IETF Logo Mail Archive

Re: [MEXT] Reviews of draft-korhonen-mext-mip6-altsec

Domagoj Premec <domagoj.premec@gmail.com> Wed, 20 October 2010 14:28 UTC

Return-Path: <domagoj.premec@gmail.com>
X-Original-To: mext@core3.amsl.com
Delivered-To: mext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 63C663A69D0 for <mext@core3.amsl.com>; Wed, 20 Oct 2010 07:28:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ibSTExowcOZt for <mext@core3.amsl.com>; Wed, 20 Oct 2010 07:28:46 -0700 (PDT)
Received: from mail-pv0-f172.google.com (mail-pv0-f172.google.com [74.125.83.172]) by core3.amsl.com (Postfix) with ESMTP id D512A3A69E3 for <mext@ietf.org>; Wed, 20 Oct 2010 07:28:46 -0700 (PDT)
Received: by pvg4 with SMTP id 4so458077pvg.31 for <mext@ietf.org>; Wed, 20 Oct 2010 07:30:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:content-type; bh=wQNDVsZjPEzgJMWDaBP5Z1Izk7QIbv1lcLnVTpGE8K8=; b=hTaNdxJ3XRWHztiSb/OKtMqHDjo+p+sYn8xn0xX3p7Z3TkTW8R9AECZ+p+Mq5AJU14 qqyroq5MMV1FSbbwJBA9diMwl7s/ju8Ykhty15OTn2mcw2JSmLSaCCXTLVOd+4vCLbdp G4JZOdySgymBpWTEveEL4WRQMd2k2QcVMdpiE=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=e1akiZ4qEpqfnO0M6hd7k/jxvNrNv856NBdPRlXpgVRbth0mMi8HnlGmkqE7TjGP4B eD9wLKqtPMuhl4U277HWR2FNvyWdAdvI0DxMOp34AeEtzBR4KcEdMQj5k1RuOkeOsHEM 4DAmgYBsv32YoKFJJQLMjBYy1Z6BG1ToN7+4E=
MIME-Version: 1.0
Received: by 10.142.203.17 with SMTP id a17mr5854732wfg.361.1287585020181; Wed, 20 Oct 2010 07:30:20 -0700 (PDT)
Received: by 10.220.46.232 with HTTP; Wed, 20 Oct 2010 07:30:20 -0700 (PDT)
In-Reply-To: <3C31CDD06342EA4A8137716247B1CD6806C340AE@zagh223a.ww300.siemens.net>
References: <3C31CDD06342EA4A8137716247B1CD6806C340AE@zagh223a.ww300.siemens.net>
Date: Wed, 20 Oct 2010 16:30:20 +0200
Message-ID: <AANLkTi=Kazj9rvapdsVytqpSCKAvmwwTm49dgDm_V4ds@mail.gmail.com>
From: Domagoj Premec <domagoj.premec@gmail.com>
To: mext@ietf.org
Content-Type: text/plain; charset="ISO-8859-1"
X-Mailman-Approved-At: Wed, 20 Oct 2010 08:02:34 -0700
Subject: Re: [MEXT] Reviews of draft-korhonen-mext-mip6-altsec
X-BeenThere: mext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Mobile IPv6 EXTensions WG <mext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/mext>, <mailto:mext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mext>
List-Post: <mailto:mext@ietf.org>
List-Help: <mailto:mext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mext>, <mailto:mext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Oct 2010 14:33:38 -0000

Hi everyone,

This is my review of the mip6-altsec draft. I think the draft is in a
good shape and I haven't found any issues that would affect the
overall concept. The comments I have should serve mainly as means to
identify places where some additional explanation is needed to tighten
the text up.

I find that the way the (DS)MIP6 interacts with the IPsec is complex
and difficult to grasp and implement and in this regard this is an
interesting draft and I believe it should be progressed further. I
have also played around with a MIP6 implementation based on this
draft, I was able to get it up and running quickly and it performed
without any problems.

Here are my comments...

