IETF Logo Mail Archive

Re: [IPsec] AD review of draft-ietf-ipsecme-ikev2-multiple-ke-06

Roman Danyliw <rdd@cert.org> Fri, 21 October 2022 12:27 UTC

Return-Path: <rdd@cert.org>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 59417C14F75F for <ipsec@ietfa.amsl.com>; Fri, 21 Oct 2022 05:27:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.906
X-Spam-Level:
X-Spam-Status: No, score=-1.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gTKA9Euii-Ig for <ipsec@ietfa.amsl.com>; Fri, 21 Oct 2022 05:27:04 -0700 (PDT)
Received: from USG02-CY1-obe.outbound.protection.office365.us (mail-cy1usg02on0108.outbound.protection.office365.us [23.103.209.108]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DDB69C14F720 for <ipsec@ietf.org>; Fri, 21 Oct 2022 05:27:03 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector5401; d=microsoft.com; cv=none; b=jwsCmHN2vSQY/MHeZMccha6aF7oYEW+3X8yUBwj7Jl50KpfMc3fE4qVSMPhLNDQT3bJYLiGaigYlcifROyA4+lmtLCYxXqs8U19hLD06Hm6+PGefVZmhXJGJcrBXCqV8COpCxukjBpHlgi9dik4mtEg8Jy6F0xE+H92Y9At0MFoLycumSr3PpavhO95Z1FkkzNyF4kC5c28YzVKIsr6YkYDl+/WakkqSmo+H+mplx2JkLE4tYZI23fvGW4O/TchKL18kT0+mPutnALAO8NTPz5QIn/w8GTplzf4TSjKtxZmUxd6ZHhvqngNN2RSBxiT79C9BpOAuKp03FKKSXGZM+A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector5401; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=anz3oyNrTSKtZ2tFw/guJC1Buows+vKK1+cbLhfkUvI=; b=f+knxhThHZWPAlfcp6bEzpj4LnQ0WoM70NJbIpcMY5WnPNLvCFj22rhNK9qZ/lhlUWML3SbBN4OoASBPOB6FIRBuLdM6z1f0D1yOBct9bMmXC1ZpI7m0sueiTccu8PuV5tPcVhj8w4bhpB5+q3ELSxgE3GSDvCATL3NbHkXX3v5+Hl+eYnQJXZbkBOuwITGubvU14rVlituOwhI62TKQtjXVCRQVTG9XenLOoM01xXMCbWpqiP9ywZAqhXDoxEiaeG7pQzvycXJw3lihKD1KLbwNn4MPA6C1EAmNUQ/3nDtO8Dfx9YkdpVwmHYjdCfjRMjSbwv5Ci7ugPYQTJdZ/Fg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cert.org; dmarc=pass action=none header.from=cert.org; dkim=pass header.d=cert.org; arc=none
Received: from BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:168::11) by BN2P110MB1092.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:169::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5723.35; Fri, 21 Oct 2022 12:27:00 +0000
Received: from BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM ([fe80::11dc:e93c:167b:f429]) by BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM ([fe80::11dc:e93c:167b:f429%6]) with mapi id 15.20.5723.036; Fri, 21 Oct 2022 12:27:00 +0000
From: Roman Danyliw <rdd@cert.org>
To: CJ Tjhai <cjt=40post-quantum.com@dmarc.ietf.org>
CC: Tero Kivinen <kivinen@iki.fi>, Valery Smyslov <svan@elvis.ru>, "ipsec@ietf.org" <ipsec@ietf.org>, Valery Smyslov <smyslov.ietf@gmail.com>
Thread-Topic: [IPsec] AD review of draft-ietf-ipsecme-ikev2-multiple-ke-06
Thread-Index: AdjVFve8l6i95Y8RTMyDGHjJmSSKlwDP4BIAASTrI1AAYJrXAAAAtrAAAasYYAAACwe/Fw==
Date: Fri, 21 Oct 2022 12:27:00 +0000
Message-ID: <BN2P110MB1107052C67E247B9CFCB7686DC2D9@BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM>
