Re: [Lwip] [IPsec] The LWIG WG has placed draft-mglt-lwig-minimal-esp in state "Call For Adoption By WG Issued"

Daniel Migault <daniel.migault@ericsson.com> Tue, 12 February 2019 13:17 UTC

Return-Path: <mglt.ietf@gmail.com>
X-Original-To: lwip@ietfa.amsl.com
Delivered-To: lwip@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 488EA130DDA for <lwip@ietfa.amsl.com>; Tue, 12 Feb 2019 05:17:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.88
X-Spam-Level:
X-Spam-Status: No, score=-1.88 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.018, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lJlLBJ9cgvZf for <lwip@ietfa.amsl.com>; Tue, 12 Feb 2019 05:17:56 -0800 (PST)
Received: from mail-lj1-f182.google.com (mail-lj1-f182.google.com [209.85.208.182]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3343A130DD8 for <lwip@ietf.org>; Tue, 12 Feb 2019 05:17:56 -0800 (PST)
Received: by mail-lj1-f182.google.com with SMTP id g80so420442ljg.6 for <lwip@ietf.org>; Tue, 12 Feb 2019 05:17:56 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=OSpaAkwbe0+vM5og9wExJpqkEGKtq4Dy40CMOIkcWZo=; b=ikWqZP1j36orlAVO+5rzautMTqi+H9HR0+sVsWIwbdwiHDpPIjMa35yb95jG042E99 YQ+1T7XmOZ/DgoeIqWzi6479g4KAK32K9dYZW1AugpXuo1s3HaZDzk7/4kJmFnen1XQd xIdrAtaTFK3iyH+lg7hYaOVHCKJMUkv8aOyTfFl3/cMhKPdnsSEID3LgoOXrl+0cp8mC 6+mLf7DmhSoB2fITjrS/HsLmW60LunoIg0zAcPqKDvc6Zid0A/kAjxnzZ0SNQTGr1mOE vtgTQ5FcPWtuJiLK4JXW5p4tyBXt8rEIa0TSu4riyCWZPCPbbfUqBQu7jWVMK1ssArhe dg1g==
X-Gm-Message-State: AHQUAua5vcucA9O2pefRTFi2fDNOijjJmk4k42nRNQXcWzBp0YSC+fgA KEeNmbd/XhVL7H9mYSjBOf4ypqeQW/TqvPFxMyg=
X-Google-Smtp-Source: AHgI3IYFcL3hvcr5IvnDvsLttHW0kJhl4w4KRw01202XIAfmgm7ZhRCGS25I3Vn8xnuEOCLPgrNoCD7HiPlm/f+JtsM=
X-Received: by 2002:a2e:870c:: with SMTP id m12-v6mr2378504lji.180.1549977474068; Tue, 12 Feb 2019 05:17:54 -0800 (PST)
MIME-Version: 1.0
References: <CAP_kZQqckPJhCn083sg8=PVpiO_+Ke=GhOKre=qujkk4k=dU7A@mail.gmail.com> <CADZyTk=dtJS7bS8oJtSa1bW-Xv3-AkuboX1QoJTFG+DyuN94ow@mail.gmail.com> <CAP_kZQrnmJJaLtzSJ5MeDYSme2mV6sAfGZrE5tnx8P6hbMib7g@mail.gmail.com> <23433.17795.580382.531001@fireball.acr.fi> <alpine.LRH.2.21.1808311231250.27198@bofh.nohats.ca> <VI1PR07MB4717173E61C887FDF4E4D3ABD0F70@VI1PR07MB4717.eurprd07.prod.outlook.com>
In-Reply-To: <VI1PR07MB4717173E61C887FDF4E4D3ABD0F70@VI1PR07MB4717.eurprd07.prod.outlook.com>
From: Daniel Migault <daniel.migault@ericsson.com>
Date: Tue, 12 Feb 2019 08:17:42 -0500
Message-ID: <CADZyTk=hYhJH8yU5TU6m_dsEr_u+iEfd=c=oasV5=JEHM4dc1g@mail.gmail.com>
To: Mohit Sethi M <mohit.m.sethi@ericsson.com>
Cc: Paul Wouters <paul@nohats.ca>, Tero Kivinen <kivinen@iki.fi>, Heinrich Singh <heinrich.ietf@gmail.com>, "lwip@ietf.org" <lwip@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000c0779e0581b240a1"
Archived-At: <https://mailarchive.ietf.org/arch/msg/lwip/YmYHglebYtLaD6T02pwTZ7q0nks>
Subject: Re: [Lwip] [IPsec] The LWIG WG has placed draft-mglt-lwig-minimal-esp in state "Call For Adoption By WG Issued"
X-BeenThere: lwip@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Lightweight IP stack. Official mailing list for IETF LWIG Working Group." <lwip.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lwip>, <mailto:lwip-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lwip/>
List-Post: <mailto:lwip@ietf.org>
List-Help: <mailto:lwip-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lwip>, <mailto:lwip-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Feb 2019 13:17:59 -0000

