Hi, Sorry to be a little slow to reply. I was offline over Thanksgiving, just saw the messages yesterday afternoon. Of course I favor adoption, and am willing to work with anyone who can contribute to the development of an appropriate protocol. Momentum seems to be toward a version supporting a variety of out-of-band mechanisms, and I’m willing to work in that direction. Shota is looking in to the numerous issues I detailed in the long message right after IETF. —Rod

On Dec 2, 2014, at 4:19 PM, Yaron Sheffer <yaronf.ietf@gmail.com> wrote: Here's a quick reminder to speak up if you're interested in this document and are willing to contribute as co-author or reviewer. Thanks, Yaron On 11/25/2014 10:06 PM, Paul Hoffman wrote:

<chair hats on> Greetings again. There is a small emerging industry of crypto solutions that transmit keys using Quantum Key Distribution (QKD), and then use those keys for classical high-speed encryption. Several such solutions are using IKE, and there is a perceived need to standardize this usage. If so, that standardization should be done in this Working Group. If you agree with the need to standardize this usage, and believe that draft-nagayama-ipsecme-ipsec-with-qkd is likely to be a good starting place for that standardization, and are willing to review and contribute text to the document if it is adopted by the WG, please say so on the list. This WG has a history of adopting documents but then not having enough reviewers for us to feel confident that we are making a good standard, so we need to see a reasonable number of actively interested people before we adopt the document. If it is not adopted, the authors can ask for it to be published as an RFC through individual submission or by the Independent Submissions Editor. Please reply by December 8, 2015. --Paul Hoffman and Yaron Sheffer _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec

Hi, Sorry to be a little slow to reply. I was offline over Thanksgiving, = just saw the messages yesterday afternoon. Of course I favor adoption, and am willing to work with anyone who can = contribute to the development of an appropriate protocol. Momentum = seems to be toward a version supporting a variety of out-of-band = mechanisms, and I=E2=80=99m willing to work in that direction. Shota is looking in to the numerous issues I detailed in the long = message right after IETF. =E2=80=94Rod

On Dec 2, 2014, at 4:19 PM, Yaron = Sheffer <yaronf.ietf@gmail.com> = wrote: Here's a quick reminder to speak up if you're interested in this = document and are willing to contribute as co-author or reviewer. Thanks, Yaron On 11/25/2014 10:06 PM, Paul Hoffman wrote:

<chair hats on> Greetings again. There is a small emerging industry of crypto solutions = that transmit keys using Quantum Key Distribution (QKD), and then use = those keys for classical high-speed encryption. Several such solutions = are using IKE, and there is a perceived need to standardize this usage. = If so, that standardization should be done in this Working Group. If you agree with the need to standardize this usage, and believe that = draft-nagayama-ipsecme-ipsec-with-qkd is likely to be a good starting = place for that standardization, and are willing to review and contribute = text to the document if it is adopted by the WG, please say so on the = list. This WG has a history of adopting documents but then not having = enough reviewers for us to feel confident that we are making a good = standard, so we need to see a reasonable number of actively interested = people before we adopt the document. If it is not adopted, the authors = can ask for it to be published as an RFC through individual submission = or by the Independent Submissions Editor. Please reply by December 8, 2015. --Paul Hoffman and Yaron Sheffer _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/= mailman/listinfo/ipsec

Hi,

As a co-author of the dra= ft I am of course supporting the draft and will contribute to it.

BR,

Daniel

On Tue, Dec 2, 2014 at 10:20 PM, Yaron Sheffer <yar= onf.ietf@gmail.com> wrote:

= And similarly for this draft: please speak up if you're interested in t= his document and are willing to contribute as co-author or reviewer.

Thanks,
=C2=A0 =C2=A0 =C2=A0 =C2=A0 Yaron

On 11/25/2014 10:06 PM, Paul Hoffman wrote:

<chair hats on>

Greetings again. The "Clone IKE SA" proposal tries to optimize IK= E SA setup in cases where VPN gateways have multiple interfaces and want to= establish different SAs on the different interfaces without having to repe= at the IKE authentication. Instead, they could clone a single IKE SA multip= le times, and then move it to different interfaces using MOBIKE.

If you agree with the need to standardize this usage, and believe that draf= t-mglt-ipsecme-clone-ike-sa is likely to be a good starting place fo= r that standardization, and are willing to review and contribute text to th= e document if it is adopted by the WG, please say so on the list. This WG h= as a history of adopting documents but then not having enough reviewers for= us to feel confident that we are making a good standard, so we need to see= a reasonable number of actively interested people before we adopt the docu= ment. If it is not adopted, the authors can ask for it to be published as a= n RFC through individual submission or by the Independent Submissions Edito= r.

Please reply by December 8, 2015.

--Paul Hoffman and Yaron Sheffer
_______________________________________________
IPsec mailing list
IPsec@ietf.org
h= ttps://www.ietf.org/mailman/listinfo/ipsec

_______________________________________________
IPsec mailing list
IPsec@ietf.org
h= ttps://www.ietf.org/mailman/listinfo/ipsec

