Re: [IPsec] I-D Action: draft-ietf-ipsecme-ikev2-intermediate-08.txt
Valery Smyslov <smyslov.ietf@gmail.com> Wed, 02 February 2022 15:20 UTC
Return-Path: <smyslov.ietf@gmail.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 960123A11DC for <ipsec@ietfa.amsl.com>; Wed, 2 Feb 2022 07:20:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DQrZzl_8F9zx for <ipsec@ietfa.amsl.com>; Wed, 2 Feb 2022 07:19:59 -0800 (PST)
Received: from mail-lf1-x135.google.com (mail-lf1-x135.google.com [IPv6:2a00:1450:4864:20::135]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 71F313A11DA for <ipsec@ietf.org>; Wed, 2 Feb 2022 07:19:59 -0800 (PST)
Received: by mail-lf1-x135.google.com with SMTP id z19so41267242lfq.13 for <ipsec@ietf.org>; Wed, 02 Feb 2022 07:19:59 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:references:in-reply-to:subject:date:message-id :mime-version:content-transfer-encoding:thread-index :content-language; bh=vtGurcpkClCahrxoRCrIYcgDJtMXoc/S+FUnSdyDZMk=; b=Rkm1OhMj476DAOFUl9RwpxVBD3+cG761XK/whvctM+c706rbq8JcxKbPGscg3BOXpl nWNRfs1CB/pSpBZOLvIz+jEUnRFiHADCXbq62hkya9zMQIKqWCNtYC/VYoh17gog0WXS Y86CK25neJ6INDbaMxmhBHV30LoGf4pggRl2GUcuq/qCPRd6T+O8OfEMB81+EaJuW/+9 Uv6chV+7iHLpdhm8ovvNaq7gswhSI34DiJC54z2ybRvo/yVE1tvXEZ0ZD5PuEjrXRm+Y V6Moh+3wvoBkEZkrqABnfXHO6DzUxQtHGQmpsgO6JHi+oev38fNJaIDVCCRDHqjCjLDM H6zg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:references:in-reply-to:subject:date :message-id:mime-version:content-transfer-encoding:thread-index :content-language; bh=vtGurcpkClCahrxoRCrIYcgDJtMXoc/S+FUnSdyDZMk=; b=gNIpyVg7e3GVgD5dxvXQBDeBz/Ly2heSakNEoY7v1VSkU3EhDU2cQnf3A5F9iGz5ln sdrtdT816DIv2qrSfXfg+nAV4pjvr5RP8S24zlT9Msl/gGRN7OCtYSf+0DF5o3uu+Zeq g0kUtBezSWHhaKvAQ7mDGh6aJThYrOwm2FgHatgKfXS0SugGhP83ZPUDVgnz1ZhiSldn ZrRLTFq7TqdQU2ialcNpX+4A21lDClbT1fScOcx7pTu4gdU/B5JuGbBn+DIvp5jN91m+ RAvLkJYj89SZQaBJUYsup1N3J2uXTcYAkKjXP3r0SseOHyQIfvDIf8M9oLXC8FmBdqw6 46BQ==
X-Gm-Message-State: AOAM533yo+0VeJ4WLy2r4MElwAYmk15nz+1ifOAIdFj0uyn5NcMPHiot L1EN1dEUrXAwWAwSu5zCAdFa9D3iNQ4=
X-Google-Smtp-Source: ABdhPJwFDso+QB+1W58DPMkEkB9FoV1X3TK2PDcpQ6Gr0pW08iZCEsjDClDxmrUULi94KyKRjbEzOQ==
X-Received: by 2002:ac2:46d3:: with SMTP id p19mr23695527lfo.164.1643815195556; Wed, 02 Feb 2022 07:19:55 -0800 (PST)
Received: from buildpc ([93.188.44.204]) by smtp.gmail.com with ESMTPSA id y19sm4573284lfb.191.2022.02.02.07.19.54 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 02 Feb 2022 07:19:55 -0800 (PST)
From: Valery Smyslov <smyslov.ietf@gmail.com>
To: ipsec@ietf.org
Cc: kaduk@mit.edu
References: <164381225963.14712.11879115283048376376@ietfa.amsl.com>
In-Reply-To: <164381225963.14712.11879115283048376376@ietfa.amsl.com>
Date: Wed, 02 Feb 2022 18:19:56 +0300
Message-ID: <13d101d81848$563f4a90$02bddfb0$@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQFtwd5k38cH5RMePEEUpOMbTR/WNa1VBWOg
Content-Language: ru
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/Lo_go6MUcLCKg-7uWYPN5j21cs0>
Subject: Re: [IPsec] I-D Action: draft-ietf-ipsecme-ikev2-intermediate-08.txt
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Feb 2022 15:20:05 -0000
Hi, I've published a new version of the draft. It addresses concerns raised during AD review. Summary of the changes: - the way IKE_INTERMEDIATE exchanges are authenticated is changed to accommodate suggestions from Tobias Brunner (to make the size of the intermediate authentication values constant regardless the number of exchanges) and from Ben Kaduk (to add Message ID of the IKE_AUTH exchange to authentication to prevent truncation attacks) - text describing the authentication of IKE_INTERMEDIATE exchanges is expanded and a lot of clarifications are added - Security Considerations section is expanded by adding a text concerning possible DoS attack mounted by malicious initiator and recommendations how to deal with it - other comments from AD review are addressed - a lot of text improvements (many thanks to Ben for them) I had off the list mail exchange with Scott Fluhrer about the security of the modified authentication scheme suggested by Tobias, and Scott confirmed that this construction looks cryptographically sound. In particular he said (shared here with his permission): SRF: yes, it looks sound. The only possible issue (in use case 2 <When IKE_INTERMEDIATE is used for purposes other than PQ KE, so the keys are constant - VS>) would be if the attacker could learn of a second instance of PRF( key, [message] ) that could be reused in this context - I don't think that can happen in this case. Since the authentication scheme is changed, I'm not sure whether another WGLC is needed... Regards, Valery. > A New Internet-Draft is available from the on-line Internet-Drafts directories. > This draft is a work item of the IP Security Maintenance and Extensions WG of the IETF. > > Title : Intermediate Exchange in the IKEv2 Protocol > Author : Valery Smyslov > Filename : draft-ietf-ipsecme-ikev2-intermediate-08.txt > Pages : 15 > Date : 2022-02-02 > > Abstract: > This documents defines a new exchange, called Intermediate Exchange, > for the Internet Key Exchange protocol Version 2 (IKEv2). This > exchange can be used for transferring large amounts of data in the > process of IKEv2 Security Association (SA) establishment. > Introducing the Intermediate Exchange allows re-using the existing > IKE fragmentation mechanism, that helps to avoid IP fragmentation of > large IKE messages, but cannot be used in the initial IKEv2 exchange. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-ipsecme-ikev2-intermediate/ > > There is also an htmlized version available at: > https://datatracker.ietf.org/doc/html/draft-ietf-ipsecme-ikev2-intermediate-08 > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-ietf-ipsecme-ikev2-intermediate-08 > > > Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts > > > _______________________________________________ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec
- [IPsec] I-D Action: draft-ietf-ipsecme-ikev2-inte… internet-drafts
- Re: [IPsec] I-D Action: draft-ietf-ipsecme-ikev2-… Valery Smyslov
- Re: [IPsec] I-D Action: draft-ietf-ipsecme-ikev2-… Benjamin Kaduk