Re: [IPsec] Martin Duke's No Objection on draft-ietf-ipsecme-ikev2-intermediate-09: (with COMMENT)
Valery Smyslov <svan@elvis.ru> Thu, 03 March 2022 06:40 UTC
Return-Path: <svan@elvis.ru>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7704C3A13A2; Wed, 2 Mar 2022 22:40:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.907
X-Spam-Level:
X-Spam-Status: No, score=-1.907 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u5jzE7jkvnkG; Wed, 2 Mar 2022 22:40:35 -0800 (PST)
Received: from dpmail.elvis.ru (dpmail.elvis.ru [93.188.44.211]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C35863A139E; Wed, 2 Mar 2022 22:40:29 -0800 (PST)
Received: from kmail.elvis.ru ([93.188.44.208]) by dpmail.elvis.ru with esmtp (Exim 4.89) (envelope-from <svan@elvis.ru>) id 1nPf8P-0002RI-Kx; Thu, 03 Mar 2022 09:40:23 +0300
Received: from mail16.office.elvis.ru ([10.111.1.29] helo=mail.office.elvis.ru) by kmail.elvis.ru with esmtp (Exim 4.92) (envelope-from <svan@elvis.ru>) id 1nPf8P-0007zf-EQ; Thu, 03 Mar 2022 09:40:21 +0300
Received: from MAIL16.office.elvis.ru (10.111.1.29) by MAIL16.office.elvis.ru (10.111.1.29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1779.2; Thu, 3 Mar 2022 09:40:21 +0300
Received: from buildpc (10.111.10.33) by MAIL16.office.elvis.ru (10.111.1.29) with Microsoft SMTP Server id 15.1.1779.2 via Frontend Transport; Thu, 3 Mar 2022 09:40:21 +0300
From: Valery Smyslov <svan@elvis.ru>
To: 'Martin Duke' <martin.h.duke@gmail.com>
CC: 'The IESG' <iesg@ietf.org>, draft-ietf-ipsecme-ikev2-intermediate@ietf.org, ipsecme-chairs@ietf.org, ipsec@ietf.org, ynir.ietf@gmail.com
References: <164625223564.17953.1128366395669864994@ietfa.amsl.com> <006701d82e7c$2ea5f480$8bf1dd80$@elvis.ru> <CAM4esxT-xsoB5FwQS=j38nT4bpOsSMT0OSX7M21CaNjnavnRLA@mail.gmail.com>
In-Reply-To: <CAM4esxT-xsoB5FwQS=j38nT4bpOsSMT0OSX7M21CaNjnavnRLA@mail.gmail.com>
Date: Thu, 03 Mar 2022 09:40:24 +0300
Message-ID: <051901d82ec9$90222290$b06667b0$@elvis.ru>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_051A_01D82EE2.B570E130"
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQJ+dqbm/PRBodiNUi9Y9ZJtYJe/wQI6yOcpAaZh3xKrQZlVkA==
Content-Language: ru
X-CrossPremisesHeadersFilteredBySendConnector: MAIL16.office.elvis.ru
X-OrganizationHeadersPreserved: MAIL16.office.elvis.ru
X-KLMS-AntiSpam-Interceptor-Info: not scanned
X-KLMS-Rule-ID: 1
X-KLMS-Message-Action: clean
X-KLMS-AntiSpam-Status: not scanned, disabled by settings
X-KLMS-AntiPhishing: Clean, bases: 2022/02/20 23:15:00
X-KLMS-AntiVirus: Kaspersky Security for Linux Mail Server, version 8.0.3.30, bases: 2022/02/20 20:13:00 #18795747
X-KLMS-AntiVirus-Status: Clean, skipped
X-Spam-Scanner: Rspamd work in dpmail.elvis.ru, WHITELIST
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/MyNqgxx-QK1kHL0Sd6nV5brbfmE>
Subject: Re: [IPsec] Martin Duke's No Objection on draft-ietf-ipsecme-ikev2-intermediate-09: (with COMMENT)
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Mar 2022 06:40:41 -0000
Hi Martin,
For the proposed text, I would prefer something normative but if you think that's unwise I'll accept your proposal.
As Murray noticed, we can’t use normative language against future specifications :-)
I combined text resulted from Lars’ comment and from yours into a list as follows
(at the end of Introduction section):
... It is expected that separate
specifications will define for which purposes and how the
IKE_INTERMEDIATE exchange is used in IKEv2. Some considerations must
be taken into account when designing such specifications.
o The IKE_INTERMEDIATE exchange is not intended for bulk transfer.
