Re: [Secdispatch] Controller-IKE

"David Carrel (carrel)" <carrel@cisco.com> Mon, 22 July 2019 17:09 UTC

Return-Path: <carrel@cisco.com>
X-Original-To: secdispatch@ietfa.amsl.com
Delivered-To: secdispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9EE3912004D for <secdispatch@ietfa.amsl.com>; Mon, 22 Jul 2019 10:09:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.5
X-Spam-Level:
X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=eE0aYU2U; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=mO+EXlDD
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Kbtx1cmQg6sJ for <secdispatch@ietfa.amsl.com>; Mon, 22 Jul 2019 10:09:57 -0700 (PDT)
Received: from rcdn-iport-5.cisco.com (rcdn-iport-5.cisco.com [173.37.86.76]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 46B3B120288 for <secdispatch@ietf.org>; Mon, 22 Jul 2019 10:09:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=6729; q=dns/txt; s=iport; t=1563815397; x=1565024997; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=Zz1TqkY5V38KZNQAOeuW3+GIRLGudzo28Bef4A/G2/Y=; b=eE0aYU2UHD+fezf/fSnqRarScYC6VS1vlj9OUFM2k3eAARaa5fMTRtXO DGhcNZrCVMFiM9U2MfsG5eisae7++cULcZvp4eGAm4t+SF2QwcBeJZzZx 6DdkYJsxQaAeg5gCSpejeSllR1J0P7mUyDW2KMxFqGihLVWf2StfJ3xMv k=;
IronPort-PHdr: =?us-ascii?q?9a23=3Aj5rp8hyGmr4dV8TXCy+N+z0EezQntrPoPwUc9p?= =?us-ascii?q?sgjfdUf7+++4j5YR2N/u1j2VnOW4iTq+lJjebbqejBYSQB+t7A1RJKa5lQT1?= =?us-ascii?q?kAgMQSkRYnBZuOAFfhIfrCZC0hF8MEX1hgrDm2?=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0ChAAD87DVd/5NdJa1lHAEBAQQBAQc?= =?us-ascii?q?EAQGBVQUBAQsBgRQvUANtVSAECyqEHYNHA419lVaEVYEugSQDVAkBAQEMAQE?= =?us-ascii?q?tAgEBhEACF4JMIzYHDgEDAQEEAQECAQZthR4MhUsCAQMSER0BATcBDwIBCA4?= =?us-ascii?q?0AgICMCUCBA4ngwABgR1NAx0BAqAxAoE4iGBxgTKCeQEBBYJHgkIYghMJgTQ?= =?us-ascii?q?Bi14XgX+BOB+CTD6HTzKCJo54hH6WcQkCghmUDBuYCqUFAgQCBAUCDgEBBYF?= =?us-ascii?q?XATCBWHAVZQGCQYFLd4NxilNygSmOcQEB?=
X-IronPort-AV: E=Sophos;i="5.64,295,1559520000"; d="scan'208,217";a="381853026"
Received: from rcdn-core-11.cisco.com ([173.37.93.147]) by rcdn-iport-5.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 22 Jul 2019 17:09:56 +0000
Received: from XCH-ALN-006.cisco.com (xch-aln-006.cisco.com [173.36.7.16]) by rcdn-core-11.cisco.com (8.15.2/8.15.2) with ESMTPS id x6MH9u0h014022 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 22 Jul 2019 17:09:56 GMT
Received: from xhs-aln-003.cisco.com (173.37.135.120) by XCH-ALN-006.cisco.com (173.36.7.16) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 22 Jul 2019 12:09:55 -0500
Received: from xhs-aln-001.cisco.com (173.37.135.118) by xhs-aln-003.cisco.com (173.37.135.120) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 22 Jul 2019 12:09:55 -0500
