IETF Logo Mail Archive

Re: [IPsec] Fw: New Version Notification for draft-smyslov-ipsecme-ikev2-null-auth-00.txt

Yaron Sheffer <yaronf.ietf@gmail.com> Tue, 24 December 2013 22:42 UTC

Return-Path: <yaronf.ietf@gmail.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 81F131AE0DE for <ipsec@ietfa.amsl.com>; Tue, 24 Dec 2013 14:42:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Lv75XVmVOxCB for <ipsec@ietfa.amsl.com>; Tue, 24 Dec 2013 14:42:57 -0800 (PST)
Received: from mail-ea0-x236.google.com (mail-ea0-x236.google.com [IPv6:2a00:1450:4013:c01::236]) by ietfa.amsl.com (Postfix) with ESMTP id 5AC221ADFD4 for <ipsec@ietf.org>; Tue, 24 Dec 2013 14:42:57 -0800 (PST)
Received: by mail-ea0-f182.google.com with SMTP id a15so3085002eae.41 for <ipsec@ietf.org>; Tue, 24 Dec 2013 14:42:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=IJco85wV2andHoDXOivS6nEBdj3gmlXu1S7+YUSOTNM=; b=IR5zIvrlfN+9Sm5yBFTEoZFAZtZz0ujgUkoaulmbI/bSInFi0FHkMJAUvRbIeS0XTt rb/73jiSPONNwHg39yGy7OdxrxkSFhW2n7VlkPdD+bQPSZ2Rm6vaNaONnNGqZbNfYdUB xxVocbq/Zno/jvfc1EcelSBLB6Df7Dns1o6LARyaNU3is8EiQzmDixA8j+4dI0IDNoDc 5GF1dYi6cG2TqP7YPke/7wLIOrfXt16pV+UFREWaxl29rEy/sTqejcMndZZNHKrQN04x VjC5zKVQ+8i4+BkMxoBqAa2we6jKUxKuQ74UEeVSfBpwxzDLoGV0Qcr+MUK5dNroY+tA GChw==
X-Received: by 10.15.54.72 with SMTP id s48mr29713655eew.3.1387924973021; Tue, 24 Dec 2013 14:42:53 -0800 (PST)
Received: from [10.0.0.6] (bzq-79-180-155-33.red.bezeqint.net. [79.180.155.33]) by mx.google.com with ESMTPSA id 4sm58745797eed.14.2013.12.24.14.42.51 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 24 Dec 2013 14:42:51 -0800 (PST)
Message-ID: <52BA0DEA.8040404@gmail.com>
Date: Wed, 25 Dec 2013 00:42:50 +0200
From: Yaron Sheffer <yaronf.ietf@gmail.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
MIME-Version: 1.0
To: Valery Smyslov <svanru@gmail.com>, ipsec@ietf.org
References: <C687BD9EA2204F1087D18646766A3C7B@buildpc>
In-Reply-To: <C687BD9EA2204F1087D18646766A3C7B@buildpc>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: Re: [IPsec] Fw: New Version Notification for draft-smyslov-ipsecme-ikev2-null-auth-00.txt
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Dec 2013 22:42:59 -0000

Hi Valery,

Thanks for posting this draft.

One quick comment: the interaction of your proposal with EAP is not 
clear to me, i.e. when one peer uses Null auth and the other uses EAP. 
There are cases where this should be forbidden (e.g. MSCHAP, where the 
unauthenticated peer can mount a dictionary attack) and other cases 
where this is OK. Specifically, for the methods listed as "safe" in Sec. 
4 of RFC 5998, I believe this use would be secure.

Happy holidays!

	Yaron

On 12/24/2013 03:47 PM, Valery Smyslov wrote:
> Hi all,
>
> I've just posted a draft, defining NULL Authentication method in IKEv2.
> This method may be used for anonymous access or in situations,
> when peers don't have any trust relationship, but still want
> to get protection at least against passive attacks.
>
> Regards,
> Valery.
>
>
> ----- Original Message ----- From: <internet-drafts@ietf.org>
> To: "Valery Smyslov" <svan@elvis.ru>; "Valery Smyslov" <svan@elvis.ru>
> Sent: Tuesday, December 24, 2013 5:40 PM
> Subject: New Version Notification for
> draft-smyslov-ipsecme-ikev2-null-auth-00.txt
>
>
>
> A new version of I-D, draft-smyslov-ipsecme-ikev2-null-auth-00.txt
> has been successfully submitted by Valery Smyslov and posted to the
> IETF repository.
>
> Name: draft-smyslov-ipsecme-ikev2-null-auth
> Revision: 00
> Title: The NULL Authentication Method in IKEv2 Protocol
> Document date: 2013-12-24
> Group: Individual Submission
> Pages: 8
> URL:
> http://www.ietf.org/internet-drafts/draft-smyslov-ipsecme-ikev2-null-auth-00.txt
>
> Status:
> https://datatracker.ietf.org/doc/draft-smyslov-ipsecme-ikev2-null-auth/
> Htmlized:
> http://tools.ietf.org/html/draft-smyslov-ipsecme-ikev2-null-auth-00
>
>
> Abstract:
>    This document defines the NULL Authentication Method for IKEv2
>    Protocol.  This method provides a way to omit peer authentication in
>    IKEv2 and to explicitely indicate it in the protocol run.  This
>    method may be used to preserve anonymity or in situations, where no
>    trust relationship exists between the parties.
>
>
>
>
> Please note that it may take a couple of minutes from the time of
> submission
> until the htmlized version and diff are available at tools.ietf.org.
>
> The IETF Secretariat
>
> _______________________________________________
> IPsec mailing list
> IPsec@ietf.org
> https://www.ietf.org/mailman/listinfo/ipsec

v2.23.0 | Report a Bug | By Email