[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
proposed changes to ISAKMP/Oakley
The following are the changes to v4 of the ISAKMP/Oakley draft I've made
so far. It's now v5.
* Added a table of contents
* Added two new (optional) authentication methods: the revised public-key
encryption method; and a kerberos authentication method.
* cleaned up various spelling mistakes and typos.
* clarification on group offers. If a group is specified using its
description (Group Description attribute) then other group attributes
like Group Prime or Group Type are not allowed.
* added 2 new optional Diffie-Hellman groups, a EC2N group with field
element size 155 and a EC2N group with field element size 185.
* fixed problem with KEYMAT definition when it's expanded-- it didn't
have the protocol included.
* added a clarification on the use of proxy IDs in Quick Mode which states:
"The proxy identities are used to identify and direct traffic
to the appropriate tunnel in cases where multiple tunnels exist
between two peers and also to allow for unique and shared SAs with
different granularities. Local policy will determine whether packets
which do not match the proxy information on which a tunnel was created
will be forwarded upon leaving the tunnel."
The 2nd part might actually belong in the Architecture Draft and
I'll entertain offers from Steve Kent to remove this text and have
it added there but I think there is a general confusion on this
capability and it should be clarified (some people had mentioned
situations where "I don't 'do proxy' but the other guy does" as if
it was some additional capability like doing Aggressive Mode).
In fact, it might make sense to say that if proxy identities are
used in negotiation of tunnels that traffic which does not match
that information MUST NOT be stuffed in the tunnel.
* added clarification on the M-ID used in Informational Exchanges. The
M-ID of this exchange is unique and MUST NOT be the same as that
used by a phase 2 exchange which prompted the Informational Exchange.
* fixed the spi size problem in the payload explosion section.
* added phase 1 attributes for GSS Identity Name and Field Element Size.
Overloaded Group Prime attribute to also be Irreducible Polynomial.
* and finally, due to Hugo's further clarification of the necessity of
changing the way SKEYID is generated for authentication with public
key encryption, I changed it to be his second request (it's a prf but
the key is a hash of the nonces) instead of the first (it's the hash
of the information). It looks like this:
SKEYID = prf(hash(Ni | Nr), CKY-I | CKY-R)
I don't think this will break too much since I know of only two
implementations of authentication with public key encryption (one
is mine) and in spite of the offers for testing there was no
demonstrated interoperability of this at the last IPSec bakeoff at
TimeStep.
TBD: weak key checks. There was much discussion about the wisdom of having
weak key checks in documents. Ideally ISAKMP/Oakley will be used for more
than IPSec so I'm going to leave them unless there is a loud and immediate
outcry. The last discussion devolved into thread completely off the original
topic so I basically ignored it.
If anyone has any major comments on this draft, if anyone feels it is no
where near ready, I ask you to please send me your concerns. I've heard
lots of vague gripes and statements of serious problems with this draft but
I've received nothing substantial. Speak now, please! I-- and actually the
entire WG-- cannot wait any longer.
Barring anything serious the draft will go out later this week.
Dan.
Follow-Ups: