IETF Logo Mail Archive

Re: [Secdispatch] Controller-IKE

Hannes Tschofenig <Hannes.Tschofenig@arm.com> Mon, 22 July 2019 19:24 UTC

Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: secdispatch@ietfa.amsl.com
Delivered-To: secdispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D44B2120125 for <secdispatch@ietfa.amsl.com>; Mon, 22 Jul 2019 12:24:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=0lXNASPG; dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=armh.onmicrosoft.com header.b=HPlA+XzL
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QtZdulm1H7MM for <secdispatch@ietfa.amsl.com>; Mon, 22 Jul 2019 12:24:41 -0700 (PDT)
Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-db3eur04on062a.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe0c::62a]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 408EB12008C for <secdispatch@ietf.org>; Mon, 22 Jul 2019 12:24:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=y9KeMnQR8t76yUSmQIV/PpKTiX/EX7y0mEvdDD/HV90=; b=0lXNASPGsOCCHpW0n8d1rvz33ngGwoQQ2q0O6Kl363Yw7gkDQrLUjbC+obUPrA8rkmHPphwjom49VHWy2MZXsGwLr4a62Q8nHbDlwEXfTB4PG8RhiQHc9xoIugUs4EWBftTT9tcUR1rYeZBRLqDnZ+nIcDkSPTDGqb0qZVsV23s=
Received: from HE1PR0802CA0007.eurprd08.prod.outlook.com (2603:10a6:3:bd::17) by AM5PR0801MB1841.eurprd08.prod.outlook.com (2603:10a6:203:2e::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2094.16; Mon, 22 Jul 2019 19:24:36 +0000
Received: from AM5EUR03FT046.eop-EUR03.prod.protection.outlook.com (2a01:111:f400:7e08::209) by HE1PR0802CA0007.outlook.office365.com (2603:10a6:3:bd::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2094.12 via Frontend Transport; Mon, 22 Jul 2019 19:24:36 +0000
Authentication-Results: spf=temperror (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; ietf.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;ietf.org; dmarc=temperror action=none header.from=arm.com;
Received-SPF: TempError (protection.outlook.com: error in processing during lookup of arm.com: DNS Timeout)
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by AM5EUR03FT046.mail.protection.outlook.com (10.152.16.164) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2052.18 via Frontend Transport; Mon, 22 Jul 2019 19:24:35 +0000
Received: ("Tessian outbound 3dc70fbcc089:v24"); Mon, 22 Jul 2019 19:24:33 +0000
X-CR-MTA-TID: 64aa7808
Received: from 77f6474af692.1 (cr-mta-lb-1.cr-mta-net [104.47.10.52]) by 64aa7808-outbound-1.mta.getcheckrecipient.com id 9CAA279B-E6EC-442F-8DD6-712B327520D6.1; Mon, 22 Jul 2019 19:24:28 +0000
Received: from EUR03-DB5-obe.outbound.protection.outlook.com (mail-db5eur03lp2052.outbound.protection.outlook.com [104.47.10.52]) by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 77f6474af692.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Mon, 22 Jul 2019 19:24:28 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=eAaNLAGaLySJe9xtB6o5xih3kadC3g+WPnvkAZf6UnvcU9NayHh0Toi3Hb2+5i6K13LxtNezBwtg06KSBeFjM2zcPDcgGICg/laMYayoxtiyuoqUAy6CB0dNLb3CI6HUn7h8E4cK+fDkEIxPLd+6qaozTxCmtMdt0iGUppADLkUrzF66s55NLgZiNkurc147OsO4AOnBcvYzWH+M2kdz/dqyBdg/5oy+21vlHwcaBedlRR7oSInK72TvGsOakJTyKPcqxiBUTQXKknOX+CvN36vqBKABn4zjyo43fI/MA/5n+pV5bib4MfcuMCHWKrQgg2JF4Tj4vXAzpf6CH4eTQQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=e0WBzmwfmaw8HURjt3EpoGQ4C+vrJkqddUmx3H1tUpU=; b=YiL/Sq7EE3RS+xleYA0IppiY6BHLgI3Pkz2HtrJhwsEf0ZynS04OhPgqX/NsSAovV+EUc0maCq7mqY+eEp+b2NXUU1LNg+8DO+NBAdZv3fFOx3ztjGRb0iIFhqs3HfwzTbXxbGG0MfpRz1NlTJZifxp9Cg/IsnDliRyiFDte9YlOg7udCMxtvTWBR7FnzlgqwzchqyYou5pHNZn2RBXG7D0pyPN+Xj8tHdxzcU0cq52r88yieaElkTom3DGZg56vI/fUY0maB/mwuZW6DHfJ3XplDRZjQ+WFB5zAowX2OJVai93sm+tjO2ITRa1vxBlPmckUU/+/Fm75UnSJvdTocw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=arm.com;dmarc=pass