[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: March 2003 IETF WG Minutes

To: ipsec@lists.tislabs.com
Subject: Re: March 2003 IETF WG Minutes
From: Barbara Fraser <byfraser@cisco.com>
Date: Wed, 09 Apr 2003 11:50:43 -0700
Cc: byfraser@cisco.com, tytso@mit.edu
In-Reply-To: <4.3.2.7.2.20030408181513.0258f548@mira-sjc5-4.cisco.com>
Sender: owner-ipsec@lists.tislabs.com

It appears there are two different deadlines for submission to the proceedings on the IETF web site. I saw the April 14th date but there is an earlier one, April 11. I plan to submit the minutes before the April 11 deadline so please get any corrections to me in the next couple of days.

thanks,
Barb

At 06:18 PM 4/8/2003, Barbara Fraser wrote:

Here are the minutes from the working group meeting last month. Please send any corrections to me by April 11 so that we can submit them by the April 14 due date. Special thanks to Jesse for taking such detailed notes during the meeting.

Barb
=====================================
IPsec Working Group Minutes
March 2003 IETF, San Francisco, CA
Recorded by: Jesse Walker

1. Agenda bashing

Agenda accepted without change.

2. A word from the ADs

Russ Housley: Let's get it done. Oscillating on mail list. If it is in
document, don't change it unless it is breaking something.

3. Draft status

Barbara Fraser:

modp group completed last call, RFC editor queue

aes xcbc-mac completed last call, waiting for IESG
aes-cbc completed last call, waiting for AD writeup
sctp completed, kicked back from IESG, but they had wrong version; being
rereviewed
ESP, 2402bis esn ready for last call

nat traversal ready for last call
MIB documents ready for last call, but can't find them

Dead Peer Detection document ready for last call

IKEv2 coming to closure?
IKEv2 tutorial

4. Update on ESP, AH, 2401

Steve Kent:

ESP & AH changes: revised identification text to better accommodate
multicast; clarified anti-replay requirements for multicast; moved
discussion of when to use tunnel and transport mode to 2401bis

Q: Remove mandatory algorithm references from AH & ESP? No response.

SA identification: unicast, SPI is sufficient. Multicast: should support
demuxing based on SPI & dest addr, optionally use source addr too. Now SAD
flags to cover unicast and multicast: SPI only, SPI + destination addr, SPI
+ dest addr + src addr

Q: What about protocol field in multicast case?

Anti-replay: transmitter always increments; receiver can ignore it. Receiver
should tell transmitter to ignore seq counter wrap-around if not going to
perform anti-replay check.

2401bis: reconciling with IKEv2 selector, relaxing specs on when to use
tunnel v. transport; add forwarding/routing lookup prior to SPD lookup.

Q: remove mandatory algorithm references?

Comment: Forwarding lookup also must return next hop address.

Q: Ready for last call?

Comment: If aligning 2401bis with IKEv2, does this mean it won't work with
IKEv1? Answer: There are new SPD entries can't negotiate with IKEv1.
Comment: That is a real issue. Since adding lots of valuable things, it
might behoove us to find a way to construct an IKEv1 profile. Answer: it's
ESP/AH that are ready to move forward, not 2401bis.

5. High Level Interop

There was a miscommunication between the working group chairs. This topic should not have been on the agenda.

6. Backend Config Payload handling

Greg Lebovitz/Darren Dukes (Darren presents):

Use backend server to assign IP address.

IRAC Config Problem -- IPsec remote access client needs private IP address
before creating child SAs. How?

Config Payload -- allow config payload to do this. Put config payload in
IKE-AUTH exchange messages 3 and 4. Can backend with your favorite server.

On-IRAS Pools -- not scalable but work for small deployment

Off-IRAS Pools -- offload onto backend server; scales better: use DHCP,
RADIUS or other backend server

Requirements: be able to use DHCP, RADIUS and LDAP to get addresses.

Question: Not suggesting changes to IKEv2? Answer: No, augments IKEv2 using
IKEv2 mechanisms.

7. IKE DHCP encapsulation

Michael Richardson:

Requirements: no new namespaces, provide client with info it needs; minimize
# of exchanges; interfaces to existing infrastructure; preserves end-to-end
security of DHCP; permit independent DHCP evolution.

