Below are two versions of ipsecme meeting notes, lightly edited from the original. ipsecme WG meeting notes July 2009 IETF meetings, Stockholm, Sweden Scribe - David Black -------------------------------------------- These notes contain summaries of important discussion and comments. See the presenter's slides for details of topics. Minutes have been somewhat reorganized by topic (i.e., are not in chronological order) -- 1. Opening remarks (WG chairs - Yaron Sheffer, Paul Hoffman) WG status - WG rechartering expected in a month or so. -- 2. Very short status reports on ongoing WG docs (WG chairs, draft authors) - IKEv2-bis: Being worked on, still 15 or so open issues - Roadmap: WGLC coming shortly after this meeting week - WESP (Traffic Visibility): 1 significant WGLC comment, proposed approach to resolve issue (0 could mean "encryption being used" or "IPv6 Hop-by-Hop option") reviewed in meeting -> intent is to bring back "Encryption bit" in flags to disambiguate meaning. - Heuristics: Stable, needs more review, please review it. - Resumption: Ready for AD review - Redirect: 2 IESG Discusses - solutions agreed to, will add "MAY"-level requirements to draft, WG will review actual text to be added. - IPv6 Configuration: Will be published as experimental RFC ** Gabriel Montenegro: Need to restore text saying that this diverges from IESG direction in RFC 5505 to ensure that IESG addresses this. - draft-ipsecme-aes-ctr-ikev2-00 (new doc; name will change later) David Black: There may be some useful material in RFC 5282 on combined modes (GCM, CCM) for IKEv2 (or maybe it's not useful). Authors of IKEv2 CTR draft will take a look at RFC 5282. Not a WG doc, but important ECDH: RFC 4753 has wrong format for DH shared secret draft-solinas-rfc4753bis-00 fixes this - now in IETF WGLC -- 3. RFC publication and the rechartering process (Paul Hoffman) See Paul's slides for discussion of alternatives on how a draft becomes an RFC. Lack of interest (minimum number of interested reviewers) will result in documents being redirected from standards track to be published as Experimental or Informational. IPv6 config is first example, the heuristics draft may be another example. -- 4. Proposed future work items. - Childless initiation of IKEv2 SAs (http://tools.ietf.org/html/draft-nir-ipsecme-childless) - Draft has a number of open issues, seems appropriate for WG - Teddy Hogeborn: Why was this omitted from IKEv2? Seems like an obvious thing to do. - Tero Kivinen: Wanted to avoid extra round trips for case where child SA is created and keep protocol simple. - Paul Hoffman: What's new is situations where the child SA is not wanted/needed. - Jean-Michel Combes: Authentication-only work taking place in other WGs, do we need another mechanism? - Paul Hoffman: IESG will have final say on whether this is appropriate work. - Jean-Michel Combes: SPD has to be configured to not create SA, this is an impact on existing implementations. - EAP-only authentication for IKEv2 (http://tools.ietf.org/html/draft-eronen-ipsec-ikev2-eap-auth) Rather old draft that has been revived. - Joe Salowey: Which EAP methods are you thinking about for mutual auth? - Yaron Sheffer: New password authentication methods. - Joe Saloway: Need to authenticate to IPsec gateway, not just AAA server - Yaron Sheffer: Handled by additional authentication between IPsec gateway and AAA server, which is out-of-band wrt this instance of IKEv2. - Gabriel Montenegro: Currently deployed EAP methods are all tunnel-based. Also see 802.1x methods. - Yaron Sheffer: All tunnel-methods require a server certificate. - Pasi Eronen: Draft is old (2004 vintage), no usable EAP methods at the time (channel bindings are required), and there still aren't. - Joe Saloway: EAP channel bindings being discussed in emu WG here in Stockholm - A Quick Crash Detection Method for IKE (http://tools.ietf.org/html/draft-nir-ike-qcd) Also draft-detienne-sir-03. Topic is also called "SA discrepancy detection", typically caused by one participant rebooting. - Paul Hoffman: Part of WG's activity if this area is undertaken is to either pick one draft or arrange to merge them. For charter, just need to decide whether topic should be worked on. - IKE-specific password authentication (No draft; proposal from Dan Harkins) Use passwords for shared secrets securely with IKEv2. DH-like computations, mechanism already used in IEEE 802.11s and new EAP-pwd methods. Commit/Confirm 2-message exchange. - Joe Salowey: EAP is usable in both directions. - Paul Hoffman: Is this being done today? - Joe Salowey: No, but there are devices that implement both EAP roles. - Paul Hoffman: EAP is client-server, IKEv2 is peer-to-peer, this is relevant when one doesn't know which peer will initiate. - Bob Moskowitz: How does one handle races with two IKEv2 instances starting up concurrently from both ends? - Dan Harkins (presenter): Use existing IKEv2 mechanisms to resolve. -- 5. IKEv2-bis Issue #12 [traffic selectors and rekeying] Proposed approach: Forbid narrowing traffic selectors on rekeying. This would be a new requirement over and above existing IKEv2. Not seen much in field, narrowing usually not done, in practice, if narrowing is attempted, it's likely to result in needing brand new SAs after a period of confusion. - David Black: At least a SHOULD is justified by experience with what actual code does when narrowing is attempted. - Richard Graveman: Rekey ought not to be making this sort of change, prefers forbidding this. - Tero Kivinen: Want to do something about this issue to provide leverage to deal with bad implementations that try to narrow. - Yaron Sheffer: Want to add as SHOULD warning about narrowing being inappropriate. - Pasi Eronen (AD): Ok with making change from 4306, could be MUST or SHOULD. Would like info from implementers on impact. - Yoav Nir (via jabber): Prefers MUST change, as it will produce better future interoperability. - Mike Richardson (via jabber): Agrees w/Tero, prefers making change. --------------------------- IP Security Maintenance and Extensions WG (ipsecme WG; SEC Area) meeting minutes. Scribe: Richard Graveman. Chairs: Paul Hoffman , Yaron Sheffer WG Status, Yaron Sheffer See ipsecme-0. PH: On redirect, two ADs wanted new text, a MAY, for items in the Security Considerations. [Late addition: this is not a MAY.] YS: For WESP, the editor has a way to resolve the significant comment. YS: The Roadmap pointed to the need for AES-CTR. PH: Minimal WG energy and activity is an issue, particularly when considering new work. David Black: IPv6 Configuration is an example. PH: Heuristics has not had enough review. Short reports on Ongoing WG Documents 1. IKEv2-bis, Paul Hoffman: See ipsecme-11. May be able to get through the currently known issues in the next few months. New issues are still welcomed. IKEv2 deployment has been slow. 2. Roadmap, Suresh Krishnan: See ipsecme-1. Received many comments, especially on IPsec-v2 versus IPsec-v3. The chairs expressed an interest in progressing the IPsec benchmarking drafts in BMWG. PH: WG LC will be scheduled soon. 3. WESP, GM: See ipsecme-2. Cleared all items from before interim meeting. Reviewed what has occurred since. A new draft will bring back the “encryption bit” and clean up smaller items. 4. Heuristics: No slides from Tero Kivinen. PH: Please read this. 5. Resumption, YS: See ipsecme-3. 6. Redirect: No slides. No discussion. 7. draft-ipsecme-aes-ctr-ikev2-00, SS: This is a new document. Its name will change later. DB: RFC 5282 may be useful for considering combined modes (GCM and CCM). RFC publication and Rechartering Process, Paul Hoffman See ipsecme-5. Large plug for individual or independent submissions. Proposed Future Work Items For each, the choice of individual submission was considered. 1. Childless initiation of IKEv2 SAs, draft-nir-ipsecme-childless, Hui Deng. See ipsecme-7. PH: If this goes forward, it should be in the WG. Teddy H.: Why was this functionality left out? TK: The initial emphasis was on few options and simplicity. Richard Graveman: It’s “Internet Key Exchange” not “IPsec KeyExchange”; many other applications exist. Jean-Michel Combes: Cited other applications. PH: Interaction with RFC 4301 needs to be considered. 2. EAP-only authentication for IKEv2, draft-eronen-ipsec-ikev2-eap-auth, YS. See ipsecme-6. Joe S: What methods would one consider here? Who are the two parties? Typically they are the client and AAA server. Gabriel Montenegro: Consider RFC 4017 [EAP method requirements for WLAN] and wireless applications. Should work for tunnel methods with channel bindings. Pasi Eronen: When this came up in 2004, no appropriate EAP methods existed. YS: This could be a popular approach. Please also pay attention to the EMU Session. 3. A Quick Crash Detection Method for IKE, draft-nir-ike-qcd and draft-detienne-sir-03. See ipsecme-8. Covered by YS in authors’ absence. PH: We have two proposals, and the charter may call for choosing the preferred solution. 4. IKE-specific password authentication (Secure Shared Key Authentication for IKE), no draft, Dan Harkins. See ipsecme-9. Joe Saloway: Defended EAP. It can be bidirectional. PH: Does this actually happen? JS: Yes. Bob Moskowitz: Asked about IEEE work and race conditions. DH: IKE must be able to handle race conditions. IKEv2-bis Issue #12, http://trac.tools.ietf.org/wg/ipsecme/trac/ticket/12. PH: See ipsecme-10, narrowing during rekeying: traffic selectors when rekeying versus the packet that triggered the rekeying. The underlying issues are how much we change the original IKEv2 and whether this is a useful case. DB: This is known to be a danger area. Should not ignore it. RG: Rekey should not have other, funny semantics. TK: We need to be able to adjust our code to new text. YS: This is still open. PE: OK with this change, negating part of the rekey functionality in 4106. Jabber from MR read by TK: We should not worry about old implementations. Chairs: This will go back to the ML. Summary Reviewed status of Redirect, Resumption, IPv6 Configuration, WESP, Roadmap to WG LC, Heuristics with more review needed, IKEv2bis, and AES-CTR. There is a problem with IAB policy-RFC5505 re: IPv6 config. PH will deal with this.