Re: [IPsec] IKE fragmentation
Paul Wouters <paul@nohats.ca> Wed, 13 March 2013 13:51 UTC
Return-Path: <paul@nohats.ca>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 53E8521F8D07 for <ipsec@ietfa.amsl.com>; Wed, 13 Mar 2013 06:51:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.278
X-Spam-Level:
X-Spam-Status: No, score=-2.278 tagged_above=-999 required=5 tests=[AWL=0.321, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cMeaW9fqmoJW for <ipsec@ietfa.amsl.com>; Wed, 13 Mar 2013 06:51:19 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [193.110.157.68]) by ietfa.amsl.com (Postfix) with ESMTP id 8443D21F8CF7 for <ipsec@ietf.org>; Wed, 13 Mar 2013 06:51:19 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 3ZQvbJ1WVqz147; Wed, 13 Mar 2013 09:51:08 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id EgFSzwYH8AqC; Wed, 13 Mar 2013 09:51:06 -0400 (EDT)
Received: from bofh.nohats.ca (206-248-139-105.dsl.teksavvy.com [206.248.139.105]) by mx.nohats.ca (Postfix) with ESMTP; Wed, 13 Mar 2013 09:51:05 -0400 (EDT)
Received: by bofh.nohats.ca (Postfix, from userid 500) id 6946B80860; Wed, 13 Mar 2013 09:51:05 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 54986804F3; Wed, 13 Mar 2013 09:51:05 -0400 (EDT)
Date: Wed, 13 Mar 2013 09:51:05 -0400
From: Paul Wouters <paul@nohats.ca>
To: Valery Smyslov <svanru@gmail.com>
In-Reply-To: <294A12724CB849D2A33F7F80CC82426A@buildpc>
Message-ID: <alpine.LFD.2.03.1303130941040.27437@nohats.ca>
References: <20799.34490.611737.922474@fireball.kivinen.iki.fi> <294A12724CB849D2A33F7F80CC82426A@buildpc>
User-Agent: Alpine 2.03 (LFD 1266 2009-07-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
Cc: ipsec@ietf.org, Tero Kivinen <kivinen@iki.fi>
Subject: Re: [IPsec] IKE fragmentation
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Mar 2013 13:51:20 -0000
On Wed, 13 Mar 2013, Valery Smyslov wrote: > As for IKEv2, I don't know how Cisco is doing fragmentation in this case > (it seems to have support for it), but if it is done similarly to IKEv1, > than I prefer our own solution - draft-smyslov-ipsecme-ikev2-fragmentation. > The main difference is that in Microsoft/Cisco solution (for IKEv1) > the whole encrypted ISAKMP message is fragmented, > leaving each fragment unauthanticated untill message get reassembled > and its authentity could be verivied. This opens door for > a very simple DoS attack on receiver. How is that a DOS attack? In our implementation of the IKEv1 fragmentation, we limit the number of fragments to 16. We will only need to do any crypto when we received the IKE packet marked as "last". Then we do crypto once on the assembled packet and throw it away when crypto fails. > In our proposal each fragment is encrypted and authenticated > individually, that allows receiver to distinguish valid fragments > from bogus, thus preventing from abovementioned DoS attack. But I can send lots of small forged fragments and you will do lots of crypto on them for _each_ forged fragment. I think you will end up using a lot more cpu and the attacker needs a lot less bandwidth. I actually do like the IKEv1 version. It's very simple. And uses the exact same code path apart from a little buffer where we store some fragments (with sane limits). The only oddness is that fragmentation ID that serves no purpose, as you cannot really have two different packets fragmented in flight for a single exchange. (well you can, but they are going to be identical anyway) While implementing the IKEv1 version, I did wonder about what should trigger fragmentation. For instance, if both parties have send and received the vendorid, and one side sends fragments, should the other side fully indepedantly wait for failure/retransmit before using fragments, or take the hint that if the path is broken one way, it is likely broken in the other way as well? It seems that being a little aggressive here can really help the IPsec SA to establish much faster - especially since our own retransmit time is 20 seconds, which is something we are now consideraing lowering a lot. Our implementation also does not handle the first packet of an exchange to be fragmented, because we have no state to store the fragments for. In practise this does not matter because the first packet is never large enough to need fragmentation. Paul
- [IPsec] IKE fragmentation Tero Kivinen
- Re: [IPsec] IKE fragmentation Valery Smyslov
- Re: [IPsec] IKE fragmentation Yaron Sheffer
- Re: [IPsec] IKE fragmentation Paul Wouters
- Re: [IPsec] IKE fragmentation Valery Smyslov
- Re: [IPsec] IKE fragmentation Valery Smyslov
- Re: [IPsec] IKE fragmentation Paul Wouters
- Re: [IPsec] IKE fragmentation Valery Smyslov
- Re: [IPsec] IKE fragmentation Paul Wouters
- Re: [IPsec] IKE fragmentation Derek Atkins
- Re: [IPsec] IKE fragmentation Yoav Nir
- Re: [IPsec] IKE fragmentation Yoav Nir
- [IPsec] Informal poll on IKEv2 { over TCP | fragm… Paul Hoffman
- Re: [IPsec] Informal poll on IKEv2 { over TCP | f… Yoav Nir
- Re: [IPsec] Informal poll on IKEv2 { over TCP | f… Paul Wouters
- Re: [IPsec] IKE fragmentation Valery Smyslov
- Re: [IPsec] Informal poll on IKEv2 { over TCP | f… Valery Smyslov
- Re: [IPsec] IKE fragmentation Yoav Nir
- Re: [IPsec] IKE fragmentation Paul Wouters
- Re: [IPsec] IKE fragmentation Tero Kivinen
- Re: [IPsec] IKE fragmentation Yoav Nir
- Re: [IPsec] IKE fragmentation Yoav Nir
- Re: [IPsec] IKE fragmentation Valery Smyslov
- Re: [IPsec] IKE fragmentation Paul Wouters
- Re: [IPsec] IKE fragmentation Valery Smyslov
- Re: [IPsec] IKE fragmentation Tero Kivinen
- Re: [IPsec] Informal poll on IKEv2 { over TCP | f… Paul_Koning
- Re: [IPsec] IKE fragmentation Yaron Sheffer
- [IPsec] Informal poll on IKEv2 { over TCP | fragm… Tero Kivinen
- Re: [IPsec] Informal poll on IKEv2 { over TCP | f… Brian Weis