Re: [Lwip] [IPsec] The LWIG WG has placed draft-mglt-lwig-minimal-esp in state "Call For Adoption By WG Issued"
Tero Kivinen <kivinen@iki.fi> Fri, 31 August 2018 13:41 UTC
Return-Path: <kivinen@iki.fi>
X-Original-To: lwip@ietfa.amsl.com
Delivered-To: lwip@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D61CC129AB8; Fri, 31 Aug 2018 06:41:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.121
X-Spam-Level:
X-Spam-Status: No, score=-1.121 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_NEUTRAL=0.779] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Qg9gBWO-AjXR; Fri, 31 Aug 2018 06:41:43 -0700 (PDT)
Received: from mail.kivinen.iki.fi (fireball.acr.fi [83.145.195.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AE9FB127AC2; Fri, 31 Aug 2018 06:41:42 -0700 (PDT)
Received: from fireball.acr.fi (localhost [127.0.0.1]) by mail.kivinen.iki.fi (8.15.2/8.15.2) with ESMTPS id w7VDfNW8009527 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Fri, 31 Aug 2018 16:41:23 +0300 (EEST)
Received: (from kivinen@localhost) by fireball.acr.fi (8.15.2/8.14.8/Submit) id w7VDfNKH002213; Fri, 31 Aug 2018 16:41:23 +0300 (EEST)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <23433.17795.580382.531001@fireball.acr.fi>
Date: Fri, 31 Aug 2018 16:41:23 +0300
From: Tero Kivinen <kivinen@iki.fi>
To: Heinrich Singh <heinrich.ietf@gmail.com>
Cc: daniel.migault@ericsson.com, ipsec@ietf.org, lwip@ietf.org
In-Reply-To: <CAP_kZQrnmJJaLtzSJ5MeDYSme2mV6sAfGZrE5tnx8P6hbMib7g@mail.gmail.com>
References: <CAP_kZQqckPJhCn083sg8=PVpiO_+Ke=GhOKre=qujkk4k=dU7A@mail.gmail.com> <CADZyTk=dtJS7bS8oJtSa1bW-Xv3-AkuboX1QoJTFG+DyuN94ow@mail.gmail.com> <CAP_kZQrnmJJaLtzSJ5MeDYSme2mV6sAfGZrE5tnx8P6hbMib7g@mail.gmail.com>
X-Mailer: VM 8.2.0b under 25.1.1 (x86_64--netbsd)
X-Edit-Time: 26 min
X-Total-Time: 27 min
Archived-At: <https://mailarchive.ietf.org/arch/msg/lwip/1UivcjCNuHB7044giW03-fY2rvE>
Subject: Re: [Lwip] [IPsec] The LWIG WG has placed draft-mglt-lwig-minimal-esp in state "Call For Adoption By WG Issued"
X-BeenThere: lwip@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "Lightweight IP stack. Official mailing list for IETF LWIG Working Group." <lwip.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lwip>, <mailto:lwip-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lwip/>
List-Post: <mailto:lwip@ietf.org>
List-Help: <mailto:lwip-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lwip>, <mailto:lwip-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 31 Aug 2018 13:41:46 -0000
Heinrich Singh writes: > Text saying that you would loose some privacy by using fixed number > of SPI does not absolve your responsibility. It should not recommend > that. There is no requirement for SPI to be random and originally it was written that way so implementations can use whatever method to allocate SPIs they like. For example they can use index to the SPI table or whatever instead of allocating random SPI, or they could even use pointer to the SPI structure in memory as SPI value (would of course need some kind of checks that address is in area allocated for SPIs and is aligned properly). Adding requirement that SPI needs to be random would be modifying the base ESP, and is not in the scope of draft trying to define minimal ESP. Saying that in contrained devices which have very few SPIs the SPIs can be allocated using some other method than random is in scope of the this draft. Also most of the constrained devices do not care about privacy as they have fixed hardware address, stable IPv6 address and are not associated with any person. Sensor sending wind speed, or temperature to the cloud service does not have privacy requirements, sensors sending temperature inside your house might have (as it might leak out information whether you are home or not), but even in that case the fact that it is your sensor sending information every 60 seconds does not, only the data inside. Privacy requirements are not something that are always there, they always depend heavily about what you do with the protocol. I.e., in some cases the IP addresses, hardware addresses, SPIs etc need to be protected against tracking, but in many cases they do not need to be. This document gives recommendation that in some cases it might be good idea to use fixed SPI as it might make implementations smaller. I.e., if the option is either not to use IPsec at all, as it is too big, or to use IPsec with fixed SPI and other limitations that make it small, I think the option with IPsec is better. > I do not know 802.15. Others can also say what they feel but from my > experience simple monotonic sequence numbers are more easier than > having a clocks. True. But for example 802.15.4 TSCH (i.e., the protocol over which 6TiSCH is working) does have globally shared clock which is kept in sync with everybody. So in that kind of