Re: [Lwip] [IPsec] draft-ietf-lwig-minimal-esp shepherd writeup
Tero Kivinen <kivinen@iki.fi> Mon, 22 March 2021 18:13 UTC
Return-Path: <kivinen@iki.fi>
X-Original-To: lwip@ietfa.amsl.com
Delivered-To: lwip@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3F5313A1026; Mon, 22 Mar 2021 11:13:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.201
X-Spam-Level:
X-Spam-Status: No, score=-0.201 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=iki.fi
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5hizD4NjUKNx; Mon, 22 Mar 2021 11:13:39 -0700 (PDT)
Received: from meesny.iki.fi (meesny.iki.fi [IPv6:2001:67c:2b0:1c1::201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C988C3A1024; Mon, 22 Mar 2021 11:13:38 -0700 (PDT)
Received: from fireball.acr.fi (fireball.kivinen.iki.fi [IPv6:2001:1bc8:100d::2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: kivinen) by meesny.iki.fi (Postfix) with ESMTPSA id D5BD020034; Mon, 22 Mar 2021 20:13:33 +0200 (EET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=iki.fi; s=meesny; t=1616436813; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=lYSfEDTwbB4kfvkGDFjdtt5+0C/cQe6aOvWsrHhGy28=; b=crK0gTUNpNMggDJLZLpGiYgeKm6M/ePomDfQbmVyAvWd8SmANnTe9tZ1a7bY0ep+htzFZG o2Xc+j86wT52t44FNx105NXlyzy/Sq2RuQW/SkuidRA23CQyduPPIXOuML3vkVKH3WmE4W 86kDsxtuql9wf2TkQsDlSk6v1DUyl20=
Received: by fireball.acr.fi (Postfix, from userid 15204) id 9072125C128B; Mon, 22 Mar 2021 20:13:32 +0200 (EET)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <24664.56908.311977.241060@fireball.acr.fi>
Date: Mon, 22 Mar 2021 20:13:32 +0200
From: Tero Kivinen <kivinen@iki.fi>
To: Paul Wouters <paul@nohats.ca>
Cc: Daniel Migault <mglt.ietf@gmail.com>, Mohit Sethi M <mohit.m.sethi=40ericsson.com@dmarc.ietf.org>, "ipsec@ietf.org" <ipsec@ietf.org>, "lwip@ietf.org" <lwip@ietf.org>
In-Reply-To: <64c3cd-f873-e140-7b5c-747fa953a7fe@nohats.ca>
References: <67654664-717b-1017-707b-0b4dfde52d24@ericsson.com> <CADZyTkkgCiy9hf7DE42oGd-5Mw3pjVB3_Y89U8KovxNctQBWZw@mail.gmail.com> <cea14f52-52bb-6f3f-1266-a457978dd43@nohats.ca> <24664.45733.636417.217300@fireball.acr.fi> <64c3cd-f873-e140-7b5c-747fa953a7fe@nohats.ca>
X-Mailer: VM 8.2.0b under 26.3 (x86_64--netbsd)
X-Edit-Time: 15 min
X-Total-Time: 14 min
ARC-Seal: i=1; s=meesny; d=iki.fi; t=1616436813; a=rsa-sha256; cv=none; b=sS2Id5uxmyqUdbedI+T7rNLwr9rrSyWuUu928s1cizIsqAsMNPikib3r/aeaDg94zKhmDr Z82uOI++lCaguHPpM/1DIh2WaVU87UiQvQHhOW/KpUk/y/hnimEI6OT1KUzZt+NWiwYix4 zqLKKUkOv8iRuTOjiLDCMN/DVJF5Jz8=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=iki.fi; s=meesny; t=1616436813; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=lYSfEDTwbB4kfvkGDFjdtt5+0C/cQe6aOvWsrHhGy28=; b=MXtsUghptlglIn71GlGW8d3vWxbROgz4Ou9LBJcADmCtGWASpg1whKz56QayXWYbWbwDE5 SxZyTjeHJWhrkN0BcrGWYS+YlRs9A/u4i1wwq2Y3/5PQW7/yCK3KxjpKdvjTTEsASTRa02 juhVwNDzuN1x/FZW+l6FwtNl+CW3PR8=
ARC-Authentication-Results: i=1; ORIGINATING; auth=pass smtp.auth=kivinen smtp.mailfrom=kivinen@iki.fi
Archived-At: <https://mailarchive.ietf.org/arch/msg/lwip/cCN6Wwh4gUoTqeG5eAb4MfLjntQ>
Subject: Re: [Lwip] [IPsec] draft-ietf-lwig-minimal-esp shepherd writeup
X-BeenThere: lwip@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Lightweight IP stack. Official mailing list for IETF LWIG Working Group." <lwip.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lwip>, <mailto:lwip-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lwip/>
