[IPsec] minimal esp
Daniel Migault <mglt.ietf@gmail.com> Mon, 26 July 2021 16:24 UTC
Return-Path: <mglt.ietf@gmail.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BD9073A1C24; Mon, 26 Jul 2021 09:24:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KZc_kOgf3WaB; Mon, 26 Jul 2021 09:24:01 -0700 (PDT)
Received: from mail-qv1-xf36.google.com (mail-qv1-xf36.google.com [IPv6:2607:f8b0:4864:20::f36]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DB22C3A1C23; Mon, 26 Jul 2021 09:24:00 -0700 (PDT)
Received: by mail-qv1-xf36.google.com with SMTP id db14so4601400qvb.10; Mon, 26 Jul 2021 09:24:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to:cc; bh=m7xRGgUSA8V48ojN94m2x+4s++/jOP5mdIp4AZ/vf5g=; b=LLermiBZ4txPa1b9/3Hmj5/7fhAaPH9nJ27WIwWNNe2QrzaOxRBky3locjcv2QfeJu Q0r7TkZw7HO9VZX7OIhduWAE8tkVlaiGmDI0PYbZxXWgRp5Jfww+x/93jUo01hv+f8JZ aAJt7SwxXNt+pVFlPpefijJajmeXUttZZEKuHdgSrYvvKPgdtNcJ0/CO1/Rf2Vgf2gdb e/yie3BBwzPsIFN9RKese7Wi+YXYlrHod/eUzmJf4xX9bQtqKwsHf2istraASeErlTSn /GB8BCbU89t/2TVA/88eU4Jcmae+15hOrbGc+G/TpjY32otUHW4GmSxNqW+ZwcG0DaUp bEXw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=m7xRGgUSA8V48ojN94m2x+4s++/jOP5mdIp4AZ/vf5g=; b=CNCH2ACy/aMQTeK8fD1/H6s6iM3lO2pEW3J5w0jpH0Hg3xAGQT7h+qX/boGRNvU3ME qi3m486Q59YK/VwVObg1BXtW37uBAPSWCW49x/EAkkM/wTosHEQdAEE+A9pQcXwCSzUR UmEeqavAQQs873Bxu0VZEAW8A0k12V8nsngojbXVfV1THcM2H2NHHlchb1NhJU0IsCB/ InmVaDC/wckLCATm+IZy8TNzE5ue46RavIFm4GEBHKLyIgj4WmmGMERxAV2ujTYmQ9H/ R8RSmI3X9HzUx59Hg6FbQU63a9/YTvE7FJ77DTXrS730L69UyOH6plvnz1EnUko53Yid ZBFw==
X-Gm-Message-State: AOAM530hhqhsuxVjcldY4vx/ElW0IFAWq8e1ffSvyRqZd7DnM8PxeBwa asPtLdEg5R/h/uE4Vhx9DTl4jyLhwA8X+uiiybM=
X-Google-Smtp-Source: ABdhPJy1SsxvPPZfyegfE3KPyDDP0BQylFTAW4qtj/4LSmGm/STkAeTjAj208J4Kk0Tmd1qgKaW+5knKyVuUEqpLF/U=
X-Received: by 2002:a0c:a5c5:: with SMTP id z63mr18343764qvz.16.1627316639357; Mon, 26 Jul 2021 09:23:59 -0700 (PDT)
MIME-Version: 1.0
From: Daniel Migault <mglt.ietf@gmail.com>
Date: Mon, 26 Jul 2021 12:23:48 -0400
Message-ID: <CADZyTknYbGtfGMQvDRumkNJ1E8o76e70bR6Sh2SLO=WEwMiHLg@mail.gmail.com>
To: Erik Kline <ek.ietf@gmail.com>
Cc: lwip@ietf.org, IPsecME WG <ipsec@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000039deff05c8092ec8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/puU9yTNFcqOVexKwDFUtrb581rQ>
Subject: [IPsec] minimal esp
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Jul 2021 16:24:07 -0000
Hi Erik, Thanks for the review which I believe the draft version 06 addresses them. Please find the details inline below. Yours, Daniel [abstract] [nit] * "Some constrains include" -> "Some constraints include" > done [S1] [comment] * Someone will inevitably point out that requirements terminology don't belong in an Informational document. Suggest removing this and lowercase all the terms throughout the document. I know it doesn't seem ideal, but I don't think it really lowers the value of any of the recommendations in the doc. > I am a bit surprised by such a rule. While I might be missing the rationale, but it seems to me that informational documents are also concerned with interoperability and the 2119 language has been introduced to make implementation interoperable. At least that was my understanding. That said, I proceeded as follows: SHOULD NOT: 2 SHOULD: 1 MUST NOT: 3 MUST: 10 RECOMMENDED: 10 MAY: 3 and committed in case we need to reverse it back ;-) [S2] [nit] * "and limited traffic flow confidentiality" seems to be redundant with "provide confidentiality" earlier in the sentence. (It also raises the question of "in what way is it limited?", which just seems like an unnecessary digression.) > limited traffic flow confidentiality in fact designates some padding and the feature is often designated as TFC. It is defined in RFC4303 section 2.7 and the section title mentions padding, so I "padding" was missing, and I also added the acronyme TFC. so the final text is: "and limited traffic flow confidentiality (TFC) padding." I think that