[IPsec] RFC4307 & ENCR_NULL & USGv6 profile & Roadmap document

To: ipsec at ietf.org
Subject: [IPsec] RFC4307 & ENCR_NULL & USGv6 profile & Roadmap document
From: Tero Kivinen <kivinen at iki.fi>
Date: Tue, 20 Oct 2009 16:40:59 +0300
Cc: pasi.eronen at nokia.com, sheila.frankel at nist.gov
Delivered-to: ipsec at core3.amsl.com
List-archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-help: <mailto:ipsec-request@ietf.org?subject=help>
List-id: Discussion of IPsec protocols <ipsec.ietf.org>
List-post: <mailto:ipsec@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>

I was reading the USGv6 profile, and it complained that RFC4307 and
RFC4835 do not agree on status of NULL encryption. RFC4307 says MAY,
and RFC4835 says MUST.

As far as I have understood the RFC4835 defines algorithm requirements
for Child SAs (ESP and AH), and RFC4307 defines algorithm requirements
for IKEv2 SAs, i.e. when IKEv2 protects its own traffic.

However while the roadmap document agrees on that ("[RFC4307]
specifies the encryption and integrity-protection algorithms used by
IKEv2 to protect its own traffic") it also final sentence which makes
this not so clear: "It also specifies the encryption and
integrity-protection algorithms that IKEv2 negotiates for use within
IPsec."

I.e. that last sentence would indicate that RFC4307 would also define
encryption and integrity-protection algorithms for Child SAs. On the
other hand it does not list IPsec-v2 nor IPsec-v3 on the requirements
level so that would indicate it does not apply to IPsec, only to IKE.

In the abstract RFC4307 does not clearly say whether it only covers
IKEv2 traffic or if it also covers Child SA (IPsec, ESP/AH) traffic
negotiated with IKEv2. But later in the section 3.1.1 it clearly says
that "The IKEv2 Encryption Payload requires..." which indicates it
only covers IKEv2 SA traffic not anything else.

If this is true, then the requirement level for ENCR_NULL is clearly
wrong, as RFC4306 says that ENCR_NULL MUST NOT be used when protecting
IKEv2 SA traffic (section 5. Security Considerations).

So I would suggest we remove the misleading last sentence from the
draft-ietf-ipsecme-roadmap-04.txt section 5.1.2, and make an errata
for RFC4307 saying that ENCR_NULL is "MUST NOT" instead of "MAY".

Also the USGv6 document might also distinguish the fact that RFC4835
and RFC4307 cover different protocols, thus they does not need to
agree on the requirement levels, and NULL encryption cannot really be
required for IKEv2 as it would go against MUST NOT in RFC4306.
-- 
kivinen at iki.fi

Follow-Ups:
- Re: [IPsec] RFC4307 & ENCR_NULL & USGv6 profile & Roadmap document
  - From: Frankel, Sheila E.

Prev by Date: Re: [IPsec] review of draft-ietf-ipsecme-aes-ctr-ikev2-02
Next by Date: [IPsec] Closing the IKEv2bis open issues
Previous by thread: [IPsec] USGv6 Testing Program to begin Operation November 30th, 2009
Next by thread: Re: [IPsec] RFC4307 & ENCR_NULL & USGv6 profile & Roadmap document
Index(es):
- Date
- Thread

[IPsec] RFC4307 & ENCR_NULL & USGv6 profile & Roadmap document

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.