[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Proposal to formalize the Notification Data field



Michael Richardson writes:
>    Notification Status Messages MUST be sent under the protection of an
>    ISAKMP SA: either as a payload in the last Main Mode exchange; in a

The last payload in the Main Mode exchange is NOT protected by ISAKMP
SA. It is only encrypted but there is not message authentication code
in the payload.

The hash only protects g^xi, g^xr, cookies, SA and ID payload. If
there are any other payloads (Notify, certificate, or certificate
request payload) they are not protected by hash, and they can be
modified.

Modifying encrypted data is hard, but you can easily corrupt data thus
causing certificates to be invalid or the other end not to understand
the notification payload received.

>    separate Informational Exchange after Main Mode or Aggressive Mode
>    processing is complete; or as a payload in any Quick Mode exchange.
>    These messages MUST NOT be sent in Aggressive Mode exchanges unless
>    the authentication mode is RSA Encryption, since Aggressive Mode does
>    not otherwise provide the necessary protection to bind the Notify
>    Status Message to the exchange.

Aggressive mode using RSA Encryption doesn't say anything whether the
other payloads in the packet should be encrypted or not. Now it just
lists that ID and Nonce must be encrypted. In the Revised RSA
Encryption mode the draft says that at least the certificates sent in
the same packet must be encrypted, but it doesn't say anything about
notify payloads. 

>            3                   2                   1
>          1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
>         +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 
>         !  bad-prot-id  !   RESERVED    !    faulty payload length      !
>         +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
> 	!	RESERVED		!      offset of fault		!
>         +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>         !                                                               !
>         ~                      payload at fault                         ~
>         !                                                               !
>         +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>         !  severity code!   module code !  error num    !   ascii space !
>         +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>         !                                                               !
>         ~                       error text                              ~
>         !                                                               !
>         +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
> 
>  
>     The following messages have not yet been categorized.
>                   ATTRIBUTES-NOT-SUPPORTED

This is from transform payload.

>                   NO-PROPOSAL-CHOSEN       
>                   BAD-PROPOSAL-SYNTAX      

These are from SA-payload. 

>  o  Payload Length (2 octets) - Length in octets of the included faulty
      ^^^^^^^^^^^^^^

Faulty Payload Length.

>  o severity code (1 octets) - an integer encoded as a single ascii
> 	value. See RFC821, appendix E.
>            "1"   Positive Preliminary reply
>            "2"   Positive Completion reply
>            "3"   Positive Intermediate reply
>            "4"   Transient Negative Completion reply
>            "5"   Permanent Negative Completion reply

Why ascii values? All the other numbers are simple numbers, not ascii
characters. 

>   o module code - identifies which subsystem is involved (to be defined!)
>   o error code  - number.

Are these ascii numbers also? 

>   o space - The ASCII space value, integer 32.
>   o error text - a human readable message, encoded in UTF8. One "line" of
> 	text only. Suggested limit is 77 glyphs.

Why 77? Why not 75 (3 digits + space + 75 glyphs = 79 == less than
line). I assume there is no nul character at the end. 

I assume the ascii stuff is so you can just print the data from the
payload? It just limits the number of error codes from 16777216 to
1000, and I think that is quite big restriction. 
-- 
kivinen@iki.fi		              	     Work : +358-9-4354 3207
Magnus Enckellin kuja 9 K 19, 02610, Espoo   Home : +358-9-502 1573


References: