Re: [IPsec] WG Last Call on "The NULL Authentication Method in IKEv2 Protocol" draft-smyslov-ipsecme-ikev2-null-auth (fwd)
"Valery Smyslov" <svanru@gmail.com> Wed, 14 January 2015 08:32 UTC
Return-Path: <svanru@gmail.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 62AFC1A6F96 for <ipsec@ietfa.amsl.com>; Wed, 14 Jan 2015 00:32:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.23
X-Spam-Level:
X-Spam-Status: No, score=-1.23 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_SORBS_WEB=0.77, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V86aXTIl9oT0 for <ipsec@ietfa.amsl.com>; Wed, 14 Jan 2015 00:32:21 -0800 (PST)
Received: from mail-lb0-x22c.google.com (mail-lb0-x22c.google.com [IPv6:2a00:1450:4010:c04::22c]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5E84B1A0025 for <ipsec@ietf.org>; Wed, 14 Jan 2015 00:32:21 -0800 (PST)
Received: by mail-lb0-f172.google.com with SMTP id z12so6754867lbi.3 for <ipsec@ietf.org>; Wed, 14 Jan 2015 00:32:19 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:from:to:references:subject:date:mime-version :content-type:content-transfer-encoding; bh=E8c28rDqBOK/cY6/nOaPCtVP0D89T9ZK4wHzaF+iteM=; b=cuec8XdLbn5qj8y1yvUzoXrECOiBzUOeOH4VjHp+VRg627/jc/sAejHA6UjtP/kSqk X8SAoxNXHhnY/U1+eLP0pTQpBlYRhcdHKAygc/7CrB1kslp6rVDgqny3ciqiOGwktzvz Z0pHTolDhzJQfO4s/13YVECNWSChcwJtJsvCERom9+u+cvgc7BTG31odm/vB3tW/4Yr1 k6fA5BUDYg10NM1qbYMxYRzvlcFBrOtJy/RrGhfTs53DwzZ7GP9A1hcifNDwioFUGIZQ 6Z3BKLarvTG7/P13IcpypkoW3jAfwADEY+AzJosTncQoX25cvJL3MEN4XRvWrDI+lw/b G3CA==
X-Received: by 10.152.19.7 with SMTP id a7mr2651553lae.16.1421224339715; Wed, 14 Jan 2015 00:32:19 -0800 (PST)
Received: from buildpc ([82.138.51.4]) by mx.google.com with ESMTPSA id e1sm1525039lah.43.2015.01.14.00.32.18 (version=TLSv1 cipher=RC4-SHA bits=128/128); Wed, 14 Jan 2015 00:32:19 -0800 (PST)
Message-ID: <038B7179C6EB4C5BB2A110AD37541204@buildpc>
From: Valery Smyslov <svanru@gmail.com>
To: Paul Wouters <paul@nohats.ca>, IPsecME WG <ipsec@ietf.org>
References: <alpine.LFD.2.10.1501131139150.13941@bofh.nohats.ca>
Date: Wed, 14 Jan 2015 11:32:39 +0300
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"; charset="iso-8859-1"; reply-type="response"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.5931
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.6157
Archived-At: <http://mailarchive.ietf.org/arch/msg/ipsec/FjSstYz-VM8PEHaJW1LtWhzcC_w>
Subject: Re: [IPsec] WG Last Call on "The NULL Authentication Method in IKEv2 Protocol" draft-smyslov-ipsecme-ikev2-null-auth (fwd)
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Jan 2015 08:32:24 -0000
Some clarifications below. > (seems previous message was lost) > >>> https://tools.ietf.org/html/draft-ietf-ipsecme-ikev2-null-auth > > So since the WGLC came onto us a little early, the document authors > still have some different opinions about some of this. So let me raise > those in the WGLC :) > > INITIAL_CONTACT > > Section 2.3 tries to address the problem of not being able to trust > INITIAL_CONTACT. Normally this payload is only honoured after > authentication, but we don't have a real authentication here, and one > anonymous IKE SA should not be allowed to obsolete another IKE SA. > > Valery suggests sending liveness checks to all IKE SA's that used > AUTH_NONE. > > I suggested sending liveness checks only to those IKE SA's that used > the same IP address, thus limiting the scope to a more likely pool > of possible orphaned SA's by a remote that crashed/restarted. I don't think that restricting liveness checks in this case to the same IP address covers all the situations. The peer may crash, reboot and get new IP from its ISP and then create new IKE SA. In this situation (very common, not?) the proposed restriction will prevent the server from finding that old stale SA and it will continue to consume resources untill the server decides to send smth. over it or to check its liveness based on a long period of its inactivity or until its lifetime is over. I don't think that the document should impose such a restriction, but instead it should give some guidance of how implementation should behave in this situation. To clarify my position: I don't propose that implementation should blindly send liveness check messages on every SA once new one is created. If SA is active (there was recent incoming traffic over it) or implementation has just successfully