Three methods: DHCP-over-IPsec; ModeCFG over IKE; proposed DHCP over IKE

DHCP-over IPsec: product of IPSRA; easy for bump-in-stack, all-in-one
gateway; leverages existing DHCP server

ModeCFG: occurs in IKE msg 3, uses custom payload; if you need DHCP info, do
it over IPsec; easy to interface to RADIUS/COPS/DHCP

Why bother? DHCP the defacto standard; don't reinvent

DHCP-over-IKE v. over IPsec: creating 0/0 tunnel is hard when crypto
offloaded; client systems without virtual i/fs cannot do this easily; may
have to leave 0/0 SA around for renewals

DHCP-over-IKE v. ModeCFG: same as DHCP-over-IKE, except format bits; ModeCFG
needs an IKE 1.5 exchange; DHCP-over-IKE preserves client-server security;
extensible; plugs into RADIUS/COPS with mini-DHCP server/proxy; talks to
real DHCP server with no glue

8. IKEv2 issues

Ted Ts'o:

Posted open issues last call to determine how far away from getting IKEv2
out the door.

Time to shoot the engineers and ship the product: if not broken, don't fix;
some recently introduced problems should be remanded to an IKEv2 extensions
WG; otherwise will suffer scope creep

What's left: AH and ESPbis; 2401bis; then we can shut down! Want to finish
this year.

Issues recently resolved: Secure legacy authentication; cipher suites
document needed--Jeff Schiller has volunteered; Hugo's key derivation
objections; suites v. a la carte; Charlie’s question about IKE suite #5.

Issues recently discussed (no closure): Multiple tunnels for QoS; multiple
tunnels for outsourced VPNs; mobility peer address management; kill
me-Tarzan-you-Jane; revised identity; DHCP v. config payload.

Outsourced VPNs: is this important to handle now? Solutions exist that
require no changes to the draft

Mobility peer addr mgmt: support for changing IP addresses during SA
lifetime. Important now? assertion: move this into separate WG.

Comment: Defect in current draft about IP address. Can move this to another
WG. Charlie: if clarifications to existing text, please send suggested text
and section changes apply to.

Comment: Combine NAT traversal, mobility? Ted: Don't see how the two are
related.

Comment (Mark Duffy): Include VPN ID in IKEv2. Within PPP have ways to
discover identities of VPN members. VPN ID will facilitate this within
IPsec.

Comment: Suites v. a la carte: no idea what to do to support legacy
combinations that aren't in a defined suite. Can't use IKEv2 with these.
Want to auto-upgrade configuration, but can't. Response: It will have to be
allowed to use both suites and a la carte. We will leave IKEv1 customers as
IKEv1 until they can upgrade.

Comment (Dan Harkins): Will have to double suites because no way to indicate
PFS. Ted: Don't understand.

Comment: If we go with suites, consider what other WGs have called out as
mandatory to implement.

Comment (Charlie Kaufman): You can identify suite you want with vendor ID if
single vendor; if multiple vendors want this, then they can ask for this to
be added to suites document. Diffie-Hellman group is part of the suite.

Comment: Let's propose suite for every combination possible in IKEv1.

Comment (Paul Hoffman): Everyone in IKEv1 has GUI that lets them pick what
they want. No consistent defaults. People are really using DES, because it
is mandatory to implement in IKEv1. Upgrade cannot be direct, because we
won't support DES going forward.

Comment: Need more active discussion on peer addresses than just a few
comments, or we won't handle the problem.

Comment (Radia Perlman): Curious whether there is passion behind suites?
Charlie: Only losing side shows up. Ted: 80% of room in Atlanta wanted
suites. Charlie: heard requirement to negotiate any combination in IKEv1.
Russ: Charlie's story: two bales of hay and a donkey. Donkeys are not too
dumb not to decide which to eat from.

Comment: WG list came to consensus with a la carte suites. VPNID is just
another name, and we don't need to do anything about it. Just agree upon a
name; just use them.

Comment: (Paul Hoffman) 80% people speaking did not support suites, but the
vote was 80%. Developers more evenly split on a la carte.

Comment: v1 has a la carte, and it ain't broke

Comment: What happened to discussion about GUIs?

Charlie: Asked a la carte party which a la carte they want. The question of
"ands" and "ors" has to be addressed. Changing is tiresome. There is always
consensus we can make it better

Uri: main reason to have a la carte is it is simpler. main reason to have
suites is it is analyzable. This is the main reason to select a la carte.

Comment: In the protocol define as a la carte but draft 3 suites. This gives
benefits of both. 3 is the right number for interoperability testing.

