[IPsec] My notes about IKEv2bis

To: <Pasi.Eronen at nokia.com>
Subject: [IPsec] My notes about IKEv2bis
From: Tero Kivinen <kivinen at iki.fi>
Date: Fri, 5 Sep 2008 13:42:35 +0300
Cc: ipsec at ietf.org
Delivered-to: ietfarch-ipsec-archive at core3.amsl.com
Delivered-to: ipsec at core3.amsl.com
In-reply-to: <1696498986EFEC4D9153717DA325CB7201860ECA at vaebe104.NOE.Nokia.com>
List-archive: <http://www.ietf.org/pipermail/ipsec>
List-help: <mailto:ipsec-request@ietf.org?subject=help>
List-id: Discussion of IPsec protocols <ipsec.ietf.org>
List-post: <mailto:ipsec@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
References: <1696498986EFEC4D9153717DA325CB7201860ECA at vaebe104.NOE.Nokia.com>
Resent-date: Tue, 9 Sep 2008 15:42:23 +0300
Resent-from: kivinen at iki.fi
Resent-message-id: <18630.28463.896380.824828 at fireball.kivinen.iki.fi>
Resent-to: ipsec at ietf.org
Sender: ipsec-bounces at ietf.org

Pasi.Eronen at nokia.com writes:
> 2.7 and 3.3.6, possible contradiction about INVALID_KE_PAYLOAD ("MUST
> again propose its full set of." vs. "SHOULD, however, continue
> to propose its full supported set")

The 2.7 talks about the IKE_SA_INIT, and there it is MUST to propose
the full set. The 3.3.6 talks about the attribute negotiation in
general, and for example in the CREATE CHILD SA case the exchange is
already authenticated, thus there cannot be man in the middle even if
the initiator decides to retry CREATE CHILD SA with only the select
Diffie-Hellman group, i.e. does not include full supported set.

>From the responders point of view this does not matter, thus there is
no interoperability problem here, even if initiator only uses smaller
set. I think should in the 3.3.6 is still ok for the general case and
the 2.7 needs to keep the MUST as that is required for the security in
the IKE_SA_INIT case. 

> Text doesn't cover all the exchange collisions from RFC 4718 Section
> 5.11 yet (but I doubt implementors will get many of those right anyway...).

Most of those does not really matter as long as the implementations do
not crash on such cases. For example in 5.11.1 even if other end sends
duplicate delete for some SPI, that most likely will not cause any
problems. In 5.11.2 if either end fails to close SA properly, they
will close it after the DPD fails in the future. In the 5.11.3 the
failure might cause some extra IPsec SAs to be created, but that
should not cause problems.

The only really important case is the 5.11.4, as if during the IKE SA
rekeying the wrong IKE SA inherits the child SAs of the original IKE
SA that will cause the state to be messed up between the hosts, and
only way to recover will be to delete IKE SAs and start over. 

> Should we move features with no known implementations from the main
> text to an appendix?

What are such features?
-- 
kivinen at safenet-inc.com
_______________________________________________
IPsec mailing list
IPsec at ietf.org
https://www.ietf.org/mailman/listinfo/ipsec

References:
- [IPsec] My notes about IKEv2bis
  - From: Pasi.Eronen

Prev by Date: Re: [IPsec] IPsec Digest, Vol 53, Issue 3
Next by Date: Re: [IPsec] Motivation for ESP-null marking
Previous by thread: [IPsec] My notes about IKEv2bis
Next by thread: Re: [IPsec] My notes about IKEv2bis
Index(es):
- Date
- Thread

[IPsec] My notes about IKEv2bis

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.