[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

comments/concerns about ikev2-05

To: ipsec@lists.tislabs.com
Subject: comments/concerns about ikev2-05
From: Francis Dupont <Francis.Dupont@enst-bretagne.fr>
Date: Sat, 01 Mar 2003 17:59:54 +0100
Sender: owner-ipsec@lists.tislabs.com

 - question - section 1.2: why the SA2 stuff is mandatory, i.e., why
   the IKE_AUTH has to build an IPsec SA pair? The answer seems to be
   this is simpler but I don't know if a paranoid guy should not prefer
   to get PFS also for the first IPsec SA pair...

 - comment - section 1.5: this section (and the 2.21 one) uses to hidden
   and incorrect assumption that an address identifies only one node.
   Of course with NAT traversal many nodes can share the same address
   (but not the same port), and a node can use many addresses.
   I'd like to see more care in the wording.

 - comment - section 2.1: the text is not enough accurate about what is
   retransmitted. IMHO it is the IKE message itself only. For instance
   if a responder receives for the second time a request but from a different
   address, it should send the same reply but to the new address.
   To solve this kind of issues I propose:
    * to make very clear that replies are sent with the reversed addresses
      and ports (i.e., source becomes destination and destination source,
      both for the IP header addresses and the UDP ports).
      Note this rule is very strict and suffers no exception.
    * to specify that what is restransmitted/cached/etc is the IKE message
      itself and not the whole IP packet.

  - comment - section 2.19: the term IRAC and IRAS must be introduced
    (there is no acronym section).

  - comment - section 2.21: read the comment about section 1.5 and the
    "UDP port 500" should be changed in "UDP port 500 or 4500".

  - concern - section 2.23: "responses SHOULD be sent to the port from
    whence they came" has to be changed in "responses MUST be sent to the
    address and port from whence they came and from the address and port
    to whence they came". Read the comment about section 2.1.
    Note that I have a concern about to perform NAT detection in the
    IKE_SA_INIT exchange, cf my comment about section 3.10.1.

  - question - section 3.6: this section defines certificate encoding
    values without the corresponding layout, i.e., some defined types
    are not usable because underspecified. It is the case of the DNS
    signed key. Is it the KEY RRset with its SIG RRs in wire format
    (cf RFC 1035 and 2535)?

  - question - section 3.6: hash and URL of PKIX stuff doesn't require
    HTTP URLs. This is fine but HTTP-CERT-LOOKUP-SUPPORTED seems to
    be more restricting. LDAP at least should be allowed.
    (IMHO the "HTTP-based URL" idea (?) is the source of this issue)
    Note: I'd like to be able to get certificates or public keys through
    the DNS in a standardized way.

  - typo - section 3.10.1: INVALID-SPI is defined twice. At least one
    should be specialized, i.e., value 4 for INVALID-IKE-SPI or
    value 11 for INVALID-IPSEC-SPI.

  - typo - section 3.10.1: where is the COOKIE-REQUIRED notification?
    (proposal: either define or delete it)

  - concern - section 3.10.1: I signaled that NAT-DETECTION-*-IPs were
    buggy. Unfortunately they are still wrong. If we look at
    the Tero's draft about NAT traversal (draft-ietf-ipsec-nat-t-ike-05.txt):
     - the detection can be done in the second exchange (IKE_AUTH).
     - the SHA-1 of SPIs (why?), addresses and ports can be easily
       faked by an attacker. As the NAT traversal is less secure,
       the current spec opens the door to a bidding down attack.
    I tried both to fix the NAT traversal support and to introduce
    mobility/multihoming support in my draft about address management.
    A new version should be available soon, the name of my I-D is:
    draft-dupont-ikev2-addrmgmt-01.txt
    Everything in it should be considered at the exception of the explicit
    peer address mechanism (same effect can be got with rekeying, of course
    not at the same price).

  - typo - section 3.14: s/Encrpted/Encrypted/

  - typo - appendix A: two 12)

  - typo - history H.4: s/from IKEv2-05/from IKEv2-04/

  - comment: there is nothing about IKE keepalives... If it is added one
    day (IMHO it should be), with NAT traversal the peer behind a NAT
    SHOULD send requests.

Regards

Francis.Dupont@enst-bretagne.fr

PS: of course detailed concerns with proposals can be found in my draft.
I submitted it two days ago but I can send it to impatients...

Prev by Date: RE: CP(CFG_REQUEST) required?
Next by Date: Re: Another NAT Traversal question
Prev by thread: Re: CP(CFG_REQUEST) required?
Next by thread: Re: suites vs. a la carte and IPcomp in IKEv2-05
Index(es):
- Date
- Thread