action=none header.from=arm.com;dkim=pass header.d=arm.com;arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=e0WBzmwfmaw8HURjt3EpoGQ4C+vrJkqddUmx3H1tUpU=; b=HPlA+XzL4CIfd3qaVHdn1yghm+LS4hxQVPXAnvxpExahfccL98K8a++vohxs/yDJhKAgAmAPD1s0faN4eg+UmIri2zz8WXSz1BftL6unALaBLc4wdHeatWOfvERRPSRqzqh6ol/k7OER9tIDZQJiic1A754czfmaspC4tK99sDY=
Received: from AM0PR08MB5345.eurprd08.prod.outlook.com (52.132.212.135) by AM0PR08MB3187.eurprd08.prod.outlook.com (52.134.92.149) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2094.17; Mon, 22 Jul 2019 19:24:26 +0000
Received: from AM0PR08MB5345.eurprd08.prod.outlook.com ([fe80::79c6:adb9:1535:b47b]) by AM0PR08MB5345.eurprd08.prod.outlook.com ([fe80::79c6:adb9:1535:b47b%2]) with mapi id 15.20.2094.017; Mon, 22 Jul 2019 19:24:26 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Eric Rescorla <ekr@rtfm.com>, "David Carrel (carrel)" <carrel@cisco.com>
CC: "secdispatch@ietf.org" <secdispatch@ietf.org>
Thread-Topic: [Secdispatch] Controller-IKE
Thread-Index: AQHVPqG2qaTEIVD/zEy+2+Xv9S/jD6bWtyQA//+edACAAH29AP//mpwAgAB6O4CAAAzeAIAAE0DQ
Date: Mon, 22 Jul 2019 19:24:26 +0000
Message-ID: <AM0PR08MB5345775700A3B8AE1E014D18FAC40@AM0PR08MB5345.eurprd08.prod.outlook.com>
References: <CDF90625-34F6-40C3-8AE4-AACD50D70C2E@cisco.com> <CABcZeBOC6FPDe-PrfB4QKJoNVoOVYN_JuzteZE9GyrX0O_s2mg@mail.gmail.com> <698A5E01-5924-4D6C-9BD9-A8E87712086B@cisco.com> <CABcZeBMTeRuFQShONVAXOkaw6o=-0Jy4Pnrw8dHwwsFD+oBvfQ@mail.gmail.com> <23A860FA-61F4-4CD4-93DE-2FCE06984B9D@cisco.com> <CABcZeBNNZ8dWrksR+T+mXLzfGV9RemjoMHO0Q+s+TJV8p5ud8g@mail.gmail.com> <CABcZeBO1uwLWbqin+Mk9ZXM1+x=1ypkuaPfPPK9Tr18aKxu5yg@mail.gmail.com>
In-Reply-To: <CABcZeBO1uwLWbqin+Mk9ZXM1+x=1ypkuaPfPPK9Tr18aKxu5yg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ts-tracking-id: 3a147245-afa7-42a4-843a-1d1d64fa5043.0
x-checkrecipientchecked: true
Authentication-Results-Original: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com;
x-originating-ip: [31.133.138.73]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-Correlation-Id: 98a999e9-4b55-447d-0292-08d70eda3b26
X-MS-Office365-Filtering-HT: Tenant
X-Microsoft-Antispam-Untrusted: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020); SRVR:AM0PR08MB3187;
X-MS-TrafficTypeDiagnostic: AM0PR08MB3187:|AM5PR0801MB1841:
X-Microsoft-Antispam-PRVS: <AM5PR0801MB18418DD2FC290E5ADD15D08AFAC40@AM5PR0801MB1841.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
x-ms-oob-tlc-oobclassifiers: OLM:9508;OLM:9508;
x-forefront-prvs: 01068D0A20
