[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

some concerns about last IKEv2 draft

To: ipsec@lists.tislabs.com
Subject: some concerns about last IKEv2 draft
From: Francis Dupont <Francis.Dupont@enst-bretagne.fr>
Date: Wed, 10 Sep 2003 18:30:19 +0200
Sender: owner-ipsec@lists.tislabs.com

I have some concerns about the draft-ietf-ipsec-ikev2-10.txt document:

 - In section 2.23 NAT Traversal:

      There are cases where a NAT box decides to remove mappings that
      are still alive (for example, the keepalive interval is too long,
      or the NAT box is rebooted). To recover in these cases, hosts that
      are not behind a NAT SHOULD send all packets (including retried
      packets) to the IP address and port from the last valid
      authenticated packet from the other end. A host not behind a NAT
      SHOULD NOT do this because it opens a DoS attack possibility. Any
      authenticated IKE packet or any authenticated IKE encapsulated ESP
      packet can be used to detect that the IP address or the port has
      changed.

 => the SHOULD and the SHOULD NOT apply to the same case (host no behind
    a NAT). Obviously there is a typo, IMHO the right version is:
    "A host behind a NAT SHOULD NOT do this ...".
    BTW the "any authenticated IKE encapsulated ESP" wording is poor and
    should be removed, or replaced by something which takes into account
    the whole IPsec traffic (both for the detection of the address change
    and for the update of the endpoint behind NAT address).

 - just after this paragraph, there is:

      Note that similar but probably not identical actions will likely
      be needed to make IKE work with Mobile IP, but such processing is
      not addressed by this document.

 => the Mobile IP case can be symmetrical so an identical action can't
    work in all cases because it would open the door to the DoS attack.

 - in 3.6 Certificate Payload:

      Hash and URL of PKIX bundle (13) contains a 20 octet SHA-1 hash of
      a PKIX certificate bundle followed by a variable length URL the
      resolves to the BER encoded certificate bundle itself. The bundle
      is a BER encoded SEQUENCE of certificates and CRLs.

 => this is an underspecified ASN.1 type: some tagging is needed,
    for instance by adding:
    ", respectively with implicit tags 0 and 1".

 - there is nothing about the protection of peer addresses, so IKEv2 can
   be used to launch DoS attacks... I still believe the easiest fix is
   to make the peer addresses explicit parameters of the IKE SA.

Francis.Dupont@enst-bretagne.fr

Follow-Ups:
- some concerns about last IKEv2 draft
  - From: Tero Kivinen <kivinen@ssh.fi>
- Re: some concerns about last IKEv2 draft
  - From: Nicolas Williams <Nicolas.Williams@sun.com>
- Re: some concerns about last IKEv2 draft
  - From: "Theodore Ts'o" <tytso@mit.edu>
- Re: some concerns about last IKEv2 draft
  - From: Karen Seo <kseo@bbn.com>

Prev by Date: rfc2402bis minor concerns
Next by Date: some concerns about last IKEv2 draft
Prev by thread: rfc2402bis minor concerns
Next by thread: some concerns about last IKEv2 draft
Index(es):
- Date
- Thread