situations using clock as monotonically incrementing counter and using that as sequence number might save resources in constrained device. > This I think is a not a good idea. Sender and receiver can easily > get out of sync because your rate of sending packets is not > proportional to time. The receiver would need to allow very large > window. The sender would still need to store time to flash in-case > there is need for sync after device reset. Sequence numbers are in one direction, i.e., I need to use monotonically incrementing sequence number when I send, but that sequence number does not have anything to do with other ends sequence number. Also window size is need only if you have out of order packets, and you care about replay protection. Both of them are something that might not be something that constrained device cares. For example it might have internal replay protection for the messages it sends, so it does not need to care whether there is replays on the IPsec level, thus it can drop the whole replay protection checks completely. Or it might work on the environment where out of order deliver is not possible, thus it can just keep window size to 1. Also recipient cannot know which method other end is using when generating sequence numbers, so it needs to do the replay protection checking using whatever method it wants. It might need to store the last received sequence number to the flash if it cares about replay protections, or it can simply drop replay protection completely. On the other hand sender is REQUIRED to send sequence numbers in such way they are monotonically incrementing (not necessarely by one), and if it has any kind of other monotonically incrementing counter like clock, it can use that to generate the sequence numbers and get rid of the requirement to store outgoing sequence number to the flash. > What you mean implementations must discard dummy packets? Even > non-constrained implementations must discard dummy packets so what > is new here? Yes. And that quite often happens automatically as there is nobody in the device that wants to get packets with that protocol number. I have not actually never seen anybody sending dummy packets or TFC padding packets in any implementations. I guess most of them know how to ignore them, but sending them is not something people do. And I am not even sure which implementation support for sending dummy packets. TFC is most likely supported in some implementations (libreswan at least seems to support it) as it is much easier to configure, just pad all packets to fixed length. When sending dummy packets configuration is much more complicated, as you need to configure what kind of traffic pattern you want to maintain. So as those are not really used in non-constrained devices, I do not think there is that big different in constrained devices. Again all of this depends on the environment. For example some kind of door sensor might want to keep sending packets every n seconds just not to leak out when the door was opened and closed, but it might just use real packets instead of dummy packets. I.e., it might be configured to send the door status every 30 seconds, and in that packet it tells whether door is now open or closed, and whether what transitions happened during last 30 seconds. Privacy is so hard topic to solve that it always requires you to check out the actual environment and use case where the protocol is used before you can decide what kind of protections are needed. There is no this thing solves all issues solution there. -- kivinen@iki.fi
- [Lwip] The LWIG WG has placed draft-mglt-lwig-min… Heinrich Singh
- Re: [Lwip] [IPsec] The LWIG WG has placed draft-m… Daniel Migault
- Re: [Lwip] [IPsec] The LWIG WG has placed draft-m… Heinrich Singh
- Re: [Lwip] The LWIG WG has placed draft-mglt-lwig… Zhen Cao
- Re: [Lwip] [IPsec] The LWIG WG has placed draft-m… Tero Kivinen
- Re: [Lwip] [IPsec] The LWIG WG has placed draft-m… Daniel Migault
- Re: [Lwip] [IPsec] The LWIG WG has placed draft-m… Michael Richardson
- Re: [Lwip] [IPsec] The LWIG WG has placed draft-m… Paul Wouters
- Re: [Lwip] [IPsec] The LWIG WG has placed draft-m… Mohit Sethi
- Re: [Lwip] [IPsec] The LWIG WG has placed draft-m… Daniel Migault
- Re: [Lwip] The LWIG WG has placed draft-mglt-lwig… Heinrich Singh
- Re: [Lwip] The LWIG WG has placed draft-mglt-lwig… Daniel Migault
- Re: [Lwip] [IPsec] The LWIG WG has placed draft-m… Mohit Sethi M
- Re: [Lwip] [IPsec] The LWIG WG has placed draft-m… Daniel Migault
- Re: [Lwip] [IPsec] The LWIG WG has placed draft-m… Paul Wouters
- Re: [Lwip] [IPsec] The LWIG WG has placed draft-m… Valery Smyslov
- Re: [Lwip] [IPsec] The LWIG WG has placed draft-m… Paul Wouters
- Re: [Lwip] [IPsec] The LWIG WG has placed draft-m… Daniel Migault
- Re: [Lwip] [IPsec] The LWIG WG has placed draft-m… Mohit Sethi M