X-Forefront-Antispam-Report-Untrusted: SFV:NSPM; SFS:(10009020)(4636009)(346002)(366004)(376002)(39860400002)(136003)(396003)(199004)(189003)(110136005)(6436002)(4326008)(316002)(99286004)(86362001)(66066001)(2906002)(54896002)(9686003)(6306002)(68736007)(478600001)(236005)(66946007)(7736002)(76116006)(6246003)(66476007)(66556008)(66446008)(64756008)(33656002)(53936002)(55016002)(74316002)(5660300002)(8936002)(52536014)(229853002)(446003)(102836004)(25786009)(14444005)(186003)(256004)(8676002)(81156014)(26005)(81166006)(14454004)(476003)(76176011)(486006)(71190400001)(11346002)(71200400001)(6116002)(6506007)(7696005)(3846002)(790700001)(53546011); DIR:OUT; SFP:1101; SCL:1; SRVR:AM0PR08MB3187; H:AM0PR08MB5345.eurprd08.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Message-Info-Original: B7GRGIRkC3pq+kp3gysLewuroMFefCkHgrl/U5To9dGi8UnLnc7bf84DcTk49BL0oSePN6qlRo35gjv09rSqNCljGYP2Q3kkbr5JPm0VikycG9pdNEWHX2e1dB97JzX+SUCwwzcuuPGEuCBxNmrBqvSNxdyyxkn8FNTJIw5POuYv70cbKtVuxsitWJ//llQxaxIsj5cCMXJCqbD8leIX3ByrE6nmg4Jjd1N9skTYv7pgblOUWDFHYHxWVas6LEeN+udOQEKtMKlyuX8x8ck3owjQwNWgBBXXfw86PzysTqihVNGxDbfj/xlihxiun5XmCSJNL74oaNBBxqc5j0jW+cORPez9KSyxJR31YPNeKDvfWRvWPjKn2u8fLD8aUq0y64cwLdRrAIOGmQres/bcoh3vFW5655nj8OSZtLKLlYY=
Content-Type: multipart/alternative; boundary="_000_AM0PR08MB5345775700A3B8AE1E014D18FAC40AM0PR08MB5345eurp_"
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR08MB3187
Original-Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: AM5EUR03FT046.eop-EUR03.prod.protection.outlook.com
X-Forefront-Antispam-Report: CIP:63.35.35.123; IPV:CAL; SCL:-1; CTRY:IE; EFV:NLI; SFV:NSPM; SFS:(10009020)(4636009)(136003)(396003)(39860400002)(346002)(376002)(2980300002)(40434004)(199004)(189003)(66066001)(7736002)(74316002)(110136005)(2906002)(16586007)(61614004)(229853002)(53546011)(86362001)(76176011)(33964004)(102836004)(486006)(26005)(478600001)(99286004)(7696005)(476003)(316002)(26826003)(126002)(186003)(6506007)(25786009)(33656002)(356004)(11346002)(446003)(36906005)(14444005)(5024004)(790700001)(336012)(6116002)(63370400001)(8676002)(3846002)(55016002)(14454004)(8936002)(76130400001)(4326008)(63350400001)(70586007)(52536014)(70206006)(81156014)(81166006)(71190400001)(5660300002)(236005)(22756006)(54896002)(9686003)(6246003)(6306002); DIR:OUT; SFP:1101; SCL:1; SRVR:AM5PR0801MB1841; H:64aa7808-outbound-1.mta.getcheckrecipient.com; FPR:; SPF:TempError; LANG:en; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; A:1; MX:1;
X-MS-Office365-Filtering-Correlation-Id-Prvs: 14855b9a-e325-4037-7a75-08d70eda35ea
X-Microsoft-Antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(710020)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:AM5PR0801MB1841;
X-Forefront-PRVS: 01068D0A20
X-Microsoft-Antispam-Message-Info: 2yPC4Gtt9Mkn6TNuTQUku2yzSX13GJcJzAeHhhuPnkIjWKPVneRWAQ4W8WF/uAeNFZ8hUpLiEZY+rDBsj8t9ZsKqd8+J7VDIKqwEYdiPUcO3aNdbb/u3qLp5f937xuqrk48QrfJ4hRCPw2na6DKbPxDWqhA0fyXRmNXqaoRFVnP/OH86BfER8ozbL5Ahbh2QDLcY4IKgnEYxZs/bWBmSGfUj5fDhrJWYCYioEPhRyUYY7Nj71Pd8tGdW6FgEHwITpNJB+mI+iM7pz4IJUt+yEOpncUKbDPTQLC6k1EyNd2ZDKPQBCqTDRI/WhBIhhTs+6S4QtUCHLR8WZDj/a/wgaPyVcWaLlLoiQISLLettxFfH8biKBVHHPrkeS86IyvAtGB2OwfH3M1Rcr8K+IKKCBZiIwrJ+clsohLdDpJuOVD0=
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Jul 2019 19:24:35.3229 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 98a999e9-4b55-447d-0292-08d70eda3b26
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM5PR0801MB1841
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdispatch/w66stHjCFDnpTT3SDobGnT623Uo>
Subject: Re: [Secdispatch] Controller-IKE
X-BeenThere: secdispatch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Dispatch <secdispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdispatch/>
List-Post: <mailto:secdispatch@ietf.org>
List-Help: <mailto:secdispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Jul 2019 19:24:46 -0000

