IETF Logo Mail Archive

Re: [IPsec] [Last-Call] Secdir last call review of draft-ietf-ipsecme-rfc8229bis-06

Valery Smyslov <svan@elvis.ru> Tue, 31 May 2022 16:59 UTC

Return-Path: <svan@elvis.ru>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 95733C159497; Tue, 31 May 2022 09:59:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=elvis.ru
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qWBHMQYinBab; Tue, 31 May 2022 09:59:49 -0700 (PDT)
Received: from akmail.elvis.ru (akmail.elvis.ru [82.138.51.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 42AAAC159490; Tue, 31 May 2022 09:59:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=elvis.ru; s=mail; h=Content-Type:MIME-Version:Message-ID:Date:Subject:In-Reply-To: References:CC:To:From:Sender:Reply-To:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=BXxm2SjSaeQt94RAz3PEm2rmMio2+W6aobS5a3Z5Dqs=; b=KT+BBo21XM0iqdCFO62vWJjRp4 QifGPDqI6ARZhdpoUj7PngQhKae+j8XUz+son8wBmWsirGn2jVyuif+b1e2kvkQk22SJqJL6n1kgo KhKnjf06tNDD/YwWlaFMFLa7BxXW00zxeVUC2gwJWHxkVdbHVV+8YAZJ6OjFneHSSt/k=;
Received: from kmail.elvis.ru ([93.188.44.208]) by akmail.elvis.ru with esmtp (Exim 4.92) (envelope-from <svan@elvis.ru>) id 1nw5Da-0008FI-QC; Tue, 31 May 2022 19:59:43 +0300
Received: from mail16.office.elvis.ru ([10.111.1.29] helo=mail.office.elvis.ru) by kmail.elvis.ru with esmtp (Exim 4.92) (envelope-from <svan@elvis.ru>) id 1nw5Da-0002pG-Ip; Tue, 31 May 2022 19:59:42 +0300
Received: from MAIL16.office.elvis.ru (10.111.1.29) by MAIL16.office.elvis.ru (10.111.1.29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1779.2; Tue, 31 May 2022 19:59:42 +0300
Received: from buildpc (10.111.10.33) by MAIL16.office.elvis.ru (10.111.1.29) with Microsoft SMTP Server id 15.1.1779.2 via Frontend Transport; Tue, 31 May 2022 19:59:42 +0300
From: Valery Smyslov <svan@elvis.ru>
To: touch@strayalpha.com, 'Tero Kivinen' <kivinen@iki.fi>
CC: 'Christian Huitema' <huitema@huitema.net>, secdir@ietf.org, draft-ietf-ipsecme-rfc8229bis.all@ietf.org, ipsec@ietf.org, last-call@ietf.org
References: <165377251630.6282.16767658545384357479@ietfa.amsl.com> <077301d8741b$c0fe9b40$42fbd1c0$@elvis.ru> <25237.6715.619617.181961@fireball.acr.fi> <08f501d874df$90e95750$b2bc05f0$@elvis.ru> <25238.13419.293263.562580@fireball.acr.fi> <DA2ECB10-11A9-4781-80E2-ADFEED2181F4@strayalpha.com>
In-Reply-To: <DA2ECB10-11A9-4781-80E2-ADFEED2181F4@strayalpha.com>
Date: Tue, 31 May 2022 19:59:43 +0300
Message-ID: <0a2301d8750f$d3601bc0$7a205340$@elvis.ru>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0A24_01D87528.F8ADA1E0"
X-Mailer: Microsoft Outlook 14.0
Content-Language: ru
Thread-Index: AQKKl9px7X7eA1CQ6TUrJpeus4VMBQFqn8/DAb05IO0BpRHmcAMg7P2lAc88822rhwPygA==
X-CrossPremisesHeadersFilteredBySendConnector: MAIL16.office.elvis.ru
X-OrganizationHeadersPreserved: MAIL16.office.elvis.ru
X-KLMS-AntiSpam-Interceptor-Info: not scanned
X-KLMS-Rule-ID: 1
X-KLMS-Message-Action: clean
X-KLMS-AntiSpam-Status: not scanned, disabled by settings
X-KLMS-AntiPhishing: Clean, bases: 2022/05/31 15:05:00
X-KLMS-AntiVirus: Kaspersky Security for Linux Mail Server, version 8.0.3.30, bases: 2022/05/31 13:37:00 #19629522
X-KLMS-AntiVirus-Status: Clean, skipped
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/MN74QZYLHiS3-Jj0BHc8_lRPiAc>
Subject: Re: [IPsec] [Last-Call] Secdir last call review of draft-ietf-ipsecme-rfc8229bis-06
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 31 May 2022 16:59:53 -0000

Hi Joe,

 

From: touch@strayalpha.com [mailto:touch@strayalpha.com] 
Sent: Tuesday, May 31, 2022 7:12 PM
To: Tero Kivinen
Cc: Valery Smyslov; Christian Huitema; secdir@ietf.org; draft-ietf-ipsecme-rfc8229bis.all@ietf.org; ipsec@ietf.org; last-call@ietf.org
Subject: Re: [Last-Call] [IPsec] Secdir last call review of draft-ietf-ipsecme-rfc8229bis-06

 

On May 31, 2022, at 8:29 AM, Tero Kivinen <kivinen@iki.fi> wrote:

 

I think we should tear down the TCP stream immediately if we detect
that length bytes can't be correct.

 

If that’s the case, then you’re opening up this approach to a much lower bar to attacks.

 

          The design of TCP encapsulation is that IPsec survives when a TCP connection is closed for any reason, it just re-opens a new one.

 

          The performance will degrade, but that is that - TCP is not the primary transport for IPsec

          and should be used only when other transports (e.g. UDP) is not available.

 

It would be significantly more useful to find a way to resync. I don’t have any particular suggestions there, except maybe when sync is lost to scan for a known byte pattern and try to resync there. If the IPsec then starts to work again, you’re set. If not, you keep scanning.

 

This is the approach ATM used to find cell boundaries.

 

Is there a reason not to include that as a fallback when such attacks are seen as a mitigation to avoid the restart overhead??

 

          While this is possible (scan for known SPIs and check the ICV of the resulting packet), it will consume resources (crypto is not free), 

          so I’m not sure it’s a better defense against injection attack. Note, that an attacker has already performed the successful attack on this TCP

          connection, so it did guess the correct sequence number and 4-tuple, so it can continue to inject data.

          With new TCP session it yet have to guess these parameters.

 

          Regards,

          Valery.

          

Joe

v2.23.0 | Report a Bug | By Email