[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: confusion about identity



Greetings,

> The documents use several not-quite-identical terms that I'm reading
> as equivalent:  Identification Payload, ID payload, and identity
> payload.  Is there an important difference?  If not, I suggest that
> a single term be used everywhere.

They're the same.

> draft-ietf-ipsec-isakmp-oakley-05.txt, section 5 "Exchanges" says the
> following (I quote a fair bit to give context, but you needn't read
> it to get my point):
> 
>    To authenticate either exchange the initiator of the protocol
>    generates HASH_I and the responder generates HASH_R where:
> 
>     HASH_I = prf(SKEYID, g^xi | g^xr | CKY-I | CKY-R | SAi_b | IDii_b )
>     HASH_R = prf(SKEYID, g^xr | g^xi | CKY-R | CKY-I | SAi_b | IDir_b )
> 
>    For authentication with digital signatures, HASH_I and HASH_R are
>    signed and verified; for authentication with either public key
>    encryption or pre-shared keys, HASH_I and HASH_R directly
>    authenticate the exchange.  The entire ID payload (including ID type,
>    port, and protocol but excluding the generic header) is hashed into
>    both HASH_I and HASH_R.
> 
> The first word of the second last line is the only use of the word
> "port" in the document.  As such, it seems out of place.

There are a few places when the ISAKMP/Oakley Resolution document is specific
to the IPSEC DOI, and this is one of them.  I suppose this statement really
belongs in the IPSEC DOI, or else the IO Resolution should qualify this with,
"For SA's negotiated under the IPSEC DOI, ..."  However, we tried to keep all
of the key agreement/key exchange protocol self-contained in one document and
the IO Resolution is clearly the place for this.  It's clearly important to
include the full IPSEC DOI ID payloads in the hash calculations.

> I find port mentioned in draft-ietf-ipsec-ipsec-doi-06.txt, section
> 4.6.2 "Identification Payload Content".  Port is recorded in a field
> that is marked as "reserved" (and hence required to be zero) in
> draft-ietf-ipsec-isakmp-08.txt section 3.8 "Identification Payload".
> This conflict looks serious to me: one or the other document should
> be altered.

The ISAKMP document also says:

  3.8 Identification Payload
  
  
  The Identification Payload contains DOI-specific data used to exchange
  identification information.

For the IPSEC DOI, the format is as defined in the IPSEC DOI.  For other
DOI's, the ID Payload would be defined in the relevant DOI document.  For
ISAKMP Phase I negotiations, the format is as defined in the ISAKMP document.
Having written that, I agree with your next point, that the text in the
existing DOI document is bogus...  To wit,

> In describing port, 4.6.2 of draft-ietf-ipsec-ipsec-doi-06.txt says:
> 
>    During Phase I negotiations, the ID port and protocol fields MUST be
>    set to zero or to UDP port 500.  If an implementation receives any
>    other values, this MUST be treated as an error and the security
>    association setup MUST be aborted.  This event SHOULD be auditable.

> The only time we use HASH_I and HASH_R (described in the long quote
> above) is during phase 1.  I wonder why one would put UDP port 500
> here when it causes a contradiction between the documents and yields
> no useful information (as far as I can tell).

I added this to the IPSEC DOI document following the Ottawa IPSEC bake-off
because there were several vendors sending Port 500 in the Phase I Main Mode
exchange.  I guess that was a mistake on my part.  You're right though and
unless there are objections raised ASAP, I'll remove it from the next draft.
It really doesn't add anything to have Port 500 included in the hash.

> Hugh Redelmeier
> hugh@mimosa.com  voice: +1 416 482-8253

Hey, thanks for taking the time to read the documents and write-up your
comments!

Derrell


Follow-Ups: References: