[ssm] SSM with IPSec
Hugh Holbrook <holbrook@cisco.com> Wed, 15 January 2003 06:32 UTC
Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id BAA23766 for <ssm-archive@lists.ietf.org>; Wed, 15 Jan 2003 01:32:51 -0500 (EST)
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h0F6kxJ04847; Wed, 15 Jan 2003 01:46:59 -0500
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h0F6dUJ04583 for <ssm@optimus.ietf.org>; Wed, 15 Jan 2003 01:39:30 -0500
Received: from sj-msg-core-3.cisco.com (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id BAA23704 for <ssm@ietf.org>; Wed, 15 Jan 2003 01:24:30 -0500 (EST)
Received: from holbrook-laptop.cisco.com (sjc-vpn1-676.cisco.com [10.21.98.164]) by sj-msg-core-3.cisco.com (8.12.2/8.12.2) with ESMTP id h0F6RDjS025665; Tue, 14 Jan 2003 22:27:14 -0800 (PST)
Received: by holbrook-laptop.cisco.com (Postfix, from userid 500) id 076C910B869; Wed, 15 Jan 2003 01:25:34 -0500 (EST)
From: Hugh Holbrook <holbrook@cisco.com>
To: ssm@ietf.org
Cc: mbaugher@cisco.com, bew@cisco.com
Reply-To: holbrook@cisco.com
Message-Id: <20030115062534.076C910B869@holbrook-laptop.cisco.com>
Date: Wed, 15 Jan 2003 01:25:34 -0500
Subject: [ssm] SSM with IPSec
Sender: ssm-admin@ietf.org
Errors-To: ssm-admin@ietf.org
X-BeenThere: ssm@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ssm>, <mailto:ssm-request@ietf.org?subject=unsubscribe>
List-Id: Source-Specific Multicast <ssm.ietf.org>
List-Post: <mailto:ssm@ietf.org>
List-Help: <mailto:ssm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ssm>, <mailto:ssm-request@ietf.org?subject=subscribe>
Hello, SSM working group. [ Welcome to the brand spanking new ssm@ietf.org mailing list. Please tell me if you notice any problems with the list. You should have received a mail from the mailman program running the list. The SSM page at ietf.org still lists the [un]subscription info for the old list, but it will be updated shortly. ] Last week, I was talking to some security folks here (Brian Weis and Mark Baugher) who pointed out that IPSec as specified in RFC2401 has some issues when securing SSM traffic. In short, the problem is that including the source in the SA lookup isn't really accounted for in IPSec, but it really should be. Details below. I don't think this is a really urgent problem, but I think the WG should be aware of the problem, so I'll spell it out. Comments solicited. Some IPSec background: [Apologies for the tutorial, but I know that not everyone in the wg is fluent in IPSec details.] IPSec, in RFC2401, specifies that an incoming IPSec packet is looked up on arrival in a local Security Association Database (SAD) to decide which Security Association (SA) should be applied to the packet [see section 4.4.3 of RFC2401.] The resulting SA determines the decryption/authentication key, and the anti-replay window (if one is used). RFC2401 specifies that the key for the SAD lookup is a 3-tuple of: - the packet's destination IP address - the IPSec protocol (ESP or AH) - the Security Parameters Index (SPI) The problem (for SSM) is that the source address is *not* included in the SAD lookup. The problem: You would to be sure that two unrelated SSM channels, if secured by IPSec, can be guaranteed to have unique Security Associations at all receivers. This should be true even if the senders accidentally happen to choose the same SSM destination address. There is, however, no entity that "owns" an SSM destination address and can reasonably ensure that every sender to an SSM address uses a unique SPI One could envision a similar problem for ASM, but I believe in the ASM case, the assumption of the IPSec design is that there exists a "group controller" that logically "owns" the group and can hand out a unique SPI to each source that needs one. But this doesn't apply to SSM. The mere existence of such an entity for an SSM address would defeat one of SSM's big benefits -- that external coordination with other senders is not needed before choosing and using an SSM address. In practice, I don't think this problem is very severe. It only arises if a receiver subscribes simultaneously to two unrelated IPSec'ed channels whose sources happen to have chosen the same IPDA and the same IPSec SPI. Given that the <IPDA,SPI> tuple contains 56 bits of generally randomly-picked data, it is very unlikely to occur in practice. However, I don't think the architecture should rely on coincidence to work properly. What to do: The solution that I most like is fairly easy to state: require the source address to be part of the SA lookup when the destination address is an SSM address. Mark and Brian inform me that the msec working group is looking at solving the problem this way. The required action from the SSM working group is, I think, to simply point out the problem in the -arch draft, more or less as I've done above, and note that work is currently underway to address the problem. I don't believe we need to or want to hold up the SSM draft until msec (or ipsec) solves the problem, but I'd like to hear WG comments on this topic. I'll probably be sending out some proposed modifications to the architecture draft shortly. Thanks to Mark and Brian for pointing out this problem. Cheers, -Hugh _______________________________________________ Ssm mailing list Ssm@ietf.org https://www1.ietf.org/mailman/listinfo/ssm
- [ssm] SSM with IPSec Hugh Holbrook
- Re: [ssm] SSM with IPSec Brian Haberman
- Re: [ssm] SSM with IPSec Brad Huntting
- Re: Re: [ssm] SSM with IPSec Hugh Holbrook
- Re: [ssm] SSM with IPSec Mark Baugher
- Re: Re: [ssm] SSM with IPSec Toerless Eckert
- Re: Re: Re: [ssm] SSM with IPSec Hugh Holbrook
- Re: Re: Re: [ssm] SSM with IPSec Mark Baugher
- Re: Re: Re: [ssm] SSM with IPSec Toerless Eckert
- Re: Re: Re: [ssm] SSM with IPSec Mark Baugher
- Re: Re: Re: [ssm] SSM with IPSec Toerless Eckert