[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: some concerns about last IKEv2 draft

On Wed, Sep 10, 2003 at 06:30:19PM +0200, Francis Dupont wrote:
> I have some concerns about the draft-ietf-ipsec-ikev2-10.txt document:
> 
>  - In section 2.23 NAT Traversal:
> 
>       There are cases where a NAT box decides to remove mappings that
>       are still alive (for example, the keepalive interval is too long,
>       or the NAT box is rebooted). To recover in these cases, hosts that
>       are not behind a NAT SHOULD send all packets (including retried
>       packets) to the IP address and port from the last valid
>       authenticated packet from the other end. A host not behind a NAT
>       SHOULD NOT do this because it opens a DoS attack possibility. Any
>       authenticated IKE packet or any authenticated IKE encapsulated ESP
>       packet can be used to detect that the IP address or the port has
>       changed.
> 
>  => the SHOULD and the SHOULD NOT apply to the same case (host no behind
>     a NAT). Obviously there is a typo, IMHO the right version is:
>     "A host behind a NAT SHOULD NOT do this ...".
>     BTW the "any authenticated IKE encapsulated ESP" wording is poor and
>     should be removed, or replaced by something which takes into account
>     the whole IPsec traffic (both for the detection of the address change
>     and for the update of the endpoint behind NAT address).

Hmm.... good catch.  Thanks for pointing this out.

>  - just after this paragraph, there is:
> 
>       Note that similar but probably not identical actions will likely
>       be needed to make IKE work with Mobile IP, but such processing is
>       not addressed by this document.
> 
>  => the Mobile IP case can be symmetrical so an identical action can't
>     work in all cases because it would open the door to the DoS attack.

Given that the paragraph does say "probably not identical", do we need
to make any changes to this text?  I do not believe this to be the
case.

>  - in 3.6 Certificate Payload:
> 
>       Hash and URL of PKIX bundle (13) contains a 20 octet SHA-1 hash of
>       a PKIX certificate bundle followed by a variable length URL the
>       resolves to the BER encoded certificate bundle itself. The bundle
>       is a BER encoded SEQUENCE of certificates and CRLs.
> 
>  => this is an underspecified ASN.1 type: some tagging is needed,
>     for instance by adding:
>     ", respectively with implicit tags 0 and 1".

While type-specific tagging might make life easier for the parser, it
is not strictly necessary since it is possible to distinguish between
certificates and CRL's by the ebedded ASN.1 type information.

>  - there is nothing about the protection of peer addresses, so IKEv2 can
>    be used to launch DoS attacks... I still believe the easiest fix is
>    to make the peer addresses explicit parameters of the IKE SA.

This is not a new issue, and the working group has decided that it is
not worth worrying about this particular attack.  I will note that the
attack requires that the attacker be on the network path between the
two communicating peers, and that an attacker in this position has the
ability to carry out a multitude of attacks that disrupt the
communication between the two peers, and indeed there are plenty of
denial of service attacks that do not require being on the network
path.

						- Ted