IETF Logo Mail Archive

[IPsec] Comments on draft-ietf-ipsecme-tcp-encaps

Eric Rescorla <ekr@rtfm.com> Sun, 19 March 2017 02:05 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6F7A412945A for <ipsec@ietfa.amsl.com>; Sat, 18 Mar 2017 19:05:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GRHfTz7Q-qHf for <ipsec@ietfa.amsl.com>; Sat, 18 Mar 2017 19:05:10 -0700 (PDT)
Received: from mail-yw0-x22b.google.com (mail-yw0-x22b.google.com [IPv6:2607:f8b0:4002:c05::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C366C124281 for <ipsec@ietf.org>; Sat, 18 Mar 2017 19:05:10 -0700 (PDT)
Received: by mail-yw0-x22b.google.com with SMTP id o4so73063296ywd.3 for <ipsec@ietf.org>; Sat, 18 Mar 2017 19:05:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to; bh=vSxBsLaC1+LdTq/4ywPd0EIKWEjy+BdIGQpzaNaWwQk=; b=TEZ1jK76x71MyH5kDw0jIPCfWFctEkwmC0ZgVFupM7vNC8XqvOC/DOqEDSsgDlFvVM D2w+y0U7wiPrLuKCD/lmfaIWKdlSIo6J2KRMIsnImDvwjuP0nvrb65SB7OudUHGZdxWl KM4dD3j+7IJkGFqH8AAC6YRpofR4WTioxP8/JveweOHkq9lFkbhN6yeKrrJVgFueWhiB +GAkXr1x8zIAz3IHhhnMH9teOcwx9wkGfMP+7pTXz7i4+k4hFzLLN/6SRuIX866IZrBv 9elGMUUsRtC3SnYXg9qOLvetj6v7kBVuc7xqVQlKFMyn6rSXV6xgzS+K4WSwEjQcWOdW AUkw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=vSxBsLaC1+LdTq/4ywPd0EIKWEjy+BdIGQpzaNaWwQk=; b=qpBmyiLAA2Gia9mheX64OPwyaZ5YyVmXGAYJU5Le+znxNIlc3GuApmpPkLtSZi3IvK pLRyFDE/17gw80DybGlFXngwagAfUhuAzOl0pWRMoVVF4oIE/s3Q+nUSEgZakegyVdPA LsuXGZBxoPPnguUW++9R2ANVE9OwZgWRa6Xm6iPXgb+iaFi5P1+d9dmvNnEBpTyDIBop EH0iCh7G8M12MogNm0Z4XE4We03RNWagF4dW0oE9zRUi9ZvaW5aA5hI98kKRNup21al4 rt5bgEqO+WI3JZwk23kxz7PCBjaMfnxh9gVu/5rHATaVqfLILayo30DXArjegwIWu69g o3Mg==
X-Gm-Message-State: AFeK/H0sVowEddWyGYsdazFjEsGJvKu8XXv2uAafK3WRUkmRNFymsLrFDpWDgmWovZSE8u3XG8bsWWUb2JvZ/Q==
X-Received: by 10.13.250.67 with SMTP id k64mr9153327ywf.125.1489889110126; Sat, 18 Mar 2017 19:05:10 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.129.154.210 with HTTP; Sat, 18 Mar 2017 19:04:29 -0700 (PDT)
From: Eric Rescorla <ekr@rtfm.com>
Date: Sat, 18 Mar 2017 19:04:29 -0700
Message-ID: <CABcZeBPMR9m8zPdhG4Bc3DHWj9UmVq22Z7G4ApYjBGJeC7MU=A@mail.gmail.com>
To: draft-ietf-ipsecme-tcp-encaps@ietf.org, ipsec@ietf.org
Content-Type: multipart/alternative; boundary="94eb2c07f34a2a0ca5054b0bd7a3"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/A_CxXgeQe8XrqtPjJnI2GI1Fgnc>
Subject: [IPsec] Comments on draft-ietf-ipsecme-tcp-encaps
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 19 Mar 2017 02:05:12 -0000

[Now with the right address]

I just finished reading this document. Some comments below.


- You have a uniform 16 bit length field followed by a 4 byte all-zeros
   sentinel value to indicate that a packet is IKE rather than ESP.
   Given that in S 3 graf 2 you have a SHOULD-level requirement
   to use typical UDP payload lengths, why not instead explicitly
   limit lengths to 15 bits and use the top bit to indicate IKE versus
   ESP. This would be slightly more efficient and seems simpler.
   I suppose that the counterargument is that IKE over UDP behaves
   differently, but in terms of implementation, that doesn't seem like
  much of an argument.

- If you're going to have a framing disambiguator, why not choose
  one that has higher entropy. If there is a protocol with a random
  start, then you are going to get some collisions with 2^48 bits.

- It seems like IKE associations can span TCP connections (S 6)
  so why not instead of doing UDP first then TCP, do happy eyeballs.

" when TLS is used on the TCP connection, both the TCP Originator and TCP
Responder SHOULD allow the NULL cipher to be selected for performance
reasons."

This seems like you are going to have some problems with TLS 1.3

- If you are going to use TLS, shouldn't you be using ALPN?

Feel free to tell me that these ideas have been considered and rejected. :)

-Ekr

v2.23.0 | Report a Bug | By Email