RE: IKEv2 (son-of-ike) draft
"Walker, Jesse" <jesse.walker@intel.com> Tue, 27 November 2001 19:27 UTC
Received: from lists.tislabs.com (portal.gw.tislabs.com [192.94.214.101]) by above.proper.com (8.11.6/8.11.3) with ESMTP id fARJRj825416; Tue, 27 Nov 2001 11:27:45 -0800 (PST)
Received: by lists.tislabs.com (8.9.1/8.9.1) id NAA03607 Tue, 27 Nov 2001 13:27:22 -0500 (EST)
Message-ID: <10C8636AE359D4119118009027AE9987120B7F69@FMSMSX34>
From: "Walker, Jesse" <jesse.walker@intel.com>
To: 'Radia Perlman - Boston Center for Networking' <Radia.Perlman@sun.com>, ipsec@lists.tislabs.com
Subject: RE: IKEv2 (son-of-ike) draft
Date: Tue, 27 Nov 2001 10:36:48 -0800
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain; charset="iso-8859-1"
Sender: owner-ipsec@lists.tislabs.com
Precedence: bulk
Hi Radia, Dan, Charlie, and you have done a nice job with this draft document. Thanks for making this effort; it is a very hard job. I especially commend the lucid key roll-over discussion, as the lack of one was a devil tormenting implementors of the RFC 2401-2412 series. With that in mind, the following text on page 21 from Clause 5 "Informational (Phase 2) Exchange" jumped out at me: ESP, AH, and IPcomp SAs always exist in pairs, with one SA in each direction. When an SA is closed, both members of the pair MUST be closed. ... The recipient MUST close the designated SAs. Normally, the reply in the Informational Exchange will contain delete payloads for the paired SAs going in the other direction. There is one exception. If by chance both ends of a set of SAs independently decide to close them, each may send a delete payload and the two requests may cross in the network. If a node receives a delete request for SAs that it has already issued a delete request for, it MUST delete the incoming SAs while processing the request and the outgoing SAs while processing the response. In that case, the responses MUST NOT include delete payloads for the deleted SAs, since that would result in duplicate deletion and could in theory delete the wrong SA. This does not sound quite right. The Internet between the SA source and sink is a large re-ordering buffer, so the Delete can arrive before many already-transmitted data packets protected by the SA. It might be that this problem is not worth fixing, as the packet loss is transient and infrequent and any solution outweighs the introduced complexity, and I can accept this conclusion. However, as network speeds increase, the consequences this kind of reordering will become more evident and irritating, as more packets can be buffered, so it seems like we should at least have the discussion at least once. Let us call the communicating peers A and B, with A initiating the Delete; the A to B direction will be denoted by A->B, and analogously B->A for the B to A direction. Intuitively A will roll-over from the old A->B SA to the new by deciding to transmit on the new replacement A->B SA but receive on both the old and the new B->A SAs, and then send the Delete. Once it has made this decision there is no reason for it to maintain the old A->B SA, because it knows it will never use this for packets it sends to B. When B on the other hand receives the Delete, it doesn't know that it will receive no more protected datagrams for the old A->B SA. A faces a similar dilemma when it receives B's Delete response. It seems like there are two potential difficulties here. First the deletion of the half-duplex SAs are tightly coupled to occur together, and second, the receiver of a Delete doesn't have enough information to intelligently decide when to effect the delete of is old incoming SA. What seems needed is something like incorporating the SA's last sequence number sent into the Delete payload, and then adding a new state to an SA to allow the timing of the Delete of an SA to be decoupled somewhat from that of its bretheren in the opposite direction; perhaps the incoming SA has to be timed out after the outgoing one has been deleted, if it has not received to the end of the reported sequence space. -- Jesse -----Original Message----- From: Radia Perlman - Boston Center for Networking [mailto:Radia.Perlman@sun.com] Sent: Monday, November 19, 2001 11:55 AM To: ipsec@lists.tislabs.com Subject: IKEv2 (son-of-ike) draft And to answer some of the recent email on the list...this protocol does maintain the phase 1/phase 2 notion, but sets up both phase 1 and phase 2 in a single 2-round-trip exchange. After the initial exchange, additional SAs can be set up, or the SA can be rekeyed, with a single round trip. And it does identity hiding of both ends. Most of the work was in rewriting the three documents into a single self-contained document, and cleaning up the "networking" type issues and overly complex encodings such as the SA payload. Radia ------------- Begin Forwarded Message ------------- To: ipsec@lists.tislabs.com From: dharkins@tibernian.com Subject: IKEv2 (son-of-ike) draft MIME-Version: 1.0 Content-ID: <2377.1006067452.1@SailPix.com> This draft was submitted but hasn't shown up yet in the repository (the I-D editor is, no doubt, swamped) so in the interest of giving people more time to look at it prior to Salt Lake here's a link: http://www.lounge.org/draft-ietf-ipsec-ikev2-00.txt Please send comments to the list. Dan. ------------- End Forwarded Message -------------
- IKEv2 (son-of-ike) draft Radia Perlman - Boston Center for Networking
- Re: IKEv2 (son-of-ike) draft Ari Huttunen
- RE: IKEv2 (son-of-ike) draft Sami Vaarala
- Re: IKEv2 (son-of-ike) draft Jan Vilhuber
- Re: IKEv2 (son-of-ike) draft Henry Spencer
- Re: IKEv2 (son-of-ike) draft Ari Huttunen
- Re: IKEv2 (son-of-ike) draft Derek Atkins
- Re: IKEv2 (son-of-ike) draft Henry Spencer
- Re: IKEv2 (son-of-ike) draft Derek Atkins
- Re: IKEv2 (son-of-ike) draft dharkins
- Re: IKEv2 (son-of-ike) draft Henry Spencer
- Re: IKEv2 (son-of-ike) draft Derek Atkins
- Re: IKEv2 (son-of-ike) draft Jan Vilhuber
- RE: IKEv2 (son-of-ike) draft Walker, Jesse