Daniel Migault
Orange Labs -- Security
+33 6 70 = 72 69 58

--047d7b60470643205e0509c67724-- From nobody Tue Dec 9 04:41:46 2014 Return-Path: X-Original-To: ipsec@ietfa.amsl.com Delivered-To: ipsec@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 907E91A0363 for ; Tue, 9 Dec 2014 04:41:44 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 1.909 X-Spam-Level: * X-Spam-Status: No, score=1.909 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_SORBS_WEB=0.77, SPF_PASS=-0.001, STOX_REPLY_TYPE=0.439] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ji4n2pB9zYIB for ; Tue, 9 Dec 2014 04:41:43 -0800 (PST) Received: from mail-lb0-x234.google.com (mail-lb0-x234.google.com [IPv6:2a00:1450:4010:c04::234]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3F1A21A0217 for ; Tue, 9 Dec 2014 04:41:43 -0800 (PST) Received: by mail-lb0-f180.google.com with SMTP id l4so398525lbv.25 for ; Tue, 09 Dec 2014 04:41:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:from:to:references:subject:date:mime-version :content-type:content-transfer-encoding; bh=jXs/vNMkEB/VD+KQpNei70JIGvQx/kD+6Lp3LdBw4zI=; b=IK9wK1sQ4KMR6bj+lmM+gUZ10doakkTe1MU2TQitkKh2nbF+tk5w6OSC+3OYzE0fkr iQVBwT0mD9GrOlBcFrbiLc40dpd1Hpkths7kU/QBi5N5qsMQ9BYo7tNj0mA6hjX+Op4P EHr5KgjuOs7QmwWNojsmacyFLSW+2FUC0IzSeo4F9cmOSUb6g35FZZSEqeFKgpgtyYdW RJi982WQ4qVUOy5+hlJB6X9vu33zleY7CpLAw3Zp2KU/7kBe+EXsvfV6Bx5Ntk/3461U 4TYba0N+4AflaThckOaQKN1R5/hCxwH4Ohdm8uvpHqDT1nzLQpsk0PlnSwgLtH5RktCg yNbQ== X-Received: by 10.112.144.228 with SMTP id sp4mr21204180lbb.58.1418128901728; Tue, 09 Dec 2014 04:41:41 -0800 (PST) Received: from buildpc ([82.138.51.4]) by mx.google.com with ESMTPSA id zc5sm324734lbb.49.2014.12.09.04.41.40 for (version=TLSv1 cipher=RC4-SHA bits=128/128); Tue, 09 Dec 2014 04:41:41 -0800 (PST) Message-ID: <1C87F17FE5D044A7ADE2D2E6CBD0333C@buildpc> From: "Valery Smyslov" To: "Yaron Sheffer" , "Yoav Nir" , "ipsec" References: <410D9347-2DFF-42FE-A821-A177112BED0E@gmail.com> <5480C3A3.6040103@gmail.com> <1D725EE23AEE4AFD956F6B2BBF4F4C2F@buildpc> <5481795E.4000706@gmail.com> <21AF0ED4C70C48159AAAC490CBE893A5@buildpc> <5481B87A.3060603@gmail.com> Date: Tue, 9 Dec 2014 15:41:51 +0300 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="UTF-8"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.5931 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.6157 Archived-At: http://mailarchive.ietf.org/arch/msg/ipsec/oyGCPt9IrT1YscIu16cOlQcAfJ4 Subject: Re: [IPsec] Some speculations about puzzles X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Dec 2014 12:41:44 -0000 Hi Yaron, > We are almost in agreement. My understanding is that both the > IKE_SA_INIT and IKE_AUTH puzzles are needed, and each one has a > different goal: > > - IKE_SA_INIT puzzle: should counteract the responder's memory cost of > keeping the half-open SA, and its CPU cost in computing DH. > > - IKE_AUTH puzzle: should counteract the responder's CPU cost of > validating the AUTH payload. Thank you, now I better understand your position. Let me rephrase it. You propose that IKE_AUTH puzzle resides inside SK payload and its verifications takes place after computing DH and verifying authenticity of IKE_AUTH messag, but before any actionts dealing with peer authentication take place. Am I right? This will allow attacker to perform an attack on responder's CPU power by sending single garbage message in IKE_AUTH, which will be partially counteracted by IKE_SA_INIT puzzle. But this will definitely ease legitimate client's burden in case of IKE fragmentation. I still prefer IKE_AUTH puzzle to reside outside SK payload and to be verified before performing DH and computing SKEYSEED. However, after some thoughts, I think that in case of IKE fragmentation, puzzle must only present in the very first fragment (outside SKF payload), not in the every fragment, as I proposed before. The responder in this case will pay no attention on the other fragments untill it receives the first one and verifies the puzzle. Fragments that were received before this event could be dropped (in a hope that they will be eventually retransmitted) or just collected with no action. In the latter case after the puzzle is vefified and DH is computed all the collected fragments must be verified for theit authenticity. This approach would still require legitimate client to re-solve puzzle in case it first sends unfragmented message and then switches IP fragmentation on (or in case it refragments the message with smaller MTU), but it would provide better defense against attacks on CPU exhausting in IKE_AUTH. Regards, Valery. From nobody Fri Dec 12 10:08:53 2014 Return-Path: X-Original-To: ipsec@ietfa.amsl.com Delivered-To: ipsec@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1EEDC1A8730 for ; Fri, 12 Dec 2014 10:08:43 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.647 X-Spam-Level: X-Spam-Status: No, score=-3.647 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_MISMATCH_COM=0.553, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id w6Dyb8KOWOuw for ; Fri, 12 Dec 2014 10:08:41 -0800 (PST) Received: from proper.com (Hoffman.Proper.COM [207.182.41.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A27691A8723 for ; Fri, 12 Dec 2014 10:08:41 -0800 (PST) Received: from [10.20.30.90] (142-254-17-119.dsl.dynamic.fusionbroadband.com [142.254.17.119]) (authenticated bits=0) by proper.com (8.14.9/8.14.7) with ESMTP id sBCI8eMd064077 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Fri, 12 Dec 2014 11:08:41 -0700 (MST) (envelope-from paul.hoffman@vpnc.org) X-Authentication-Warning: proper.com: Host 142-254-17-119.dsl.dynamic.fusionbroadband.com [142.254.17.119] claimed to be [10.20.30.90] From: Paul Hoffman Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Message-Id: Date: Fri, 12 Dec 2014 10:08:40 -0800 To: IPsecME WG Mime-Version: 1.0 (Mac OS X Mail 8.1 $1993$) X-Mailer: Apple Mail (2.1993) Archived-At: http://mailarchive.ietf.org/arch/msg/ipsec/LvAeh6_vQUQYwZ8_PD6FgTgWZxI Subject: [IPsec] Calls for adoption: wrap-up X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Dec 2014 18:08:43 -0000 Greetings. A few weeks ago, we started summaries for adoption by the WG = of two drafts: draft-nagayama-ipsecme-ipsec-with-qkd and = draft-mglt-ipsecme-clone-ike-sa. This message concludes that there is = not sufficient interest in the WG (that is, enough people who will = actively contribute to the draft progression) for either draft to be = advance successfully. Both drafts had some interest from people other than the authors, but it = seemed like a fair amount of that was defensive; that is, those people = were willing to work on the document, but mostly to prevent bad design, = not because they supported the use case. Given that, if the authors of = either decide to pursue publication, it would be great if they reached = out to all the people on the list who expressed opinions and try to = incorporate those before moving forwards. Notes about new versions of = these drafts (and other non-WG drafts) are still welcome on the list as = long as they do not disrupt the ongoing WG work. --Paul Hoffman= From nobody Fri Dec 12 10:50:49 2014 Return-Path: X-Original-To: ipsec@ietfa.amsl.com Delivered-To: ipsec@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DC2631AC40E for ; Fri, 12 Dec 2014 10:50:43 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -97.008 X-Spam-Level: X-Spam-Status: No, score=-97.008 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, HELO_EQ_JP=1.244, HOST_EQ_JP=1.265, RELAY_IS_203=0.994, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_WHITELIST=-100] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wU_W6P90N7_V for ; Fri, 12 Dec 2014 10:50:41 -0800 (PST) Received: from mail.sfc.wide.ad.jp (shonan.sfc.wide.ad.jp [203.178.142.130]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 703731A907D for ; Fri, 12 Dec 2014 10:50:38 -0800 (PST) Received: from vanmetedneysmbp.wireless.duke.local (west-4b-pat-1.oit.duke.edu [152.3.43.164]) by mail.sfc.wide.ad.jp (Postfix) with ESMTPSA id 069162781B5; Sat, 13 Dec 2014 03:50:35 +0900 (JST) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 8.1 $1993$) From: Rodney Van Meter In-Reply-To: Date: Fri, 12 Dec 2014 13:50:31 -0500 Content-Transfer-Encoding: quoted-printable Message-Id: <9324C11F-E4B9-4464-871E-A94F18D54346@sfc.wide.ad.jp> References: To: Paul Hoffman X-Mailer: Apple Mail (2.1993) Archived-At: http://mailarchive.ietf.org/arch/msg/ipsec/qQgALkC0aLk6-KhJmnVBP96T95U Cc: Rodney Van Meter , IPsecME WG Subject: Re: [IPsec] Calls for adoption: wrap-up X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Dec 2014 18:50:44 -0000 > On Dec 12, 2014, at 1:08 PM, Paul Hoffman = wrote: >=20 > Greetings. A few weeks ago, we started summaries for adoption by the = WG of two drafts: draft-nagayama-ipsecme-ipsec-with-qkd and = draft-mglt-ipsecme-clone-ike-sa. This message concludes that there is = not sufficient interest