addresses the confusion, but we can also point to the specific section of RFC4303. [S3] [nit] * "used internal" -> "used internally" > done * ", checks does not fall" -> "and checks it does not fall" > done [S3.1] [question] * "proceed to clean key update" What does this mean? "clean"? > "clean key" update means that there is a mechanism that enables a peer to say which key is being used. In other words, there is not a set a keys to test. I propose the following change. OLD: SPI can typically be used to proceed to clean key update and the SPI value may be used to indicate which key is being used. This can typically be implemented by a SPI being encoded with the Security Association Database (SAD) entry on a subset of bytes (for example 3 bytes), while the remaining byte is left to indicate the rekey index. NEW: SPI can typically be used to implement a key update with the SPI indicating the key is being used. For example, a SPI might be encoded with the Security Association Database (SAD) entry on a subset of bytes (for example 3 bytes), while the remaining byte indicates the rekey index. * "use of randomly generated SPI" -> "use of randomly generated SPIs" > done * "leakage or privacy or security related information" -> "leakage of privacy or security related information" > done [S4] [question] * When too many packets are dropped (due to "out of window" conditions), does this cause the session to be renegotiated? > SN is checked as the first operation- prior integrity check. If taken into account, these could easily be used to trigger the rekey. In fact the consecutive failed authentication is used to trigger a rekey. RFC 4303, does not mandate any other parameters than consecutive authentication failure to be considered for the trigger, but does not prevent others to be considered and it is worth noticing that out of windows SN are auditable events. So I think that suggesting to consider out of windows event are a bit out of scope of the minimal esp implementation. That said, we may add that when removing the mechanism we should consider that additional integrity checks might be performed. I suggest the following text: OLD: As a result, some implementations MAY drop a non required anti replay protection especially when the necessary resource involved overcomes the benefit of the mechanism. NEW: As a result, some implementations MAY drop a non required anti replay protection especially when the necessary resource involved overcomes the benefit of the mechanism. These resources need also to balance that absence of anti-replay mechanism, may lead to unnecessary integrity check operations that might be significantly more expensive as well. If so, is it important to weight the computational impact of reestablishing IPsec crypto state relative to trying to maintain better record of the previously seen SNs? [S4] [nit] * "drop an non required anti replay protection" -> "drop a non-required anti-replay protection" > done * "the support ESN is not" -> "the support of ESN is not" >done [S5] [nit] * "that were rely on" -> "that were relying on" > done * "rather when" -> "rather than when" > done [S6] [nit] * "generate and receive dummy packet" -> "generate and receive dummy packets" > done * "fix value" -> "fixed value" > done ( 2 times) [S8] [nit] * "provided as indicative" -> "provided as information"? > done: provided as informational * "Constraint devices" -> "Constrained devices" > done * "energy associated to it" -> "energy associated with it" > done [S10] [nit] * "associated to the management" -> "associated with the management" > done * "This usually include mechanisms to prevent a nonce to repeat for example." "This usually includes mechanisms to prevent a nonce from repeating, for example." > done * "in conjunction of" -> "in conjunction with" > done * "responsible to negotiate" -> "responsible for negotiating" -- Daniel Migault Ericsson
- [IPsec] minimal esp Daniel Migault