This document doesn't set a hard cap on the amount of data that
can be safely transferred using this mechanism, as it depends on
its application. But it is anticipated that in most cases the
amount of data will be limited to tens of Kbytes (few hundred
Kbytes in extreme cases), which is believed to cause no network
problems (see [RFC6928] as an example of experiments with sending
similar amounts of data in the first TCP flight). See also
Section 5 for the discussion of possible DoS attack vectors when
amount of data sent in IKE_INTERMEDIATE is too large.
o It is expected that the IKE_INTERMEDIATE exchange will only be
used for transferring data that is needed to establish IKE SA and
not for data that can be send later when this SA is established.
I think both wordings impose some recommendations/restrictions on using
this exchange and thus it’s a good idea to put them together. Is it OK?
Otherwise, your responses look great!
Thanks!
Regards,
Valery.
Thanks!
On Wed, Mar 2, 2022 at 1:26 PM Valery Smyslov <svan@elvis.ru> wrote:
Hi Martin,
thank you for your comments.
> Martin Duke has entered the following ballot position for
> draft-ietf-ipsecme-ikev2-intermediate-09: No Objection
>
> When responding, please keep the subject line intact and reply to all
> email addresses included in the To and CC lines. (Feel free to cut this
> introductory paragraph, however.)
>
>
> Please refer to
> https://www.ietf.org/about/groups/iesg/statements/handling-ballot-
> positions/
> for more information about how to handle DISCUSS and COMMENT
> positions.
>
>
> The document, along with other ballot positions, can be found here:
> https://datatracker.ietf.org/doc/draft-ietf-ipsecme-ikev2-intermediate/
>
>
>
> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
>
> (3.2) "Implementations MUST verify that Message IDs in the
> IKE_INTERMEDIATE
> messages [increment by 1]". Or what? In any case, isn't this fully enforced
> by
> the WINDOW_SIZE parameter in Sec 2.3 of RFC 7296? That is, if
> WINDOW_SIZE == 1,
> any message that doesn't increment by 1 will simply be ignored. If
> WINDOW_SIZE
> > 1, receiving an increment > 1 is in fact legal (due to packet loss) but the
> window will not advance until all IDs are received?
Your understanding is correct. These requirements are in RFC 7296
and may look redundant in this document. While it is not a good
practice to repeat requirements from another document,
it is done here for the purpose of bringing readers' attention
to them, because for this particular exchange they are crucial
for security. The way IKE_INTERMEDIATE exchanges
are authenticated implies that chunks of data fed into the prf
be in the order these exchanges took place.
Scott Fluhrer suggested to reinforce the requirement to check
Message ID in the draft (quoting his private e-mail with his permission):
"... we need to be careful about Message ID handling; what we want to prevent is an attacker resending
a previous encrypted IKE Intermediate message, and confusing things (which plausibly could happen
if there were a large number of IKE intermediate exchanges, and the sides don't track all the message IDs
that they've seen already). I would suggest that the draft state that the responder MUST verify that
the message IDs received are increasing (or is that inferable from the IKE RFC?)."
So, while it is basically repetition of what RFC 7296 says, it was decided
to reiterate these requirement due to their importance for security.
> (5) The security considerations hint at it with all the DoS talk, but it would
> be valuable to place some limits on the kind of information that can be
> contained in IKE_INTERMEDIATE and how it is processed. The document
> doesn't
> appear to explicitly restrict these messages to overflow from IKE_SA_INIT
> messages, so if an extension sends e.g. user data in these what are the
> implications? I'd suggest that applications not process such data until AUTH
> exchange is complete.
This document defines only the IKE_INTERMEDIATE exchange itself.
It is expected that other documents will define its application
and the types of data it contains.
That said, I agree that IKE_INTERMEDIATE must only be used
in those cases, when the data transferred needs to be processed
before (or in) IKE_AUTH. So, it's not for transferring user data
(and I hope no specification will use it for this purpose).
I can add something like this:
It is expected that the IKE_INTERMEDIATE exchange will
only be used for transferring data that is needed to establish IKE SA
and not for data that can be send later when this SA is established.
Is it OK?
> While I am not particularly happy with solely using the WINDOW_SIZE
> mechanism
> to regulate the amount of data in flight, IMO that is an issue with RFC 7296
> and not this document.
Indeed.
Thank you!
Regards,
Valery.
- [IPsec] Martin Duke's No Objection on draft-ietf-… Martin Duke via Datatracker
- Re: [IPsec] Martin Duke's No Objection on draft-i… Valery Smyslov
- Re: [IPsec] Martin Duke's No Objection on draft-i… Martin Duke
- Re: [IPsec] Martin Duke's No Objection on draft-i… Valery Smyslov
- Re: [IPsec] Martin Duke's No Objection on draft-i… Martin Duke