in the WG (that is, enough people who will = actively contribute to the draft progression) for either draft to be = advance successfully. >=20 > Both drafts had some interest from people other than the authors, but = it seemed like a fair amount of that was defensive; that is, those = people were willing to work on the document, but mostly to prevent bad = design, not because they supported the use case. Given that, if the = authors of either decide to pursue publication, it would be great if = they reached out to all the people on the list who expressed opinions = and try to incorporate those before moving forwards. Notes about new = versions of these drafts (and other non-WG drafts) are still welcome on = the list as long as they do not disrupt the ongoing WG work. >=20 For draft-nagayama-ipsecme-ipsec-with-qkd, that list is: Tero Kivinen Michael Richardson Paul Wouters Tony Putman Valery Smyslov Sheila Frankel didn=E2=80=99t respond on list in the last couple of = weeks, but I=E2=80=99m guessing she has at least a passing interest. plus of course the authors (Shota Nagayama & Rod Van Meter) Anybody else care to speak up? Shota is still trying to ingest the comments we got both on and off list = over the last few weeks; he has already responded to a few comments on = the ML. I hope we=E2=80=99ll have a coherent response to all of them, = and a draft-of-a-draft to share with a small group, Real Soon Now (er, = sometime in January, probably). It does seem that there was the most support for generalizing to other = out-of-band mechanisms, so I presume we will pursue that and make the = QKD interpretation an Annex or Appendix to the document. So, we=E2=80=99ll take this conversation off list, and come back when we = are close to the -02 I-D. =E2=80=94Rod From nobody Sat Dec 13 00:05:50 2014 Return-Path: X-Original-To: ipsec@ietfa.amsl.com Delivered-To: ipsec@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 50C7C1AC3EE for ; Sat, 13 Dec 2014 00:05:47 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 0.898 X-Spam-Level: X-Spam-Status: No, score=0.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_JP=1.244, HOST_EQ_JP=1.265, MIME_8BIT_HEADER=0.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tWyeTtUA_Pf2 for ; Sat, 13 Dec 2014 00:05:45 -0800 (PST) Received: from mail.sfc.wide.ad.jp (shonan.sfc.wide.ad.jp [IPv6:2001:200:0:8803::53]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BCDFF1A01F4 for ; Sat, 13 Dec 2014 00:05:44 -0800 (PST) Received: from [IPv6:2001:200:0:8802:838:bbbc:592e:c072] (unknown [IPv6:2001:200:0:8802:838:bbbc:592e:c072]) by mail.sfc.wide.ad.jp (Postfix) with ESMTPSA id 045CC278118; Sat, 13 Dec 2014 17:05:42 +0900 (JST) Message-ID: <548BF356.1000403@sfc.wide.ad.jp> Date: Sat, 13 Dec 2014 17:05:42 +0900 From: Shota Nagayama User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0 MIME-Version: 1.0 To: =?UTF-8?B?UGF1bCBXb3V0ZXJzIPCflJM=?= , Paul Hoffman References: <2CBE2213-E3B6-4E0C-95EC-D1DFB05D3A0E@vpnc.org> In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Archived-At: http://mailarchive.ietf.org/arch/msg/ipsec/TFtmYnnRSJXi1gNGGvEQ1gkOgPw Cc: IPsecME WG Subject: Re: [IPsec] Survey for WG interest in adopting draft-nagayama-ipsecme-ipsec-with-qkd X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 Dec 2014 08:05:47 -0000 (2014/11/29 4:21), Paul Wouters 🔓 wrote: > On Tue, 25 Nov 2014, Paul Hoffman wrote: > >> Greetings again. There is a small emerging industry of crypto >> solutions that transmit keys using Quantum Key Distribution (QKD), >> and then use those keys for classical high-speed encryption. Several >> such solutions are using IKE, and there is a perceived need to >> standardize this usage. If so, that standardization should be done in >> this Working Group. >> >> If you agree with the need to standardize this usage, and believe >> that draft-nagayama-ipsecme-ipsec-with-qkd is likely to be a good >> starting place for that standardization, and are willing to review >> and contribute text to the document if it is adopted by the WG, >> please say so on the list. This WG has a history of adopting >> documents but then not having enough reviewers for us to feel >> confident that we are making a good standard, so we need to see a >> reasonable number of actively interested people before we adopt the >> document. If it is not adopted, the authors can ask for it to be >> published as an RFC through individual submission or by the >> Independent Submissions Editor. > > I'm in favor of adopting this document as I can see a real use for this > in the future and since it is making changes to the IKE core protocol, > it would be best that this group is involved in that discussion. > > Some comments after a quick read: > > Why is the fallback field/mode negotiation required? Typically, those > decisions would be determined by local policy, and the remote end is > informed of that local policy by a new incoming IKE request (or not) > that uses a QKD payload or a DH payload. If the peers disagree about > the fallback method, would that prevent initial establishment of IKE? Though I replied that fallback mode might be treated as local policy and not to be negotiated at the beginning of IKE, now I notice a difference between fallback mode and other local policies, if my understanding is correct. In current IKE, after establishing the first SA, the success of rekeying is guaranteed at the configuration level; any difference of local policies which are not shared do not prevent rekeying the SA. If fallback mode isn't negotiated, when the system fallbacks, if no fallback method is enabled in both peers, rekeying gets blocked until QKD succeeds to generate new key. If fallback mode is negotiated at the beginning, the system may know whether rekeying in fallback mode be blocked as such or not. Then, this can be warned to users/system admins before fallback mode is needed to be operated. So, now I think that fallback mode should be negotiated at the beginning and it should not prevent initial establishment of IKE but should be warned. > > Why not leave the DH in place and just ignore the SKEYSEED / prf and > use the QKD bits for the private keys (or OTP)? It's less changes > to the IKE protocol (and friendlier to implementers :) > > Having an OTP mode, even without QKD would actually be neat, although it > would require a lot of kernel work too :) My first idea is just replacing QKD-generated bits with SKEYSEED. QKD is often argued with OTP to achieve provably secure and I know that just replacing QKD-generated bits with SKEYSEED can be used for OTP, however, I would like to target only IKE in this project. > > Paul > > _______________________________________________ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec From nobody Mon Dec 15 07:02:26 2014 Return-Path: X-Original-To: ipsec@ietfa.amsl.com Delivered-To: ipsec@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 754841A1EFD for ; Mon, 15 Dec 2014 07:02:25 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 0.768 X-Spam-Level: X-Spam-Status: No, score=0.768 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, SPF_NEUTRAL=0.779, T_RP_MATCHES_RCVD=-0.01] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dO8Yyvrmemx4 for ; Mon, 15 Dec 2014 07:02:22 -0800 (PST) Received: from mail.kivinen.iki.fi (fireball.kivinen.iki.fi [IPv6:2001:1bc8:100d::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5C17E1A1B5A for ; Mon, 15 Dec 2014 07:02:22 -0800 (PST) Received: from fireball.kivinen.iki.fi (localhost [127.0.0.1]) by mail.kivinen.iki.fi (8.14.8/8.14.8) with ESMTP id sBFF2Jup011002 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Mon, 15 Dec 2014 17:02:19 +0200 (EET) Received: (from kivinen@localhost) by fireball.kivinen.iki.fi (8.14.8/8.14.8/Submit) id sBFF2Ifj027468; Mon, 15 Dec 2014 17:02:18 +0200 (EET) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <21646.63482.320494.538513@fireball.kivinen.iki.fi> Date: Mon, 15 Dec 2014 17:02:18 +0200 From: Tero Kivinen To: Shota Nagayama In-Reply-To: <548BF356.1000403@sfc.wide.ad.jp> References: <2CBE2213-E3B6-4E0C-95EC-D1DFB05D3A0E@vpnc.org> <548BF356.1000403@sfc.wide.ad.jp> X-Mailer: VM 8.2.0b under 24.3.1 (x86_64--netbsd) X-Edit-Time: 15 min X-Total-Time: 8 min Archived-At: http://mailarchive.ietf.org/arch/msg/ipsec/htn_KYMSq_DePPO3AGrixztLhJA Cc: IPsecME WG Subject: Re: [IPsec] Survey for WG interest in adopting draft-nagayama-ipsecme-ipsec-with-qkd X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Dec 2014 15:02:25 -0000 Shota Nagayama writes: > Though I replied that fallback mode might be treated as local policy > and not to be negotiated at the beginning of IKE, now I notice a > difference between fallback mode and other local policies, if my > understanding is correct. In current IKE, after establishing the > first SA, the success of rekeying is guaranteed at the configuration > level; Not true. Other end can