Re: [IPsec] Secdir last call review of draft-ietf-ipsecme-rfc8229bis-06
Tero Kivinen <kivinen@iki.fi> Mon, 30 May 2022 19:25 UTC
Return-Path: <kivinen@iki.fi>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5B3BBC15AAC8; Mon, 30 May 2022 12:25:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.986
X-Spam-Level:
X-Spam-Status: No, score=-3.986 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-1.876, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iki.fi
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LBuFJnNQEteL; Mon, 30 May 2022 12:25:54 -0700 (PDT)
Received: from lahtoruutu.iki.fi (lahtoruutu.iki.fi [185.185.170.37]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9D781C15AAFE; Mon, 30 May 2022 12:25:52 -0700 (PDT)
Received: from fireball.acr.fi (fireball.acr.fi [83.145.195.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: kivinen@iki.fi) by lahtoruutu.iki.fi (Postfix) with ESMTPSA id 590CD1B000E0; Mon, 30 May 2022 22:25:48 +0300 (EEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=iki.fi; s=lahtoruutu; t=1653938748; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=DaVqxLMbMkfhLC/m8/q3FwTEBjC58X8XJg20nqkPb2A=; b=QAtQ56g35VG//9EOPLyweEaHh4SH5RjJ6OgI+Sw1SYRn5gnsnUnQQUmJYSoZAyLnksdknZ TQy7FPoJpXHT+Tz6wDrwdngaUAVwXY2qy6frIFZnrhc86CWA9UarO2pzJMgnzsIlGRKJIN F5rp7SO8tZKmBDGp0mnSukEO/eryLFHyR1BB55euL0p1NnAGh2f7aE8rupxoLQOyMWj7SQ Fi/zvwqmIet+gk4xKV6W0xB/TyiNFZS/rY19Bv1jrbn92JQx618/HTSqETAVQ/QzHAUARj F4vFxZFO5sBOZ3ahbMnPUGxnK6k6oDuO76sYghansANM2ReCLA72QMYY4yM13g==
Received: by fireball.acr.fi (Postfix, from userid 15204) id AD0D425C12E4; Mon, 30 May 2022 22:25:47 +0300 (EEST)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <25237.6715.619617.181961@fireball.acr.fi>
Date: Mon, 30 May 2022 22:25:47 +0300
From: Tero Kivinen <kivinen@iki.fi>
To: Valery Smyslov <svan@elvis.ru>
Cc: 'Christian Huitema' <huitema@huitema.net>, secdir@ietf.org, draft-ietf-ipsecme-rfc8229bis.all@ietf.org, ipsec@ietf.org, last-call@ietf.org
In-Reply-To: <077301d8741b$c0fe9b40$42fbd1c0$@elvis.ru>
References: <165377251630.6282.16767658545384357479@ietfa.amsl.com> <077301d8741b$c0fe9b40$42fbd1c0$@elvis.ru>
X-Mailer: VM 8.2.0b under 26.3 (x86_64--netbsd)
X-Edit-Time: 12 min
X-Total-Time: 17 min
ARC-Seal: i=1; s=lahtoruutu; d=iki.fi; t=1653938748; a=rsa-sha256; cv=none; b=Chvt3/w3PcSZWmNW3/WvFyU+gTON9qnYrHixLsMbwgRBHy7jt08hWlm7UZ+BgxqtGWPcuZ pl6ZL9ElYteL/RK5NXxvvf15K8unisx+bnL7tv5ogw8bH/kD6Cm8/gj15WHtQTHr4VHXrk 5g70B7GKqMPCPo2AUNn2mmW+yGEmPZmna9qF0KJ9HNZOvi3uiUYxpWRRxEGA8MA79DweiV Wp45HofmXSskuHBTD3pYwh7pzU9NRncC341Oleaoxb9rfmYeDuZjGZXixhEeUUQ74Dl+9u RRZpry4mY/ZisWpzuEylqmE6CqBRK9DcsgRwFfi6ubAFbWWNUOGss5igeyFfQg==
ARC-Authentication-Results: i=1; ORIGINATING; auth=pass smtp.auth=kivinen@iki.fi smtp.mailfrom=kivinen@iki.fi
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=iki.fi; s=lahtoruutu; t=1653938748; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=DaVqxLMbMkfhLC/m8/q3FwTEBjC58X8XJg20nqkPb2A=; b=IDmaao6SAmiYC8SDK5Yt0wXcyy99s7j8jbBNPlu4I+qmozhDRkB3xNn4RD7IZv299TF+68 BCYcMV4NBJIMLjIcsALLD8d7HQI9W9sqAxsnjtkgor5Bgib0WrvSpxYdaGWcaJfhqdYFmS NThCIm3WyILRq5SxR+y8aJR9ceoXoUbIMfLgQOMlTAVsyys3KNQ1xHSajWLec3iOgmxTtI UZnPKj6ATV1DgKij6KZUqI1JGchWNaUMph7PBZ7n7i7hrwIzQ4WpzCJnPY5+nHkyYmEjDZ Hr7OOg7bNMyyeiJGpU72T/XtlfurvWK2WMI0HjopEgQ8cKEhiIs9dvTxVqF5yA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/QUxAbgrix7PlCetSXyjTDk1k5DU>
Subject: Re: [IPsec] Secdir last call review of draft-ietf-ipsecme-rfc8229bis-06
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 May 2022 19:25:55 -0000
