Re: [Lwip] Lars Eggert's No Objection on draft-ietf-lwig-minimal-esp-08: (with COMMENT)
Daniel Migault <mglt.ietf@gmail.com> Wed, 06 April 2022 13:10 UTC
Return-Path: <mglt.ietf@gmail.com>
X-Original-To: lwip@ietfa.amsl.com
Delivered-To: lwip@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2C8893A19CA; Wed, 6 Apr 2022 06:10:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qWn0aE22XCSZ; Wed, 6 Apr 2022 06:10:10 -0700 (PDT)
Received: from mail-lj1-x230.google.com (mail-lj1-x230.google.com [IPv6:2a00:1450:4864:20::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C25AB3A19C8; Wed, 6 Apr 2022 06:10:09 -0700 (PDT)
Received: by mail-lj1-x230.google.com with SMTP id a30so3093327ljq.13; Wed, 06 Apr 2022 06:10:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=JVP6I+phMsnoDajCAp8kXkE+6GqWHApYCQutt9r8+cY=; b=pf49PWwBQsO44zkG/VRrcPxeCPoX9OgevLUJo+ZwSN0kd8vr0RQjSCjEybw6o8KYKb 0C7hpkQ9y7605LC20PXMFUJUWj5/LZWrdjdanKZ4slE7Ju9cCaEMFT3CyBzAld7Solgo z2vkZfVKsVvz4IorcfQuOq2J+dM2T1bvmTtNvKD61wqEpxovLwLn9yqD9SA496UGEwhc 3oOaDr1QM8jyZDL8Bax3L63uAQa6fAplCMUoIMxxOHIqzILHaGW5ue2VOYHLWmYZR4C0 Y2ulGENC6qPmJeJXpV9kD3DeGDsshJjaRl+7B4icUhzn/cBP56B7QtTXbyLat+zNcqYI 06Ng==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=JVP6I+phMsnoDajCAp8kXkE+6GqWHApYCQutt9r8+cY=; b=q58LoBva9/JtjdziNXUElHPAF3CROiq70kOEAfD75WRY0OroF4sk35V2DQIyke0CEI EIMxo/d66daxpJQr7ge7QWWxYaT8Gvecv+GLNb2z8YRwP98FpkYO9vmV0dvVoc80hBXK 7/SfDqsy+xmMzo6ZA5FPiaYExMI3O+KXkeKni6l3p48loH2z6w6uQZaR9QLwNBu/X4Py 7iQLJE0R8awd2y4IJPOgzQ+Fi9jX+yz15pkit75yEMZ8vGNWTWqic+3PDXw/o9jkWs3m qrUGlC4Oolt0hQ+wNzmRE2nYD435hoEtrKbuSPy4RA6o7fWcjW0mWBuI2cVhjwqFALyy tW7g==
X-Gm-Message-State: AOAM532tHhhXO+lt/+xlVhWCHBAKQdJ06Lhnc6iDMkbWUY6UG6duBg4o CNxhf0dMjnkfq5DLsz8SyFj85jYe6oiafN5dbcI=
X-Google-Smtp-Source: ABdhPJze6lHs+VfhbgDh81x7n5EcF93IOEHbQYkQo922PJj/tJ3WXi4OUeD+O0pZLseqof69798a4pV5qZUPy08HKg4=
X-Received: by 2002:a2e:b94b:0:b0:249:6181:468a with SMTP id 11-20020a2eb94b000000b002496181468amr5296060ljs.113.1649250606986; Wed, 06 Apr 2022 06:10:06 -0700 (PDT)
MIME-Version: 1.0
References: <164916870616.25270.13857913632005865508@ietfa.amsl.com> <CADZyTkmL35Cs6nhz0ZtEBRa9xYq8SHA9fHXQEJ+kTXVS5wxCdw@mail.gmail.com> <FA6274C4-064F-46F7-A87F-F112678A6EA1@eggert.org>
In-Reply-To: <FA6274C4-064F-46F7-A87F-F112678A6EA1@eggert.org>
From: Daniel Migault <mglt.ietf@gmail.com>
Date: Wed, 06 Apr 2022 09:09:55 -0400
Message-ID: <CADZyTkk-eu=gxTttBRattze6UB=R69eBWucFnxzV4w2yCQLGLg@mail.gmail.com>
To: Lars Eggert <lars@eggert.org>
Cc: The IESG <iesg@ietf.org>, lwip@ietf.org, Mohit Sethi <mohit.m.sethi@ericsson.com>, draft-ietf-lwig-minimal-esp@ietf.org, lwig-chairs@ietf.org
Content-Type: multipart/alternative; boundary="000000000000933b8d05dbfc1409"
Archived-At: <https://mailarchive.ietf.org/arch/msg/lwip/wN6UJpl3Ky_Jq15QMyXL2SLlYiU>
Subject: Re: [Lwip] Lars Eggert's No Objection on draft-ietf-lwig-minimal-esp-08: (with COMMENT)
X-BeenThere: lwip@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Lightweight IP stack. Official mailing list for IETF LWIG Working Group." <lwip.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lwip>, <mailto:lwip-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lwip/>
List-Post: <mailto:lwip@ietf.org>
List-Help: <mailto:lwip-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lwip>, <mailto:lwip-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Apr 2022 13:10:15 -0000
