Re: [IPsec] WG Last Call on "The NULL Authentication Method in IKEv2 Protocol" draft-smyslov-ipsecme-ikev2-null-auth
Paul Wouters <paul@nohats.ca> Tue, 13 January 2015 20:39 UTC
Return-Path: <paul@nohats.ca>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 27F0B1ACD46 for <ipsec@ietfa.amsl.com>; Tue, 13 Jan 2015 12:39:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.01
X-Spam-Level:
X-Spam-Status: No, score=-2.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5STmyOsb8s9w for <ipsec@ietfa.amsl.com>; Tue, 13 Jan 2015 12:39:28 -0800 (PST)
Received: from mx.nohats.ca (mx.nohats.ca [193.110.157.68]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 230F61ACD47 for <ipsec@ietf.org>; Tue, 13 Jan 2015 12:39:26 -0800 (PST)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 3kMFVM39P2zCPY; Tue, 13 Jan 2015 16:06:19 +0100 (CET)
Authentication-Results: mx.nohats.ca; dkim=pass reason="1024-bit key; unprotected key" header.d=nohats.ca header.i=@nohats.ca header.b=nP1vvSI7; dkim-adsp=pass
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id U-AchW1piOnz; Tue, 13 Jan 2015 16:06:18 +0100 (CET)
Received: from bofh.nohats.ca (206-248-139-105.dsl.teksavvy.com [206.248.139.105]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Tue, 13 Jan 2015 16:06:18 +0100 (CET)
Received: from bofh.nohats.ca (bofh.nohats.ca [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 5589C8008E; Tue, 13 Jan 2015 10:06:17 -0500 (EST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1421161577; bh=3qXL+au8bYiT/XX/qIj8iDafuQY+A7X4zuPKQ8/8DK8=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=nP1vvSI7MW4m/NXRqV/BKanC/Hx+m4JNwYBfpT6Kn4Snb5kEdv4tequaJLhZAZox+ YWhIelyGP90B2cAOKdoMGy5J5Bm8Y9vaWW6nVt24IU2l/p0NqgCZwm9TR9Fv0coyiT 4CcCpDBvXR0rCBlt3ye2BrBk2XTWV9XgX0Wr8PEI=
Received: from localhost (paul@localhost) by bofh.nohats.ca (8.14.7/8.14.7/Submit) with ESMTP id t0DF6GIt016444; Tue, 13 Jan 2015 10:06:16 -0500
X-Authentication-Warning: bofh.nohats.ca: paul owned process doing -bs
Date: Tue, 13 Jan 2015 10:06:16 -0500
From: Paul Wouters <paul@nohats.ca>
To: Paul Hoffman <paul.hoffman@vpnc.org>
In-Reply-To: <E5689F47-B760-408F-A01B-8C5C86B9C1BB@vpnc.org>
Message-ID: <alpine.LFD.2.10.1501130943010.4821@bofh.nohats.ca>
References: <5E3BDAA5-B0C8-4004-8FFE-25B91199D7EC@vpnc.org> <alpine.LFD.2.10.1501091527300.27600@bofh.nohats.ca> <E5689F47-B760-408F-A01B-8C5C86B9C1BB@vpnc.org>
User-Agent: Alpine 2.10 (LFD 1266 2009-07-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
Archived-At: <http://mailarchive.ietf.org/arch/msg/ipsec/UMdhKFFCiEjMlz6IVyi5vWWC5wE>
Cc: IPsecME WG <ipsec@ietf.org>
Subject: Re: [IPsec] WG Last Call on "The NULL Authentication Method in IKEv2 Protocol" draft-smyslov-ipsecme-ikev2-null-auth
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Jan 2015 20:39:30 -0000
>> https://tools.ietf.org/html/draft-ietf-ipsecme-ikev2-null-auth So since the WGLC came onto us a little early, the document authors still have some different opinions about some of this. So let me raise those in the WGLC :) INITIAL_CONTACT Section 2.3 tries to address the problem of not being able to trust INITIAL_CONTACT. Normally this payload is only honoured after authentication, but we don't have a real authentication here, and one anonymous IKE SA should not be allowed to obsolete another IKE SA. Valery suggests sending liveness checks to all IKE SA's that used AUTH_NONE. I suggested sending