List-Post: <mailto:lwip@ietf.org>
List-Help: <mailto:lwip-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lwip>, <mailto:lwip-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Mar 2021 18:13:42 -0000
Paul Wouters writes: > Reading back now, I think with some clarifications added, I am okay > with the document. I think the list of clarifications we now have is: I think your list of things to add is mostly ok. Note, that on some enviroments creating random numbers is possible, but it takes time, and power to do so. For example it might be that hardware random number generator is normally powered off, and is only powered on during the IKE SA creation phase, and can only create random numbers at very limited speed. It also might require some time do self tests, calibration etc before it can be used, so using it per packet might not be usable, while using it for generating randomness during the initial phase is no problem. Perhaps all this should be collected to one new section of the draft, explaining that you do need proper randomness for Diffie-Hellman etc, but for ESP you might not need proper random number generators. > - A clear section on why AES-CBC/3DES-CBC cannot be used due to IV > randomness limitations That is not true. CBC mode requires IVs to be random and unpredictable, but they do not really be true random, it is enough to use pseudo random number generators for that. One way to get that is to use fixed secret key (only known to the device, and no, do not use key derived from the serial number or mac of the device or similar) and encrypt the incrementing time with such key. That should provide proper random IVs than can be used in CBC mode, and which are unpredictable to everybody who does not know the key used to generate them. > - change "cryptographic suites" and "crypto-suites" to "cryptographic > algorithms" to avoid TLS confusion IKEv2 RFC7296 uses cryptograhic suites. RFC4303 or RFC4301 does not use term suite at all. I would prefer keeping that same term than what IKEv2 uses. > - Remove reference to I-D.nikander-esp-beet-mode, with the text "not > standarized yet". This draft has been abandoned in 13 years ago. There has been some discussion every now and then to revive that draft. There is some good properties in that especially for IoT environments, as it does not send the extra inner IP header, when that IP header can be constructed from the SAD. Anyways that draft is clearly something that is not in scope for lwig, but falls in the IPsecME scope, so removing that text now is probably correct. -- kivinen@iki.fi
- [Lwip] draft-ietf-lwig-minimal-esp shepherd write… Mohit Sethi M
- Re: [Lwip] draft-ietf-lwig-minimal-esp shepherd w… Daniel Migault
- Re: [Lwip] [IPsec] draft-ietf-lwig-minimal-esp sh… Paul Wouters
- Re: [Lwip] [IPsec] draft-ietf-lwig-minimal-esp sh… Mohit Sethi M
- Re: [Lwip] [IPsec] draft-ietf-lwig-minimal-esp sh… Paul Wouters
- Re: [Lwip] [IPsec] draft-ietf-lwig-minimal-esp sh… Tero Kivinen
- Re: [Lwip] [IPsec] draft-ietf-lwig-minimal-esp sh… Paul Wouters
- Re: [Lwip] [IPsec] draft-ietf-lwig-minimal-esp sh… Daniel Migault
- Re: [Lwip] [IPsec] draft-ietf-lwig-minimal-esp sh… Tero Kivinen
- Re: [Lwip] [IPsec] draft-ietf-lwig-minimal-esp sh… Daniel Migault