On Wed, Apr 6, 2022 at 5:01 AM Lars Eggert <lars@eggert.org> wrote: > Hi, > > On 2022-4-6, at 5:05, Daniel Migault <mglt.ietf@gmail.com> wrote: > > Section 2. , paragraph 6, comment: > > > [RFC4303] does not require the SPI to be randomly generated over 32 > > > bits. However, this is the recommended way to generate SPIs as it > > > provides some privacy benefits and avoids, for example, correlation > > > between ESP communications. To randomly generate a 32 bit SPI, the > > > node generates a random 32 bit valueand checks it does not fall in > > > the 0-255 range. If the SPI has an acceptable value, it is used to > > > index the inbound session, otherwise the SPI is re-generated until > an > > > acceptable value is found. > > > > Wouldn't it be simpler to compute a 24-bit random value and left-shift > it by > > eight? Or left-shift the 32-bit value; both remove the need to check. > > > > I think the situation we want to avoid is to have the 24 right most bits > to be set to zero. With a random 32 bit value, the probability to have are > rejected value is 2**8 / 2**32. If you take a 24 bit value that you > left-shift by eight that probability becomes 2**8/2**24. If you take a 32 > bit value you left shift by eight that probability becomes 2**16/2**32. > Unless I am missing something, we cannot avoid the check. > > nowhere in the text does it say that avoiding that the 24 rightmost bits > be zero is a goal? (And don't you mean leftmost?) It talks about avoiding > values between 0-255, which you could do by shifting a value >0 or by > clearing the bottom eight bits (for a value >255). > > Of course I went in the wrong direction ;-), but I am still unsure I am capturing/understanding your comment. I apologize in advance but let me try to set my thoughts. The current text does not detail how to implement and ensure the SPI does not match the value 0-255. But I assumed one generates a 32 bit and checks if the 24 leftmost are not set 0. If these are set to 0 the SPI is rejected. This ends in some SPI being rejected occasionally and I understand your proposal is to generate a SPI without any need to check which avoids rejected SPIs. You propose to generate a 24 bit random, check it is not zero and left shift. If I understand correctly, the right most byte will be 0. The same can be done with 32 bits, though the check needs to be performed over the right most 24 bits. In fact, the 32 bit could be non zero because of the leftmost byte, and this byte will be removed after the left shift. I do not see how a check can be avoided, and it seems to me the same check is performed in all cases. My understanding of the mechanism you propose is that it clears the right most byte which I see as different from what we are trying to achieve and also reduces the SPI space. If we wanted to avoid the check, maybe we could set the left most byte to a non zero value to which a 24 bit random is appended. > Thanks, > Lars > > -- Daniel Migault Ericsson
- [Lwip] Lars Eggert's No Objection on draft-ietf-l… Lars Eggert via Datatracker
- Re: [Lwip] Lars Eggert's No Objection on draft-ie… Daniel Migault
- Re: [Lwip] Lars Eggert's No Objection on draft-ie… Lars Eggert
- Re: [Lwip] Lars Eggert's No Objection on draft-ie… Daniel Migault