IETF Logo Mail Archive

Re: [Lwip] [IPsec] Paul Wouters' Discuss on draft-ietf-lwig-minimal-esp-08: (with DISCUSS and COMMENT)

Daniel Migault <mglt.ietf@gmail.com> Mon, 18 July 2022 21:46 UTC

Return-Path: <mglt.ietf@gmail.com>
X-Original-To: lwip@ietfa.amsl.com
Delivered-To: lwip@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B2E2BC14CF15; Mon, 18 Jul 2022 14:46:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.108
X-Spam-Level:
X-Spam-Status: No, score=-2.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0msXCV159wQQ; Mon, 18 Jul 2022 14:46:47 -0700 (PDT)
Received: from mail-pf1-x42d.google.com (mail-pf1-x42d.google.com [IPv6:2607:f8b0:4864:20::42d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CCA10C14F737; Mon, 18 Jul 2022 14:46:44 -0700 (PDT)
Received: by mail-pf1-x42d.google.com with SMTP id o12so11850752pfp.5; Mon, 18 Jul 2022 14:46:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=PzCQ6m1tSMQQd1T+tfNIgQBP3mNQPDeSpb7YJPP8ZIk=; b=Be3e07OGXp1PDO22f8MM0P+kwtjIK8HhpUDAqOtWyGyOqlMIGVU0Yzu54zA8VP8Fj7 NtEfvSv2AexdUHv+UV0WyUju2ASVvZuCrEuzuhChdCwEOqSOrMgH2TcNgBiXuI0yyh9w VZOc5N6VAv6p1jzTNc9DnX/c8ei3qPL4ABYADyo9zvqgRArkXwsjyErYUFWEWeMQQRCh 0f++TR3nzG2Jf/Kd3pkGKKbJySCeR61Lic6aNfaCuCB9dW7bP3E4re7tCYr72jd7e0fu lRawNXA8A+TbYoHwT5GyQgOySGDtXtYuBor99Rti7jR7DaXkkmif6g9tEZQ22fVCvWuD fGlw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=PzCQ6m1tSMQQd1T+tfNIgQBP3mNQPDeSpb7YJPP8ZIk=; b=snDK8Ggr2UsEs6ms6bc1c5unwbuPLqV7N3Oi+SihxgioojlAcHxNTanujj086PpfwW b9/cS1u0p9Ay1peJfoLsUsJmXlB86ovsPOPmsJkJ4uqJuJmP1w/hu8V8E6S9l9OSv2Xt S7+yJJsgFI8yXCavaakzjGSWurusuLwHvp4mLHvU/4AtjfCwf4kKEdwdELNn7E7O1Hra DNehojMAzn6pnrbPymRJBqWLpj9t9cshMUjDlLp7LXH/zFvu6cgSR/QnjabkLnKPVmJL UDan7YlbXvCjqxv5XWf6WaWQwpz/lmzNUPofrI/K5/yabhr6ZQJ4PUHnyLElnBj2EP60 qFFg==
X-Gm-Message-State: AJIora+YoflHHaeMeeDdeg1s+xuvgH2v7k+cNDdvyGDmrqsg9vMI57BZ B3tLJvTPDP/rVJMfycuMCcF+yC4Dxyt9gpC35YA=
X-Google-Smtp-Source: AGRyM1vvnLf5DU3bOLpXDuVBJaaVvdUsNR72SBsvCWytqBoAKfoE8XAparAXKFPlw7EOPlvp+3/Qakqu0pP461fQDrM=
X-Received: by 2002:a63:2cc6:0:b0:411:4fd6:49cb with SMTP id s189-20020a632cc6000000b004114fd649cbmr26138149pgs.365.1658180804236; Mon, 18 Jul 2022 14:46:44 -0700 (PDT)
MIME-Version: 1.0
References: <164919648646.8778.6947253487684946962@ietfa.amsl.com> <CADZyTkkdXs8tJu_J5M_Yb-VC2SbSECLen_igUrGVGtrNFng6QA@mail.gmail.com> <CAGL5yWb5oaridQzFdxoWQdieNxDb=pOB_5sMCBM+HdgCsn_NeA@mail.gmail.com> <CADZyTkk616G+U5323wBXhR35K=FojD2+V_L5UEv-=6Xzz-A4Tw@mail.gmail.com> <CADZyTkkw1h9F9pDrAYgQDOQ-BCwiezocMba4H3WUh9qvavmRYA@mail.gmail.com> <c07734f1-e33c-5aa6-92fd-24938298f3ba@nohats.ca>
In-Reply-To: <c07734f1-e33c-5aa6-92fd-24938298f3ba@nohats.ca>
From: Daniel Migault <mglt.ietf@gmail.com>
Date: Mon, 18 Jul 2022 17:46:32 -0400
Message-ID: <CADZyTk=kRGEA3BTMz05uNQbbEgXQT+TTQ0C9-o0FFtK3ny5+oQ@mail.gmail.com>
To: Paul Wouters <paul.wouters@aiven.io>
Cc: The IESG <iesg@ietf.org>, lwip@ietf.org, Mohit Sethi <mohit.m.sethi@ericsson.com>, draft-ietf-lwig-minimal-esp@ietf.org, lwig-chairs@ietf.org, IPsecME WG <ipsec@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000cf580105e41b4ded"
Archived-At: <https://mailarchive.ietf.org/arch/msg/lwip/M9DiKf3M6hrX3XAnUlVxXZQ5gug>
Subject: Re: [Lwip] [IPsec] Paul Wouters' Discuss on draft-ietf-lwig-minimal-esp-08: (with DISCUSS and COMMENT)
X-BeenThere: lwip@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Lightweight IP stack. Official mailing list for IETF LWIG Working Group." <lwip.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lwip>, <mailto:lwip-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lwip/>
List-Post: <mailto:lwip@ietf.org>
List-Help: <mailto:lwip-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lwip>, <mailto:lwip-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Jul 2022 21:46:51 -0000

