Re: [Last-Call] Secdir last call review of draft-ietf-ipsecme-ikev2-auth-announce-06
Valery Smyslov <svan@elvis.ru> Mon, 01 April 2024 15:45 UTC
Return-Path: <svan@elvis.ru>
X-Original-To: last-call@ietfa.amsl.com
Delivered-To: last-call@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 063B4C14F5E8; Mon, 1 Apr 2024 08:45:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=elvis.ru
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3MkmldhD1v8U; Mon, 1 Apr 2024 08:45:31 -0700 (PDT)
Received: from dpmail.elvis.ru (dpmail.elvis.ru [93.188.44.211]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 17F2DC14F5F3; Mon, 1 Apr 2024 08:45:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=elvis.ru; s=mail; h=Content-Type:MIME-Version:Message-ID:Date:Subject:In-Reply-To: References:CC:To:From:Sender:Reply-To:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=5UmnFd1263O66H0lLoL2vy24VBzHjdKHQDKz64qoh74=; b=r2KuD/NJAR+n/fNe+c+Wbr1LsA fyh33aeaQRr4BQaNTKw8sWn8riw7oqOAvjYQaFYItPeL1+D01v839EWxv9/PpYmgoiBXOUioDeyF7 XLrEtM4zu8Z51mpcFaRgfrT95BNsG5MY31SPFIL1CLEfIGmS4ivXSnfPI5ZF0W2S/UVk=;
Received: from kmail2.elvis.ru ([93.188.44.210]) by dpmail.elvis.ru with esmtp (Exim 4.89) (envelope-from <svan@elvis.ru>) id 1rrJqS-0004ta-Uo; Mon, 01 Apr 2024 18:45:13 +0300
Received: from mail.office.elvis.ru ([10.111.1.29]) by kmail2.elvis.ru with esmtp (Exim 4.94.2) (envelope-from <svan@elvis.ru>) id 1rrJqS-00A6q4-NO; Mon, 01 Apr 2024 18:45:12 +0300
Received: from MAIL16.office.elvis.ru (10.111.1.29) by MAIL16.office.elvis.ru (10.111.1.29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1779.2; Mon, 1 Apr 2024 18:45:12 +0300
Received: from BuildPC (10.111.10.33) by MAIL16.office.elvis.ru (10.111.1.29) with Microsoft SMTP Server id 15.1.1779.2 via Frontend Transport; Mon, 1 Apr 2024 18:45:12 +0300
From: Valery Smyslov <svan@elvis.ru>
To: 'Rifaat Shekh-Yusef' <rifaat.s.ietf@gmail.com>
CC: secdir@ietf.org, draft-ietf-ipsecme-ikev2-auth-announce.all@ietf.org, ipsec@ietf.org, last-call@ietf.org
References: <171182022719.29877.1686113240622771941@ietfa.amsl.com> <03f801da8439$c1a4b450$44ee1cf0$@elvis.ru> <CADNypP9648YvhTRYu-djQsfFXvcYuLyz-+e=LDPS1UdWXsntWA@mail.gmail.com>
In-Reply-To: <CADNypP9648YvhTRYu-djQsfFXvcYuLyz-+e=LDPS1UdWXsntWA@mail.gmail.com>
Date: Mon, 01 Apr 2024 18:45:12 +0300
Message-ID: <041d01da844b$95694a10$c03bde30$@elvis.ru>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_041E_01DA8464.BAB8F310"
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQDadOVIJOvEpJyIJoX0pokDKN15iwD0+SnuAhlzlI+zOzJGQA==
Content-Language: ru
X-CrossPremisesHeadersFilteredBySendConnector: MAIL16.office.elvis.ru
X-OrganizationHeadersPreserved: MAIL16.office.elvis.ru
X-Spam-Scanner: Rspamd work in kmail2.elvis.ru, WHITELIST
X-KLMS-Rule-ID: 1
X-KLMS-Message-Action: clean
X-KLMS-AntiSpam-Status: not scanned, disabled by settings
X-KLMS-AntiPhishing: Clean, bases: 2023/02/21 22:47:00
X-KLMS-AntiVirus: Kaspersky Security for Linux Mail Server, version 8.0.3.30, bases: 2023/02/21 21:02:00 #20887462
X-KLMS-AntiVirus-Status: Clean, skipped
X-Spam-Scanner: Rspamd work in dpmail.elvis.ru, WHITELIST
Archived-At: <https://mailarchive.ietf.org/arch/msg/last-call/9JIB13LA4VfU_xRLYPfkb6CtwNk>
Subject: Re: [Last-Call] Secdir last call review of draft-ietf-ipsecme-ikev2-auth-announce-06
X-BeenThere: last-call@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF Last Calls <last-call.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/last-call>, <mailto:last-call-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/last-call/>
List-Post: <mailto:last-call@ietf.org>
List-Help: <mailto:last-call-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/last-call>, <mailto:last-call-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Apr 2024 15:45:36 -0000
Hi Rifaat,
I snipped parts where we are in agreement.
Hi Valery,
See my replies below.
Regards,
Rifaat
[…]
> * "Since the responder sends the SUPPORTED_AUTH_METHODS notification in
> the IKE_SA_INIT exchange, it must take care that the size of the response
> message wouldn't grow too much so that IP fragmentation takes place."
>
> Is this limited to the responder? or should the initiator too take that into
> considerations?
It is not limited to the responder in general, but in the context of this document
it is the responder who is going to send a message that could be fragmented at IP level.
Usually the response is smaller than the request. In this case it can be larger
and thus the responder should take care of IP fragmentation.
Got it.
I am assuming that the fragmentation issue with the initiator request is captured in a different document.
If that is the case, then I think it is reasonable to leave this text as is.
It is described in the IKE fragmentation document (RFC 7383).
I’ve added a reference to it in the -07 version.
> # Section 5
>
> Second paragraph: I guess the potential for downgrade attack is not limited to the
> NULL use case. If one of the supported methods is consider to be weaker than the
> others, then an active attacker in the path could force the parties to use that
> weaker method.
This is not a "downgrade" in a common sense. Downgrade assumes that there
is a negotiation between the peers and an attacker may influence this process forcing
peers to use weaker option. In IKEv2 authentication methods are not negotiated.
This specification doesn't provide negotiation too, since each party
still chooses what it thinks is appropriate on its own. It only allows peers
to select authentication method more consciously.
Thanks for the clarification, as I am not an IKE expert.
Having said that, I wonder why you are specifically calling out the NULL use case.
Would not the NULL use case be also applicable to weaker authentication methods?
Meaning that the attacker in the middle would be able to remove the stronger methods and leave the weaker ones?
Yes, it is possible. NULL authentication is just the easiest way for an attacker to do it.
I can add the following text in the Security Considerations (right after the NULL authentication discussion):
Similarly, if an attacker on the path can break some of the announced
authentication methods, then the attacker can encourage peers to use
one of these weaker methods by removing all other announcements, and
if this succeeds, then impersonate one of the peers.
Does this help?
Regards,
Valery.
Regards,
Rifaat
Regards,
Valery.
- Re: [Last-Call] Secdir last call review of draft-… Valery Smyslov
- [Last-Call] Secdir last call review of draft-ietf… Rifaat Shekh-Yusef via Datatracker
- Re: [Last-Call] Secdir last call review of draft-… Rifaat Shekh-Yusef
- Re: [Last-Call] Secdir last call review of draft-… Valery Smyslov
- Re: [Last-Call] Secdir last call review of draft-… Rifaat Shekh-Yusef