Re: [secdir] Secdir last call review of draft-ietf-ipsecme-ikev2-auth-announce-06
Rifaat Shekh-Yusef <rifaat.s.ietf@gmail.com> Mon, 01 April 2024 14:58 UTC
Return-Path: <rifaat.s.ietf@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C59CEC14CEFE; Mon, 1 Apr 2024 07:58:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XJDR0sUx1sHv; Mon, 1 Apr 2024 07:58:26 -0700 (PDT)
Received: from mail-wr1-x42c.google.com (mail-wr1-x42c.google.com [IPv6:2a00:1450:4864:20::42c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 020A1C14CEFD; Mon, 1 Apr 2024 07:58:25 -0700 (PDT)
Received: by mail-wr1-x42c.google.com with SMTP id ffacd0b85a97d-34339f01cd2so2374577f8f.2; Mon, 01 Apr 2024 07:58:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1711983504; x=1712588304; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=B5zsElrjg1lUEgqACeLptsy3qPFlqkwMh5bOjU0rLvo=; b=YXcl5u9EZiHZBjaYBmSoUtgK3+4bS2HxdV/HVgMeIgqufkObjoWl6Vwoksc4SO5OkZ Gk4z6jCw6Gl9Zq7a6fVJwLdz9vCo0Em3J9wRniIKrvisH5zT94L83Qqjq76JjaAz65ZA IG7rwwH/NGYC8v7z+301Dnq/+BzygQRkgwGt2ueqVM5cVK3s0ZBgaZKJJkGaP8mlLGzW 2pvz4Jk3AqBra3ov/Ao637Dlp23xkk8ZIO5GLCA32UlJzni7hdqCn5/XAFc8tUvvt229 HBWjOsTOAIAf6Z6Ciw+TK/MapF02XebVQEgmonwl6Ks04sYHZbG4yKSmQUSSviZEmD64 3I4w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1711983504; x=1712588304; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=B5zsElrjg1lUEgqACeLptsy3qPFlqkwMh5bOjU0rLvo=; b=rFEhnPFNuIEdqu2Oy+DDEJWUTfluo8yJXQRmfbodjQT9/sXJgXbDYuZI/hzP38LRhE 7wZMCzqvy/hZRRODbplHgsWaKSJ464JCaabACvCwRxPuOV0id6tKXpcC0H/g2LsldCKt JojfYpZHqNt0RRZ0vcLiGO4wii7b2wyfRxEglERbJyZHpAe/yOgAwORI+wWEeoEJaInu rEl7o1guKicFMiTMs3OA4wUHGhpz5jsiQIMsuj9Rq1T13ZZ8vp7peowZHRs+tO2fE2pX sHuoHRSYWwq8mRHLV3uvKQfuFMblN9PELKgAjMQ7WcqTJ2J33MlcaIDZ7AtMxctnwaqq JhLA==
X-Forwarded-Encrypted: i=1; AJvYcCUm5uvvmYipUFMrUshDJuz8jIWKQXJb06N+Rca+/nWLq0N8dY1sM4U4WJy8kkEfOll0MyKw/qlyrtGnjO5IklDJM+uyduPzi+CLYjlEevTp4ouHRC/dMc5kThLnhU4gIN2uybQBY+SytVfuNkTBy7I6rii/4Te7wTUDPErfk3hNnpsatWjcRDY=
X-Gm-Message-State: AOJu0Yye84WUBMNSROcBWvoNM0X6xM83xy7rZV4URXZUpphbr8F/Ijb4 VT/hlgJV+pvFLEo2x7gWelfuf8N2pcWClztjRzFRdi5Sav8PvPY4EtkQr8acsYVZtsxLLJkcd1I 4fO9ySJeQ7nC+RogrcLHjwOGcPU4amtIvVqM=
X-Google-Smtp-Source: AGHT+IHHPv12xFI0utcXJEc7K1r23WKfpKS86VKkF/TzHrUdI8xBd3ffQkMk03qI1scIXj/+RK95CU9VK+I95hv2MJY=
X-Received: by 2002:a5d:5310:0:b0:343:56c2:f858 with SMTP id e16-20020a5d5310000000b0034356c2f858mr273066wrv.50.1711983503861; Mon, 01 Apr 2024 07:58:23 -0700 (PDT)
MIME-Version: 1.0
References: <171182022719.29877.1686113240622771941@ietfa.amsl.com> <03f801da8439$c1a4b450$44ee1cf0$@elvis.ru>
In-Reply-To: <03f801da8439$c1a4b450$44ee1cf0$@elvis.ru>
From: Rifaat Shekh-Yusef <rifaat.s.ietf@gmail.com>
Date: Mon, 01 Apr 2024 10:58:12 -0400
Message-ID: <CADNypP9648YvhTRYu-djQsfFXvcYuLyz-+e=LDPS1UdWXsntWA@mail.gmail.com>
To: Valery Smyslov <svan@elvis.ru>
Cc: secdir@ietf.org, draft-ietf-ipsecme-ikev2-auth-announce.all@ietf.org, ipsec@ietf.org, last-call@ietf.org
Content-Type: multipart/alternative; boundary="0000000000009bf02406150a3877"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/3ZcMokdYvTq5YZIQYunOjm-zPIs>
Subject: Re: [secdir] Secdir last call review of draft-ietf-ipsecme-ikev2-auth-announce-06
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Apr 2024 14:58:26 -0000