simply reject the rekey by sending NO_ADDITIONAL_SAS notification back to the rekey request. RFC7296 section 1.3 last paragraph: The responder sends a NO_ADDITIONAL_SAS notification to indicate that a CREATE_CHILD_SA request is unacceptable because the responder is unwilling to accept any more Child SAs on this IKE SA. This notification can also be used to reject IKE SA rekey. Some minimal implementations may only accept a single Child SA setup in the context of an initial IKE exchange and reject any subsequent attempts to add more. > any difference of local policies which are not shared do not > prevent rekeying the SA. If fallback mode isn't negotiated, when the > system fallbacks, if no fallback method is enabled in both peers, > rekeying gets blocked until QKD succeeds to generate new key. Yes. Just like it does with normal IKEv2 rekey. On the other hand as both ends will KNOW for sure when the QKD has succeeded, there is no need for fallback policy for QKD use. There could be uses for it in the other out of band key distribution methods, as there the state might not be shared between both ends at the same time. In QKD the node will know it has shared keying material with the other end, and if it will know that it will also know that other end has the same key material also... > If fallback mode is negotiated at the beginning, the system may know > whether rekeying in fallback mode be blocked as such or not. Then, > this can be warned to users/system admins before fallback mode is > needed to be operated. So, now I think that fallback mode should be > negotiated at the beginning and it should not prevent initial > establishment of IKE but should be warned. I do not think there is any need for fallback mode to be negotiated. If the peer A is willing to fall back to diffie-hellman then it will try rekeying with diffie-hellman. If other end rejects this rekey with NO_ADDITIONAL_SAS or some other suitable error notification (depending how the actual out of band key distribution is negotiated), then they know there is differences in the policy, thus he cannot rekey. If his policy says it can continue in that case, it will, if not then it will close down the IKEv2 SA, and no more packets are sent/received as specified by the policy. -- kivinen@iki.fi From nobody Mon Dec 15 08:10:20 2014 Return-Path: X-Original-To: ipsec@ietfa.amsl.com Delivered-To: ipsec@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C63F41A702D for ; Mon, 15 Dec 2014 08:10:18 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.647 X-Spam-Level: X-Spam-Status: No, score=-3.647 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_MISMATCH_COM=0.553, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j1bCVyA4AyI4 for ; Mon, 15 Dec 2014 08:10:18 -0800 (PST) Received: from proper.com (Hoffman.Proper.COM [207.182.41.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E3F751A700D for ; Mon, 15 Dec 2014 08:10:17 -0800 (PST) Received: from [10.20.30.90] (50-1-99-181.dsl.dynamic.fusionbroadband.com [50.1.99.181]) (authenticated bits=0) by proper.com (8.14.9/8.14.7) with ESMTP id sBFGAG7Q066552 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 15 Dec 2014 09:10:17 -0700 (MST) (envelope-from paul.hoffman@vpnc.org) X-Authentication-Warning: proper.com: Host 50-1-99-181.dsl.dynamic.fusionbroadband.com [50.1.99.181] claimed to be [10.20.30.90] Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 8.1 $1993$) From: Paul Hoffman In-Reply-To: <548BF356.1000403@sfc.wide.ad.jp> Date: Mon, 15 Dec 2014 08:10:16 -0800 Content-Transfer-Encoding: quoted-printable Message-Id: <52EFE4AC-47EC-4EF8-956A-44ECF887A78F@vpnc.org> References: <2CBE2213-E3B6-4E0C-95EC-D1DFB05D3A0E@vpnc.org> <548BF356.1000403@sfc.wide.ad.jp> To: Shota Nagayama X-Mailer: Apple Mail (2.1993) Archived-At: http://mailarchive.ietf.org/arch/msg/ipsec/q35tIOG6cKWKHf6KGd5L3w3h3tY Cc: IPsecME WG Subject: Re: [IPsec] Survey for WG interest in adopting draft-nagayama-ipsecme-ipsec-with-qkd X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Dec 2014 16:10:18 -0000 Please note that the conclusion of this survey was that the WG was not = going to adopt the document. The chairs asked that the authors set up = their own discussion fora if they want to continue discussion. = Announcing new versions of non-WG drafts on this list is fine, but = trying to keep the discussion alive here is not. --Paul Hoffman= From ashokar@gmail.com Sun Dec 14 22:58:17 2014 Return-Path: X-Original-To: ipsec@ietfa.amsl.com Delivered-To: ipsec@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7AC8F1A1A14 for ; Sun, 14 Dec 2014 22:58:17 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.1 X-Spam-Level: X-Spam-Status: No, score=-0.1 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T0GZwLmTL1iv for ; Sun, 14 Dec 2014 22:58:15 -0800 (PST) Received: from mail-qg0-x236.google.com (mail-qg0-x236.google.com [IPv6:2607:f8b0:400d:c04::236]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6257F1A1A13 for ; Sun, 14 Dec 2014 22:58:15 -0800 (PST) Received: by mail-qg0-f54.google.com with SMTP id l89so8097300qgf.13 for ; Sun, 14 Dec 2014 22:58:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=luNYrrcKAiEORI2Ijv9EDFtBtQHArOkBUitf12ZSp5A=; b=bT0aGk1IKYZl9BzLgBRH0FxK5NgoKzQthLcAw97jOKB7OZb+zjnzGnF8osrzaxjDi8 tad8hvYg2L1Xr4AMqk+mhGFP1XBz6V06XP9Fg3LPmKK73uMn4Iay0oHydICdyDVRLv12 tzYR0BOlTGUDUdwgyp7zeMVFrb4nx5T9POIDyXqVNVNDNSe1mX4Rb8sSsmiLO+gZvEt2 lNG+mNZEfGncZrXTDEvkYjOkv3VqypuehwBC/bpw2R97xzMYSGK4JXeP+XZzLPFxMqSB KHfj0/DD5FLbN1O6aXGEj+7IiEHudk5VlbcHKVxM+3xwlJF6tjj5LB2IdepithizPqDH zFrQ== MIME-Version: 1.0 X-Received: by 10.224.15.78 with SMTP id j14mr41488322qaa.0.1418626694663; Sun, 14 Dec 2014 22:58:14 -0800 (PST) Received: by 10.140.80.136 with HTTP; Sun, 14 Dec 2014 22:58:14 -0800 (PST) Date: Mon, 15 Dec 2014 12:28:14 +0530 Message-ID: From: Ashok Kumar To: ipsec@ietf.org Content-Type: multipart/alternative; boundary=047d7bdc81cc3457f1050a3bc4bc Archived-At: http://mailarchive.ietf.org/arch/msg/ipsec/ULZcr6Ud_Crw87TT2EaLo4i-NfQ X-Mailman-Approved-At: Mon, 15 Dec 2014 08:24:12 -0800 Subject: [IPsec] RFC-4303 - Does ESN really worth/help to reduce/avoid replayed packets? X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Dec 2014 07:00:05 -0000 --047d7bdc81cc3457f1050a3bc4bc Content-Type: text/plain; charset=UTF-8 Hi All, As per my understanding, the anti-replay feature in IPsec helps to save CPU cycles in the IPsec gateway (or host) by discarding the replayed packets so that costly operation like MAC calculation and decryption can be avoided for such packets. Is my understanding right? >From "A2.3. Pseudo-Code Example" in RFC-4303, looks like any packet which are older than the anti-replay window start, would skip the anti-replay check and MAC check will be done. Though MAC check would fail (because Seqh would be incorrect), MAC calculation would still happens. It is most likely to happen for almost all replayed packets in a high throughput tunnel. Isn't it? Without ESN support, we will discard all packets whose sequence number is less than the anti-replay window base. So the problem which I see is, only with ESN support. Please correct me if I am missing something. Regards, Ashok Kumar PS: The " Pseudo-Code Example" from the RFC-4303: The following pseudo-code illustrates the above algorithms for anti- replay and integrity checks. The values for `Seql', `Tl', `Th' and `W' are 32-bit unsigned integers. Arithmetic is mod 2^32. If (Tl >= W - 1) Case A ==> This is most likely case. The else case will hit only when the anti-replay window span across two 32-bit sequence number spaces. If (Seql >= Tl - W + 1) ==> This will hit only if the packet sequence number is *not* below anti-replay window start. For replayed packet in a high throughput tunnel, it is less likely to hit. Seqh = Th If (Seql <= Tl) If (pass replay check) If (pass integrity check) Set bit corresponding to Seql Pass the packet on Else reject packet Else reject packet Else If (pass integrity check) Tl = Seql (shift bits) Set bit corresponding to Seql Pass the packet on Else reject packet Else ==> This case would most likely will hit for replayed packets in a high throughput tunnel (or replayed packets with little delay). Seqh = Th + 1 If (pass integrity check) Tl = Seql (shift bits) Th = Th + 1 Set bit corresponding to Seql Pass the packet on Else reject packet Else Case B If (Seql >= Tl - W + 1) Seqh = Th - 1 If (pass replay check) If (pass integrity check) Set the bit corresponding to Seql Pass packet on Else reject packet Else reject packet Else Seqh = Th If (Seql <= Tl) If (pass replay check) If (pass integrity check) Set the bit corresponding to Seql Pass packet on Else reject packet Else reject packet Else If (pass integrity check) Tl = Seql (shift bits) Set the bit corresponding to Seql Pass packet on Else reject packet --047d7bdc81cc3457f1050a3bc4bc Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

