IETF Logo Mail Archive

[IPsec] Comments on draft-ietf-lwig-minimal-esp-00

"Scott Fluhrer (sfluhrer)" <sfluhrer@cisco.com> Mon, 22 July 2019 00:17 UTC

Return-Path: <sfluhrer@cisco.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D0A80120156 for <ipsec@ietfa.amsl.com>; Sun, 21 Jul 2019 17:17:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.5
X-Spam-Level:
X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=KbrhMBhR; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=IjNbnu3w
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F2HsKOH4aP25 for <ipsec@ietfa.amsl.com>; Sun, 21 Jul 2019 17:17:10 -0700 (PDT)
Received: from rcdn-iport-6.cisco.com (rcdn-iport-6.cisco.com [173.37.86.77]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8319312004F for <ipsec@ietf.org>; Sun, 21 Jul 2019 17:17:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=10250; q=dns/txt; s=iport; t=1563754630; x=1564964230; h=from:to:subject:date:message-id:mime-version; bh=HGnI0j6i4pnu9DH7wpCOVVBMTSE/oNLVcAL0zJ3NAbU=; b=KbrhMBhRs42FCPb4Digy2PLHqkQ1PtJ6zENuAQ1xLF0FZu6OZl07E/Ma A2Gtpdv6B3qs8G21si5QpND39h66VAiEadGjwStMId9ACpewUhX6NRHTn HMyBIJejAJyrcIaKE3Hm768TyumRiTgG1Ry7HO/M5/8v4c77jvwsCqyjb g=;
IronPort-PHdr: 9a23:7xrBRxGz5zi44rfhlwYW2J1GYnJ96bzpIg4Y7IYmgLtSc6Oluo7vJ1Hb+e4z1Q3SRYuO7fVChqKWqK3mVWEaqbe5+HEZON0pNVcejNkO2QkpAcqLE0r+eeXkazE6BslYfFRk5Hq8d0NSHZW2ag==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0DwCAAJADVd/4kNJK1mH4F6gRUvUANtVSAECyoKh1oDjX1MlQqEVYJSA1QJAQEBDAEBLQIBAYRAAoJSIzcGDgEDAQEEAQECAQZthR4BC4VjFQYTAQE4EQGBACYBBBsagwGBHU0DHQGeKgKBOIhggXAzgnkBAQWFAhiCEwmBNItCHReBQD+BV4dQgzuCJowCIIdUlgRtCQKCGQOLQ4hhmAqNNZdQAgQCBAUCDgEBBYFmIoFYcBWDJ4JLGoNOilNygSmNBQGBIAEB
X-IronPort-AV: E=Sophos;i="5.64,292,1559520000"; d="scan'208,217";a="599355150"
Received: from alln-core-4.cisco.com ([173.36.13.137]) by rcdn-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 22 Jul 2019 00:17:09 +0000
Received: from XCH-ALN-011.cisco.com (xch-aln-011.cisco.com [173.36.7.21]) by alln-core-4.cisco.com (8.15.2/8.15.2) with ESMTPS id x6M0H9pt006731 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL) for <ipsec@ietf.org>; Mon, 22 Jul 2019 00:17:09 GMT
Received: from xhs-rcd-003.cisco.com (173.37.227.248) by XCH-ALN-011.cisco.com (173.36.7.21) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Sun, 21 Jul 2019 19:17:08 -0500
Received: from xhs-rcd-003.cisco.com (173.37.227.248) by xhs-rcd-003.cisco.com (173.37.227.248) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Sun, 21 Jul 2019 19:17:08 -0500
Received: from NAM02-BL2-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-003.cisco.com (173.37.227.248) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Sun, 21 Jul 2019 19:17:08 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=L2ysW2DV1u9bjQkvzwZ11W7EFVTGqTgu2Nxz5F2vuZXlLD+LC4eBQ64gmGWYj6X80pXDqcbmPtp5vA+A+bG/TH3ksTH6KSEPfF3f0khfkXKiQ8iVK/M/8UuKi5PDN/xIyIOB3qM3FryWGZnmHOKy2nCWJyej/t6UziX7U8K+wuqWAoLPoAHosynNtV0ZYwh0QtqBpdMKanfQA6I1nT2XuL1Bqex7j6ujGV2lyFoU/fWQl2H673zT35JrhPi2fHmhv9Skgx4rci7TSIWiG25vSMiHpY8jj6XitthhrAwUTZ+W+/PzVl6KAiex+/B+GTWPzhY4RpiJw2myb4lnIFdkMw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=imD2LSzNQ5XJq85b3XDvpS22alIzBOw0eKb0oSDIF3w=; b=i5tUutGoipErRyG+sfNe8BJVhW1GxR1hrPHoyssrC4DlpMGCOuCsSqd0XYMLzj+WCw8HGkfXlsBtssWXf/X+et189WnoSav57IYQ4W5rWpPQh5GlUeTJ+wtcc4pCCsQvMBPWjBRRQTYphEcKnYVn93CjFiGkemgr+jTx8C5mgVDV47TqiW9bH34kg/8Vz5Gz9xaCNKPq1nBE8TNeAOH254rHVbr2T2S2+3r52ZFihi9Vbbze5h6cRYRlRNQhHbt/dipfrqFPDAtiFEw9XdMIei+jAqYGRB096QNMEe8KtLa9ieiPOIxYDGALMBbwq0oMTRr+hDpsa1/N4Wb9Jf8v9A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=cisco.com;dmarc=pass action=none header.from=cisco.com;dkim=pass header.d=cisco.com;arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=imD2LSzNQ5XJq85b3XDvpS22alIzBOw0eKb0oSDIF3w=; b=IjNbnu3wfEk4vzsR88Evat2S9hW7rgf9eiEvJ3eDxAMrsirrnTmlYZP4JgTvgwDl320kuctE+lYfUW5U8V4NpFb8rijNx/4c6odX6XseXtkGdfMPruFKnr+mblDnjcS99XlFG4KSflWh8ogsOFNSjWc30zUYvD8jhJaqgrQI9y0=
