IETF Logo Mail Archive

Re: [perpass] NULL Cipher RFC 2410 to HISTORIC ???

Yoav Nir <ynir@checkpoint.com> Mon, 09 December 2013 07:24 UTC

Return-Path: <ynir@checkpoint.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EAF351AE1C8 for <perpass@ietfa.amsl.com>; Sun, 8 Dec 2013 23:24:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.902
X-Spam-Level:
X-Spam-Status: No, score=-6.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EnL9kbQ1xkyY for <perpass@ietfa.amsl.com>; Sun, 8 Dec 2013 23:24:08 -0800 (PST)
Received: from smtp.checkpoint.com (smtp.checkpoint.com [194.29.34.68]) by ietfa.amsl.com (Postfix) with ESMTP id ACDB51AD7BE for <perpass@ietf.org>; Sun, 8 Dec 2013 23:24:07 -0800 (PST)
Received: from DAG-EX10.ad.checkpoint.com ([194.29.34.150]) by smtp.checkpoint.com (8.13.8/8.13.8) with ESMTP id rB97NfxT020180; Mon, 9 Dec 2013 09:23:41 +0200
X-CheckPoint: {52A56C95-2-1B221DC2-1FFFF}
Received: from IL-EX10.ad.checkpoint.com ([169.254.2.146]) by DAG-EX10.ad.checkpoint.com ([169.254.3.213]) with mapi id 14.03.0123.003; Mon, 9 Dec 2013 09:23:41 +0200
From: Yoav Nir <ynir@checkpoint.com>
To: Phillip Hallam-Baker <hallam@gmail.com>
Thread-Topic: [perpass] NULL Cipher RFC 2410 to HISTORIC ???
Thread-Index: AQHO9IFu4/5YzgvJX0aB14ruAS2e45pLIR6AgAAOqACAAAmtAIAAOKIw
Date: Mon, 09 Dec 2013 07:23:40 +0000
Message-ID: <4613980CFC78314ABFD7F85CC302772121B1EC40@IL-EX10.ad.checkpoint.com>
References: <CAMm+LwijWwanC+KLaSC-Kgq4vP=8in8Juo2Gbd=URh4zVf55nA@mail.gmail.com> <0FE7905C-950F-4030-8A47-37C523FB497A@doubleshotsecurity.com> <95276F1E-2293-41F3-A6E7-7AEF4B22E811@doubleshotsecurity.com> <CAMm+LwjYUZN6b81=V0dm1y_oW9Y+Px5PHsenbXetMkpY=zq6zw@mail.gmail.com>
In-Reply-To: <CAMm+LwjYUZN6b81=V0dm1y_oW9Y+Px5PHsenbXetMkpY=zq6zw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [91.90.139.27]
x-kse-antivirus-interceptor-info: scan successful
x-kse-antivirus-info: Clean
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: perpass <perpass@ietf.org>, Merike Kaeo <merike@doubleshotsecurity.com>
Subject: Re: [perpass] NULL Cipher RFC 2410 to HISTORIC ???
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass/>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Dec 2013 07:24:10 -0000

Phil,

The issue is not that ESP needs a NULL cipher. It's that AH wouldn't traverse NAT, and so they needed ESP to do the work that AH was designed to do.

But beyond that little technicality, it stands out that they standardized AH at all. So they felt that there was a need for integrity-only IPsec. I guess part of this is that the perceived threats were different - there was less personal information on the Internet, and IPsec (unlike TLS) is much concerned with protecting non-confidential stuff like DNS, routing protocols. Today, about the only good use case I can think of that doesn't ever need confidentiality is NTP, and I don't know why we would want to design a protocol specifically for securing NTP.

Another part is that this was 1996 and in 1996 you had the "Pentium Pro" with a 150 MHz clock and a 60 MHz bus, which could probably do a few Mbps of 3DES+HMAC-MD5, or four times that with HMAC-MD5 alone. These are not today's processors that do 4 Gbps per core with AES-GCM.

BTW: this is not unique to IPsec. TLS also defines some NULL encryption ciphersuites.

Yoav
==================================
From: perpass [mailto:perpass-bounces@ietf.org] On Behalf Of Phillip Hallam-Baker
Sent: Monday, December 09, 2013 7:46 AM
To: Merike Kaeo
Cc: perpass; Hannes Tschofenig; Nicholas Weaver; Stephen Farrell
Subject: Re: [perpass] NULL Cipher RFC 2410 to HISTORIC ???



On Mon, Dec 9, 2013 at 12:11 AM, Merike Kaeo <merike@doubleshotsecurity.com> wrote:
And so I reply to myself but got curious and wanted evidence.  I found first references of AH/ESP and NULL in 1996 June IPsec archives.  http://www.sandelman.ottawa.on.ca/ipsec/1996/06/msg00030.html

And while  some interesting tidbits, the joggle for my memory banks was that there was a bunch of discussion on where AH would be used with ESP and whether ESP only would also be relevant.  And while I couldn't find exact reference to the March 1998 interop testing in North Carolina that showed issues with AH not traversing NATs I am fairly certain that was the case and why in practice people starting using ESP-Null.  (it wasn't in the notes for the follow-up IETF IPsec meeting).

Someone else from that time may also be able to chime in.

The wording of the RFC does not help. It suggests that the cipher is something of a joke and it states the original requirement came out of a meeting for interop testing.

I am not sure that authentication only VPN is something that we would see the need for these days. If the base protocol still doesn't do NAT right without a NULL cipher then it is broken.
 

-- 
Website: http://hallambaker.com/

v2.23.0 | Report a Bug | By Email