IETF Logo Mail Archive

Re: [MEXT] Review of draft draft-patil-mext-mip6issueswithipsec-01

arno@natisbad.org (Arnaud Ebalard) Tue, 28 July 2009 08:01 UTC

Return-Path: <arno@natisbad.org>
X-Original-To: mext@core3.amsl.com
Delivered-To: mext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 594B63A6D27 for <mext@core3.amsl.com>; Tue, 28 Jul 2009 01:01:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.284
X-Spam-Level:
X-Spam-Status: No, score=-3.284 tagged_above=-999 required=5 tests=[AWL=-0.285, BAYES_00=-2.599, J_CHICKENPOX_33=0.6, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id a+3HjJcTxIQi for <mext@core3.amsl.com>; Tue, 28 Jul 2009 01:01:36 -0700 (PDT)
Received: from copper.chdir.org (copper.chdir.org [88.191.97.87]) by core3.amsl.com (Postfix) with ESMTP id 98D003A691A for <mext@ietf.org>; Tue, 28 Jul 2009 01:01:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=natisbad.org; s=mail; h=From:To:Cc:Subject:References:Date: Message-ID:MIME-Version:Content-Type; bh=i7HFzXh/Nym/DFvHq+ZxdPZ 3UcMgbSrdJ2JrMn5/G+E=; b=XEvLv8SsqT3mS0nUk1QWdVu+RpVo0PeMz74p+7G qKa6HsI8i/MCpBNweZDlaCMXLWSnPhdUIqamM7Y/H0OiCRr+ymeIIo9PT+uDJRsD hiBy/S3R96YARwLXiC/n2WzIE1OfVcDjzj7RZteJV7wvrhgJIbcEpdX2rcvNLMeT jvHE=
Received: from [2001:7a8:78df:2:20d:93ff:fe55:8f79] (helo=small.ssi.corp) by copper.chdir.org with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.69) (envelope-from <arno@natisbad.org>) id 1MVhcp-0000xL-Br; Tue, 28 Jul 2009 10:01:31 +0200
From: arno@natisbad.org
To: jouni korhonen <jouni.nospam@gmail.com>
References: <C68F84FA.2B9FF%basavaraj.patil@nokia.com> <87tz0xkjps.fsf@small.ssi.corp> <9F72E813-4169-44E4-BA07-D70DC1C7070C@gmail.com>
X-PGP-Key-URL: http://natisbad.org/arno@natisbad.org.asc
X-Fingerprint: 47EB 85FE B99A AB85 FD09 46F3 0255 957C 047A 5026
X-Hashcash: 1:20:090728:basavaraj.patil@nokia.com::UQZGwFcxtXBEEZqq:0000000000000000000000000000000000000YxC
X-Hashcash: 1:20:090728:jouni.nospam@gmail.com::VqdB+McMLBS3GePS:0000000000000000000000000000000000000001HSt
X-Hashcash: 1:20:090728:mext@ietf.org::pP7PqDy/+HvxV3iB:0000Rn5A
Date: Tue, 28 Jul 2009 10:02:08 +0200
Message-ID: <871vo18ccf.fsf@small.ssi.corp>
User-Agent: Gnus/5.110009 (No Gnus v0.9) Emacs/23.0.92 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Cc: mext@ietf.org, Basavaraj.Patil@nokia.com
Subject: Re: [MEXT] Review of draft draft-patil-mext-mip6issueswithipsec-01
X-BeenThere: mext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Mobile IPv6 EXTensions WG <mext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/mext>, <mailto:mext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mext>
List-Post: <mailto:mext@ietf.org>
List-Help: <mailto:mext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mext>, <mailto:mext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Jul 2009 08:01:37 -0000

Hi Jouni,

jouni korhonen <jouni.nospam@gmail.com> writes:

> [snip] relying on TLS (or even DTLS) for MIPv6 is IMHO a bad design
> idea.
>
> Looks bad why? Please, list the points that lead to this conclusion. I
> would help us greatly.

- Because TLS has been designed to secure transport streams ..
- ... not as a key exchange mechanism for L3
- Because you map TLS ciphersuites to some enc and hash algs to be
  used with IPsec.
- Because, pratically, you create yet another variation of what EAP-TLS
  does, but using HTTP and without reusing the guaranteed key material
  generated by TLS.