Received: from MN2PR11MB3871.namprd11.prod.outlook.com (10.255.180.204) by MN2PR11MB3984.namprd11.prod.outlook.com (10.255.181.77) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2094.16; Mon, 22 Jul 2019 00:17:07 +0000
Received: from MN2PR11MB3871.namprd11.prod.outlook.com ([fe80::4c5:965:c7b7:387b]) by MN2PR11MB3871.namprd11.prod.outlook.com ([fe80::4c5:965:c7b7:387b%3]) with mapi id 15.20.2094.013; Mon, 22 Jul 2019 00:17:07 +0000
From: "Scott Fluhrer (sfluhrer)" <sfluhrer@cisco.com>
To: "ipsec@ietf.org" <ipsec@ietf.org>
Thread-Topic: Comments on draft-ietf-lwig-minimal-esp-00
Thread-Index: AdVAH1PvRJB9s0MWQrmZVSpKQQMxMA==
Date: Mon, 22 Jul 2019 00:17:07 +0000
Message-ID: <MN2PR11MB3871D71922DC05E087BDF992C1C40@MN2PR11MB3871.namprd11.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=sfluhrer@cisco.com;
x-originating-ip: [173.38.117.74]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: e5d0b6a4-fbe0-4653-17e9-08d70e39ee66
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:MN2PR11MB3984;
x-ms-traffictypediagnostic: MN2PR11MB3984:
x-ms-exchange-purlcount: 2
x-microsoft-antispam-prvs: <MN2PR11MB39840C75055EF6ADE7300078C1C40@MN2PR11MB3984.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:4303;
x-forefront-prvs: 01068D0A20
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(376002)(346002)(396003)(136003)(39860400002)(366004)(189003)(199004)(76114002)(14454004)(81166006)(1730700003)(7696005)(99286004)(26005)(5660300002)(53936002)(5640700003)(7736002)(68736007)(2906002)(3846002)(6116002)(790700001)(81156014)(55016002)(54896002)(6306002)(86362001)(8936002)(9686003)(64756008)(66066001)(66446008)(256004)(14444005)(6436002)(2351001)(102836004)(25786009)(316002)(186003)(74316002)(71190400001)(71200400001)(33656002)(476003)(76116006)(66946007)(66556008)(66476007)(478600001)(52536014)(486006)(6916009)(8676002)(6506007)(2501003); DIR:OUT; SFP:1101; SCL:1; SRVR:MN2PR11MB3984; H:MN2PR11MB3871.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: semuBBnBfaj5n6wg2H1rpA8zp8h4zDNtxelk9f0YctyI10DGW+PVd98plow8Ee11SVOMbPJrEgu0JmKurAYCeouMMDl81kzSOVuWkUudHZgI/yHrpIBe7wjS4ZmUznYGaY84oAGXUvBIp1r9zBx6TTfAcUJ2QYZ87DZZTFFXp9bbCGViC5kICXOM9KGvLRQNzCmT6Cswi7N+jMfFZxHWktibKXnd5Sy2f/crsxIFMue8Q7VEf9CSn/Jy4RX3P3paBNkrDrWgw0PEjDVL7KUVdGK4Z7PpC5t1YfYIYGn2Nqde17oDj1Wx+un4p303aJ/0ff2KA8Tej9Tgk4WZ+tKrBNqHCTcjZbB1qRzsjmpnT1EukV8S4iuyr9zyCwm6vpq7NYBmsU+YWOX9IAD8ErbG/iWtvOeIkgrqa1wlIAArZxs=
Content-Type: multipart/alternative; boundary="_000_MN2PR11MB3871D71922DC05E087BDF992C1C40MN2PR11MB3871namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: e5d0b6a4-fbe0-4653-17e9-08d70e39ee66
X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Jul 2019 00:17:07.0388 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: sfluhrer@cisco.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB3984
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.21, xch-aln-011.cisco.com
X-Outbound-Node: alln-core-4.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/VlKBmwHsNYNFRoyP4rq4I8ISMRM>
Subject: [IPsec] Comments on draft-ietf-lwig-minimal-esp-00
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Jul 2019 00:17:13 -0000

