[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Last Call: The Group Domain of Interpretation to Proposed Standard

To: iesg@ietf.org
Subject: Re: Last Call: The Group Domain of Interpretation to Proposed Standard
From: Dan Harkins <dharkins@tibernian.com>
Date: Mon, 29 Jul 2002 18:42:06 -0700
cc: msec@securemulticast.org, ipsec@lists.tislabs.com
Sender: owner-ipsec@lists.tislabs.com

  This draft piggybacks on top of IKE (RFC2409) by defining a new "phase 2"
exchange to be protected by an IKE Security Association established
in a "phase 1" exchange. There is currently a moratorium on doing this
as was explained by Marcus Leech (then co-AD) on behalf of himself,
Jeff Schiller and Steve Bellovin in a "Position Statement" mailed on 
August 2nd 2001 and partially excerpted here:

  "Despite the obviously complex nature of IKE, several proposals have
   been put forward to extend ISAKMP/IKE in various ways, for various
   purposes.  Proposals such as IKECFG, XAUTH, Hybrid-AUTH, CRACK, and
   others do nothing to improve the complexity situation with regard to
   IKE as a whole.  While many of these proposals are, individually,
   based on sound engineering and reasonably prudent practice, when cast
   in the larger context of IKE, it seems clear that they can do nothing
   to improve the complexity picture.

  "It is with that in mind that the Security Area directors in the IETF,
   with the consultation of appropriate people on the IESG and IAB, hereby
   place a temporary moratorium on the addition of new features to IKE.
   It is fairly clear that work on IKE should focus on fixing identified
   weaknesses in the protocol, rather than adding features that detract
   from the goal of simplicity and correctness.

  "We are concerned that trying to reuse too much of the IKE
   code base in new protocols -- PIC and GDOI come to mind --
   will lead to more complex (and hence vulnerable) implementations.
   We suggest that implementors resist this temptation, with the
   obvious exception of common library functions that perform
   functions such as large modular exponentiations.  Attempts
   to share state or to optimize message exchanges are likely to
   lead to disaster."

  GDOI does indeed share state from IKE. It requires the authenticated and 
secret keys IKE derives, among other things (like "cookies", etc). It was
even explicitly mentioned in the Position Statement as a source of
concern.

  I urge the IESG to reject the request to advance this draft to Proposed
Standard as it will lead to more complex and vulnerable implementations
and "likely lead to disaster."

  Dan.

On Mon, 29 Jul 2002 14:22:28 PDT you wrote
> 
> The IESG has received a request from the Multicast Security Working Group
> to consider The Group Domain of Interpretation
> <draft-ietf-msec-gdoi-05.txt> as a Proposed Standard. 
>
> The IESG plans to make a decision in the next few weeks, and solicits
> final comments on this action.  Please send any comments to the
> iesg@ietf.org or ietf@ietf.org mailing lists by August 12, 2002.
>
> Files can be obtained via
> http://www.ietf.org/internet-drafts/draft-ietf-msec-gdoi-05.txt

Follow-Ups:
- Re: Last Call: The Group Domain of Interpretation to Proposed Standard
  - From: Mark Baugher <mbaugher@cisco.com>
- Re: Last Call: The Group Domain of Interpretation to Proposed Standard
  - From: Brian Weis <bew@cisco.com>

Prev by Date: Fwd: Last Call: The Group Domain of Interpretation to Proposed Standard
Next by Date: RE: Two AES encryption modes?
Prev by thread: Fwd: Last Call: The Group Domain of Interpretation to Proposed Standard
Next by thread: Re: Last Call: The Group Domain of Interpretation to Proposed Standard
Index(es):
- Date
- Thread