Hi All,

As per my understanding, the anti-replay feature in I= Psec helps to save CPU cycles

in the IPsec gateway (o= r host) by discarding the replayed packets so that costly

operation like MAC calculation and decryption can be avoided for such = packets.

Is my understanding right?

From "A2.3. Ps= eudo-Code Example" in RFC-4303, looks like any packet which

are older than the an= ti-replay window start, would skip the anti-replay check

<= span style=3D"color:rgb(0,0,0);font-size:1em">and MAC check will be done. T= hough MAC check would fail (because Seqh

would be incorrect), MAC calculation would st= ill happens. It is most likely to

happen for almost all replayed packets in a high thr= oughput tunnel. Isn't it?

Without ESN support, we will discard all packets whose sequenc= e number

is= less than the anti-replay window base. So the problem which I see is,

only with ESN s= upport. Please correct me if I am missing something.

Regards,

Ashok Kumar

PS: The=C2=A0" Pseudo-Code Example" from t= he RFC-4303:

   The following pseudo-code illustr=
ates the above algorithms for anti-
   replay and integrity checks.  The values for `Seql', `Tl', `Th&#=
39; and
   `W' are 32-bit unsigned integers.  Arithmetic is mod 2^32.

        If (Tl >=3D W - 1)                            Case A

=3D=3D> This is most likely case. The =
else case will hit only when

    the anti-replay window=
 span across two 32-bit sequence number spaces.

      =
      If (Seql >=3D Tl - W + 1)

=3D=3D> This will hit only if the packet sequence number is *not* b=
elow

    anti-replay window start. For replayed packet =
in a high throughput tunnel,

    it is less likely to h=
it.

                Seqh =3D Th
                If (Seql <=3D Tl)
                    If (pass replay check)
                        If (pass integrity check)
                            Set bit corresponding to Seql
                            Pass the packet on
                        Else reject packet
                    Else reject packet
                Else
                    If (pass integrity check)
                        Tl =3D Seql (shift bits)
                        Set bit corresponding to Seql
                        Pass the packet on
                    Else reject packet
            Else

=3D=3D> Th=
is case would most likely will hit for replayed packets

    in a high throughput tunnel (or replayed packets with little delay).                Seqh =3D Th + 1
                If (pass integrity check)
                    Tl =3D Seql (shift bits)
                    Th =3D Th + 1
                    Set bit corresponding to Seql
                    Pass the packet on
                Else reject packet
        Else                                    Case B
            If (Seql >=3D Tl - W + 1)
                Seqh =3D Th - 1
                If (pass replay check)
                    If (pass integrity check)
                        Set the bit corresponding to Seql
                        Pass packet on
                    Else reject packet
                Else reject packet
            Else
                Seqh =3D Th
                If (Seql <=3D Tl)
                    If (pass replay check)
                        If (pass integrity check)
                            Set the bit corresponding to Seql
                            Pass packet on
                        Else reject packet
                    Else reject packet
                =
Else
                    If (pass integrity check)
                        Tl =3D Seql (shift bits)
                        Set the bit corresponding to Seql
                        Pass packet on
                    Else reject packet

--047d7bdc81cc3457f1050a3bc4bc-- From nobody Mon Dec 15 08:30:12 2014 Return-Path: X-Original-To: ipsec@ietfa.amsl.com Delivered-To: ipsec@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F19F61A802E for ; Mon, 15 Dec 2014 08:30:10 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.311 X-Spam-Level: X-Spam-Status: No, score=-4.311 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nCXT1HUQjLJh for ; Mon, 15 Dec 2014 08:30:09 -0800 (PST) Received: from ausc60ps301.us.dell.com (ausc60ps301.us.dell.com [143.166.148.206]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7FE451A6FC3 for ; Mon, 15 Dec 2014 08:30:09 -0800 (PST) DomainKey-Signature: s=smtpout; d=dell.com; c=nofws; q=dns; h=X-LoopCount0:X-IronPort-AV:From:To:CC:Subject: Thread-Topic:Thread-Index:Date:Message-ID:References: In-Reply-To:Accept-Language:Content-Language: X-MS-Has-Attach:X-MS-TNEF-Correlator:x-originating-ip: Content-Type:Content-ID:Content-Transfer-Encoding: MIME-Version:Return-Path; b=a4fjlUXvErQMXqL6Mpo4H+SUUGoSjEjlAhs5fB/XnFtNYcNCTtHSE0in oGbCQYzutsNyXu3fINatHFLZcywRWb2U79fmOqQ3LCOqedyhg3Ms2CQZT 5llEc6MZi5gwUANAGgim9msmmMJ7oHEiZydEOgB05YoRUBMws7A6z9zLi c=; DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=dell.com; i=@dell.com; q=dns/txt; s=smtpout; t=1418661009; x=1450197009; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=SS15ea3gIP9dfW39tCNJicFPq/btJmLAucW1vAwcxFY=; b=JoSDzdsh5h5CjdPA52qFu+6ekgjhCOobibVVNq9yQOjFmqzDFX7FP0PK N8KfKUTfqtcEiv2t4Ml9LH+4FP5mYt8SI9ECvJ3nYYDi62I/pLTiLXdf4 P0zNIsnlkgko36kqEFW+vK7KTx+IbLyBCqqmJlRcOYTBUrm1sAV2xzmdZ U=; X-LoopCount0: from 10.175.216.251 X-IronPort-AV: E=Sophos;i="5.07,580,1413262800"; d="scan'208";a="614163275" From: To: Thread-Topic: [IPsec] RFC-4303 - Does ESN really worth/help to reduce/avoid replayed packets? Thread-Index: AQHQGIObq94+fYaO502FOt0r2zUijpyRPE+A Date: Mon, 15 Dec 2014 16:30:05 +0000 Message-ID: <66CAB7BB-DAC5-4675-82CB-317907C17712@dell.com> References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.166.135.97] Content-Type: text/plain; charset="us-ascii" Content-ID: Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Archived-At: http://mailarchive.ietf.org/arch/msg/ipsec/-ckb2hQDAkMSWHkWnxDmqU4_kwo Cc: ipsec@ietf.org Subject: Re: [IPsec] RFC-4303 - Does ESN really worth/help to reduce/avoid replayed packets? X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Dec 2014 16:30:11 -0000 > On Dec 15, 2014, at 1:58 AM, Ashok Kumar wrote: >=20 > Hi All, >=20 > As per my understanding, the anti-replay feature in IPsec helps to save C= PU cycles > in the IPsec gateway (or host) by discarding the replayed packets so that= costly > operation like MAC calculation and decryption can be avoided for such pac= kets. > Is my understanding right? No. The anti-replay feature prevents replay attacks. The purpose is to av= oid delivering duplicate packets to the end system, where (depending on the= protocol) they might cause applications to malfunction. The benefit you d= escribe (to the IPSec gateway) is insignificant. paul From nobody Mon Dec 15 10:02:06 2014 Return-Path: X-Original-To: ipsec@ietfa.amsl.com Delivered-To: ipsec@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 025671A8712 for ; Mon, 15 Dec 2014 10:02:04 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.911 X-Spam-Level: X-Spam-Status: No, score=-1.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z_L0UvFi4M6X for ; Mon, 15 Dec 2014 10:02:02 -0800 (PST) Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5C8CA1A86F8 for ; Mon, 15 Dec 2014 10:02:02 -0800 (PST) Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 30FBE2009E; Mon, 15 Dec 2014 13:06:01 -0500 (EST) Received: by sandelman.ca (Postfix, from userid 179) id 92D76637F5; Mon, 15 Dec 2014 13:01:58 -0500 (EST) Received: from sandelman.ca (localhost [127.0.0.1]) by sandelman.ca (Postfix) with ESMTP id 73FC563740; Mon, 15 Dec 2014 13:01:58 -0500 (EST) From: Michael Richardson To: Paul_Koning@Dell.com In-Reply-To: <66CAB7BB-DAC5-4675-82CB-317907C17712@dell.com> References: <66CAB7BB-DAC5-4675-82CB-317907C17712@dell.com> X-Mailer: MH-E 8.2; nmh 1.3-dev; GNU Emacs 23.4.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Sender: mcr@sandelman.ca Archived-At: http://mailarchive.ietf.org/arch/msg/ipsec/vCCFhN-hleNDvXD-ol606HEP1Ag Cc: ipsec@ietf.org, ashokar@gmail.com Subject: Re: [IPsec] RFC-4303 - Does ESN really worth/help to reduce/avoid replayed packets? X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Dec 2014 18:02:04 -0000 --=-=-= Content-Transfer-Encoding: quoted-printable wrote: >> Hi All, >>=20 >> As per my understanding, the anti-replay feature in IPsec helps to >> save CPU cycles in the IPsec gateway (or host) by discarding the >> replayed packets so that costly operation like MAC calculation and >> decryption can be avoided for such packets. Is my understanding >> right? > No. The anti-replay feature prevents replay attacks. The purpose is > to avoid delivering duplicate packets to the end system, where > (depending on the protocol) they might cause applications to > malfunction. The benefit you describe (to the IPSec gateway) is > insignificant. Paul: what you said is correct about the reply feature. But what Ashok observed about the implementation recommendation is also cor= rect. The anti-replay *WINDOW* (a bit map of a particular size) in on the receive allows the receiver to receive packets out of order, but puts a lower limit on replay values that will be accepted. Once the window is closed, the gateway can discard packets without performing a MAC calculation. The affect on the IPsec gateway is not insignificant if the IPsec gateway can not perform MAC operations at wire speeds. For much of the life of the IPsec specification, software implementations of IPsec have been slower than line card speeds. It has only been in the past 7 to 9 years that this is frequently not been the case; and it is still the case for most home gateways, for instance. =2D-=20 Michael Richardson , Sandelman Software Works -=3D IPv6 IoT consulting =3D- --=-=-= Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEVAwUBVI8iE4CLcPvd0N1lAQLg+Qf+OD9FZf7kJ7EjsXH0PD21qCLvigyr8KJi YejE6rUuQbHbfxGq+Do12NmZxhq80h4imlT0wxJNl77YHOR76YE44H+4aATQBt61 fGrTa8uqx/YcLVmqzeC6mkMm1WBwB1jmbouhbRl4Ikz1zEP3R3Ziq0arWBNlOf3d XrI04oyNw4BtKAv+lcaqDIIltJiaC6VOlBpG3ClauxrTXNX1FdoUjmJLZ7cD1usI