Comments:


  *   I have issues with the draft's emphasis on fixed SPI values.  One reason for the SPI value is to handle key updates cleanly; during the transition, the SPI can be used to indicate whether the packet was encrypted with the previous set of key or the new ones.  As we really don't want to discourage rekeying I would suggest that, instead of talking so much about fixed SPIs, you instead address how to do nonrandom SPIs (for example, by having the top 3 bytes of the inbound SPI being the SAD entry, and the lower byte being the rekey index).
  *   "Values 0-255 SHOULD NOT be used."; shouldn't that be MUST NOT?  Can you think of an advantage a device might have for using a SPI in that region?

The use of fix SPI MUST NOT be considered as a way to avoid strong random generators.  Such generator will be required in order to provide strong cryptographic protection"; actually, if the IPsec implementation doesn't actually generate its own keys (that is, it relies on an external service to provide them), and the transform itself doesn't require random data (CBC can be implemented securely without one), then the IPsec implementation doesn't actually need an CSPRNG.

  *   SN based on clocks; one issue that is not addressed is that standard receivers are tuned for an increment of one-per-packet; if the sender uses increments significantly larger than that, and packets are reordered, the receiver is more likely to reject valid packets because they fell outside the window.
  *   One issue you do not address (but I believe you should) is the fact that some cryptographical transforms are more resilient for key reuse (e.g. because you use a fixed key, and don't change it after a reboot) than others.  In particular, both GCM and ChaCha20-Poly1305 have real problems when that happens, and should be avoided.

Typos:

  *   a random SPI may consume to much -> too much
  *   fix SPI -> fixed SPI
  *   can be alleviate -> can be alleviated
  *   algorythm -> algorithm
  *

v2.23.0 | Report a Bug | By Email