IETF Logo Mail Archive

Re: [secdir] Secdir last call review of draft-ietf-ipsecme-ikev2-auth-announce-06

Rifaat Shekh-Yusef <rifaat.s.ietf@gmail.com> Tue, 02 April 2024 13:11 UTC

Return-Path: <rifaat.s.ietf@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D0EDCC14F6BA; Tue, 2 Apr 2024 06:11:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8KwH28A-ni-H; Tue, 2 Apr 2024 06:11:27 -0700 (PDT)
Received: from mail-wr1-x433.google.com (mail-wr1-x433.google.com [IPv6:2a00:1450:4864:20::433]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E5153C14F6AD; Tue, 2 Apr 2024 06:11:21 -0700 (PDT)
Received: by mail-wr1-x433.google.com with SMTP id ffacd0b85a97d-33ecb04e018so3786711f8f.1; Tue, 02 Apr 2024 06:11:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1712063480; x=1712668280; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=8Le15RO0cCfeOyuSYDBnxx6fl+6cKTZ7h4Mjx912bx8=; b=DWU8eej1VTRYMncv17BhBXoycYkq8/eYiXiiZ9TeSrjVQbZARWxLJ2Ir2u1yXjQxGa wsLMq7kWzOyfa9W9Ht0rCcPMyyA4aBMxgrUyD8intLh1cl1OtPtPcMypf6HtXZ2y0qTh GE1QN0Yja902IFYsLOJjOwbZ/+EclPTFnkIk+ovD8sfMqPeHv1exdFrXa9r/FYMS2IlI xPlSkjJOSF+0JjmF0Yt59iy03jdrcIWoJ8hBpuEHL5eHlhK49J0EdloBgLiiVUE4iywH RINGYpDoZuyrQw+ML+tzMPHj+YTemmHUQEK2c4JI1zda+A2ymvpWLQRcqdkG86bPArid GRVg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712063480; x=1712668280; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=8Le15RO0cCfeOyuSYDBnxx6fl+6cKTZ7h4Mjx912bx8=; b=UAtNsAZ1diodNJOBojvQsXhDjgEyh+dbIK3Fs1bvWsEljS59UXOHDtLAUScvwJG2hn C7SsV1lO8WVeW1Ov0bCWNjhKX2TdFdpsP9L/HJSKMi0dLrOrJOR/iPhbEUphv+88hXrF OzC3W8xMop9TtQGpGaGpJFRloT9ACopnJ6nqKtoGbzJZlEwQ2W4CoS3zNHnFff40dRpG QsUz+8U4PZ8XHBam2pG9ghxnxptCqY2y/k7gxbFrZg3yZNVWNw+/flBguq4ucJwd7Xz4 uqcVVyKf/aoitWA431M3I+z3eqm7AoD6H+D/f9c/5mkPq5rMtKgSYUC7Dj7Bk49obTXa DEVw==
X-Forwarded-Encrypted: i=1; AJvYcCX5TLsSMpECaRjTojYg46yvdr6cuoQOeYQBn7hC7fnsyNMmahu3agH28qMhsyTr0reRIG7IfrupIiumb5SRHD3PQxgXKKUivGBaMVZLwWs052KHBGJgb6WQlia+gJKJ0IvBmFdKVaZAXAfri6kOykCdxR4ghB8pijukPdRXB+xHT/QWnwxhpl8=
X-Gm-Message-State: AOJu0YztiU3VIBMWk+smdzfvgDfX0pbpkDcUu5RezGjkYVPxQlmxs0po cdjgR8FQFNOPlDbgWybhAXr59d32axbEwAxeK5HwhXaJXYbHeEyKS5g7frWEr+Wb6MfWYsBB+KC Ghqq4jCZ34HfD7GaGWTTRpES7FVY=
X-Google-Smtp-Source: AGHT+IGKw5oLXMakdV9Dqk4VYcgAsvwqy28/YzOHsOwy8V9x5srPkepIiETutnthGqaIWeOIhh10mxl3tdtwMyzOuf0=
X-Received: by 2002:a5d:634d:0:b0:33e:c679:da6 with SMTP id b13-20020a5d634d000000b0033ec6790da6mr8168428wrw.57.1712063479485; Tue, 02 Apr 2024 06:11:19 -0700 (PDT)
MIME-Version: 1.0
References: <171182022719.29877.1686113240622771941@ietfa.amsl.com> <03f801da8439$c1a4b450$44ee1cf0$@elvis.ru> <CADNypP9648YvhTRYu-djQsfFXvcYuLyz-+e=LDPS1UdWXsntWA@mail.gmail.com> <041d01da844b$95694a10$c03bde30$@elvis.ru>
In-Reply-To: <041d01da844b$95694a10$c03bde30$@elvis.ru>
From: Rifaat Shekh-Yusef <rifaat.s.ietf@gmail.com>
Date: Tue, 02 Apr 2024 09:11:08 -0400
Message-ID: <CADNypP_SfsXyjM_=fgeZG+gP5GCMJRNH_o9DJ7M-n=LhBAVU9w@mail.gmail.com>
To: Valery Smyslov <svan@elvis.ru>
Cc: secdir@ietf.org, draft-ietf-ipsecme-ikev2-auth-announce.all@ietf.org, ipsec@ietf.org, last-call@ietf.org
Content-Type: multipart/alternative; boundary="000000000000871e3906151cd71a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/ug6TBpgo_TDyZshMqXCVrGgxmoM>
Subject: Re: [secdir] Secdir last call review of draft-ietf-ipsecme-ikev2-auth-announce-06
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Apr 2024 13:11:27 -0000