PEQf8aj8T/NL4ZmLR8XoSpSdU3UMJ1zj2dmB3bdEL2D1jLjrQdTVsR8yTBkIrcRx 5FaPsVMaJbszVaxzNlzLqwrTliQbeTkBNwENgUry1SgAmysQjs0Cig== =hxVY -----END PGP SIGNATURE----- --=-=-=-- From nobody Mon Dec 15 12:44:19 2014 Return-Path: X-Original-To: ipsec@ietfa.amsl.com Delivered-To: ipsec@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C58F71A89B0 for ; Mon, 15 Dec 2014 12:44:14 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.131 X-Spam-Level: X-Spam-Status: No, score=-1.131 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_NEUTRAL=0.779, T_RP_MATCHES_RCVD=-0.01] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id L9yXzXSpYeiF for ; Mon, 15 Dec 2014 12:44:11 -0800 (PST) Received: from mail.kivinen.iki.fi (fireball.kivinen.iki.fi [IPv6:2001:1bc8:100d::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3411A1A89A8 for ; Mon, 15 Dec 2014 12:44:02 -0800 (PST) Received: from fireball.kivinen.iki.fi (localhost [127.0.0.1]) by mail.kivinen.iki.fi (8.14.8/8.14.8) with ESMTP id sBFKhumd015706 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Mon, 15 Dec 2014 22:43:56 +0200 (EET) Received: (from kivinen@localhost) by fireball.kivinen.iki.fi (8.14.8/8.14.8/Submit) id sBFKhtR5012331; Mon, 15 Dec 2014 22:43:55 +0200 (EET) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <21647.18443.148411.872644@fireball.kivinen.iki.fi> Date: Mon, 15 Dec 2014 22:43:55 +0200 From: Tero Kivinen To: Paul Hoffman In-Reply-To: <52EFE4AC-47EC-4EF8-956A-44ECF887A78F@vpnc.org> References: <2CBE2213-E3B6-4E0C-95EC-D1DFB05D3A0E@vpnc.org> <548BF356.1000403@sfc.wide.ad.jp> <52EFE4AC-47EC-4EF8-956A-44ECF887A78F@vpnc.org> X-Mailer: VM 8.2.0b under 24.3.1 (x86_64--netbsd) X-Edit-Time: 6 min X-Total-Time: 6 min Archived-At: http://mailarchive.ietf.org/arch/msg/ipsec/A8OiaN7IgZFkcdLtpseprkeSeTA Cc: IPsecME WG , Shota Nagayama Subject: Re: [IPsec] Survey for WG interest in adopting draft-nagayama-ipsecme-ipsec-with-qkd X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Dec 2014 20:44:15 -0000 Paul Hoffman writes: > Please note that the conclusion of this survey was that the WG was > not going to adopt the document. The chairs asked that the authors > set up their own discussion fora if they want to continue > discussion. Announcing new versions of non-WG drafts on this list is > fine, but trying to keep the discussion alive here is not. I do not agree on that. The ipsec is the ietf list for ipsec related discussion. It was originally for ipsec WG and when IPsecME was formed we decided to use same mailing list, and I think that at point the idea was that mailing list should be used with all ipsec related discussions. The discussion about those draft has not been that overwhelming that we would need to create separate mailing list for that. If you are going to say that most of the active working group participants (I think most of the really active working group participants did answer to question, but there might be few missing) are not enough for draft to be working group document, and then you say that we cannot even discuss it on the ipsec list I think that is not ok. I do not want to joining several different mailing list for short time to discuss about each draft the chairs feel should not be adopted on the wg and then the lists would most likely be silent forever (except of course the mandatory spams). -- kivinen@iki.fi From nobody Tue Dec 16 05:16:55 2014 Return-Path: X-Original-To: ipsec@ietfa.amsl.com Delivered-To: ipsec@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7E9181ACD86 for ; Tue, 16 Dec 2014 05:16:52 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.21 X-Spam-Level: X-Spam-Status: No, score=-4.21 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Qa1n0O15FwvZ for ; Tue, 16 Dec 2014 05:16:50 -0800 (PST) Received: from smtp.bbn.com (smtp.bbn.com [128.33.1.81]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1795F1A1AEA for ; Tue, 16 Dec 2014 05:16:50 -0800 (PST) Received: from dommiel.bbn.com ([192.1.122.15]:49610 helo=COMSEC.local) by smtp.bbn.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from ) id 1Y0rzt-00084c-69; Tue, 16 Dec 2014 08:17:05 -0500 Message-ID: <549030BE.2070007@bbn.com> Date: Tue, 16 Dec 2014 08:16:46 -0500 From: Stephen Kent User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:24.0) Gecko/20100101 Thunderbird/24.6.0 MIME-Version: 1.0 To: Ashok Kumar , ipsec References: In-Reply-To: Content-Type: multipart/alternative; boundary="------------000609040504050209080306" Archived-At: http://mailarchive.ietf.org/arch/msg/ipsec/DuyZupdRKdnVrcP5Xr77rfxCJhM Subject: Re: [IPsec] RFC-4303 - Does ESN really worth/help to reduce/avoid replayed packets? X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Dec 2014 13:16:52 -0000 This is a multi-part message in MIME format. --------------000609040504050209080306 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Ashok, > Hi All, > > As per my understanding, the anti-replay feature in IPsec helps to > save CPU cycles > in the IPsec gateway (or host) by discarding the replayed packets so > that costly > operation like MAC calculation and decryption can be avoided for such > packets. > Is my understanding right? only partially. The main reason for this is to protect an app from receiving replayed traffic that it might not otherwise detect and reject. Not an issue for TCP, but a possible issue for UDP-based apps. > From "A2.3. Pseudo-Code Example" in RFC-4303, looks like any packet which > are older than the anti-replay window start, would skip the > anti-replay check > and MAC check will be done. Though MAC check would fail (because Seqh > would be incorrect), MAC calculation would still happens. It is most > likely to > happen for almost all replayed packets in a high throughput tunnel. > Isn't it? That's not the intent. The intent is to immediately drop any packet for which the sequence number is older than the AR window, thus avoiding crypto operations that are not necessary. > Without ESN support, we will discard all packets whose sequence number > is less than the anti-replay window base. So the problem which I see is, > only with ESN support. Please correct me if I am missing something. See comments above. Steve --------------000609040504050209080306 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Ashok,

