Re: [IPsec] I-D Action: draft-ietf-ipsecme-ikev1-algo-to-historic-00.txt
Paul Wouters <paul@nohats.ca> Thu, 06 May 2021 19:22 UTC
Return-Path: <paul@nohats.ca>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 56F913A2D9D for <ipsec@ietfa.amsl.com>; Thu, 6 May 2021 12:22:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O9kH8Alwy3l5 for <ipsec@ietfa.amsl.com>; Thu, 6 May 2021 12:21:59 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [IPv6:2a03:6000:1004:1::68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A712E3A2D9A for <ipsec@ietf.org>; Thu, 6 May 2021 12:21:59 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 4Fbk3S15WPzKHm for <ipsec@ietf.org>; Thu, 6 May 2021 21:21:56 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1620328916; bh=03nuLH4R+qkFAYgl782vtBqRr+iTiDDk0EER6QZgejM=; h=Date:From:To:Subject:In-Reply-To:References; b=GoPQsO4r+1/PEKbT58lf/ezLiQxsM8bfTOOLeV6vz0rkImR4/3P60O6HI1tUbhC9C RQoIHEGobqw6P8W4QBu9dcNtuvDoBQe56+7t+bJBkrmr51F7BUJ8Z/S+v7VPR3x3w3 hUz/LmkIAB/R60Tk8Z/c80zpBm89oI0ag1dtJkLY=
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id zN5LRuWzt6l0 for <ipsec@ietf.org>; Thu, 6 May 2021 21:21:55 +0200 (CEST)
Received: from bofh.nohats.ca (bofh.nohats.ca [193.110.157.194]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS for <ipsec@ietf.org>; Thu, 6 May 2021 21:21:54 +0200 (CEST)
Received: by bofh.nohats.ca (Postfix, from userid 1000) id B30915173D; Thu, 6 May 2021 15:21:53 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id ABB065173C for <ipsec@ietf.org>; Thu, 6 May 2021 15:21:53 -0400 (EDT)
Date: Thu, 06 May 2021 15:21:53 -0400
From: Paul Wouters <paul@nohats.ca>
To: "ipsec@ietf.org WG" <ipsec@ietf.org>
In-Reply-To: <6297c870-0507-b3e8-ee6e-5517bdc86bba@lounge.org>
Message-ID: <1fcc66b-aca1-6a5-e275-35bd29b3580@nohats.ca>
References: <161962448020.12575.13131318934919776038@ietfa.amsl.com> <40493aa4-ba3a-ad32-fda2-f5ab24d78296@nohats.ca> <6297c870-0507-b3e8-ee6e-5517bdc86bba@lounge.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/crENax8kcWhoY8aIH__FflP8s2w>
Subject: Re: [IPsec] I-D Action: draft-ietf-ipsecme-ikev1-algo-to-historic-00.txt
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 May 2021 19:22:04 -0000
On Wed, 5 May 2021, Dan Harkins wrote:
> - the first two bullet points in section 3 are basically speculation,
> "a number of..." is meaningless. These bullet points are ultimately
> not even necessary to make the case being made. Delete these, please.
I have heard from vendors, so I don't think this is speculation.
I think it is important to get these points across. Especially the
second bullet point, as people might think IKEv1 is still being
supported because their devices are still seeing regular updates,
without realizing that the IKEv1 code on those devices in fact will
not receive any further updates.
> - fourth bullet in section 3 should be rewritten. The "Often, IKEv1..."
> sentence should be removed but the remainder is a decent point. IKEv1
> was standardized before modern ciphers were designed, to get support
> for modern, accepted ciphers use IKEv2.
How about:
OLD:
* IKEv1 systems most likely do not support modern cryptographic
algorithms. AES-GCM is only defined for ESP and not IKE, and
often not implemented for ESP. And CHACHA20_POLY1305 is not
defined for IKEv1. Often, IKEv1 is configured with the very weak
Diffie-Hellman Groups 2 and 5 and some implementatipons do not
support any stronger alternatives.
NEW:
* The IKEv1 protocol pre-dates modern cryptographic algorithms. While
a limited number of more modern cryptographic algorithms were added
to the IKEv1 specification, interoperability concerns means that the defacto
algorithms deployed for IKEv1, AES-CBC, SHA1, DH2 and DH5, are no longer
recommended and a migration to IKEv2 is the best method to deploy
modern cryptographic algorithms with the IKE and IPsec protocols.
Or if you have an altnerative proposal, I'm happy to hear it.
> - there is another IKEv1 feature not available in IKEv2: a deniable
> authentication method. IKEv1 had a very cool deniable exchange
> involving encrypted nonces. IKEv2 decided to not support that for
> whatever reason. Lack of support for a cool and usefu authentication
> method doesn't really make the case to send IKEv1 to historic
Can you clarify this a bit further for me? Is this deniable
authentication method part of all IKEv1 auth methods? Or is this a
specific feature that needed to be specifically enabled?
That said, if the WG deemed this feature no longer required when
specifying IKEv2, then I do not think we need to mention this here when
we are talking about motivations for people to move from IKEv1 to IKEv2.
If there is a good reason and people are prevented from upgrading to
IKEv2 because of this, I would be expecting an IKEv2 draft to be
developed to address this shortcoming. But it seems to me (I wasn't here
when these decisions were made) that the WG did not think this issue was
a concern ?
> then, oh well. As an aside, I suggested a way to add an exchange
> such an exchange using HPKE [1]. Not that I'm saying this needs to
> be added to IKEv2, but if you're gonna talk about IKEv1 features
> missing in IKEv2 you should be complete.
I was mostly listing the features in IKEv1 that were missing in IKEv2
that actually were motivations for certain people to not upgrade to
IKEv2. It is surely not meant as a list of IKEv1 vs IKEv2 features.
> Other than that, good work.
Thanks.
Paul
- [IPsec] I-D Action: draft-ietf-ipsecme-ikev1-algo… internet-drafts
- Re: [IPsec] I-D Action: draft-ietf-ipsecme-ikev1-… Paul Wouters
- Re: [IPsec] I-D Action: draft-ietf-ipsecme-ikev1-… Dan Harkins
- Re: [IPsec] I-D Action: draft-ietf-ipsecme-ikev1-… Paul Wouters
- Re: [IPsec] I-D Action: draft-ietf-ipsecme-ikev1-… Dan Harkins
- Re: [IPsec] I-D Action: draft-ietf-ipsecme-ikev1-… Tero Kivinen
- Re: [IPsec] I-D Action: draft-ietf-ipsecme-ikev1-… Dan Harkins