Again, can you argue why you don't directly use DTLS instead of some
TLS+ESP headers variations?

>> o In 5.4.2, "The MN or the HA MAY switch between the encryption and
>>   plain text at any time based on local policies": what if an attacker
>>   knows the SPI and the sequence number. Can she start sending
>>   plaintext packets to one or another endpoint just by changing the
>>   ptype?
>
> Anyone who gets on the link between the MN and the HA, could inject
> false packets if payload protection is not used. This would be true
> for plain MIP6 as well when IPsec is not used.

Sure. But my concern is about the reverse scenario. Protection of data
is used. 

> If user payload protection (as per I-D) is used, then the change of
> PType will be noticed and those forged packets get dropped.

How? As pointed previously, there is nothing about the equivalent of
Security Policies discussed in the draft and you have that sentence:
"The MN or the HA MAY switch between the encryption and plain text at
any time based on local policies". IMHO, this is unclear to say the
least. 

>> At some point, considering you drop RO, I wonder why not going for one
>> of the following solutions instead of keeping MIPv6 in the picture:
>
> No one so far (from the MIP6 point of view) I have worked with has
> seriously requested it. Anyway, with the solution the I-D proposes, if
> the CN also implements the HAC functionality, the MN could bootstrap a
> security context with the CN and talk directly to the CN.
>
> RO can be brought in, but I am not sure if it is worth the effort in
> this particular I-D.

Maybe it is just me but without RO, mobility can be provided to clients
by a common VPN software.

>>> We believe that it does not require changes to the security engine on
>>> the host. It is a solution which uses the APIs and libraries of TLS
>>> on
>>> the host without having to modify them.
>>> The problem with IPsec/IKEv2 and MIP6 is that we end up having to
>>> modify the security subsystem to make it work and this is not a
>>> feasible option in all instances.
>>
>> One of the problem you have with MIPv6 are the required interactions
>> with IPsec/IKE, for instance in order to update the SA endpoints. In
>> draft-korhonen-mext-mip6-altsec-01.txt, you skip this point and do not
>> explain how the interactions with the IPsec stack are done. Can you
>> clarify?
>
> There is no interaction with IPsec stack.

So you reuse ESP format but have no interaction with the IPsec stack. Am
I correct on the following: you reimplement in userland all the ESP
related parsing which is available in the kernel stack.

>>> The number of messages exchanged to setup the IPsec SA is an
>>> issue. Especially when you compare it with the registration process
>>> required for MIP4. So if you compare the number of steps for
>>> registration of an MN for MIP6 vs MIP4, you would see the difference.
>>
>> Can you compare the amount of traffic exchanged between a MN and a HA
>> using IKEv2 to setup the SA with the traffic exchanged in an alternate
>> solution, say draft-korhonen-mext-mip6-altsec-01.txt?
>
> You mean the IKEv2 generated traffic between MN and HA versus TLS-
> based generated traffic between the MN and the HAC? We could provide
> such.

Yes. Thanks. 

>>> I think we can do simpler security solution than IPsec/IKEv2 which
>>> would simplify the implementation vastly while preserving the
>>> security
>>> aspects of the MN-HA communications.
>>
>> At the moment, draft-korhonen-mext-mip6-altsec-01 relies on TLS,
>> IPsec,
>> HTTP, BNF, RFC3948, ... and an additional box.
>
> TLS and HTTP. BNF processing is part of HTTP parsing anyway.
>
> From Section 5.4.
> "Actually, when data protection is used, the construction of the
> packet on the wire is the same as an UDP encapsulated ESP packet in a
> tunnel mode as defined in [RFC3948]."
>
> This does not mandate anything. It is an example. Will be removed to
> avoid the confusion.

Ack. But I think you should clarify what (from the IPsec stack) needs to
be reimplemented in userland (ESP parsing, SADB?, SPD?, ...).

BTW, I think my question on how movement is handled (what needs to be
done on HA and MN) was worth asking. It was skipped in your reply.

Cheers,

a+

v2.23.0 | Report a Bug | By Email