IETF Logo Mail Archive

Re: [IPsec] IKE fragmentation

Yaron Sheffer <yaronf.ietf@gmail.com> Wed, 13 March 2013 13:43 UTC

Return-Path: <yaronf.ietf@gmail.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1EDB721F87F9 for <ipsec@ietfa.amsl.com>; Wed, 13 Mar 2013 06:43:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -99.064
X-Spam-Level:
X-Spam-Status: No, score=-99.064 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RDNS_DYNAMIC=0.1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Uf9QGIm2lSyt for <ipsec@ietfa.amsl.com>; Wed, 13 Mar 2013 06:43:46 -0700 (PDT)
Received: from mail-bk0-x232.google.com (mail-bk0-x232.google.com [IPv6:2a00:1450:4008:c01::232]) by ietfa.amsl.com (Postfix) with ESMTP id 5ADC021F87AC for <ipsec@ietf.org>; Wed, 13 Mar 2013 06:43:46 -0700 (PDT)
Received: by mail-bk0-f50.google.com with SMTP id jg9so465914bkc.37 for <ipsec@ietf.org>; Wed, 13 Mar 2013 06:43:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:message-id:date:from:user-agent:mime-version:to:cc :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=ZN7CTI2Fpqq5SR9iJKt12a2CBTeEJBh5lNLwNtySRiY=; b=Qs7t8G7u4FtYW4M7YL+isqDYr+84wZLtJrXh9XetFuboqSqDLeyH0xcyGgRqmZmS7M Acyi+FMOagSgXf7uvR5idL0Qi5BbQkK3O7n2/VFTe2BAhKBBtHNrCSxwwgP2/ttEDEqL knhJl6pNjCJP8yOh1HBGS31w1lYfh+ecXnoiiIB5r8l/I16YM9SbmshLSzAOLIUfVd/v MOxQt8Eq0CZfxVV+Akew8Gu5Zrjo81x7epv0m9K/tkggH55At54N/Lo5nY7Lq7ROJp1p Tw2cuBjeBVjR5N4u03XJqRHII5oBKgXMlajw5jyrJNQaa8OizVx/k2AU+NqXrcdXmgXg M3PQ==
X-Received: by 10.205.120.133 with SMTP id fy5mr7664992bkc.87.1363182225466; Wed, 13 Mar 2013 06:43:45 -0700 (PDT)
Received: from [10.0.0.14] (89-139-62-92.bb.netvision.net.il. [89.139.62.92]) by mx.google.com with ESMTPS id x18sm6034540bkw.4.2013.03.13.06.43.40 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 13 Mar 2013 06:43:44 -0700 (PDT)
Message-ID: <51408287.7080207@gmail.com>
Date: Wed, 13 Mar 2013 15:43:35 +0200
From: Yaron Sheffer <yaronf.ietf@gmail.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130221 Thunderbird/17.0.3
MIME-Version: 1.0
To: Valery Smyslov <svanru@gmail.com>
References: <20799.34490.611737.922474@fireball.kivinen.iki.fi> <294A12724CB849D2A33F7F80CC82426A@buildpc>
In-Reply-To: <294A12724CB849D2A33F7F80CC82426A@buildpc>
Content-Type: text/plain; charset="windows-1255"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: ipsec@ietf.org, Tero Kivinen <kivinen@iki.fi>
Subject: Re: [IPsec] IKE fragmentation
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Mar 2013 13:43:47 -0000

Hi Valery,

I believe the DoS argument is incorrect, because the message we are most 
worried about (most likely to get fragmented) is IKE_AUTH, and at this 
point both peers are not yet authenticated, of course. So fragments and 
messages can be encrypted but cannot be authenticated. Thus, an attacker 
can send any number of seemingly valid fragments.

Let me know if I'm missing anything.

Thanks,
	Yaron

On 03/13/2013 03:22 PM, Valery Smyslov wrote:
> Hi,
>
>> Anyways, if there is already more implementations doing IKE
>> framentation, it might be good idea to think whether we should
>> standardize that. On the other hand I am not sure if they are well
>> enough documented so that different implementations actually talk each
>> other...
>
> We support IKEv1 fragmentation based on documentation found at
> msdn.microsoft.com.
> We are able to interoperate with both Microsoft and Cisco.
>
>> Anyways we should most likely act fastly if we want to get this fixed
>> for IKEv2.
>
> As for IKEv2, I don't know how Cisco is doing fragmentation in this case
> (it seems to have support for it), but if it is done similarly to IKEv1,
> than I prefer our own solution - draft-smyslov-ipsecme-ikev2-fragmentation.
> The main difference is that in Microsoft/Cisco solution (for IKEv1)
> the whole encrypted ISAKMP message is fragmented,
> leaving each fragment unauthanticated untill message get reassembled
> and its authentity could be verivied. This opens door for
> a very simple DoS attack on receiver.
>
> In our proposal each fragment is encrypted and authenticated
> individually, that allows receiver to distinguish valid fragments
> from bogus, thus preventing from abovementioned DoS attack.
>
> And, of course, we have implemented this solution in our products.
>
> And, of course, we are intersted in doing IKEv2 fragmentation
> in standard, interoperable way (based either on our proposal or
> smth else).
>
> Regards,
> Valery Smyslov.
>
>> --
>> kivinen@iki.fi
>> _______________________________________________
>> IPsec mailing list
>> IPsec@ietf.org
>> https://www.ietf.org/mailman/listinfo/ipsec
>
> _______________________________________________
> IPsec mailing list
> IPsec@ietf.org
> https://www.ietf.org/mailman/listinfo/ipsec

v2.23.0 | Report a Bug | By Email