IETF Logo Mail Archive

Re: [IPsec] Fw: New Version Notification for draft-smyslov-ipsecme-ikev2-null-auth-00.txt

Yaron Sheffer <yaronf.ietf@gmail.com> Tue, 31 December 2013 08:33 UTC

Return-Path: <yaronf.ietf@gmail.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A0B501AE580 for <ipsec@ietfa.amsl.com>; Tue, 31 Dec 2013 00:33:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QUVhWegh1ozm for <ipsec@ietfa.amsl.com>; Tue, 31 Dec 2013 00:33:14 -0800 (PST)
Received: from mail-ea0-x230.google.com (mail-ea0-x230.google.com [IPv6:2a00:1450:4013:c01::230]) by ietfa.amsl.com (Postfix) with ESMTP id A528B1AE1F5 for <ipsec@ietf.org>; Tue, 31 Dec 2013 00:33:13 -0800 (PST)
Received: by mail-ea0-f176.google.com with SMTP id h14so5397496eaj.7 for <ipsec@ietf.org>; Tue, 31 Dec 2013 00:33:07 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=9jAiGiNzI57vEZvL0TjNlYn70E0ipWJEZfQLGSPw3sM=; b=qyDTF/73KgCQoE9ctnrO8qVd0MJMQT+8AVWxEFLsPs9j/z85Sx9lyroYV+p8VSDA4h MzyF0FFY9NSpUrnkuwSpLQp6kcP4o0IfgykBuGVoywnk+5NJoJQVQF4KzHRh1/NC6IWJ lalRo9kqu8/Y4Uo04CB/4Hv3XpTg162vmPRwKtyvuXoPDLW61ZqOk8ksBCb5ee/zobYp kpl//0gnF+WoFAnAr9h+b3nvoj5+nLnyiFyTU7drU92v5hKKOeSu9ai2maOzUib0eYph C/J4ih2CdM47h8nLXW+LtAHu+TCZQjb82jQ8eCdZv7xh7Qy8C410pDjaXhUQFAsdoo0y jh0A==
X-Received: by 10.14.127.132 with SMTP id d4mr5522467eei.66.1388478787125; Tue, 31 Dec 2013 00:33:07 -0800 (PST)
Received: from [10.0.0.5] (85-250-26-178.bb.netvision.net.il. [85.250.26.178]) by mx.google.com with ESMTPSA id b41sm116037783eef.16.2013.12.31.00.33.05 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 31 Dec 2013 00:33:06 -0800 (PST)
Message-ID: <52C28141.5090107@gmail.com>
Date: Tue, 31 Dec 2013 10:33:05 +0200
From: Yaron Sheffer <yaronf.ietf@gmail.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
MIME-Version: 1.0
To: Paul Wouters <paul@nohats.ca>, Valery Smyslov <svanru@gmail.com>
References: <C687BD9EA2204F1087D18646766A3C7B@buildpc> <alpine.LFD.2.10.1312301901450.16515@bofh.nohats.ca>
In-Reply-To: <alpine.LFD.2.10.1312301901450.16515@bofh.nohats.ca>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: ipsec@ietf.org
Subject: Re: [IPsec] Fw: New Version Notification for draft-smyslov-ipsecme-ikev2-null-auth-00.txt
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 31 Dec 2013 08:33:16 -0000

Hi Paul, Valery,

Regarding IDs, there is value in sending them if you are later able to 
confirm the identity, or at least "bind" it to the connection. For 
example, if the human owners of the peers make a phone call and exchange 
fingerprint values. Or (more far fetched) if both sides use raw public 
keys, instead of a shared secret, and these PKs are later certified by 
someone that both peers trust. Calling everyone "anonymous" means that 
you cannot display *anything* to the user.

Regarding single endpoint addresses vs. subnets, we should discuss 
various ways of proving address "ownership" (whatever that means). For 
example: random reachability tests, BGP with RPKI.

