IETF Logo Mail Archive

Re: [IPsec] comments on draft-ietf-ipsecme-g-ikev2-07

Michael Richardson <mcr+ietf@sandelman.ca> Wed, 21 December 2022 16:55 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A68E0C14F726 for <ipsec@ietfa.amsl.com>; Wed, 21 Dec 2022 08:55:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.397
X-Spam-Level:
X-Spam-Status: No, score=-4.397 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sandelman.ca
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jR-dptSyquAW for <ipsec@ietfa.amsl.com>; Wed, 21 Dec 2022 08:55:43 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 76834C14F6EC for <ipsec@ietf.org>; Wed, 21 Dec 2022 08:55:43 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id 7980238990; Wed, 21 Dec 2022 12:23:07 -0500 (EST)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id Hnls7Vozlidv; Wed, 21 Dec 2022 12:23:03 -0500 (EST)
Received: from sandelman.ca (unknown [IPv6:2607:f0b0:f:2:56b2:3ff:fe0b:d84]) by tuna.sandelman.ca (Postfix) with ESMTP id 6F5183898F; Wed, 21 Dec 2022 12:23:03 -0500 (EST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sandelman.ca; s=mail; t=1671643383; bh=IiygINyRk2pxKQjsukr2dKgBa0kjI4cvI+oV7/pHt44=; h=From:To:Subject:In-Reply-To:References:Date:From; b=tXnk1E1qJbUfAED9vYrtTnXVdCyk/SWMYoo5IOgunudb0BTAmzIBMCzK2fhFa2aYP aO1Uwtf8T0djbUFtTZ0+ZabP5WVAI/L6BhoPwNR5BUU+M92lihR/tZT95pr8qUBPUw 80wMAxStdXQ9GHedzl6zMtZh6O2b/8wmAiBqpl2ycxstxMurcl2uIKhcA5ib2pXErr MQuWfbPzHlF3PuBwB1M11wDi/cPXuVWTlWjdiAna5GftF0OhpGPqL2+Yr3GwRMZYUa y/syAv6qiogzAFh5cG/ZIuyjCy5ezi0ShNmN/K/PH3aPzo9ddsvyekTWZ2/RGuX966 4YWtbWB1siqKg==
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 92A103CF; Wed, 21 Dec 2022 11:55:38 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Valery Smyslov <smyslov.ietf@gmail.com>, ipsec@ietf.org, bew.stds@gmail.com
In-Reply-To: <257b01d9151c$a16579f0$e4306dd0$@gmail.com>
References: <11505.1671563270@localhost> <257b01d9151c$a16579f0$e4306dd0$@gmail.com>
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 27.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Wed, 21 Dec 2022 11:55:38 -0500
Message-ID: <9470.1671641738@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/IuaqvNwLnsHrs1AaTE9-ep5KpOA>
Subject: Re: [IPsec] comments on draft-ietf-ipsecme-g-ikev2-07
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Dec 2022 16:55:47 -0000

Valery Smyslov <smyslov.ietf@gmail.com> wrote:
    > many thanks for your review. Much appreciated.

    > Please, see inline.

    >> I started reading through this document during IETF115, but didn't
    >> finish until today.  I don't think that I have ever read the IKEv1-G
    >> stuff.
    >>
    >> > G-IKEv2 SHOULD use UDP port 848, the same as GDOI [RFC6407], because
    >> > they serve a similar function.  They can use the same ports, just as
    >> > IKEv1 and IKEv2 can share port 500.  The version number in the IKE >
    >> header distinguishes the G-IKEv2 protocol from GDOI protocol >
    >> [RFC6407].  G-IKEv2 MAY also use the IKEv2 ports (500, 4500), which >
    >> would provide a better integration with IKEv2.  G-IKEv2 MAY also use >
    >> TCP transport for registration (unicast) IKE SA, as defined in >
    >> [RFC8229].
    >>
    >> Based upon this text, I would have no idea when/if I can send my
    >> G-IKEv2 packet to port 500 or 848.

    > I think it must be pre-configured (just as, for example, using TCP
    > encapsulation in IKEv2).  Should we add some text?

If it's an arbitrary port that someone has to configure, then please include
no ports.

I don't think it should be that way.

I think that it should be port 500.
I don't know if the option to also listen on port 848 matters.
That reflects my preference that this work be an IKEv2 extension,
rather than a new protocol like the IKEv1 version.

