[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: some concerns about last IKEv2 draft

To: "Theodore Ts'o" <tytso@mit.edu>
Subject: Re: some concerns about last IKEv2 draft
From: Francis Dupont <Francis.Dupont@enst-bretagne.fr>
Date: Thu, 11 Sep 2003 15:21:23 +0200
cc: ipsec@lists.tislabs.com
In-reply-to: Your message of Wed, 10 Sep 2003 16:51:20 EDT. <20030910205120.GI30537@think>
Sender: owner-ipsec@lists.tislabs.com

 In your previous mail you wrote:

   >  - in 3.6 Certificate Payload:
   > 
   >       Hash and URL of PKIX bundle (13) contains a 20 octet SHA-1 hash of
   >       a PKIX certificate bundle followed by a variable length URL the
   >       resolves to the BER encoded certificate bundle itself. The bundle
   >       is a BER encoded SEQUENCE of certificates and CRLs.
   > 
   >  => this is an underspecified ASN.1 type: some tagging is needed,
   >     for instance by adding:
   >     ", respectively with implicit tags 0 and 1".

   While type-specific tagging might make life easier for the parser, it
   is not strictly necessary since it is possible to distinguish between
   certificates and CRL's by the ebedded ASN.1 type information.

=> I disagree: certificates and CRLs are SEQUENCEs so tagging is mandatory
(cf ITU-T REC X.680 200207 aka ISO/IEC IS 8824-1 2003, 28.3:
"The Types defined in the "AlternativeTypeList" productions in an
 "AlternativeTypeLists" shall have distinct tags")

   >  - there is nothing about the protection of peer addresses, so IKEv2 can
   >    be used to launch DoS attacks... I still believe the easiest fix is
   >    to make the peer addresses explicit parameters of the IKE SA.

   This is not a new issue, and the working group has decided that it is
   not worth worrying about this particular attack.

=> s/has decided/has not shown enough interest/?
And the question is not "has the IETF decided that it is not worth
worrying about this particular attack?" It seems an IETF last call
will be done one day about the IKEv2 document, doesn't it?

   I will note that the
   attack requires that the attacker be on the network path between the
   two communicating peers, and that an attacker in this position has the
   ability to carry out a multitude of attacks that disrupt the
   communication between the two peers, and indeed there are plenty of
   denial of service attacks that do not require being on the network
   path.

=> yes, this is not a drastic issue. But this means that IKEv1 should not
be backpatched, not that IKEv2 should be deployed with this flaw.
I am still surprised by the different handling of the same issue by
the mobility (cf. RFC 3519) and IPsec guys...

Thanks

Francis.Dupont@enst-bretagne.fr

Follow-Ups:
- Re: some concerns about last IKEv2 draft
  - From: Nicolas Williams <Nicolas.Williams@sun.com>

References:
- Re: some concerns about last IKEv2 draft
  - From: "Theodore Ts'o" <tytso@mit.edu>

Prev by Date: Re: some concerns about last IKEv2 draft
Next by Date: Re: some concerns about last IKEv2 draft
Prev by thread: Re: some concerns about last IKEv2 draft
Next by thread: Re: some concerns about last IKEv2 draft
Index(es):
- Date
- Thread