IETF Logo Mail Archive

Re: [IPsec] Last Call: <draft-ietf-dime-ikev2-psk-diameter-06.txt> (Diameter IKEv2 PSK: Pre-Shared Secret-based Support for IKEv2 Server to Diameter Server Interaction) to Proposed Standard

Yaron Sheffer <yaronf.ietf@gmail.com> Sun, 22 May 2011 18:46 UTC

Return-Path: <yaronf.ietf@gmail.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D31E2E06B5; Sun, 22 May 2011 11:46:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.599
X-Spam-Level:
X-Spam-Status: No, score=-103.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Xdao4rCIrjD9; Sun, 22 May 2011 11:46:07 -0700 (PDT)
Received: from mail-ww0-f42.google.com (mail-ww0-f42.google.com [74.125.82.42]) by ietfa.amsl.com (Postfix) with ESMTP id 38EC8E0696; Sun, 22 May 2011 11:46:06 -0700 (PDT)
Received: by wwk4 with SMTP id 4so886981wwk.1 for <multiple recipients>; Sun, 22 May 2011 11:46:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:message-id:date:from:user-agent:mime-version:to :cc:subject:references:in-reply-to:content-type :content-transfer-encoding; bh=t/5ue5V1yzE8DUrO+EUJQRSrP5jWsWRzWmTQ02ZBFlg=; b=dPlykchcZjNhafc4TFqu/xmf877D5qprxs5KrhJUm7nkvU9H1G/Ser9vQy5j+iRLOE Q75wCYNRmZ6VoMSx4CmQmQWVkDeHOMvmFqaNII9VPrtZRqxSY4J0q3yiQYSb9RLdSjdz ci43xQ5JONa4Fg5blnDg1ve9BrJ3ZewHGVUw0=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; b=wQSZJk2Qbov2xbtQPBmUozWePawf1siZMIs3H5VnCh/j4JlyAzNaTDrfNE1PeYBBdQ TtX6kyMuZ2bm++SMXKSSvbsBOqFwx4f5JDBocRvhkI818zWnIsnjt4ZZnlKQ/2C8FaEl 68NOJTyvLn+oYFKALRBwWM7VBgOAHBIqtST9A=
Received: by 10.227.197.201 with SMTP id el9mr1492325wbb.22.1306089505722; Sun, 22 May 2011 11:38:25 -0700 (PDT)
Received: from [10.0.0.4] ([109.66.41.131]) by mx.google.com with ESMTPS id w25sm3602096wbd.5.2011.05.22.11.38.22 (version=SSLv3 cipher=OTHER); Sun, 22 May 2011 11:38:24 -0700 (PDT)
Message-ID: <4DD9581C.3070900@gmail.com>
Date: Sun, 22 May 2011 21:38:20 +0300
From: Yaron Sheffer <yaronf.ietf@gmail.com>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.17) Gecko/20110424 Lightning/1.0b2 Thunderbird/3.1.10
MIME-Version: 1.0
To: ietf@ietf.org
References: <20110520135022.1622.22713.idtracker@ietfa.amsl.com>
In-Reply-To: <20110520135022.1622.22713.idtracker@ietfa.amsl.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Cc: IPsecme WG <ipsec@ietf.org>, draft-ietf-dime-ikev2-psk-diameter@tools.ietf.og, dime@ietf.org
Subject: Re: [IPsec] Last Call: <draft-ietf-dime-ikev2-psk-diameter-06.txt> (Diameter IKEv2 PSK: Pre-Shared Secret-based Support for IKEv2 Server to Diameter Server Interaction) to Proposed Standard
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 22 May 2011 18:46:08 -0000

Hi,

Having read this document only now, I think there's a number of serious 
issues with it. This document was sent to the ipsec mailing list a while 
ago but unfortunately got no review.

Summary:
1. I think the wrong architectural choice was made, in preferring PSK 
over EAP authentication.
2. There is not enough detail in the document to result in interoperable 
implementations.

Detailed comments:
• The appropriate ref for IKEv2 is RFC 5996. This was actually noted in 
the shepherd review back in March.
• The document notes that EAP is one of the authentication modes 
supported by IKEv2. EAP is designed for interaction with backend AAA 
servers, and is quite capable of performing shared-secret 
authentication, using a variety of EAP methods (and see also RFC 5998, 
on IKEv2 mutual auth with EAP). Yet the document does not explain why 
EAP is not used, instead preferring the IKE PSK authentication method.
• 4.1: how can the incoming SPI be used to identify the peer?
• Packing additional semantics into SPI may conflict with elements of 
the IPsec architecture (see for example Sec. 9.3 of 
draft-ietf-ipsecme-failure-detection-08).
• 4.1, 2nd paragraph: generation of the PSK is central to this solution, 
so it cannot be "outside the scope" of the document. There is no way to 
interoperate otherwise.
• Moreover, if a single client is expected to sometimes use EAP and 
sometimes PSK, there must be a way to notify it which one to use.
• How does key-lifetime relate to the lifetime of the IKE SA?
• Sec. 10 refers to the PSK as a "session key" which is incorrect, as 
PSK is only used for authentication and does not encrypt anything.
• The same paragraph is very vague about the security properties of PSK. 
RFC 5996 takes PSK much more seriously, e.g. "When using pre-shared 
keys, a critical consideration is how to assure the randomness of these 
secrets." Again, I believe the document should specify how the PSK is 
derived.
• Why "if nonces are included" where the document says that they *must* 
be included (in the AVP occurrence table).

Thanks,
Yaron

On 05/20/2011 04:50 PM, The IESG wrote:
> The IESG has received a request from the Diameter Maintenance and
> Extensions WG (dime) to consider the following document:
> - 'Diameter IKEv2 PSK: Pre-Shared Secret-based Support for IKEv2 Server
>     to Diameter Server Interaction'
>    <draft-ietf-dime-ikev2-psk-diameter-06.txt>  as a Proposed Standard
>
> The IESG plans to make a decision in the next few weeks, and solicits
> final comments on this action. Please send substantive comments to the
> ietf@ietf.org mailing lists by 2011-06-03. Exceptionally, comments may be
> sent to iesg@ietf.org instead. In either case, please retain the
> beginning of the Subject line to allow automated sorting.
>
> Abstract
>
>
>     The Internet Key Exchange protocol version 2 (IKEv2) is a component
>     of the IPsec architecture and is used to perform mutual
>     authentication as well as to establish and to maintain IPsec security
>     associations (SAs) between the respective parties.  IKEv2 supports
>     several different authentication mechanisms, such as the Extensible
>     Authentication Protocol (EAP), certificates, and pre-shared secrets.
>
>     With [RFC5778] the Diameter interworking for Mobile IPv6 between the
>     Home Agent, as a Diameter client, and the Diameter server has been
>     specified.  However, that specification focused on the usage of EAP
>     and did not include support for pre-shared secret based
>     authentication available with IKEv2.  This document specifies IKEv2
>     server, as a Diameter client, to the Diameter server communication
>     for IKEv2 with pre-shared secret based authentication.
>
>
>
>
> The file can be obtained via
> http://datatracker.ietf.org/doc/draft-ietf-dime-ikev2-psk-diameter/
>
> IESG discussion can be tracked via
> http://datatracker.ietf.org/doc/draft-ietf-dime-ikev2-psk-diameter/
>
>
> No IPR declarations have been submitted directly on this I-D.
>
>
> _______________________________________________
> IETF-Announce mailing list
> IETF-Announce@ietf.org
> https://www.ietf.org/mailman/listinfo/ietf-announce

v2.23.0 | Report a Bug | By Email