Re: [IPsec] Martin Duke's No Objection on draft-ietf-ipsecme-ikev2-intermediate-09: (with COMMENT)
Martin Duke <martin.h.duke@gmail.com> Thu, 03 March 2022 17:41 UTC
Return-Path: <martin.h.duke@gmail.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 92F343A0FFB; Thu, 3 Mar 2022 09:41:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TPtCLZZbwZnO; Thu, 3 Mar 2022 09:41:26 -0800 (PST)
Received: from mail-ua1-x92a.google.com (mail-ua1-x92a.google.com [IPv6:2607:f8b0:4864:20::92a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4C86E3A0FF5; Thu, 3 Mar 2022 09:41:26 -0800 (PST)
Received: by mail-ua1-x92a.google.com with SMTP id j7so2494151uap.5; Thu, 03 Mar 2022 09:41:26 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=jsWhkgUax2ljB4aR8oTq8jwUbP+MpAsy78IlFRiL/VA=; b=EqPvWVPOmqHCT/yqq0xpbTRdQfiDDiklu1CRJnFQjeNf+33lYPqCKc7r/iR+UiaDel zVRil8hlAMLcCRh89qM30aPTib7xUtcGCDXL1mnHULhpIZSV+X+Aq/oJDxv7JPPeqYlw uXNNmwgsI9FyEzV/BRycF/KilAWizqL0J7F2X+Am0eBbtTTXe8YHkn+szTk7sCBv67m3 el6S33Vz+LLqJ1TiaGfiZlKl0AbX8o4JnztubbV7d5urDgFu1bwIksoO3lEIqmHp1sJB jvi9aX9Hyo8RSLIzXQGeH1oPa8xlaiIj/OuYpqQObw/9zFanyvfSEAiPhmuP89JxUGsb 6cuQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=jsWhkgUax2ljB4aR8oTq8jwUbP+MpAsy78IlFRiL/VA=; b=XAmGIKTimCKgr2EiVMqItqZvhPT5N7gy5RB2ZzujeVhl0/OjM7AiA6MJJKW6o3ssn3 HCoS9kGl56cp9kSkx1S3Bp1+2PgQuxtP/Otormy7U9cWJ3rchtjb1r8KDdvN7y5PI5TD WWJlk/vFwYFmrpJIR1ru4Lg9WElZdWpRR7nfbQNlVUIUBia0iaiGVzRv9TZe9ErofRuE w0hvs1HL1oLLEWoHpswp1TzjFTS2JeLmU0q2G3KcbWCxb6XbIRYJn9yaF8q6ZAHsZ7mB TkukNiUouTf7O28cuEKz92Win+QX/UQV0A6+z+Y9eGFL7cVqC/WN5kAkkpLg2TZ8UUcG bP6A==
X-Gm-Message-State: AOAM532OVYF9Jma6TGfEZ53AM0TSocbMAQiZaJGdNBbCsliNIOiQWmE2 lhpghOGY+stFQPIDp+1amspzIZVzhiHFj07sYqM=
X-Google-Smtp-Source: ABdhPJxqgPxC5l0oZoJVcncBBusSXpNazaiRJOhza6Yleb7Jst2y2PyysEV6o1iglvElmdr4yPGsLQ7e/i2Cv51PC+g=
X-Received: by 2002:ab0:1112:0:b0:33e:802f:e335 with SMTP id e18-20020ab01112000000b0033e802fe335mr14957632uab.57.1646329284628; Thu, 03 Mar 2022 09:41:24 -0800 (PST)
MIME-Version: 1.0
References: <164625223564.17953.1128366395669864994@ietfa.amsl.com> <006701d82e7c$2ea5f480$8bf1dd80$@elvis.ru> <CAM4esxT-xsoB5FwQS=j38nT4bpOsSMT0OSX7M21CaNjnavnRLA@mail.gmail.com> <051901d82ec9$90222290$b06667b0$@elvis.ru>
In-Reply-To: <051901d82ec9$90222290$b06667b0$@elvis.ru>
From: Martin Duke <martin.h.duke@gmail.com>
Date: Thu, 03 Mar 2022 09:41:14 -0800
Message-ID: <CAM4esxSUt9yfWaAQOtTOASUiYR68iQyMstf1e646rdfhzDQ7_g@mail.gmail.com>
To: Valery Smyslov <svan@elvis.ru>
Cc: The IESG <iesg@ietf.org>, draft-ietf-ipsecme-ikev2-intermediate@ietf.org, ipsecme-chairs@ietf.org, ipsec@ietf.org, ynir.ietf@gmail.com
Content-Type: multipart/alternative; boundary="00000000000031929a05d953e8e2"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/Z5bOauoBsb9YslDSghINWXxFc5k>
Subject: Re: [IPsec] Martin Duke's No Objection on draft-ietf-ipsecme-ikev2-intermediate-09: (with COMMENT)
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Mar 2022 17:41:34 -0000
Looks good to me. On Wed, Mar 2, 2022 at 10:40 PM Valery Smyslov <svan@elvis.ru> wrote: > Hi Martin, > > > > For the proposed text, I would prefer something normative but if you think > that's unwise I'll accept your proposal. > > > > As Murray noticed, we can’t use normative language against > future specifications :-) > > > > I combined text resulted from Lars’ comment and from yours into > a list as follows > > (at the end of Introduction section): > > > > ... It is expected > that separate > > specifications will define for which purposes and how the > > IKE_INTERMEDIATE exchange is used in IKEv2. Some considerations must > > be taken into account when designing such specifications. > > > > o The IKE_INTERMEDIATE exchange is not intended for bulk transfer. > > This document doesn't set a hard cap on the amount of data that > > can be safely transferred using this mechanism, as it depends on > > its application. But it is anticipated that in most cases the > > amount of data will be limited to tens of Kbytes (few hundred > > Kbytes in extreme cases), which is believed to cause no network > > problems (see [RFC6928] as an example of experiments with sending > > similar amounts of data in the first TCP flight). See also > > Section 5 for the discussion of possible DoS attack vectors when > > amount of data sent in IKE_INTERMEDIATE is too large. > > > > o It is expected that the IKE_INTERMEDIATE exchange will only be > > used for transferring data that is needed to establish IKE SA and > > not for data that can be send later when this SA is established. > > > > I think both wordings impose some recommendations/restrictions > on using > > this exchange and thus it’s a good idea to put them together. Is > it OK? > > > > Otherwise, your responses look great! > > > > Thanks! > > > > Regards, > > Valery. > > > > Thanks! > > > > On Wed, Mar 2, 2022 at 1:26 PM Valery Smyslov <svan@elvis.ru> wrote: > > Hi Martin, > > thank you for your comments. > > > Martin Duke has entered the following ballot position for > > draft-ietf-ipsecme-ikev2-intermediate-09: No Objection > > > > When responding, please keep the subject line intact and reply to all > > email addresses included in the To and CC lines. (Feel free to cut this > > introductory paragraph, however.) > > > > > > Please refer to > > https://www.ietf.org/about/groups/iesg/statements/handling-ballot- > > positions/ > > for more information about how to handle DISCUSS and COMMENT > > positions. > > > > > > The document, along with other ballot positions, can be found here: > > https://datatracker.ietf.org/doc/draft-ietf-ipsecme-ikev2-intermediate/ > > > > > > > > ---------------------------------------------------------------------- > > COMMENT: > > ---------------------------------------------------------------------- > > > > (3.2) "Implementations MUST verify that Message IDs in the > > IKE_INTERMEDIATE > > messages [increment by 1]". Or what? In any case, isn't this fully > enforced > > by > > the WINDOW_SIZE parameter in Sec 2.3 of RFC 7296? That is, if > > WINDOW_SIZE == 1, > > any message that doesn't increment by 1 will simply be ignored. If > > WINDOW_SIZE > > > 1, receiving an increment > 1 is in fact legal (due to packet loss) > but the > > window will not advance until all IDs are received? > > Your understanding is correct. These requirements are in RFC 7296 > and may look redundant in this document. While it is not a good > practice to repeat requirements from another document, > it is done here for the purpose of bringing readers' attention > to them, because for this particular exchange they are crucial > for security. The way IKE_INTERMEDIATE exchanges > are authenticated implies that chunks of data fed into the prf > be in the order these exchanges took place. > > Scott Fluhrer suggested to reinforce the requirement to check > Message ID in the draft (quoting his private e-mail with his permission): > > "... we need to be careful about Message ID handling; what we want to > prevent is an attacker resending > a previous encrypted IKE Intermediate message, and confusing things (which > plausibly could happen > if there were a large number of IKE intermediate exchanges, and the sides > don't track all the message IDs > that they've seen already). I would suggest that the draft state that the > responder MUST verify that > the message IDs received are increasing (or is that inferable from the IKE > RFC?)." > > So, while it is basically repetition of what RFC 7296 says, it was decided > to reiterate these requirement due to their importance for security. > > > (5) The security considerations hint at it with all the DoS talk, but it > would > > be valuable to place some limits on the kind of information that can be > > contained in IKE_INTERMEDIATE and how it is processed. The document > > doesn't > > appear to explicitly restrict these messages to overflow from IKE_SA_INIT > > messages, so if an extension sends e.g. user data in these what are the > > implications? I'd suggest that applications not process such data until > AUTH > > exchange is complete. > > This document defines only the IKE_INTERMEDIATE exchange itself. > It is expected that other documents will define its application > and the types of data it contains. > > That said, I agree that IKE_INTERMEDIATE must only be used > in those cases, when the data transferred needs to be processed > before (or in) IKE_AUTH. So, it's not for transferring user data > (and I hope no specification will use it for this purpose). > > I can add something like this: > > It is expected that the IKE_INTERMEDIATE exchange will > only be used for transferring data that is needed to establish IKE SA > and not for data that can be send later when this SA is established. > > Is it OK? > > > While I am not particularly happy with solely using the WINDOW_SIZE > > mechanism > > to regulate the amount of data in flight, IMO that is an issue with RFC > 7296 > > and not this document. > > Indeed. > > Thank you! > > Regards, > Valery. > >
- [IPsec] Martin Duke's No Objection on draft-ietf-… Martin Duke via Datatracker
- Re: [IPsec] Martin Duke's No Objection on draft-i… Valery Smyslov
- Re: [IPsec] Martin Duke's No Objection on draft-i… Martin Duke
- Re: [IPsec] Martin Duke's No Objection on draft-i… Valery Smyslov
- Re: [IPsec] Martin Duke's No Objection on draft-i… Martin Duke