Received: from NAM04-SN1-obe.outbound.protection.outlook.com (173.37.151.57) by xhs-aln-001.cisco.com (173.37.135.118) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Mon, 22 Jul 2019 12:09:55 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=BIvvajnRXKfZ2lQuqlVGD1LBlogYQFZXUH6wg5JbkqDCOG+cOpLja6NFCe4TiTurH1WkDlPrW6L6EWeJsBWZENYtyrfyjXRM8PRJuQ45q+7loI1xiove7kGjKo3Hzi0946gIdmJiptsHpPXIjliqJv18htdC2Y1d6Zd5e7jpLEryxPKlYqQjXC7e4fLup3EBAfkQWC4bTJq6x/jzFdYuDg9WA9uBltgIZPe2THaJXoqocuY7BrnO4NCE75t8rmWgEfVb3GNBt8O4jRmdu3PH36wgRMIzu28nVxMzwpAuWM/jcuPTTnCNstnNOGWTyZxC+tG5i13/fe9J2QRGP7mWyQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Zz1TqkY5V38KZNQAOeuW3+GIRLGudzo28Bef4A/G2/Y=; b=gGG4IMgwIG0ktWHK0vYl1wpWF53HEUd2OR5YrWxAvsm8t6lrTL2n+uK3QDfH6Ufw3QaRG41CrE0ozYpISspkC3P+jdJBn9fEqqoWQ8BVNZzpb+WI8CynTjrN2jArbyMc1YrxoQs3n2oypY4taCH5ZE5vyAEaysvUMY9AtXthtoUGMjwj/1/33P9K0pRPdDrWd1p4AbBpbVxOzSWgBiQuHT2DpQCOIYyPBdaMrjxuT0aQp9/29IV0mS/fnGtlg2OdPPlg9+8itFHQCwUw3az23rP0Gso83rIr5fDHMo4PiYzPvUn4Fp6YPyquOUAhk2+oIaBDzHYxRTs9zZBhcf7F9w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=cisco.com;dmarc=pass action=none header.from=cisco.com;dkim=pass header.d=cisco.com;arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Zz1TqkY5V38KZNQAOeuW3+GIRLGudzo28Bef4A/G2/Y=; b=mO+EXlDDipJW9OBqBUwtDs672dNiutJlfg1GB1ucBD7wWKbjL/HTCbyoopOx8q0ttFXEgUJqTFCcZ5nUyPzxxX5Gg0lkifp8z1kpX+gO0q5G4LT3h0VzbpVTQjpTpU1sHYdQgTBTEyARuB1UDlQyeWgF7nHnMYrnB6zXQU+fZmY=
Received: from BYAPR11MB3046.namprd11.prod.outlook.com (20.177.225.213) by BYAPR11MB2694.namprd11.prod.outlook.com (52.135.227.148) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2094.16; Mon, 22 Jul 2019 17:09:53 +0000
Received: from BYAPR11MB3046.namprd11.prod.outlook.com ([fe80::c895:4d83:c5b8:b3d6]) by BYAPR11MB3046.namprd11.prod.outlook.com ([fe80::c895:4d83:c5b8:b3d6%6]) with mapi id 15.20.2073.012; Mon, 22 Jul 2019 17:09:53 +0000
From: "David Carrel (carrel)" <carrel@cisco.com>
To: Eric Rescorla <ekr@rtfm.com>
CC: "secdispatch@ietf.org" <secdispatch@ietf.org>
Thread-Topic: [Secdispatch] Controller-IKE
Thread-Index: AQHVPqG2qaTEIVD/zEy+2+Xv9S/jD6bWtyQA//+edACAAH29AP//mpwA
Date: Mon, 22 Jul 2019 17:09:53 +0000
Message-ID: <23A860FA-61F4-4CD4-93DE-2FCE06984B9D@cisco.com>
References: <CDF90625-34F6-40C3-8AE4-AACD50D70C2E@cisco.com> <CABcZeBOC6FPDe-PrfB4QKJoNVoOVYN_JuzteZE9GyrX0O_s2mg@mail.gmail.com> <698A5E01-5924-4D6C-9BD9-A8E87712086B@cisco.com> <CABcZeBMTeRuFQShONVAXOkaw6o=-0Jy4Pnrw8dHwwsFD+oBvfQ@mail.gmail.com>
In-Reply-To: <CABcZeBMTeRuFQShONVAXOkaw6o=-0Jy4Pnrw8dHwwsFD+oBvfQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=carrel@cisco.com;
x-originating-ip: [2001:420:c0c8:1008::132]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 64c066fe-687c-4c5b-1456-08d70ec76a16
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:BYAPR11MB2694;
x-ms-traffictypediagnostic: BYAPR11MB2694:
x-ms-exchange-purlcount: 2
x-microsoft-antispam-prvs: <BYAPR11MB2694B3922CB22ABD48AC9A9ECBC40@BYAPR11MB2694.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:7691;
x-forefront-prvs: 01068D0A20