Valery Smyslov writes: > If the TCP connection is abandoned (for any reason) and the > associated IKE SA is still up, then the IKE initiator will re-create > it. So, it is not a big deal, but definitely can influence > performance. On the other hand, an attacker who is able to alter the > packets on the wire (TCP, UDP, any) can make IKE peers to tear down > IKE SA (e.g. by spoiling every packet). So, I'm not sure using TCP > gives significant advantages for an attacker here, in most cases it > will result in DoS. Actually just messing up any length octets on the wire will completely mess up the packet structure, as there is no way of recovering that except to tear down the TCP and start over, so this makes it easier to attack than to attack against UDP. For udp you would need to modify every single udp packet to cause them to fail to authenticate. For tcp, you need to take single TCP packet, and modify length bytes (for example simply flip one bit there), and that will mess up the whole stream and most likely tear down the whole IKE SA. I.e., if you change the length bytes of 100 byte IKE packet to 200 bytes, then receiver will keep waiting until it has 100 extra bytes after the IKE packet (from the next IKE or ESP packet in tcp tunnel), and then try to parse the IKE packet and notices it is only 100 bytes long (the authentication of the IKE packet will succeed, as it was not modified, and the IKE packet has length inside, so it will know that IKE packet was only 100 bytes long). Now after that it will read two random bytes from the stream, and assume they are then length field, and wait for that long and so on. I.e., it will never really recover (except by accident). Receiver can notice that, i.e., if it sees that there is extra data after the IKE SA packet, or the length field of the TCP stream is less than what is expected by the IKE packet, it knows something is wrong, and can restart the TCP connection. Detecting this on ESP packets is harder, but if the packets after the length field does not look like ESP packet, then we know that something is messed up and we need to restart the TCP stream. And as others already pointed out, it is very easy to just send few bytes in to the TCP stream, or just modify one frame by modifying the length fields. I think we need to add text explaining how to detect when the TCP length framing gets messed up by attacks, and how to recover (i.e., close down the TCP channel and recreate the TCP channel). -- kivinen@iki.fi
- [IPsec] Secdir last call review of draft-ietf-ips… Christian Huitema via Datatracker
- Re: [IPsec] Secdir last call review of draft-ietf… Valery Smyslov
- Re: [IPsec] [Last-Call] Secdir last call review o… Christian Huitema
- Re: [IPsec] [Last-Call] Secdir last call review o… touch@strayalpha.com
- Re: [IPsec] [Last-Call] Secdir last call review o… Valery Smyslov
- Re: [IPsec] [Last-Call] Secdir last call review o… touch@strayalpha.com
- Re: [IPsec] [Last-Call] Secdir last call review o… Valery Smyslov
- Re: [IPsec] [Last-Call] Secdir last call review o… touch@strayalpha.com
- Re: [IPsec] Secdir last call review of draft-ietf… Tero Kivinen
- Re: [IPsec] [Last-Call] Secdir last call review o… touch@strayalpha.com
- Re: [IPsec] Secdir last call review of draft-ietf… Valery Smyslov
- Re: [IPsec] [Last-Call] Secdir last call review o… Valery Smyslov
- Re: [IPsec] Secdir last call review of draft-ietf… Tero Kivinen
- Re: [IPsec] [Last-Call] Secdir last call review o… touch@strayalpha.com
- Re: [IPsec] [Last-Call] Secdir last call review o… touch@strayalpha.com
- Re: [IPsec] Secdir last call review of draft-ietf… Valery Smyslov
- Re: [IPsec] [Last-Call] Secdir last call review o… Valery Smyslov
- Re: [IPsec] [Last-Call] Secdir last call review o… Christian Huitema
- Re: [IPsec] [Last-Call] Secdir last call review o… Christian Huitema
- Re: [IPsec] Secdir last call review of draft-ietf… Tero Kivinen
- Re: [IPsec] Secdir last call review of draft-ietf… Valery Smyslov
- Re: [IPsec] [Last-Call] Secdir last call review o… touch@strayalpha.com
- Re: [IPsec] [secdir] [Last-Call] Secdir last call… Valery Smyslov
- Re: [IPsec] [secdir] [Last-Call] Secdir last call… Valery Smyslov
- Re: [IPsec] [Last-Call] [secdir] Secdir last call… touch@strayalpha.com
- Re: [IPsec] [secdir] [Last-Call] Secdir last call… touch@strayalpha.com
- Re: [IPsec] [Last-Call] [secdir] Secdir last call… Valery Smyslov
- Re: [IPsec] [secdir] [Last-Call] Secdir last call… Valery Smyslov
- Re: [IPsec] [Last-Call] [secdir] Secdir last call… touch@strayalpha.com
- Re: [IPsec] Secdir last call review of draft-ietf… Tero Kivinen