Re: [IPsec] draft-mglt-ipsecme-diet-esp-iv-generation
Daniel Migault <mglt.ietf@gmail.com> Tue, 15 July 2014 07:49 UTC
Return-Path: <mglt.ietf@gmail.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 905121B2834 for <ipsec@ietfa.amsl.com>; Tue, 15 Jul 2014 00:49:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qFDvHyh4wQ4Q for <ipsec@ietfa.amsl.com>; Tue, 15 Jul 2014 00:49:57 -0700 (PDT)
Received: from mail-wi0-x232.google.com (mail-wi0-x232.google.com [IPv6:2a00:1450:400c:c05::232]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 087361A0327 for <ipsec@ietf.org>; Tue, 15 Jul 2014 00:49:56 -0700 (PDT)
Received: by mail-wi0-f178.google.com with SMTP id hi2so3796420wib.17 for <ipsec@ietf.org>; Tue, 15 Jul 2014 00:49:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=uOr4x2WHCXzyitUUkFyy28OcHCBIZJVCMaLJq5z45nQ=; b=oVXAT9cDHq3jYAKn6qQLcJzEYFTDvF/CoZ3Y/fIGbi3iLCuXNt0o+HDMAkQ3/HNdmC ToMYwPZfhIvj8eXSy3FmsUdKAYDQkYiBEYLK7v5mtJFXMUGmktqe5HjmTOnOJazxtF4Y 5hsSxunB+A3BZz5WF5Jdrpl+J5VnYPYtxRpG7o84kYN6n3v93qgnBVzgsRBDYIjWmtm+ +RkDVoUXGQbPNm8w5paufQEqWpWexO6CsVi6tL2uA0WYiIDBAfT87hkpe3uUhG57EoGq ObuSrZ1F2vMbIaJlZuoFzR3y4WZEjXrFGI3ERt9Bdzv4edtxR9Kc/vgfBbCCV174Mtlf 5FAA==
MIME-Version: 1.0
X-Received: by 10.180.14.162 with SMTP id q2mr3598012wic.54.1405410595719; Tue, 15 Jul 2014 00:49:55 -0700 (PDT)
Received: by 10.194.137.67 with HTTP; Tue, 15 Jul 2014 00:49:55 -0700 (PDT)
In-Reply-To: <E7229C5FA6D74B19823BA343439FBD81@buildpc>
References: <CADZyTk=DUkRDX8sfXLS+HTqGw61ZMPexMC9yQadnKd4z9HwmGg@mail.gmail.com> <E7229C5FA6D74B19823BA343439FBD81@buildpc>
Date: Tue, 15 Jul 2014 09:49:55 +0200
Message-ID: <CADZyTkmaQoRW2GdZG0xWVZ5ppcmQYy0p16E97JPjquXMQkWeag@mail.gmail.com>
From: Daniel Migault <mglt.ietf@gmail.com>
To: Valery Smyslov <svanru@gmail.com>
Content-Type: multipart/alternative; boundary="f46d04138d31524efe04fe36a7ae"
Archived-At: http://mailarchive.ietf.org/arch/msg/ipsec/wZXVTWVqiU4TrRG-q9nbCfeRiZQ
Cc: "ipsec@ietf.org" <ipsec@ietf.org>
Subject: Re: [IPsec] draft-mglt-ipsecme-diet-esp-iv-generation
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Jul 2014 07:49:59 -0000
Hi Valery and thank you for your feed backs. Instead of negotiating the IV compression in a separate way, Valery suggests to have a specific mode like AES-CBC_WITH_IV_COMPRESSION for example. To me its sounds better than what is being described in the draft. Please let us know what you think about this alternative, and which function would you use to generate the pseudo random IVs in each packets. See inline for more comments. BR, Daniel On Tue, Jul 15, 2014 at 9:23 AM, Valery Smyslov <svanru@gmail.com> wrote: > Hi, > > I have some comments regarding the draft. > > First, it is not absolutely clear from the draft how the IV is generated > for each packet. I presume > that the IVs are taken sequentially for every new > ESP packet to send from the bit string generated > by prf+. But then it is not clear for me how the receiver > would regenerate the same IV in case of packets loss > and reordering. Sending LSB of IV would help here a bit, but then receiver > would do quite a lot of work to guess > the right IV, the overall process is not deterministic > and opens a possibility for simple DoS attack. > This is true, and we should have added more text on that. The initial idea is to rely on the Sequence Number, and their should be a deterministic way to bind SN and IV for bot peers. However you are right, to avoid simple DoS, there should also be a deterministic way to decompress the SN. > The receiver would also look at the sequence number to deal with packets > loss and reordering, but as far as I understnad the SN is optional in > Diet-ESP. > It depends what optional means. Diet-ESP packets MUST have a complete Sequence Number to enable anti-replay and to compute the ICV. On the other hand, Diet-ESP provides the option to send only the LSB of the SN on the wire. In order to avoid simple DoS attacks, the decompression of the SN should be "almost" deterministic. > Then, I'm not a crypto expert, but using the same > key for both encryption and IV generation looks > like a bit unsound. > This sounds bad to me too. Actually this is my main concern. > Finally, I would prefer defining new transorms > (for example AES-CBC with implicit IV) instead of negotiating IV > compression separately. > That is maybe the way to do. Thanks for your feed back. > > Regards, > Valery Smyslov. > > > -- Daniel Migault Orange Labs -- Security +33 6 70 72 69 58
- [IPsec] Diet-ESP Daniel Migault
- [IPsec] draft-mglt-ipsecme-diet-esp-iv-generation Valery Smyslov
- Re: [IPsec] draft-mglt-ipsecme-diet-esp-iv-genera… Daniel Migault
- Re: [IPsec] Diet-ESP Stephen Kent
- Re: [IPsec] Diet-ESP Daniel Migault
- Re: [IPsec] Diet-ESP Stephen Kent
- Re: [IPsec] Diet-ESP Daniel Migault
- Re: [IPsec] [6lo] Diet-ESP Carsten Bormann
- [IPsec] Diet-ESP Daniel Migault
- Re: [IPsec] Diet-ESP Scott Fluhrer (sfluhrer)
- Re: [IPsec] Diet-ESP Hannes Tschofenig
- Re: [IPsec] Diet-ESP Daniel Migault
- Re: [IPsec] Diet-ESP Paul_Koning
- Re: [IPsec] Diet-ESP Daniel Migault
- Re: [IPsec] Diet-ESP Paul Wouters
- Re: [IPsec] Diet-ESP Scott Fluhrer (sfluhrer)
- Re: [IPsec] Diet-ESP Daniel Migault
- Re: [IPsec] Diet-ESP Daniel Migault
- Re: [IPsec] Diet-ESP Daniel Migault
- Re: [IPsec] Diet-ESP Daniel Migault
- Re: [IPsec] Diet-ESP Hannes Tschofenig
- Re: [IPsec] Diet-ESP Paul_Koning