Hi Valery,

Thanks for engaging with me on this.
Your answers/suggestions below address all my comments and concerns.

Regards,
 Rifaat


On Mon, Apr 1, 2024 at 11:45 AM Valery Smyslov <svan@elvis.ru> wrote:

> Hi Rifaat,
>
>
>
> I snipped parts where we are in agreement.
>
>
>
> Hi Valery,
>
>
>
> See my replies below.
>
>
>
> Regards,
>
>  Rifaat
>
>
>
>
>
> […]
>
>
>
> > * "Since the responder sends the SUPPORTED_AUTH_METHODS notification in
> > the IKE_SA_INIT exchange, it must take care that the size of the response
> > message wouldn't grow too much so that IP fragmentation takes place."
> >
> > Is this limited to the responder? or should the initiator too take that
> into
> > considerations?
>
> It is not limited to the responder in general, but in the context of this
> document
> it is the responder who is going to send a message that could be
> fragmented at IP level.
> Usually the response is smaller than the request. In this case it can be
> larger
> and thus the responder should take care of IP fragmentation.
>
>
>
> Got it.
>
> I am assuming that the fragmentation issue with the initiator request is
> captured in a different document.
>
> If that is the case, then I think it is reasonable to leave this text as
> is.
>
>
>
>          It is described in the IKE fragmentation document (RFC 7383).
>
>          I’ve added a reference to it in the -07 version.
>
>
>
>
>
> > # Section 5
> >
> > Second paragraph: I guess the potential for downgrade attack is not
> limited to the
> > NULL use case. If one of the supported methods is consider to be weaker
> than the
> > others, then an active attacker in the path could force the parties to
> use that
> > weaker method.
>
> This is not a "downgrade" in a common sense. Downgrade assumes that there
> is a negotiation between the peers and an attacker may influence this
> process forcing
> peers to use weaker option. In IKEv2 authentication methods are not
> negotiated.
> This specification doesn't provide negotiation too, since each party
> still chooses what it thinks is appropriate on its own. It only allows
> peers
> to select authentication method more consciously.
>
>
>
> Thanks for the clarification, as I am not an IKE expert.
>
> Having said that, I wonder why you are specifically calling out the NULL
> use case.
>
> Would not the NULL use case be also applicable to weaker authentication
> methods?
>
> Meaning that the attacker in the middle would be able to remove the
> stronger methods and leave the weaker ones?
>
>
>
>          Yes, it is possible. NULL authentication is just the easiest way
> for an attacker to do it.
>
>          I can add the following text in the Security Considerations
> (right after the NULL authentication discussion):
>
>
>
>    Similarly, if an attacker on the path can break some of the announced
>
>    authentication methods, then the attacker can encourage peers to use
>
>    one of these weaker methods by removing all other announcements, and
>
>     if this succeeds, then impersonate one of the peers.
>
>
>
>          Does this help?
>
>
>
>          Regards,
>
>          Valery.
>
>
>
>
>
> Regards,
>
>  Rifaat
>
>
>
>
>
> Regards,
> Valery.
>
>

v2.23.0 | Report a Bug | By Email