> 4.3.  Security Association Management
>   ...
>   The HA may want the MN to re-establish the SA even if the existing SA
>   is still valid.  The HA can indicate this to the MN using a dedicated
>   Status Code in a BA (value set to REINIT_SA_WITH_HAC).

After responding with REINIT_SA_WITH_HAC, will the HA accept the
incoming packets protected with the existing SA?

> Sequence numbers:
>
>      A monotonically increasing unsigned sequence number used in all
>      protected packets exchanged between the MN and the HA in the same
>      direction.

The definition it is not clear if the scope of the sequence number is
the SA or the session with the HA. Please clarify that in the case
when an existing SA gets replaced with a new one, the sequence number
of the new SA is initialized to zero.

>4.4.  Bootstrapping of Additional Mobile IPv6 Parameters
>...
>   Home Link Prefix:
>
>      Concerns the IPv6 Home link prefix and the associated prefix
>      length.

Should it also cover the IPv4 subnet?

> 5.3.  Request-Response Message Exchange

This section introduces the MHAuth-Init and MHAuth-Done messages. I
couldn't find the TV-header indicating the message type, i.e.
something like "msg-type : MHAuth-Init". If the protocol does not
contain the indication of the message type, then I would suggest
talking simply in terms of first/last request/response message and not
using the terms like MHAuth-Init/Done. At least for me it was
confusing as I kept looking for the definition of the MHAuth-Init/Done
messages and couldn't find one.

>  The first request message - MHAuth-Init - (i.e. the Identifier is 1)
>   MUST always contain at least the following parameters:
>
>      MN-Identity - See Section 5.5.1.
>      Authentication Method - See Section 5.5.2.

Is mn-rand optional? Sections 5.8 and 5.9 give impression that it is
always required?

Related to the usage of the MHAuth-Done, the draft gives the
impression that the MHAuth-Init request is always responded with the
MHAuth-Init response. Can the HAC respond to the MHAuth-Init request
with the, for example "MHAuth-Done(status=internal error)"? Does the
MN need to acknowledge such MHAuth-Done by replying with another
MHAuth-Done? It would be good to clarify this.

>  5.5.1.  Mobile Node Identifier
...
>      nai = username
>          | "@" realm
>          | username "@" realm

What is the use case for the realm without the user name?

The definition of the NAI is followed by an ellipsis, a typo?

> 5.5.4.  Status Code
>
>   The "status-code" MUST only be present in the response message that
>   ends the request-response message exchange.

If it is present only in the final message, what is the usage for the
value 100 - Continue?

> 5.5.5.  Message Authenticator
>
>   The "auth" header contains data used for authentication purposes.  It
>   MUST be the last TV-header in the message and calculated over the
>   whole message till the start of the "msg-header":

Could you provide a pointer to the "msg-header" definition? At least
I'm not sure what the msg-header refers to.

> 5.5.6.  Retry After
>
>      retry-after = "retry-after" ":" rfc1123-date CRLF

Maybe a pointer to RFC 2616 or some other document for usage?

> 5.5.7.  End of Message Content
>
>      end-of-message = 2CRLF

Is this needed given that there is a Length field in the message
container header?

> 5.8.  Authentication of the Mobile Node
...
>   The
>   MHAuth-Done messages are used to deal with error situations.

This may sound like the MHAuth-Done are not used in a success case,
maybe a different formulation would help avoid such misunderstanding?

>   1)  Request/MHAuth-Init: (MN -> HAC)
>          mn-id, mn-rand, auth-method=psk

It looks like the parameters from the MHAuth-Init request are not
protected. Why is the auth header omitted here, or would it
security-wise make sense to include these parameters in the
calculation of the auth signature in message 3?

>   2)  Response/MHAuth-Init: (MN <- HAC)
>          [mn-rand, hac-rand, auth-method=psk, [status],] auth

Is the auth-method optional? According to section 5.3, it is a
mandatory parameter?

What is status, is this the status-code TV header from section 5.5.4?
According to section 5.5.4, it may appear only in the "response
message that ends the request-response message exchange", which is not
in line with the usage in this section.