liveness checks only to those IKE SA's that used the same IP address, thus limiting the scope to a more likely pool of possible orphaned SA's by a remote that crashed/restarted. Of course, implementations can be smart, and skip liveness checks for those IKE SA's whose IPsec SA is showing traffic now in in the very recent past. We need to consider the harm of leaving orphaned SA's versus the harm of being tricked into sending too many liveness probes. And in general, we need to ensure one IKE SA isn't sending a zillion useless IKE messages - as we've lost the protection of a real authentication to punish abusers by locking them out. (if you thought ddos-puzzles were interesting, come tackle this problem :) Traffic Selectors We touched a bit on the traffic selector problem. If a peer is able to pick its own address, it could attempt to steal traffic (say 8.8.8.8) from the server. We advise people to isolate these peers. We cannot fully disallow this because we need NAT-traversal support. Valery preferred server assigned IP addresses (using CP) which will work great in the "sensor network" but would cause overlapping problems with IKE peers that talk to multiple peers that hand out their own range of addresses. And opens up the reverse attack of the server stealing the client's 8.8.8.8 traffic. Some more discussion and insights on this would be useful. Additionally, if we allow some kind of narrowed traffic selector, malicious IKE peers would only need their one IP and could setup (protocol * sport * dport) IPsec SAs. Or a variant of this could be done with when allowing CREATE_CHILD_SA to setup a plethora of IPsec SAs. Restrictions based on IP address is hard, again because of the NAT support problem. What we tried to do with the security consideration section is to keep advise generic. Then specific opportunistic IPsec related issues could find themselves in a soon to be draft-ipsec-opportunistic document. Paul
- [IPsec] WG Last Call on "The NULL Authentication … Paul Hoffman
- Re: [IPsec] WG Last Call on "The NULL Authenticat… Paul Wouters
- Re: [IPsec] WG Last Call on "The NULL Authenticat… Paul Hoffman
- Re: [IPsec] WG Last Call on "The NULL Authenticat… Yaron Sheffer
- Re: [IPsec] WG Last Call on "The NULL Authenticat… Paul Wouters
- Re: [IPsec] WG Last Call on "The NULL Authenticat… Yaron Sheffer
- Re: [IPsec] WG Last Call on "The NULL Authenticat… Paul Wouters
- Re: [IPsec] WG Last Call on "The NULL Authenticat… Paul Wouters
- Re: [IPsec] WG Last Call on "The NULL Authenticat… Paul Wouters
- Re: [IPsec] WG Last Call on "The NULL Authenticat… Valery Smyslov
- Re: [IPsec] WG Last Call on "The NULL Authenticat… Tero Kivinen
- Re: [IPsec] WG Last Call on "The NULL Authenticat… Paul Wouters
- Re: [IPsec] WG Last Call on "The NULL Authenticat… Sean Turner
- Re: [IPsec] WG Last Call on "The NULL Authenticat… Graham Bartlett (grbartle)
- Re: [IPsec] WG Last Call on "The NULL Authenticat… Paul Koning
- Re: [IPsec] WG Last Call on "The NULL Authenticat… Paul Wouters
- Re: [IPsec] WG Last Call on "The NULL Authenticat… Yaron Sheffer
- Re: [IPsec] WG Last Call on "The NULL Authenticat… Valery Smyslov
- Re: [IPsec] WG Last Call on "The NULL Authenticat… Yaron Sheffer
- Re: [IPsec] WG Last Call on "The NULL Authenticat… Tero Kivinen
- Re: [IPsec] WG Last Call on "The NULL Authenticat… Paul Wouters
- Re: [IPsec] WG Last Call on "The NULL Authenticat… Yoav Nir