Additional question: If you use DH you often want to use an ephemeral DH key with each communication partner. Is this also the case in your deployment?

From: Secdispatch <secdispatch-bounces@ietf.org> On Behalf Of Eric Rescorla
Sent: Montag, 22. Juli 2019 14:13
To: David Carrel (carrel) <carrel@cisco.com>
Cc: secdispatch@ietf.org
Subject: Re: [Secdispatch] Controller-IKE

David,

At the mic today, you said that C-IKE was 2N complexity rather than N^2 complexity in terms of messages. Here's what confuses me.

Just for simplicity, imagine that we do this in two phases: everyone registers their key with the controller and then the controller disseminates them. At this point, the controller has N keys and it needs to send them to N endpoints. If you are able to broadcast to all the nodes at once, then the controller will send N keys, so the total overhead is 2N (N uploads + N downloads). However, if the controller has point to point links, then the controller has to send ~N^2 keys (N-1 keys down N links). So those might be bundled into a single message, but you still have to send N^2 keys. Or am I missing something?

-Ekr






On Mon, Jul 22, 2019 at 10:27 AM Eric Rescorla <ekr@rtfm.com<mailto:ekr@rtfm.com>> wrote:
Thanks for clarifying. With that said, it's possible to do better than this if you use a conventional AKE and time out associations somewhat aggressively.

-Ekr




On Mon, Jul 22, 2019 at 10:09 AM David Carrel (carrel) <carrel@cisco.com<mailto:carrel@cisco.com>> wrote:


* The PFS story here seems pretty bad: I'm assuming that people
aren't going to change their DH keys very often (as it's extremely
expensive for everyone else).
True, the DH load can be expensive, but no more so than an equivalent mesh of traditional IKE.  We would not need to re-key any less often.  I believe this makes the PFS story equivalent.
This doesn't seem correct to me. Consider the case where you do pairwise IKE and then delete the SA and the DH ephemerals. At this point, compromise doesn't leak the traffic keys at all. By contrast, in Controller-IKE because I need to store my DH share indefinitely in case a new peer comes online, then that represents a long-term source of compromise.

OK, I think this is where you misunderstood something or we didn’t explain well enough.  There are no long-term DH keys in Controller-IKE.  All are ephemeral.  It is true that due to synchronization, you will likely keep them a little longer, but never more than 2 key lifetimes.  If you re-key every 2 hours, then the worst case is that your DH values are kept for 4 hours.

Dave

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email