References: <BN2P110MB1107D456BF345148FADD88CFDC569@BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM> <CANs=h-WWnrdv5+ewjKVnBdoC4X4eTosM5uZ1BDfED1EJ=V9UFw@mail.gmail.com> <BN2P110MB1107E6807021031C3A5B6A0CDC209@BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM> <25415.3646.863005.336101@fireball.acr.fi> <010301d8de6f$6b669250$4233b6f0$@gmail.com> <CANs=h-XDr=YLWbNr8SC2_wu==oeUwKCqLCZWS_09Y4q20nwq_A@mail.gmail.com>
In-Reply-To: <CANs=h-XDr=YLWbNr8SC2_wu==oeUwKCqLCZWS_09Y4q20nwq_A@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cert.org;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: BN2P110MB1107:EE_|BN2P110MB1092:EE_
x-ms-office365-filtering-correlation-id: 35fae4b7-1920-4bad-b232-08dab35f8d6b
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: NRtO7Ku5wz6hIjWCjXgSAbVmFZJk5CLyxTwYLVhHtpLjiMRGaROsg49wdkg5EYckh4Xqxh8MVWo/kYwDQSoI1eV3UNvQB6WT60cHOUHymE9xkZ6qVUMggf8Yr/emEIw56DDkGn9XYd2ZI2vY7RaQRBOp8GBPubYTeuG8d+RioDBCTe/2ro1JzQsQPlxJiVaRsk1KrhM+Ijump/3cDtbgp7t4qKgR4R31NECcef/WecAEjPsjAJ+hHNq8miLMeih2of4K1KjOKjMlWqeBdNelbei3mxzCs+8W4sKcpX8W22Eir89i7wgSpa5I78KZBb579yCOHAfRxBGGTw24WVDeNxu2Gy75xXAWb0iZmZ9v1abPpejCUqbARvSYAl8CgiCdMQPFlGGKPZDj17v620eZbBasl6j494Hyjr2QF9dqH7uFWNyRjiLaf5wPICGGUQRpd5ClvfTz4zMc8MGfdOEjrWhsmafJlzbb8kBaxG8OBgyiRc5MHlgoeKePeROUkEs0ht7uCCQkPF8AzJhZtCz58gvIdcgEuhYteuiLpbz3ctzsB+phcxYRhHX3qHcXgjpOFn/yZsg/l3dAgfZir409aIPuq+lFRi5R4Gq97+bsLW7AngI8nCfsQmQsyg9kq3l5te9ThGWNqhZEkA5Au4lp6RqXcQk3W6t8iQE0VAGx/qzWxo79PLvNSVUJSSgM377vIDoBbfPNlc5TQOY6AXhIuA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230022)(366004)(451199015)(5660300002)(52536014)(8936002)(2906002)(54906003)(76116006)(66946007)(966005)(66899015)(33656002)(64756008)(8676002)(4326008)(66556008)(66446008)(66476007)(498600001)(86362001)(53546011)(186003)(82960400001)(7696005)(6506007)(9686003)(122000001)(26005)(166002)(38070700005)(55016003)(71200400001)(83380400001)(38100700002); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: X5A9w/6I/EEBCLelyHSUgM0r05+/oJ8B0CZeI85EHsxIR3U3xukKa2MegqNucUtCfSla1CZ7KmN7MJAQo+7ilki9Rz9SYcNS32o1OTKMt+ihYUe09prpGFOAnE6Jz4O9wgm57pY3F04bBl17kz8qI3O6Klz24zU//ZlC2YlK7HHOneWGzxkzhLJzIzX3+APdub5CdgsVHCkiUMSjyeEsGdK2PNatI9z8uSlga4lBceTS0B/M7y3EFiH47P1IxxdA87NYRMsSBZNMCoXdldfWM9bDAwnVpRGezPqnrXnnEXJZbh3UaapgQ/Zzl20f9YA/JKDUGTQthed27S93qrap7vRrLna+DVjTbbItBsiijcjx2MwqabASfZLst2k7VV06CPYy/MWniXGwnjH4LJxW+txEW71SCU+19kZPZOWLz0k=
Content-Type: multipart/alternative; boundary="_000_BN2P110MB1107052C67E247B9CFCB7686DC2D9BN2P110MB1107NAMP_"
MIME-Version: 1.0
X-OriginatorOrg: cert.org
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 35fae4b7-1920-4bad-b232-08dab35f8d6b
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Oct 2022 12:27:00.1944 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 95a9dce2-04f2-4043-995d-1ec3861911c6
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN2P110MB1092
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/NyShnH72i8r5BJB70VjRqTf41oo>
Subject: Re: [IPsec] AD review of draft-ietf-ipsecme-ikev2-multiple-ke-06
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Oct 2022 12:27:08 -0000