Charlie: Can do this; a la carte text is escrowed.

Ted: We don't want to debate this one. Current draft: 5; some form of a la
carte: 25; some form of a la carte in v2 '02 draft v v1 encoding scheme:
unanimous in favor of v2 '02.

Ted: we need to lock this decision in stone.

Ted: Want consensus that we won't do QoS, outsourced VPN, mobility support
in a new WG. Everyone agrees.

9. Kill off me-Tarzan-you-Jane:

argument for: initiator id sufficient to demux multiple VPNs.

Comment: But this is not a problem for VPNs. It is a problem for end-to-end
use. Don't know what it means to remove it.

Comment: Right. Keep me-Tarzan-you-Jane, because useful outside of VPN.

Comment: But do we need two different payloads to do same thing? What we
need to kill off is optional ID payload.

Comment: No. The way the initiator wants to refer to responder identity
might not be a raw key. Better to use identity name space rather than key
name space. Need to keep identity across key roll-over.

Comment: Can't use CERTREQ with anything other than PKIX signing certs.

Comment: But then why do we have these other types?

Comment: Other types need to be specified; no semantics for them.

Comment: Can express remote identity by certificate you want to receive. You
will get that certificate. We will always do this, so always pass
certificate chains. We won't get the performance optimization we thought.
We need a bit saying whether the ID payload refers to requestor or
responder. Requirement to specify remote end is a non-negotiable
requirement. CERTREQ is for getting certs. This is premature optimization.

Charlie: There is confusion. Me-Tarzan-You-Jane solves one problem, but
people try to solve other problems, but doesn't work there, so want to
remove it. If you don't use it to solve the wrong problem, it is fine and
shouldn't be used.

Comment (Derek Atkins): Keep what's there.

Comment (Dan Harkins): Payload is not non-critical. It is a mandatory
option. The problem it solves is never stated.

Ted: How many believe current language be kept? Removed? Don't care? Vote
was to keep it. If you want it clarified, send text to Charlie.

10. Revised identity

Is there anything left to do?

Paul Hoffman: Charlie clarified when to send cert. Only open issue is to
define what identity means. Do we want to clarify this?

Comment: Tarzan-Jane discussion arose because of no identity notion.

Comment: We don't know how to build certificates for IKE. We can't change
PKIX. Does ID payload contents need to match something in CERT payload? Can
solve this problem with one sentence. Need to make this explicit to close
this issue.

Charlie: Devil is in details. Yes they have to match, but we don't know what
matching means.

Ted: In Kerberos, you specify name, ticket, and access control check. This
problem is never addressed in Kerberos. Similarly in SSH. Because of Cert
structure, people think they don't have to check access control list but
rather only check some magical field in cert. Interop problems arise from
this. Draft haven't done this.

Paul: Can't decide this in IKEv2 timeframe. Let's defer it.

Comment: Don't want to go through same as last 4 years.

Comment: There are implementations that check ACL. Name is just a hint to
find right key. People are looking for way to contact random machine and
make decisions.

Steve Kent: Agree with Paul; too complicated to get resolved. There is an
ACL; it is the SPD. Problem people run into is we haven't nailed down SPD
syntax well enough to remove these problems. Intent was precisely to
establish entries in form that cert will map to SPD entries. This is a
2401bis problem

Comment: Two issues: access policy, which is user's decision.
Interoperability problems because of configuration. Not trying to solve
these problems which is protocol interoperability. What we need to insure
is protocol interoperability: do you have to match something in cert to
something in ID payload or not.

Comment: Try: "after you have authenticated the dude on the other end, you
MUST decide whether this matches the access control criteria on your end."

Comment: Deal with this in 2401bis. Short term solution is to say that what
goes in ID v CERT payload is a local matter for now. It need not match.

Comment: SO we will put in sentence that ID payload is for policy lookup and
does not need to match anything in CERT payload. Both fields may be used
for access control decisions, but need not be correlated. 2-1 in favor.

Steve Kent: Don't think this clarifies anything, other than allows a vendor
to claim compliance. It doesn't solve the problem.

Ted: alternate proposal?

Paul Hoffman: Do this on the list. What implementers claim their
implementations do doesn't match debug log.

Comment: We have opened can of worms best closed on list.

11. DHCP v. CFG payload

Summary: Both solutions are technically workable. IKEv2-05 allows server to
refuse CFG request and uses fallback to 3456bis. DHCP encapsulation within
IKE recent submission.

