Re: [Secdispatch] Controller-IKE

Richard Barnes <> Sun, 21 July 2019 14:19 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 25CD6120075 for <>; Sun, 21 Jul 2019 07:19:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 5mujmF4m-EAR for <>; Sun, 21 Jul 2019 07:19:37 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4864:20::333]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id ECAED120020 for <>; Sun, 21 Jul 2019 07:19:36 -0700 (PDT)
Received: by with SMTP id j19so37552718otq.2 for <>; Sun, 21 Jul 2019 07:19:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Emux27tcfus2l6NEdEyn4wq8sBLv5QrzftjHqAx2vt8=; b=lAG9Lw1QFrV/P1jRmJFr8DbGHCoKbJo1I42pfIOxYcj8OF/6lzssjnMWYc/iAbJ9dn fhOh3Nq8yah4s9hbHyGZTBWCN1Z0eKNs9VP3jQVmcXcL+EpahRiMthgdqeXDacxBgX2T sKHs5xSuDqsrs2zaaP46GCI4l6AaaVyHpJp7wzfDBabpIzC0PN2A/gcS6s87voA2ob/L L6QriySn/MbZUTR5xtaU6yBLYTJI9y1tROwlrQo+g3DEW0/cf7TJwGQgf5HRqLNzl6YK jkwui/A8BIWbKzvOuXT1YudbUxtjZJFA4raUpOIhIvpzdOdidNtpPASgGRBFdLeB8/oJ W3qA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Emux27tcfus2l6NEdEyn4wq8sBLv5QrzftjHqAx2vt8=; b=bwTQyVFE34slldNxcJwqqHtFdsN+KVEo3o+R7NuJXKZxMK1rR7C/9YYFwZLBFCcS5i uQuKcKcH4E5cOK99ESQ+/QW+34ge4HXMvXpEu/DJwqOLMK7Dud9UMRGI0vThTgkVtQ4v 8t66QewP5C8cMNoi+qkoe5pc6It8muPZCwbc6e+yFbP8/1pD6wPCq4hyNicI0X46os8M wmxuDcZBVldLhyzeC5GIqJ+Wxr5fdB33vrZ8yCupraK8sOf/Zfc3FIHyA+K3yF4yA/Zf Bgy3R2J2ElCliAnVBupcIbo0QaSqQ0u/7DBmk8ipmtIpgnyMXQ8Y/25UZljYXoGneW1q O6LA==
X-Gm-Message-State: APjAAAVGYkWMwgZul7apudwmHBCUeWcPd77qrm80N3ghAaQemQ7Uj0Xj sfp+5vGHT28h2C8zoxf6GbXOAsksLbqYb9/2xZY=
X-Google-Smtp-Source: APXvYqwhmAAhMZtUn59NpvvmdObkrJQnjWLD79Al2sOV7Tu5sID0GoxuKRpBgFdAVb9vKPG8FYCUqLZ1XxK7eKp+2Ig=
X-Received: by 2002:a9d:226c:: with SMTP id o99mr45441683ota.42.1563718776141; Sun, 21 Jul 2019 07:19:36 -0700 (PDT)
MIME-Version: 1.0
References: <>
In-Reply-To: <>
From: Richard Barnes <>
Date: Sun, 21 Jul 2019 10:19:16 -0400
Message-ID: <>
To: "David Carrel (carrel)" <>
Cc: "" <>
Content-Type: multipart/alternative; boundary="0000000000002e4c35058e31a6f1"
Archived-At: <>
Subject: Re: [Secdispatch] Controller-IKE
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Dispatch <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 21 Jul 2019 14:19:39 -0000

Hi Dave,

Thanks for sharing this work.  This seems like an interesting problem to
compare with IKE/TLS and MLS -- where IKE and TLS are about configuring a
1-1 security context and MLS is about establishing a single security
context across N participants, the goal here seems to be to maintain a full
matrix of N^2 security contexts with sub-linear messaging to update a

Given that different shape, it seems like the association with IKE is
pretty tenuous.  It might be clearer to consider this an alternative to IKE
for this mesh case, in the sense of being an external key exchange protocol
that results in the production of IPsec SAs.

It would be helpful to have a clearer idea of the security objectives here,
especially around things like forward security and post-compromise
security.  The obvious objective of providing equivalent assurances to a
collection of N^2 individually negotiated SAs seems unlikely to be feasible
here.  In particular, the protocol in the current document doesn't provide
it, since multiple SAs are "fate shared" due to key reuse -- if an attacker
compromises one peer's DH key, then a whole "row" of SAs are compromised.


On Fri, Jul 19, 2019 at 10:20 PM David Carrel (carrel) <>

> Folks,
> I would like to present Controller-IKE in the Montreal Security Dispatch
> meeting.  There is growing interest from routing folks, and I strongly feel
> we should evaluate and progress this in the security area.  I’ll have some
> slides to share shortly.  For now, please do read the draft.  Also there
> are some drafts referencing this:
> Controller-IKE:
> Also some docs referencing this form of key management:
> BESS, Secure EVPN:
> And:
> Comments appreciated.
> Dave
> _______________________________________________
> Secdispatch mailing list