    >> Section 2.2 recaps the payload acronyms.  I suggest a third column
    >> telling us where they are defined.

    > Perhaps it's better to split the table into to - existing IKEv2
    > payloads and newly defined G-IKEv2-specific payloads. Does it work for
    > you?

No, I'd rather see it all in one table.

    >> Can I do unicast IKE_CHILD_SA echanges in the same PARENT_SA as I do
    >> G-IKEv2?  I can imagine use cases where there is both multicast and
    >> unicast traffic that needs to be protected.  I guess not, beacuse
    >> GSA_AUTH is not IKE_AUTH.

    > You cannot create unicast IPsec SA at the time the G-IKEv2 SA is being
    > established (since GSA_AUTH cannot do it). It's an open question
    > whether you can create them once it is up (via CREATE_CHILD_SA). It is
    > not explicitly prohibited now, but would prefer not to do it - use
    > G-IKEv2 SA for group key management traffic only and create a separate
    > IKEv2 SA if the GCKS acts as a GW too.

I don't understand GSA_AUTH vs IKE_AUTH. I think that's an IKEv1-ism to split it.

    >> Use of IPCOMP seems really difficult.  I guess it can't be used until
    >> every receiver supports it.  Is that common?  Are the target use cases
    >> (probably video?) even compressible?

    > With multicast architecture for any single feature used, every receiver
    > have to support it, IPcomp is not an exception. Using IPcomp is defined
    > for completeness.  No target use cases were considered (I think there
    > may be few of them).

I'd consider leaving it out, or discouraging it.
Obviously, one can just never compress, but it seems like it's been a PITA to implement.

    >> I guess 2.4.1 answers that question.  Maybe just leave the comment to
    >> 2.4.1.

> Can you suggest some wording?

remove: "This is not a real IKEv2 exchange, since no response messages are sent."

    >> Are these IKEv2 messages sent in the normal port 500/848/4500 channel?
    >> Or?  I don't understand this part at all.  There are implications that
    >> it's multicast, but clearly, it can't be?

    > GSA_REKEY is sent over multicast (that's why it is unacknowledged).
    > The port it is sent to is specified by the GCKS in the GSA_AUTH
    > exchange (it can be any UDP port).

    > Can you be more specific of the text that is not clear and perhaps
    > propose some clarification text?

It seems that GSA_RSAKEY is not an IKEv2 message at all then.

    >> "SID" is now rather overloaded in the IETF (CORE/YANG, SR6...), and
    >> perhaps another TLA could be considered :-)

    > This term was used in the draft from its early versions :-) Perhaps
    > change to SenderID? Or SENDER_ID? Or is it overloaded too?

SenderID is way better.
(CORE/YANG has Schema ID, SR6 has SegmentID)

    >> I think that the end of section 2.6, aout reusing Extended Sequence
    >> Number should probably have more widespread review within the WG.
    >> This is not just a key mgmt issue, but an 4301 update I think.

    > Actually, the current text in the draft is misleading.  It is not about
    > reusing, the transform meaning is generalized and a new value for
    > transform ID is added.  We'll try to make the text more clear.

    > I'm not sure it is an update to 4301, since it requires no code change
    > for existing implementations.

Is the KWK part of IKEv2 or is it part of ESP?

    >> I'm not sure if section 6.1 belongs here.

    > Why? It describes how PPK can be used (well, how complicated is to use
    > it :-)) with G-IKEv2 and also has some justification for alternative
    > way of using PPK (defined in drft-smyslov-ipsecme-ikev2-qr-alt).

It seems like it belongs in smyslov-ipsecme-ikev2-qr-alt.
I don't feel strongly.

    >> Who has implemented?

    > As far as I know early versions of the draft (incompatible with the
    > current one) were implemented by Cisco and by Tobias Heider and Tobias
    > Guggemos.  The current version is partially implemented by myself.

    >> Or maybe I should instead ask: who cares?

    > I believe that there is some interest in this work.  I cannot estimate
    > how strong it is :-)

We shouldn't waste resources publishing documents that nobody plans to deploy.
(We have enough to do...)

--
Michael Richardson <mcr+IETF@sandelman.ca>   . o O ( IPv6 IøT consulting )
           Sandelman Software Works Inc, Ottawa and Worldwide

v2.23.0 | Report a Bug | By Email