finished liveness check on that particular SA, then there is no need to do it again. But if some unauthenticated SAs are idle for a while, then the event of creating new unauthenticated IKE SA MAY (not SHOULD, not MUST) trigger the liveness check on those SAs, regardless of their IP addresses. > Of course, implementations can be smart, and skip liveness checks for > those IKE SA's whose IPsec SA is showing traffic now in in the very > recent past. > > We need to consider the harm of leaving orphaned SA's versus the harm > of being tricked into sending too many liveness probes. > > And in general, we need to ensure one IKE SA isn't sending a zillion > useless IKE messages - as we've lost the protection of a real > authentication to punish abusers by locking them out. (if you thought > ddos-puzzles were interesting, come tackle this problem :) This is interesting problem, but I think that in general implementations should be robust enough to deal with that. Of course you may punish abusers if you know their IDs, but it would be a shame on you if those abusers could crash your implementation, just because their implementations are buggy and send zillion messages. > Traffic Selectors > > We touched a bit on the traffic selector problem. If a peer is able > to pick its own address, it could attempt to steal traffic (say 8.8.8.8) > from the server. We advise people to isolate these peers. We cannot > fully disallow this because we need NAT-traversal support. Valery > preferred server assigned IP addresses (using CP) which will work great > in the "sensor network" but would cause overlapping problems with IKE > peers that talk to multiple peers that hand out their own range of > addresses. The server assigned IP addresses using CP is a standard way of dealing with it. I admit that others are possible and don't want to limit implementations to the only one. And in general the problem of overlapping is irrelevant to NULL Auth. > And opens up the reverse attack of the server stealing the > client's 8.8.8.8 traffic. Some more discussion and insights on this > would be useful. > > Additionally, if we allow some kind of narrowed traffic selector, > malicious IKE peers would only need their one IP and could setup > (protocol * sport * dport) IPsec SAs. Or a variant of this could > be done with when allowing CREATE_CHILD_SA to setup a plethora of > IPsec SAs. Restrictions based on IP address is hard, again because > of the NAT support problem. I think it is a server's policy issue. It can always restrict the number of IPsec SAs from a single peer by using NO_ADDITIONAL_SAS notification. The document should not impose any restrictions here, IMHO. > What we tried to do with the security consideration section is to keep > advise generic. Then specific opportunistic IPsec related issues could > find themselves in a soon to be draft-ipsec-opportunistic document. Exactly. > Paul Valery.
- [IPsec] WG Last Call on "The NULL Authentication … Paul Hoffman
- Re: [IPsec] WG Last Call on "The NULL Authenticat… Paul Wouters
- Re: [IPsec] WG Last Call on "The NULL Authenticat… Paul Hoffman
- Re: [IPsec] WG Last Call on "The NULL Authenticat… Yaron Sheffer
- Re: [IPsec] WG Last Call on "The NULL Authenticat… Paul Wouters
- Re: [IPsec] WG Last Call on "The NULL Authenticat… Yaron Sheffer
- Re: [IPsec] WG Last Call on "The NULL Authenticat… Paul Wouters
- Re: [IPsec] WG Last Call on "The NULL Authenticat… Paul Wouters
- Re: [IPsec] WG Last Call on "The NULL Authenticat… Paul Wouters
- Re: [IPsec] WG Last Call on "The NULL Authenticat… Valery Smyslov
- Re: [IPsec] WG Last Call on "The NULL Authenticat… Tero Kivinen
- Re: [IPsec] WG Last Call on "The NULL Authenticat… Paul Wouters
- Re: [IPsec] WG Last Call on "The NULL Authenticat… Sean Turner
- Re: [IPsec] WG Last Call on "The NULL Authenticat… Graham Bartlett (grbartle)
- Re: [IPsec] WG Last Call on "The NULL Authenticat… Paul Koning
- Re: [IPsec] WG Last Call on "The NULL Authenticat… Paul Wouters
- Re: [IPsec] WG Last Call on "The NULL Authenticat… Yaron Sheffer
- Re: [IPsec] WG Last Call on "The NULL Authenticat… Valery Smyslov
- Re: [IPsec] WG Last Call on "The NULL Authenticat… Yaron Sheffer
- Re: [IPsec] WG Last Call on "The NULL Authenticat… Tero Kivinen
- Re: [IPsec] WG Last Call on "The NULL Authenticat… Paul Wouters
- Re: [IPsec] WG Last Call on "The NULL Authenticat… Yoav Nir