When exactly would the HAC echo the mn-rand and what is the use case
behind this?

>   3)  Request/MHAuth-Done: (MN -> HAC)
>          mn-rand, hac-rand, sa-scope, ciphersuite-list, auth

sa-scope and ciphersuite-list may be optional here? If repeating the
mn-rand and the hac-rand here makes sense security-wise, it would be
good to include a note clarifying that. What about repeating the
mn-id?

>   4)  Response/MHAuth-Done: (MN <- HAC)
>          [sa-scope, sa-data, ciphersuite, bootstrapping-data,] mn-rand,
>          hac-rand, status, auth

sa-scope, sa-data and ciphersuite should be mandatory in the
successful MHAuth-Done?

>   The MN verifies the received MAC and the consistency of the
>   identities, nonces, and ciphersuite parameters transmitted in MHAuth-
>   Auth.

s/MHAuth-Auth/MHAuth-Init?

It seems that the last paragraph in section 5.8 is about the MN
sending the MHAuth-Done, which is step 3 whereas the preceding
paragraph talks about the HAC sending the MHAuth-Done, which is step
4. Please consider revising the text so that it follows the message
sequence from fig. 4.

>5.9.  Extensible Authentication Protocol Methods
...
>   2)  Response/MHAuth-Init: (MN <- HAC)
>          [auth-method=eap, eap, [status,]] auth

Auth method and eap payload are not optional? Status is supposed to be
used only in the final message?

>   6)  Response/MHAuth-Done: (MN <- HAC)
>          [sa-scope, sa-data, ciphersuite, bootstrapping-data,] eap,
>          status, auth

sa-scope, sa-data and ciphersuite need to be mandatory here?

> 6.  Mobile Node to Home Agent communication
>...
>   The
>   Mobile IPv6 service MAY use any ephemeral port number as the UDP
>   source port, and MUST use the Mobile IPv6 service port number
>   (HALTSEC) as the UDP destination port.

Is the response sent to the source port from the request or to the
Mobile IPv6 service port number?

s/or a, an encrypted/or an encrypted

>   There is always only one SPI per MN-HA mobility session and the same
>   SPI is used for all types of protected packets independent of the
>   direction.

When the current SA gets replaced with the new SA, isn't there some
period of overlap where both SAs are active and hence there would be
two SPIs per the MN-HA mobility session?

s/as treated as data packets /are treated as data packets

> 6.3.  Binding Management Message Formats

>  For a SPI value of 0 (zero) that indicates an unprotected
>   packet, the Padding, Pad Length, Next Header and ICV fields MUST NOT
>   be present.

This sentence probably needs to be removed from this section as the
binding management messages must be protected.

The encoding for the Payload Data field in not explained. Please add
some text/pointer as to how this field is encoded. The same applies to
the user data packet format section in case of encrypted user traffic.

Regards,
Domagoj


>
>
>> -----Original Message-----
>> From: mext-bounces@ietf.org [mailto:mext-bounces@ietf.org] On
>> Behalf Of Laganier, Julien
>> Sent: Thursday, September 23, 2010 9:31 PM
>> To: mext@ietf.org
>> Cc: draft-korhonen-mext-mip6-altsec@tools.ietf.org
>> Subject: [MEXT] Reviews of draft-korhonen-mext-mip6-altsec
>>
>> Folks,
>>
>> The chairs have received a request from the authors of
>> http://tools.ietf.org/html/draft-korhonen-mext-mip6-altsec
>> that their draft be adopted as one of the WG deliverables for
>> our "alternative security mechanisms" work item.
>>
>> Before we go ahead with this, the chairs would like to
>> solicit at least three thorough review of the document to
>> ensure that the has an adequate understanding of the proposal
>> and its implications.
>>
>> Please support the WG process by volunteering as a reviewer.
>>
>> --julien & marcelo
>> _______________________________________________
>> MEXT mailing list
>> MEXT@ietf.org
>> https://www.ietf.org/mailman/listinfo/mext
>>
>

v2.23.0 | Report a Bug | By Email