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(39860400002)(346002)(366004)(136003)(376002)(396003)(199004)(189003)(6116002)(256004)(71190400001)(7736002)(14444005)(71200400001)(14454004)(36756003)(2906002)(4326008)(6916009)(68736007)(6246003)(33656002)(99286004)(486006)(229853002)(478600001)(8676002)(25786009)(54896002)(2616005)(8936002)(102836004)(11346002)(86362001)(46003)(81166006)(76176011)(81156014)(6436002)(476003)(6306002)(64756008)(76116006)(6512007)(6486002)(5660300002)(446003)(66446008)(66556008)(53936002)(66946007)(316002)(186003)(6506007)(66476007); DIR:OUT; SFP:1101; SCL:1; SRVR:BYAPR11MB2694; H:BYAPR11MB3046.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: U7+MIEDEfc96ISXVHvlSd6VN8UQXB7GLOtrWl7KgPzbvzzYIWw6ZDkfbPcQM6uc9Iykg1MQlklHZveO0DvuoDPXcxVsnW7wL2EYSdXnz+jNH/r7DzdktyCsbFDgQBPzZMHn9BOm9nIania55zuYE7OWlwt4rsbbixJ+PuggrLhJWgMlw1lYYIHvHKFe5+sEHvGV0TJ9zzeavaHzcFmstg7a1FyyEBRGID0iCIDEqokKtIkOVLZqYucb3Ca++jXIu8Uuoi1nSQCvxPK6Pgu5qqcvcA8HUufNFvCLWD9Qkdfv/ieQ+c1LKy9/efNGPkIzDGJxgKsZL7ZoT8zswXgdvI69zBXy32tNaxiYStBvEmIlExQox/LWCRGLc8ymbDvrqnm5fyreaurBkPAG2rFtDdPsvUwhfiz3DZyTeIawo7Qw=
Content-Type: multipart/alternative; boundary="_000_23A860FA61F44CD493DE2FCE06984B9Dciscocom_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 64c066fe-687c-4c5b-1456-08d70ec76a16
X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Jul 2019 17:09:53.5578 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: carrel@cisco.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR11MB2694
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.16, xch-aln-006.cisco.com
X-Outbound-Node: rcdn-core-11.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdispatch/RmRyXmtPlaYwRvEiXzk9gsSnwPY>
Subject: Re: [Secdispatch] Controller-IKE
X-BeenThere: secdispatch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Dispatch <secdispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdispatch/>
List-Post: <mailto:secdispatch@ietf.org>
List-Help: <mailto:secdispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Jul 2019 17:10:04 -0000


* The PFS story here seems pretty bad: I'm assuming that people
aren't going to change their DH keys very often (as it's extremely
expensive for everyone else).
True, the DH load can be expensive, but no more so than an equivalent mesh of traditional IKE.  We would not need to re-key any less often.  I believe this makes the PFS story equivalent.
This doesn't seem correct to me. Consider the case where you do pairwise IKE and then delete the SA and the DH ephemerals. At this point, compromise doesn't leak the traffic keys at all. By contrast, in Controller-IKE because I need to store my DH share indefinitely in case a new peer comes online, then that represents a long-term source of compromise.

OK, I think this is where you misunderstood something or we didn’t explain well enough.  There are no long-term DH keys in Controller-IKE.  All are ephemeral.  It is true that due to synchronization, you will likely keep them a little longer, but never more than 2 key lifetimes.  If you re-key every 2 hours, then the worst case is that your DH values are kept for 4 hours.

Dave