Thanks,
	Yaron

On 12/31/2013 02:44 AM, Paul Wouters wrote:
> On Tue, 24 Dec 2013, Valery Smyslov wrote:
>
>> I've just posted a draft, defining NULL Authentication method in IKEv2.
>> This method may be used for anonymous access or in situations,
>> when peers don't have any trust relationship, but still want
>> to get protection at least against passive attacks.
>
> This is what we (libreswan) have started implementing as well, although we
> called it AUTH_NONE instead of AUTH_NULL. We use private range number 201
> for this exchange type. We also followed the PSK exchange method. But
> we are still looking at some issues and therefor have not yet written
> out our implementation as draft yet. For those interested, libreswan
> developers are meeting up in San Francisco in the second and third week
> of January to work on OE (both anonymous and authenticated). Ping me if
> you would like to attend.
>
> Valery's draft is a start, but we need to address a lot more than just
> defining a new IKEv2 AUTH method:
>
> 1) Use of IDs
>
> I don't think we should allow any IDs, as there could be conflicts with
> other non-anonymous connections. Or possibly a way to detect which
> non-anonymous IDs are accepted at the remote. I was leaning towards
> mandating the ID to be "anonymous" to make it extremely clear that this
> is an anonymous connection.
>
> 2) Endpoints
>
> Your draft does not state anything about the traffic selectors. I think
> it is important to specify it for only a single host-to-host connection
> only. Deployments who want to protect a whole subnet can use similar
> tricks to load balancers and capture port (4)500 and use the NAT-T
> capability of IPsec. Allowing subnet-to-subnet is just too dangerous
> because there are no verifiable claims yet about who owns what IP range.
>
> 3) Mode
>
> I would like to only support tunnel mode and not transport mode, due to
> the interaction with NATs - particularly multiple endpoints behind the
> same NAT router. We would hope this happens a lot if everyone enables
> OE (anonymous and non-anonymous). Obviously using AH also makes no sense
> so we should note that this is only valid for ESP.
>
> 4) Mandatory PFS
>
> It should be mandatory to do PFS with an appropriate DH group.
>
> 5) Priority
>
> The priority of the SPDs of any anonymous IPsec connection should be
> lower than the priority of any non-anonymous SPD. This ensures that
> an anonymous IPsec connection can never steal traffic from an
> authenticated IPsec connection.
>
> non-anonymous with anonymous IPsec
>
> Now this only covers anonymous IPsec. While better than plaintext,
> we do hope servers with stable hostnames will use IPSECKEY records to
> provide their public key, and that the clients will mostly use this new
> auth-none, while the server responds with its FQDN ID so the client can
> verify the connection is not MITMed. In fact, I think it is better for
> roaming devices to remain as anonymous as possible by not providing
> the server with an identity (and why I also do not like your proposal
> of allowing and ignoring the identity).
>
> I have not yet solved the issue of two servers and "return traffic". Say
> host A on public IP initiates anonymously to host B on public IP. Let's
> say both are mail servers. Host A has authenticated host B. Host A
> can now send traffic to host B encrypted. Host B can respond to that
> traffic. While the tunnel is up, host B needs to connect to host A
> for unrelated traffic. It has an IPsec connection up, but it has not
> authenticated this connection. It should not initiate traffic to host A.
> BTNS tried to solve this problem with changing the kernel and doing
> channel binding, but I don't think that solution has support anywhere.
> I can think of some methods on Linux to "hack" detection and support,
> but I'm not happy about it yet.
>
> Evil ranges
>
> Another unresolved problem of using tunnel mode is if a client uses
> somebody elses IP range. eg my laptop behind NAT using 8.8.8.8 should
> not be able to steal the remote's google DNS traffic. Again, I can
> see linux hacks to implement this but I'm still not happy with this.
> One way out is to use CP and assign IP addresses but since our clients
> and servers will have thousands of these of connections there will be
> clashes. Using IPv6 is possible but I'm not convinced the v6-in-v4 IPsec
> has seen enough deployment and might not be implemented widely.
>
> Other kinds of semi-anonymous connections
>
> We are trying to limit the number of different kinds of OE connections
> possible to make it as easy as possible to represent things back to the
> user. So we have left things like "ssh style leap of faith" out of this.
>
> Paul
> _______________________________________________
> IPsec mailing list
> IPsec@ietf.org
> https://www.ietf.org/mailman/listinfo/ipsec

v2.23.0 | Report a Bug | By Email