_DESTINATION_IP) } -->
>
> <-- (IP_R1:500 -> IP_I1:500, MID=12R)
> HDR, SK { N(NAT_DETECTION_SOURCE_IP),
> N(NAT_DETECTION_DESTINATION_IP) }
>
> Now, the UPDATE_SA_ADDRESSES is done, but as the request used multiple
> IP addresses the initiator needs to redo it:
>
> Initiator Responder
> --------- ---------
>
> (IP_I1:500 -> IP_R1:500, MID=13I)
> HDR, SK { N(UPDATE_SA_ADDRESSES),
> N(NAT_DETECTION_SOURCE_IP),
> N(NAT_DETECTION_DESTINATION_IP) } -->
>
> <-- (IP_R1:500 -> IP_I1:500, MID=13R)
> HDR, SK { N(NAT_DETECTION_SOURCE_IP),
> N(NAT_DETECTION_DESTINATION_IP) }
OK, that only justifies my thought that MOBIKE is fragile :-)
What if both paths work, but the networks are lossy?
In this case with high probability your second exchange
will look like the first: you won't get reply on IP_R1,
switch to IP_R2, got reply and initiate new exchange again.
And so on. The process won't converge well.
> > Anyway, I agree that the current exchange must be finished off
> > (either completed or deemed timed out) before a new one is started
> > from (to) a different IP.
>
> It MUST be finished, which is why you use all possible IP address
> pairs for that ONE exchange before you decide it failed. If it failed,
> you delete the IKE SA, and you cannot start any exchange on different
> IP after that for that IKE SA, as there is no longer IKE SA you could
> use.
OK.
> > But with TCP we don't change address, we only change transport, so
> > the exchange must remain the same when switching from UDP to TCP...
> > And this would break some things, like NO_NATS_ALLOWED and
> > NAT_DETECTION.
>
> It is exactly same for MOBIKE with UDP. NAT detection, IP addresses
> used etc can be wrong after the UPDATE_SA_ADDRESSES, and the initiator
> MUST detect thiss possibility, and redo the UPDATE_SA_ADDRESSES so
> that they will get fixed. Initiator is responsible to try to fix this
> until it gets exchange through in a way there cannot be issues which
> frame was acted on in the responder, i.e., it MUST ensure that
> initiator and responder stays in sync.
Not exactly. The MOBIKE currently is only concerned with IP addresses.
It doesn't take transport into consideration. If you formally follow MOBIKE
you don't need to initiate new exchange, because when you switch from
UDP to TCP the IP will remain the same.
> In tcp encapsulation the situation is same. Once we move to TCP, or
> from TCP to UDP, that is deteced by the initiator that something
> changed during UPDATE_SA_ADDRESSES, so after that exchange finishs
> successfully, it needs to redo it using the path it thinks work, and
> verify that both ends are in sync.
Again, the path doesn't change, the transport changes.
So, this must be clarified in the draft...
> --
> kivinen@iki.fi
>
> _______________________________________________
> IPsec mailing list
> IPsec@ietf.org
> https://www.ietf.org/mailman/listinfo/ipsec
- [IPsec] TCP and MOBIKE Valery Smyslov
- Re: [IPsec] TCP and MOBIKE David Schinazi
- Re: [IPsec] TCP and MOBIKE Valery Smyslov
- Re: [IPsec] TCP and MOBIKE Tero Kivinen
- Re: [IPsec] TCP and MOBIKE Valery Smyslov
- Re: [IPsec] TCP and MOBIKE Tero Kivinen
- Re: [IPsec] TCP and MOBIKE Valery Smyslov
- Re: [IPsec] TCP and MOBIKE Tero Kivinen