Re: [IPsec] rfc8229bis missing advise on error handling in IKE_INIT
Valery Smyslov <smyslov.ietf@gmail.com> Sat, 20 March 2021 16:21 UTC
Return-Path: <smyslov.ietf@gmail.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 860B23A18DC for <ipsec@ietfa.amsl.com>; Sat, 20 Mar 2021 09:21:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aso_ygpTAMkO for <ipsec@ietfa.amsl.com>; Sat, 20 Mar 2021 09:21:42 -0700 (PDT)
Received: from mail-lj1-x22c.google.com (mail-lj1-x22c.google.com [IPv6:2a00:1450:4864:20::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3A6CA3A25CE for <ipsec@ietf.org>; Sat, 20 Mar 2021 09:21:42 -0700 (PDT)
Received: by mail-lj1-x22c.google.com with SMTP id z8so15679848ljm.12 for <ipsec@ietf.org>; Sat, 20 Mar 2021 09:21:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:references:in-reply-to:subject:date:message-id :mime-version:thread-index:content-language; bh=SNX3aJ/IoDxAE6gULGVvSaYRBarM/8lUsBc5vDCPMm8=; b=ADTrehWQ3YYIH4CbOeVTjQ46CSNJnxmx4veaUmZUVRW3VRj/jo6d3ttc61Oxa86Bnv x9qt58h82Nrz16XX/6kjgje7oZ0AQih8iwh7S0I7vwaKrcNv7+lFnogptZVPMNN0DFSP vP0OKz8aOeiW+lyY9qiZEBfEVysU1cIB9rlaXIyjgYbnkK6JMPI0ifxpXur42VFQfEoO eOAktpSK9jOpITPOuKdLLP1FwsCaDpSZibQ0cUJGTGZdgPho387qoXZ534GjwEi/AL/x dYbOx7H5sJGkQTHYLO0YyVMCZMx1rS5gmrHu60/exC70p542EU0lV6GTEYRzsV57/Loi z51w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:references:in-reply-to:subject:date :message-id:mime-version:thread-index:content-language; bh=SNX3aJ/IoDxAE6gULGVvSaYRBarM/8lUsBc5vDCPMm8=; b=F2PNjdsEf+42st2fV+N8DMZjJqSgbjBYhfWjfCddr0gVPiCvI5rBrDfhHQsZPq9iD2 CFJHlDqjMe8raq095SczT32gj/xGhwqJ2GLqcEoMbh7JddXMcFZgdXdz5atjk2zR9+T6 W0FKdFHoZJxNCcLIZjojOtWPrjn4cdeUlSgxudqpk6GwXCyzSOHASTQ0puNR4xqW01NM MY3jE5oTq8DMA7M88Y2lvUu0qiAbP7xMCJUEzwhzR6iW5IR5xjZDtuurbncUWuPkYe5S 4SbJ2njbpFmaxKTVSWAUsnVbQ4lYnIbRz3m/R/f3SvEEoD7Z4O90Qj3tAgoGIK+7pBTL IaWg==
X-Gm-Message-State: AOAM531j+qA6uwu32AWBncmhA+BlaRGUdAyrYVgqI2eKrHyw630a6Ha8 GwhLf6KdQtjMbOHKTkpFFq88bVESySM=
X-Google-Smtp-Source: ABdhPJzYNzRVDaUgXFFTUoI3Kfvzbboqz06fDeCcX8cAJCh+3c/WBJ3aKCU1fjrbP+ONhYqZc5DaCA==
X-Received: by 2002:a05:651c:482:: with SMTP id s2mr4356926ljc.193.1616257297869; Sat, 20 Mar 2021 09:21:37 -0700 (PDT)
Received: from svannotebook ([185.48.36.123]) by smtp.gmail.com with ESMTPSA id i4sm857697lfv.161.2021.03.20.09.21.36 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sat, 20 Mar 2021 09:21:37 -0700 (PDT)
From: Valery Smyslov <smyslov.ietf@gmail.com>
To: 'Tommy Pauly' <tpauly=40apple.com@dmarc.ietf.org>, 'Paul Wouters' <paul@nohats.ca>
Cc: ipsec@ietf.org
References: <e37b5c6c-cee5-8d94-b1dd-899c862fea5d@nohats.ca> <175D1553-0884-4237-A9E9-A8FED64A6986@apple.com>
In-Reply-To: <175D1553-0884-4237-A9E9-A8FED64A6986@apple.com>
Date: Sat, 20 Mar 2021 19:21:36 +0300
Message-ID: <031a01d71da5$19de7e20$4d9b7a60$@gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_031B_01D71DBE.3F2D63D0"
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQGOZR41i14KyYWLPy0nf4JVug5XbgJDH4f5qwxjQMA=
Content-Language: ru
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/SB6dycl1JIvchuXrQS0QGHx6fAE>
Subject: Re: [IPsec] rfc8229bis missing advise on error handling in IKE_INIT
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 20 Mar 2021 16:21:45 -0000