Hi Paul,

Looking at the history, my latest comments were sent on april 25, and
following your email of may 24, I published the version 11 [1] that
reflected the april changes. (This version should have been published
earlier but was stalled into the data tracker.) So considering the latest
version published, please see my response inline to your comments.

[1] https://www.ietf.org/archive/id/draft-ietf-lwig-minimal-esp-11.txt

Yours,
Daniel


On Mon, Jul 18, 2022 at 3:31 PM Paul Wouters <paul.wouters@aiven.io> wrote:

> On Mon, 18 Jul 2022, Daniel Migault wrote:
>
> > My reading of the datatracker is that the document in IESG
> Evaluation::AD Followup for 117 days. I do not see any follow-up with the
> following email from
> > may 25 with the latest changes and believe all concerns have been
> addressed. I am wondering what prevents the document from being sent to the
> RFC queue
> > and if there is anything expected from my side.
>
> See my last email to you:
>
>         Date: Tue, 24 May 2022 11:27:28
>         From: Paul Wouters <paul@nohats.ca>
>         To: Daniel Migault <mglt.ietf@gmail.com>
>         Subject: draft-ietf-lwig-minimal-esp
>
>
>         Hi Daniel,
>
>         Just a reminder that draft-ietf-lwig-minimal-esp is waiting on
> actions
>         on your end to resolve the DISCUSS items. While discussing in
> github is
>         useful, in the end the changes do need to go into a new draft
> version
>         for the DISCUSS holders to evaluate them.
>
>         I think the biggest unresolved issue is the SPI one with using
> just a
>         few bytes and the "indexing" that I still do not understand.
>
>         Paul
>
>
> The limited SPI numbers and rekeying is still not clear to me.
> We exchanged a few emails but that did not result in me understanding
> this.
>

I am happy to understand what is unclear. I suppose the text you are
referring to is the one below - extracted from version 11.

   Alternatively, some constrained devices will not implement IKEv2 or
   Minimal IKEv2 and as such will not be able to manage a roll-over
   between two distinct SAs.  In addition, some of these constrained
   devices are also likely to have a limited number of SAs - likely to
   be indexed over 3 bytes only for example.  One possible way to enable
   a rekey mechanism with these devices is to use the SPI where for
   example the first 3 bytes designates the SA while the remaining byte
   indicates a rekey index.  SPI numbers can be used to implement
   tracking the inbound SAs when rekeying is taking place.  When
   rekeying a SPI, the new SPI could use the SPI bytes to indicate the
   rekeying index.


> The sequence number discussion mentions the issue of packets falling
> out of the receive window. We talked about an IKE option/notify to
> signal this and during that discussion it also came to light that this
> protocol is going to be used without IKEv2. This leaves an
> interoprability unaddressed.
>
>

I do not see any mention of IKE option and SN, but maybe you can refresh my
memory. The only IKE option discussion I recall of is an option you propose
to request the other peer not to send dummy packets - which is primarily
out of scope of minimal esp and whose usefulness remains to be proven.



> And since this protocol is also meant to run without IKEv2, there is
> an issue of only recommending AEAD algorithms that rely on IKEv2 for
> its security properties.
>

I do not see the issue associated with AEAD, so can you be a bit more
explicit. I do not see what is being provisioned via IKE that cannot be
provisioned via other means.
In addition, I do not see this as an issue if we were mandating AEAD. This
is not the case. The document recommends the use of AEAD  as a general
purpose. I think this is relevant and does not prevent specific cases of
not using AEAD. What text would you like to see ?


> Section 6 talks about Dummy packets but the labeling of the header
> is a bit misleading into thinking the Next Header behaviour is
> modified. I had suggested the section to be renamed.
>
>
The current title is "6. Next Header (8 bit) and Dummy Packets". The
section has been renamed, and I do not see what more needs to be done.


> > Please find my response to your comments. The current version of the
> file integrates the language changes as well as changes to address the
> concerns
> > of this thread:
> >
> >
> https://github.com/mglt/draft-mglt-lwig-minimal-esp/commit/d7710c19802bdce4c978d71ad303b739e1406f1e
>
> We ended up discussing this in email, but that did not end in my
> understanding. Also, the above commit did not actually make it
> into the draft yet. It is very hard as AD to keep track of changes
> that are not in the actual datatracker.
>

The changes have been implemented here:
 https://datatracker.ietf.org/doc/draft-ietf-lwig-minimal-esp/


> Paul



-- 
Daniel Migault
Ericsson

v2.23.0 | Report a Bug | By Email