Re: [secdir] draft-ietf-ipsecme-ikev2-null-auth-06 SECDIR review
Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Tue, 26 May 2015 15:46 UTC
Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 626911A9028; Tue, 26 May 2015 08:46:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2aBRwSlkSPo3; Tue, 26 May 2015 08:46:55 -0700 (PDT)
Received: from mail-lb0-x231.google.com (mail-lb0-x231.google.com [IPv6:2a00:1450:4010:c04::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 68F871A9026; Tue, 26 May 2015 08:46:55 -0700 (PDT)
Received: by lbbqq2 with SMTP id qq2so73483584lbb.3; Tue, 26 May 2015 08:46:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=Fxdx4znIlchHN88g+c3q5KtxtVh3mY2oUht8OFR2Fco=; b=O0LtpVd/qSmjMa0zIcexauV9/k/KCTc2JnkZhYD/RuE2PuySnbZhU/07vtfsC/29z1 mGRubqrqZJ+6gyf7e2mmATOFp+6YNlTWnQojtCUt9nbdtejF6h0wAckJeGmI+KnkOImr OLpT0/kxWJY+M7aTo26MrVgN2h0sDuc/BYQivoYQJxUEB/2Y+tAU+PZ4gvtlv+WLPxVe KRSknWXgJOrakNWgaoVGqWwpl2wEDQhSTt5RbqKksOqhobns9elGbf6naB1lTS9EPMZn u/sw2BWprU96rpJqEz1dEEJZX3aHoCUbNx/nIDhr7VSGlEHhams25ZVHuA7ekKbX07f1 cI8Q==
MIME-Version: 1.0
X-Received: by 10.112.50.74 with SMTP id a10mr23253204lbo.4.1432655213975; Tue, 26 May 2015 08:46:53 -0700 (PDT)
Received: by 10.112.11.199 with HTTP; Tue, 26 May 2015 08:46:53 -0700 (PDT)
In-Reply-To: <alpine.LFD.2.11.1505261012020.12821@bofh.nohats.ca>
References: <CAF4+nEF7oeR4swbG8uQXLnb-QrkSsKSRWjTK3huzWiK71f7UTA@mail.gmail.com> <alpine.LFD.2.11.1505261012020.12821@bofh.nohats.ca>
Date: Tue, 26 May 2015 11:46:53 -0400
Message-ID: <CAHbuEH5PP4aLjocOSAGHrT_eog1y8qW5y_rL3XfbNfSmBjC1Dg@mail.gmail.com>
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
To: Paul Wouters <paul@nohats.ca>
Content-Type: multipart/alternative; boundary="001a1133bb461d5ede0516fe09db"
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/J-CMo77_qmtlpQXA76pfV9U0yUI>
Cc: "ipsec@ietf.org WG" <ipsec@ietf.org>, draft-ietf-ipsecme-ikev2-null-auth.all@tools.ietf.org, "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] draft-ietf-ipsecme-ikev2-null-auth-06 SECDIR review
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 May 2015 15:46:58 -0000
I'm okay with that change. I thought that we discussed this last, there was an emphasis on the possibility to avoid logging unauthenticated sessions though? I see there is wiggle room to allow for that still. Does the new text meet your needs and still allow for logging of authenticated sessions (my previous concern that was addressed). Thanks, Kathleen On Tue, May 26, 2015 at 10:20 AM, Paul Wouters <paul@nohats.ca> wrote: > On Tue, 26 May 2015, Donald Eastlake wrote: > > Thanks for the review Donald, > > The Security Considerations section is quite thorough. I did notice one >> small thing: Section 3.1 is labeled >> "Audit trail and peer identification". But the content of that Security >> Considerations section is about not >> trusting identification when null authentication is used. It seems to me >> that a few words to the effect that >> some clear indication should be present in audit/log trails when a >> purported identity has not been >> authentication should be included, as I expected them to be from the >> section heading. >> > > The bulk of that section was moved into section 2.2i and 3.2. > > How about: > > OLD: > > With NULL Authentication an established IKE session is no longer > guaranteed to provide a verifiable (authenticated) entity known to > the system or network. Implementers that implement NULL > Authentication should ensure their implementation does not make any > assumptions that depend on IKE peers being "friendly", "trusted" or > "identifiable". > > NEW: > > With NULL Authentication an established IKE session is no longer > guaranteed to provide a verifiable (authenticated) entity known to > the system or network. Any logging of unproven ID payloads that > were not authenticated should be clearly marked and treated as > "untrusted", possibly accompanied by logging the remote IP address > of the IKE session. Rate limiting of logging might be required to > prevent excessive logging causing system damage. > > then move this bit: > > Implementers that implement NULL > Authentication should ensure their implementation does not make any > assumptions that depend on IKE peers being "friendly", "trusted" or > "identifiable". > > To just above the "While implementations should..." in section 3.2 > > Paul > -- Best regards, Kathleen
- [secdir] draft-ietf-ipsecme-ikev2-null-auth-06 SE… Donald Eastlake
- Re: [secdir] draft-ietf-ipsecme-ikev2-null-auth-0… Paul Wouters
- Re: [secdir] draft-ietf-ipsecme-ikev2-null-auth-0… Kathleen Moriarty
- Re: [secdir] draft-ietf-ipsecme-ikev2-null-auth-0… Paul Wouters