DHCP encapsulation might be suitable compromise, but not fleshed out. If
consensus in WG to pursue this new idea, give them limited time, then
decide to fallback to IKEv2-05. If people want 3456bis, give people short
time to produce text, otherwise fall back to IKEv2-05 CFG payload. 5 or 6
happy with current, 3 or 4 unhappy.

Comment: growth of DHCP indicates configuration is a hard problem; let
someone solve it. That speaks to just reusing DHCP. Don't reinvent the
wheel; just use DHCP. Pursue this with a reasonable timeout with fallback.

Comment: CFG payload has fallback mechanism built in for implementations
that want to do something else. Keep CFG payload as is to allow DHCP or
whatever else.

Comment: Getting into trouble with IPv6. Already have several, creating yet
another one.

Comment: DHCP INFORM gives options not given by CFG payload. This would
satisfy problems. Yeah; we do need to think more about v6.

Comment: Makes sense to give DHCP 3 weeks to flesh out document.

Comment: DHCP is still evolving. CFG payload would not allow use of DHCP
end-to-end security. In many cases DHCP options influence address
assignment, so need this information before CFG payload. Better to restrict
ourselves to one way.

Comment: Alternative scenario. Authentication might influence address
assignment. Push to restrict this to bootstrap and not generalize it. DHCP
is not interoperable in terms of options.

Comment: Not clear how DHCP will work with RADIUS or LDP; CFG option
superior for this.

Comment: Security Gateway acts as proxy for client; it is responsible for
authentication.

Comment: But this is not end-to-end.

Comment: In DHCP-over-IKE, Server is DHCP relay, not a proxy. There are
proposals to carry EAP within DHCP, too. While server does have to
interpret DHCP bits, we don't want it to modify them.

Ted: Seems to be a number of people speaking in favor of allowing
DHCP-over-IKE 3 weeks. Strong interest in pursuing this?

Comment: in 3 weeks we will compare. Need a few days specifying what
scenarios have to be addressed.

Comment: More problems being raised now that there is a proposal. IKEv1 was
successful because (1) there was a freeware implementation as a starting
point and (2) we did interoperability testing before going to RFC. We are
not ready to go to RFC, because we have neither of these. The nature of the
market is people will believe there is interoperability because it is an
RFC. Need to have something more baked. Need to have a bakeoff first. Need
to seriously consider doing so before going to RFC.

Ted: Problem space WG says we should go to proposed standard sooner. From
process viewpoint, we need some way to prevent flip-flop, so implementers
can implementers.

Comment: Flip-flop occurs because we don't understand problem.

Comment: We haven't started IKEv2 implementation. It would be good to have a
discussion about this to express opinion about draft.

Ted: Let's close on DHCP first before talking about this. Sense of room to
try DHCP-within-IKE for 3 weeks and fallback to CFG payload if this doesn't
pan out.

Comment: There are a lot of ModeCFG in IKEv1. CFG payload is near to this,
so there will have to be new code and understanding.

Straw vote: CFG payload, DHCP-within-IKE with fallback, something else:
10-14-0. Too close to call; take it to the list.

Comment: Let's have straw vote in 3 weeks.

Ted: Michael Richardson is the stuckee. We want to get draft ready for WG
last call by April 15. Goal to publish this as an RFC before Austria IETF.
Issue is whether baking occurs for draft standard or proposed standard. We
need to have draft locked down, however.

Comment: what happens with 2401bis? Do we want to divorce IKEv2 from
2401bis? are there linkages?

Ted: Should we publish IKEv2 and 2401bis simultaneous or in serial.

Comment: They should be "simultaneous"

Ted: That's what we did with IKEv1, but caused problems because there were
12 docs.

Comment: The hairball is not as large this time. Not convinced we have
thought through problems we have solved.

Comment: Sympathize, but we should try the IETF thing. This is a better
goal.

Comment: Companies are under travel restrictions. we should make bakeoff
affordable and easy to get to.

References:
- March 2003 IETF WG Minutes
  - From: Barbara Fraser <byfraser@cisco.com>

Prev by Date: Re: Confirm decision on identity handling.
Next by Date: RE: draft-ietf-ipsec-ikev2-06.txt
Prev by thread: March 2003 IETF WG Minutes
Next by thread: Confirm decision to keep Me Tarzan, You Jane
Index(es):
- Date
- Thread