IETF Logo Mail Archive

[Lwip] The LWIG WG has placed draft-mglt-lwig-minimal-esp in state "Call For Adoption By WG Issued"

Heinrich Singh <heinrich.ietf@gmail.com> Thu, 23 August 2018 18:32 UTC

Return-Path: <heinrich.ietf@gmail.com>
X-Original-To: lwip@ietfa.amsl.com
Delivered-To: lwip@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 088D0130EE5; Thu, 23 Aug 2018 11:32:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id POMPwucDFoGY; Thu, 23 Aug 2018 11:32:16 -0700 (PDT)
Received: from mail-it0-x232.google.com (mail-it0-x232.google.com [IPv6:2607:f8b0:4001:c0b::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 10853130EE9; Thu, 23 Aug 2018 11:32:16 -0700 (PDT)
Received: by mail-it0-x232.google.com with SMTP id h20-v6so8835105itf.2; Thu, 23 Aug 2018 11:32:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=/ks7z4XxLgOMJ/Hf2g3TEOqYRBhpXAIjkzJ9YAmwDmc=; b=uDgJ2dx8W94h++YA97mF2P2Mg791oKLrRfFYRpEc6L3i2d4PRMIMiz/HxYotMGlfTq bZ6y5KReAPF8hJUTIaPTnwPYAwZp8co1O5OeXa/f+IptPijD7UkTplrHO5HoTU6mfcOi ZBbkhCBIunKaQnClrG4rOOO2ciczVA9VhRy07DCVxJaBX7FZoPkV31aVyRFp21PNX+hE whIT0I1TZYsfaK7K4EoXj3VwLv7ssa9Kz0lIdFjxZX6jGtnU2H1uz8eMsrqlaZc8nN9X 5tAgpDrxcFS5nloLN1dbuMQ3hYhE8WqOhEAu17ZlSBG3+ILdZaIj+sv8Px7bU37Pg9Bz fjoQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=/ks7z4XxLgOMJ/Hf2g3TEOqYRBhpXAIjkzJ9YAmwDmc=; b=izp4AozIDP4vU9aIxESMW+uLl/IbiUyusdqo7VWZPvXYBfHY8xJkiw7YrpScHeZ1/V yuJrJZ9+l2glN+R07JBGbPuQ4/mQ8oUxcv6ic30txRf/h72fwKW/YqMPcTzgttf3jiv1 PxeIQIvLwLEri8LxPHAz1FThyREhWTy0pfMftIqHFhrB6Se/BzQFYkTKAA+6ZLKidWF4 pJT+b62eypL77jSnZiKBKBxEFZSxW8EuiThnch+2DiA7TjOzSk2GjUE/uly5Ut9CzK5m BefUfo8H3joY1Emsk3v2sH6A/Sd7Iw6dbFCLKp4Q3Q0HQ4JQQ//m8ahB0rDTGp7i5Kbe igrg==
X-Gm-Message-State: APzg51D8to9kl1hZzUyTqgHAMu80Trw1bp/47G1IFhfdED/jKcaP6LdB +ZoVQprjPDLwwWf24CDIz53wd/3/QCi15+A6NlEVBhSpFpYtlQ==
X-Google-Smtp-Source: ANB0VdYL4h1+bY+PxuzfvJnonRS5oxuWVfdjwAKmtfUnKBUEuUiMDIg53/9b72zinKVjVAII8lZwbYkfoKLVbICcudQ=
X-Received: by 2002:a24:282:: with SMTP id 124-v6mr7184305itu.151.1535049135209; Thu, 23 Aug 2018 11:32:15 -0700 (PDT)
MIME-Version: 1.0
From: Heinrich Singh <heinrich.ietf@gmail.com>
Date: Thu, 23 Aug 2018 21:32:03 +0300
Message-ID: <CAP_kZQqckPJhCn083sg8=PVpiO_+Ke=GhOKre=qujkk4k=dU7A@mail.gmail.com>
To: lwip@ietf.org, ipsec@ietf.org
Content-Type: multipart/alternative; boundary="0000000000006ac41c05741e7aa7"
Archived-At: <https://mailarchive.ietf.org/arch/msg/lwip/dS0Ds4SPnWUGlgAgLl8KeVhPHFY>
Subject: [Lwip] The LWIG WG has placed draft-mglt-lwig-minimal-esp in state "Call For Adoption By WG Issued"
X-BeenThere: lwip@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "Lightweight IP stack. Official mailing list for IETF LWIG Working Group." <lwip.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lwip>, <mailto:lwip-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lwip/>
List-Post: <mailto:lwip@ietf.org>
List-Help: <mailto:lwip-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lwip>, <mailto:lwip-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Aug 2018 04:22:49 -0000

Hello IETF,

I am new to LWIP/IPSEC. I read draft-mglt-lwig-minimal-esp. Here is my
summary:


   1. Don't use random SPI because getting randomness on small devices is
   expensive. This will of course leak privacy. If a vendor/app uses fixed SPI
   for his devices, then someone on the network can find out info of
   vendor/app. Also, why a device can generate random number for doing IKEv2,
   nonces etc. but not for generating SPI?
   2. Storing sequence numbers is difficult so devices can use time.
   Getting time on small devices is actually much harder. Also is there some
   hard info that reading time is cheaper than reading sequence number from
   memory? I can also look at packets much later and tell when you sent a
   packet.
   3. Don't use Traffic Flow Confidentiality again loosing privacy.
   4. Don't use dummy packets again loosing privacy.
   5. Reference rfc 8221 for IoT related crypto suites.

I don't know why IETF would publish this document when they have rfc 6973.
I want to see some actual performance from a real ESP implementation where
privacy is protected and energy is saved by tweaking the TFC and how often
dummy packet is sent.

Ciao
Heinrich

v2.19.0 | Report a Bug | By Email