If you have the bandwidth, I would recommend publishing a new draft. The pre-meeting publication cut off is on Oct 24. Having an up to date document is helpful going into the meeting.

Roman

________________________________
From: IPsec <ipsec-bounces@ietf.org> on behalf of CJ Tjhai <cjt=40post-quantum.com@dmarc.ietf.org>
Sent: Friday, October 21, 2022 3:08 AM
To: Roman Danyliw <rdd@cert.org>
Cc: Tero Kivinen <kivinen@iki.fi>; Valery Smyslov <svan@elvis.ru>; ipsec@ietf.org <ipsec@ietf.org>; Valery Smyslov <smyslov.ietf@gmail.com>
Subject: Re: [IPsec] AD review of draft-ietf-ipsecme-ikev2-multiple-ke-06

Hi Roman,

We have updated our draft to incorporate Russ' feedback and also changes from IANA review. it also includes the following changes following your suggestions.

The updated draft is available here https://github.com/post-quantum/ietf-pq-ikev2/blob/master/draft-ietf-ipsecme-ikev2-multiple-ke-00.xml.

Should we publish version 08 of the draft, or should we just wait for the end of IETF LC?

Best wishes,
CJ and Valery

[snip]
[Roman] Makes sense.  Thanks. To prevent this from coming up during subsequent reviews.  Please add a reference to that FAQ here.
We have added the reference to NIST FAQs.
[snip]

[Roman] A recommended value would help if you are comfortable giving it, or explaining why it’s hard to give one.  This is a common question that comes from transport review during IETC LC or IESG review.
We added the following sentences:

Note that due to various factors such as computational resource
and key exchange algorithm used, it is not possible to give a
normative guidance on how long this timeout period should be.
In general, 5-20 seconds of waiting time should be appropriate
in most cases.

[snip]

[Roman] Adding a bit of clarifying text like discussed here would be helpful – that the ordering does not matter.
We added this text as suggested:

The ordering of the additional key exchanges should not matter in
general, as only the final shared secret is of interest.
Nonetheless, because the strength of the running shared secret
increases with every additional key exchange, an implementer may
want to first perform the most secure method (in some metrics) and
followed by less secure one(s).


[Roman] Agreed. Consider if you need to talk about work that ISN’T done in this document here.  To keep things on point, I would recommend deleting this text.

We have removed the text as suggested.


On Wed, 12 Oct 2022 at 20:18, Valery Smyslov <smyslov.ietf@gmail.com<mailto:smyslov.ietf@gmail.com>> wrote:
Hi Tero,

> Roman Danyliw writes:
> >     ** Section 3.2.4.
> >
> >     The responder MUST handle this
> >        situation gracefully and delete the associated state if it does not
> >        receive the next expected IKE_FOLLOWUP_KE request after some
> >        reasonable period of time.
> >
> >     Is there a guidance on the timeout value?
> >
> > IKEv2 traditionally does not mandate exact timeouts. For example, the
> same
> > situation happens if the initiator completes IKE_SA_INIT and never starts
> > IKE_AUTH. The responder should eventually delete the incomplete IKE SA,
> but
> > RFC 7296 does not specify how long the waiting time is.
> >
> > FWIW, our implementations waits 5 seconds by default (which is
> adjustable
> > value).
> >
> > Do you think we should recommend (but not mandate) to wait for 5-10
> seconds?
> >
> > [Roman] A recommended value would help if you are comfortable giving
> it, or
> > explaining why it’s hard to give one.  This is a common question that
> comes
> > from transport review during IETC LC or IESG review.
>
> Suitable values can be between few seconds up to few minutes. For
> example timeout between IKE_SA_INIT and IKE_AUTH might require user
> interaction, thus it might be up to minutes if PIN code to unlock user
> auth device is required etc.
>
> Because the timeouts are so different depending on the environment and
> usage scenario we do not give them in the IKEv2 document.

With the IKE_FOLLOWUP_KE exchange user interaction is not a problem (it should not take place).
However, since we are talking about PQ algorithms and some of them
may be quite costly in terms of generating a key pair, the initiator may just
be unable to provide data for the next IKE_FOLLOWUP_KE exchange quickly.

So, while I think that several minutes is too long in this case,
I agree that timeout values could be very different depending on the
initiator's resources and on the algorithm employed. For this reason
we didn't specify it. We can give a vague recommendation
that waiting for 5-20 seconds can be appropriate in most situations,
but definitely we don't want making these values normative.

Regards,
Valery.

> --
> kivinen@iki.fi<mailto:kivinen@iki.fi>
>
> _______________________________________________
> IPsec mailing list
> IPsec@ietf.org<mailto:IPsec@ietf.org>
> https://www.ietf.org/mailman/listinfo/ipsec


________________________________
PQ Solutions Limited (trading as ‘Post-Quantum’) is a private limited company incorporated in England and Wales with registered number 06808505.

This email is meant only for the intended recipient. If you have received this email in error, any review, use, dissemination, distribution, or copying of this email is strictly prohibited. Please notify us immediately of the error by return email and please delete this message from your system. Thank you in advance for your cooperation.

For more information about Post-Quantum, please visit www.post-quantum.com<http://www.post-quantum.com>.

In the course of our business relationship, we may collect, store and transfer information about you. Please see our privacy notice at www.post-quantum.com/privacy-policy/<http://www.post-quantum.com/privacy-policy/> to learn about how we use this information.

v2.23.0 | Report a Bug | By Email