Hi, On Mar 19, 2021, at 12:36 PM, Paul Wouters < <mailto:paul@nohats.ca> paul@nohats.ca> wrote: Hi, We have implemented TCP but are running in some issues where the RFC and the bis draft does not give us clarify. If the IKE_INIT over TCP gets back an INVALID_KE, what is supposed to happen? Is the responder expected to close the TCP session, since it never created a state for this exchange? Is the initiator expected to re-use the TCP connection to send a fresh new IKE_INIT request with the proper KE ? This case is similar to the COOKIE case, but there the initiator is expected to keep state and re-use, except one is not supposed to trigger COOKIES on TCP. My interpretation here, and the way our client works, is that the connection may be reused. >From 7296: If the initiator guesses wrong, the responder will respond with a Notify payload of type INVALID_KE_PAYLOAD indicating the selected group. In this case, the initiator MUST retry the IKE_SA_INIT with the corrected Diffie-Hellman group. This implies that the new IKE_SA_INIT is a retry of the same IKE SA. Indeed, at least for our client, we don’t reset the SA values. If that is the interpretation of the retry after INVALID_KE_PAYLOAD, it doesn’t violate 8229: Multiple IKE SAs MUST NOT share a single TCP connection, unless one is a rekey of an existing IKE SA, in which case there will temporarily be two IKE SAs on the same TCP connection. My interpretation is: the responder MAY close TCP connection if it doesn't create state. In this case the initiator will have to re-create TCP connection. On the other hand, as Tommy pointed out, according to RFC 7296 the responder may keep state in this situation, in which case it won't close TCP connection. Note I think this sentence is incorrect: Moreover, a TCP Responder creates state once a SYN packet is received libreswan listens on the TCP socket, but for INVALID_KE responses it creates a response without creating a state. This sounds like a good clarification to make. We can say that it may create state at that point. Well, it was meant that TCP itself is a stateful protocol, so if the responder receives SYN packet it does create some (TCP) state, which violates stateless nature of cookie. So, even if IKE remains stateless, TCP doesn't, and thus it is susceptible to DoS attacks. I think some clarifications need to be done. Similarly, when IKE_AUTH fails with NO_PROPOSAL_CHOSEN or AUTHENTICATION_FAILED, who is responsible for closing the TCP socket? The initiator or the responder? 8229 says: In order to close an IKE session, either the Initiator or Responder SHOULD gracefully tear down IKE SAs with DELETE payloads. Once the SA has been deleted, the TCP Originator SHOULD close the TCP connection if it does not intend to use the connection for another IKE session to the TCP Responder. If the connection is left idle and the TCP Responder needs to clean up resources, the TCP Responder MAY close the TCP connection. This generally means: client goes first when closing TCP, but server should close if the client doesn’t in time. I concur. Perhaps a similar issue happens when an IKE lifetime is reached before a rekey or re-auth happened. But in that case I guess the party sending the delete can linger briefly for the reply and then close the socket if it didn't get closed by the responder to the delete request. Note also that a new TCP connection can always be used for an IKE SA from an old connection; that is allowed, so it’s possible that if the server closes too early, the client will reopen with a new connection to send remaining messages. Exactly. Regards, Valery. Thanks, Tommy Paul _______________________________________________ IPsec mailing list IPsec@ietf.org <mailto:IPsec@ietf.org> https://www.ietf.org/mailman/listinfo/ipsec
- [IPsec] rfc8229bis missing advise on error handli… Paul Wouters
- Re: [IPsec] rfc8229bis missing advise on error ha… Tommy Pauly
- Re: [IPsec] rfc8229bis missing advise on error ha… Valery Smyslov
- Re: [IPsec] rfc8229bis missing advise on error ha… Paul Wouters