Hi,

I am wondering what is currently the status of the draft. Feel free to let
me know if I something is expected on my side.

Yours,
Daniel

On Thu, Oct 25, 2018 at 3:05 AM Mohit Sethi M <mohit.m.sethi@ericsson.com>
wrote:

> Hi Paul, Heinrich and Tero,
>
> The authors have updated the draft based on the feedback received:
>
> https://datatracker.ietf.org/doc/draft-mglt-lwig-minimal-esp/
>
> Please let us know whether you still have objections to this being
> adopted as a WG document.
>
> --Mohit
>
> On 8/31/18 7:50 PM, Paul Wouters wrote:
> > On Fri, 31 Aug 2018, Tero Kivinen wrote:
> >
> >> There is no requirement for SPI to be random and originally it was
> >> written that way so implementations can use whatever method to
> >> allocate SPIs they like.
> >
> > However, the randomized SPIs does give us some security, as we saw in
> > the SLOTH attack, that was only stopped because of the effort of 2^77
> > to break. If we used predictable SPIs for IKE, then IKE would have
> > fallen to the SLOTH attack as well.
> >
> > https://access.redhat.com/blogs/product-security/posts/sloth
> >
> > Although in this case, I guess we are talking about ESP/AH SPIs. There
> > is still benefits in randomness, even if it is not cryptographically
> > random. Just to ensure the same SPIs aren't re-used too quickly and
> > get confused. The document does correctly point out not to use SPIs
> > below 256.
> >
> >> Adding requirement that SPI needs to be random would be modifying the
> >> base ESP, and is not in the scope of draft trying to define minimal
> >> ESP. Saying that in contrained devices which have very few SPIs the
> >> SPIs can be allocated using some other method than random is in scope
> >> of the this draft.
> >
> > Agreed.
> >
> >> On the other hand sender is REQUIRED to send sequence numbers in such
> >> way they are monotonically incrementing (not necessarely by one), and
> >> if it has any kind of other monotonically incrementing counter like
> >> clock, it can use that to generate the sequence numbers and get rid of
> >> the requirement to store outgoing sequence number to the flash.
> >
> > Wouldn't not incrementing by one screw up the windoz sizes of receiving
> > ends? Eg if they received #64, they might accept 65-128 so receiving 300
> > might just make them do more work or effectively have no window?
> >
> >> I have not actually never seen anybody sending dummy packets or TFC
> >> padding packets in any implementations.
> >
> > Yup. Linux supports it. With libreswan you can configure tfc= with a
> > value of zero meaning pad to MTU. We haven't yet enabled this by default,
> > since there are reasons for and against it. It's much better for privacy
> > obviusly, but if this is going of mobile data, you are paying for the
> > padding.
> >
> >> not even sure which implementation support for sending dummy packets.
> >
> > That I don't know either. although there are already so many "dumb" DPD
> > packets, we sort of have this already over port 4500 :)
> >
> >> So as those are not really used in non-constrained devices
> >
> > Hmm, I guess the Lantronix Xport Pro does not count as constrained?
> > Because it does run Linux and libreswan in 8MB SDRAM with NOMMU :)
> >
> > I still have to read the full document before I decide if I am in favour
> > of adopting or not.
> >
> > Paul
> >
> > _______________________________________________
> > Lwip mailing list
> > Lwip@ietf.org
> > https://www.ietf.org/mailman/listinfo/lwip
>
> _______________________________________________
> Lwip mailing list
> Lwip@ietf.org
> https://www.ietf.org/mailman/listinfo/lwip
>