Hi Valery, See my replies below. Regards, Rifaat On Mon, Apr 1, 2024 at 9:37 AM Valery Smyslov <svan@elvis.ru> wrote: > Hi Rifaat, > > thank you for your review. Please, see inline. > > > Reviewer: Rifaat Shekh-Yusef > > Review result: Has Issues > > > > # Section 3.1 > > > > * The description of the exchange seems odd, as it starts with the > responder, > > instead of the initiator. I suggest that the description of the exchange > starts with > > the initiator, followed by the responder. > > OK, I've added the following sentence: > > The initiator starts the IKE_SA_INIT exchange as usual. > > > * I think it would make it easier for the reader if you explicitly > describe the new > > notify payload. How about adding the following text to the beginning of > section 3.1? > > > > "This specification introduces a new IKE_SA_INIT packets Notify payload > of type > > SUPPORTED_AUTH_METHODS. This payload is utilized to convey the supported > > authentication methods of the party sending the message, thereby > facilitating the > > negotiation of authentication mechanisms during IKE SA establishment." > > Text in the Section 3 is changed to: > > When establishing IKE SA each party may send a list of authentication > methods it supports and is configured to use to its peer. For this > purpose this specification introduces a new Notify Message Type > SUPPORTED_AUTH_METHODS. The Notify payload with this Notify Message > Type is utilized to convey the supported authentication methods of > the party sending it. The sending party may additionally specify > that some of the authentication methods are only for use with the > particular trust anchors. Upon receiving this information the peer > may take it into consideration while selecting an algorithm for its > authentication if several alternatives are available. > > Thanks! That's much better. > > * "Since the responder sends the SUPPORTED_AUTH_METHODS notification in > > the IKE_SA_INIT exchange, it must take care that the size of the response > > message wouldn't grow too much so that IP fragmentation takes place." > > > > Is this limited to the responder? or should the initiator too take that > into > > considerations? > > It is not limited to the responder in general, but in the context of this > document > it is the responder who is going to send a message that could be > fragmented at IP level. > Usually the response is smaller than the request. In this case it can be > larger > and thus the responder should take care of IP fragmentation. > > Got it. I am assuming that the fragmentation issue with the initiator request is captured in a different document. If that is the case, then I think it is reasonable to leave this text as is. > > # Section 5 > > > > Second paragraph: I guess the potential for downgrade attack is not > limited to the > > NULL use case. If one of the supported methods is consider to be weaker > than the > > others, then an active attacker in the path could force the parties to > use that > > weaker method. > > This is not a "downgrade" in a common sense. Downgrade assumes that there > is a negotiation between the peers and an attacker may influence this > process forcing > peers to use weaker option. In IKEv2 authentication methods are not > negotiated. > This specification doesn't provide negotiation too, since each party > still chooses what it thinks is appropriate on its own. It only allows > peers > to select authentication method more consciously. > > Thanks for the clarification, as I am not an IKE expert. Having said that, I wonder why you are specifically calling out the NULL use case. Would not the NULL use case be also applicable to weaker authentication methods? Meaning that the attacker in the middle would be able to remove the stronger methods and leave the weaker ones? Regards, Rifaat > Regards, > Valery. > >
- [secdir] Secdir last call review of draft-ietf-ip… Rifaat Shekh-Yusef via Datatracker
- Re: [secdir] Secdir last call review of draft-iet… Valery Smyslov
- Re: [secdir] Secdir last call review of draft-iet… Rifaat Shekh-Yusef
- Re: [secdir] Secdir last call review of draft-iet… Valery Smyslov
- Re: [secdir] Secdir last call review of draft-iet… Rifaat Shekh-Yusef