[IPsec] Questions about RFC 5723
Paul Wouters <paul@nohats.ca> Thu, 11 July 2019 20:17 UTC
Return-Path: <paul@nohats.ca>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 99B4B120143 for <ipsec@ietfa.amsl.com>; Thu, 11 Jul 2019 13:17:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kSvUSCQ5x6vE for <ipsec@ietfa.amsl.com>; Thu, 11 Jul 2019 13:17:06 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [193.110.157.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 30BC7120121 for <ipsec@ietf.org>; Thu, 11 Jul 2019 13:17:06 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 45l6ly6Z5VzDfY; Thu, 11 Jul 2019 22:17:02 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1562876222; bh=+PMaDhZY3TG8nB8dXcQIg45/v0oQPAByIcBupOloCh4=; h=Date:From:To:cc:Subject; b=U3FPq5btpE2r/G/C4bFecChBTX7ubz6NitRB+xjjMXrFS6jKXxOLWus6j4BTfDPoC ljm238mjBkDF9MqBmb3C79Ai0TIgYwYFKCcewZrgZby5NyjLU+L8zBAQS/SzlEeLCf QJgfMgz/rwVLEVZS7sAvCPDF0w0ybtPvf7QNsqZM=
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id DaFxeiUE-yhW; Thu, 11 Jul 2019 22:17:01 +0200 (CEST)
Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Thu, 11 Jul 2019 22:17:00 +0200 (CEST)
Received: by bofh.nohats.ca (Postfix, from userid 1000) id 27ED44AA; Thu, 11 Jul 2019 16:16:59 -0400 (EDT)
DKIM-Filter: OpenDKIM Filter v2.11.0 bofh.nohats.ca 27ED44AA
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 1BA314009E88; Thu, 11 Jul 2019 16:16:59 -0400 (EDT)
Date: Thu, 11 Jul 2019 16:16:59 -0400
From: Paul Wouters <paul@nohats.ca>
To: Yaron Sheffer <yaronf.ietf@gmail.com>, Hannes Tschofenig <hannes.tschofenig@gmx.net>, "ipsec@ietf.org WG" <ipsec@ietf.org>
cc: vinay kornapalli <vinaykornapalli@gmail.com>
Message-ID: <alpine.LRH.2.21.1907111548370.26855@bofh.nohats.ca>
User-Agent: Alpine 2.21 (LRH 202 2017-01-01)
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"; charset="US-ASCII"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/gO3KbcJkZ3b9v3pmi7_lj65K79M>
Subject: [IPsec] Questions about RFC 5723
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Jul 2019 20:17:09 -0000
Hi, I'm a little confused about some parts in RFC 5723 The first is about which SA's can be resumed. The introduction leaves this ambiuous: To re-establish security associations (SAs) upon a failure recovery condition is time-consuming, It does not say IKE SA or IPsec SA. And I have a feeling it depends a bit on what you call "resumption". It then talks about resuming the IKE SAs.... Reading more, it seems IPsec SA's are not "resumed" but "created from scratch"? I also see: If a client temporarily loses network connectivity (and the IKE SA times out through the liveness test facility, a.k.a. "dead peer detection") This is also a little confusing for IKE and IPsec states, because the liveness test is for an IPsec SA, not an IKE SA. But it is send via an IKE SA. That is, if an IPsec SA has no outgoing traffic, there would never be a check using IKE for this. So it is kind of misusing the fact that the IKE SA is used for liveness tests to check on the status of the IKE SA. In 4.3.4 I see: Following the IKE_AUTH exchange, a new IKE SA is created by both parties, see Section 5, and a Child SA is derived, per Section 2.17 of [RFC4306]. Which Child SA? If the peers had more then one IPsec SA, how does one determine which IPsec SA to generate key material for first? Because this paragraph does not talk about a new CREATE_CHILD_SA, it looks as if the child sa derivation would not need another Exchange, but I can find no information on how this would be done, unless we just pull KEYMAT from the new SKEYSEED, but then child SA and ordering is completely unspecified and this could only work when there is a single IPsec SA for the IKE SA? And this is the really confusing part in section 5: IKE and IPsec State after Resumption During the resumption process, both peers create IKE and IPsec state for the resumed IKE SA. Although the SA is only completed following a successful IKE_AUTH exchange, many of its components are created earlier, notably the SA's crypto material So here too it says "create IKE and IPsec state". Which IPsec state first? Then it talks about "the SA" and "the SA's" ? My guess is that we first pull key material for the IKE SA, and then for one of the IPsec SA's (perhaps this document assumes there is only 1 IPsec SA for any IKE SA that can be resumed?). Or based on Note 6: Note 6: Since information about Child SAs and configuration payloads is not resumed, IKEv2 features related to Child SA negotiation (such as IPCOMP_SUPPORTED, ESP_TFC_PADDING_NOT_SUPPORTED, ROHC-over-IPsec [ROHCoIPsec] and configuration) aren't usually affected by session resumption. Perhaps what is meant is that a session resumption only resumed a childless IKE SA, and now the initiator must do CREATE_CHILD_SA's for each IPsec SA it wants to have again (not really "resumption", as these are created "from scratch" like regular CREATE_CHILD_SA? Also, when using PFS, these CREATE_CHILD_SA's would do a DH again, at which point one wonders why to do resumption at all if you have more than one IPsec SA, as you would be doing DH's anyway for all children, you might as well do one more for a regular IKE_SA_INIT ? So the essense of my question is: Am I correct that an IKE session resumption only resumes the IKE SA, and that all IPsec SA's need to be re-negotiated using CREATE_CHILD_SA ? Secondary question: When using pfs=yes, what is the envisioned behaviour of CREATE_CHILD_SA? Do a new DH? Or is it assumed that resumption would be an incompatible policy with pfs=yes ? Paul
- [IPsec] Questions about RFC 5723 Paul Wouters
- Re: [IPsec] Questions about RFC 5723 Valery Smyslov
- Re: [IPsec] Questions about RFC 5723 Paul Wouters
- Re: [IPsec] Questions about RFC 5723 Yaron Sheffer