Hi All,

As per my understanding, the anti-replay feature in IPsec helps to save CPU cycles

in the IPsec gateway (or host) by discarding the replayed packets so that costly

operation like MAC calculation and decryption can be avoided for such packets.

Is my understanding right?

only partially. The main reason for this is to protect an app from receiving
replayed traffic that it might not otherwise detect and reject. Not an issue for
TCP, but a possible issue for UDP-based apps.

From "A2.3. Pseudo-Code Example" in RFC-4303, looks like any packet which

are older than the anti-replay window start, would skip the anti-replay check

and MAC check will be done. Though MAC check would fail (because Seqh

would be incorrect), MAC calculation would still happens. It is most likely to

happen for almost all replayed packets in a high throughput tunnel. Isn't it?

That's not the intent. The intent is to immediately drop any packet for which
the sequence number is older than the AR window, thus avoiding crypto operations
that are not necessary.

Without ESN support, we will discard all packets whose sequence number

is less than the anti-replay window base. So the problem which I see is,

only with ESN support. Please correct me if I am missing something.

See comments above.

Steve
--------------000609040504050209080306-- From nobody Tue Dec 16 08:45:57 2014 Return-Path: X-Original-To: ipsec@ietfa.amsl.com Delivered-To: ipsec@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 54AC91A1BE3 for ; Tue, 16 Dec 2014 08:45:47 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.999 X-Spam-Level: X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lPCKP9MD9ryU for ; Tue, 16 Dec 2014 08:45:45 -0800 (PST) Received: from mail-qg0-x229.google.com (mail-qg0-x229.google.com [IPv6:2607:f8b0:400d:c04::229]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9432F1A6EF0 for ; Tue, 16 Dec 2014 08:45:27 -0800 (PST) Received: by mail-qg0-f41.google.com with SMTP id j5so10570422qga.28 for ; Tue, 16 Dec 2014 08:45:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=yC+U5wWPxcz+9pPDEzDiyGS/otqmQLRPHM3rFw4dBFw=; b=JjfhU7GHt2m0uXelpcnr2kcSpk9Maz/l1tZ1q2nrdMkiCeGph9F6fdbVfCp8VS1kvO +sW104y3krCLfGFMESqo3+pXgcKERJMgBNHVLWF7zBuRBfG+Jl8tBDgmWQnvk2cXDrUF X8eiquSU8NeU8za6aAIx7ka03GNyaS2um6uvcU8v2pboADnHUXdEdXaSxpK8j9oO0P7B 7+36j1JjY8pajiY8XJhsswpoHwFU2xv+KznS4h863Bm03MWDi8gPO3H0oYi3/bMbPiTN Bgj8QZeZ9fowNbSlat7cGYu4lI55UV8rXouVo73lRRzDPGPx6nUzW4sHq/pcrE1nByrs Hg4w== MIME-Version: 1.0 X-Received: by 10.140.17.203 with SMTP id 69mr55150876qgd.32.1418748326647; Tue, 16 Dec 2014 08:45:26 -0800 (PST) Received: by 10.140.80.136 with HTTP; Tue, 16 Dec 2014 08:45:26 -0800 (PST) In-Reply-To: <66CAB7BB-DAC5-4675-82CB-317907C17712@dell.com> References: <66CAB7BB-DAC5-4675-82CB-317907C17712@dell.com> Date: Tue, 16 Dec 2014 22:15:26 +0530 Message-ID: From: Ashok Kumar To: Paul_Koning@dell.com Content-Type: multipart/alternative; boundary=001a11c002ba091f7f050a58169a Archived-At: http://mailarchive.ietf.org/arch/msg/ipsec/bpD_6nXcfIm45mUWaUEP6uPiSMk Cc: ipsec@ietf.org Subject: Re: [IPsec] RFC-4303 - Does ESN really worth/help to reduce/avoid replayed packets? X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Dec 2014 16:45:47 -0000 --001a11c002ba091f7f050a58169a Content-Type: text/plain; charset=UTF-8 Hi Paul, I agree that it helps to avoid delivering duplicate packets to the end system. But I am not convinced about the following statement. > The purpose is to avoid delivering duplicate packets to the end system, where (depending > on the protocol) they might cause applications to malfunction. The IPsec is transparent to end system. So IIUC, end-to-end system/application shouldn't assume that it will never receive duplicate packets. So regardless of whether IPsec is used/deployed or not, it is end system/application responsibility to handle any duplicate packets. Isn't it? Thanks, Ashok Kumar On Mon, Dec 15, 2014 at 10:00 PM, wrote: > > > > On Dec 15, 2014, at 1:58 AM, Ashok Kumar wrote: > > > > Hi All, > > > > As per my understanding, the anti-replay feature in IPsec helps to save > CPU cycles > > in the IPsec gateway (or host) by discarding the replayed packets so > that costly > > operation like MAC calculation and decryption can be avoided for such > packets. > > Is my understanding right? > > No. The anti-replay feature prevents replay attacks. The purpose is to > avoid delivering duplicate packets to the end system, where (depending on > the protocol) they might cause applications to malfunction. The benefit > you describe (to the IPSec gateway) is insignificant. > > paul > > --001a11c002ba091f7f050a58169a Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

Hi Paul,

I agree that i= t helps to avoid delivering duplicate packets to the end system.

But I am not convinced ab= out the following statement.

> The = purpose is to avoid delivering duplicate packets to the end system, where (= depending

> on the protocol) they might cause appl= ications to malfunction.

The IPsec is = transparent to end system. So IIUC, end-to-end system/application

shouldn't assume that it will never receive duplicate packets. So rega= rdless of

whether IPsec is used/deployed or not, it is end system= /application responsibility

to handle any duplicate packets. Isn&= #39;t it?

Thanks,

Ashok Kumar

On Mon, Dec 15, 2014 at 10:00 PM, <Paul= _Koning@dell.com> wrote:

> On Dec 15, 2014, at 1:58 AM, Ashok Kumar <ashokar@gmail.com> wrote:
>
> Hi All,
>
> As per my understanding, the anti-replay feature in IPsec helps to sav= e CPU cycles
> in the IPsec gateway (or host) by discarding the replayed packets so t= hat costly
> operation like MAC calculation and decryption can be avoided for such = packets.
> Is my understanding right?

No.=C2=A0 The anti-replay feature prevents replay attacks.=C2=A0 The= purpose is to avoid delivering duplicate packets to the end system, where = (depending on the protocol) they might cause applications to malfunction.= =C2=A0 The benefit you describe (to the IPSec gateway) is insignificant.
=C2=A0 =C2=A0 =C2=A0 =C2=A0 paul

--001a11c002ba091f7f050a58169a-- From nobody Tue Dec 16 09:02:18 2014 Return-Path: X-Original-To: ipsec@ietfa.amsl.com Delivered-To: ipsec@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6910D1A6F33 for ; Tue, 16 Dec 2014 09:02:16 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -7.011 X-Spam-Level: X-Spam-Status: No, score=-7.011 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KGHBj8W0UxRt for ; Tue, 16 Dec 2014 09:02:14 -0800 (PST) Received: from ausc60pc101.us.dell.com (ausc60pc101.us.dell.com [143.166.85.206]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C30C11A6F52 for ; Tue, 16 Dec 2014 09:02:13 -0800 (PST) DomainKey-Signature: s=smtpout; d=dell.com; c=nofws; q=dns; h=X-LoopCount0:X-IronPort-AV:From:To:CC:Subject: Thread-Topic:Thread-Index:Date:Message-ID:References: In-Reply-To:Accept-Language:Content-Language: X-MS-Has-Attach:X-MS-TNEF-Correlator:x-originating-ip: Content-Type:Content-ID:Content-Transfer-Encoding: MIME-Version:Return-Path; b=oI+HaupcCYknqXpG5klFkrTPEtSjF47tfmUPJjsg/R1jon94CaC1KH3z An73uiKkCeJIAejK3fK4AAYGLVuyN/BJevEDRbp7UXYJYYap4+MPS2Xak 0g5dMIJZnjB/FLmsFj5eYhF/mlQxv7SI2WGbu3gbQWkdKfKzstk8ernyT c=; DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=dell.com; i=@dell.com; q=dns/txt; s=smtpout; t=1418749333; x=1450285333; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=3gnc2CKDbD2QzppgXh3ur+skKGr0dmVYGEg8kw8kAdA=; b=yszpdxvgoqo3pHhkd6pijL4yl28fM3Lwtqe7AK0paKGr8plObWiDRfPx oVRpXSm8JYBW0aTmDN4pxue3t8Tyt71x233EvK1ebJ+nnyn9T0ODPf9X/ pmzEzWQYSJYk64IGM6kVoE3cRIJelRIJe1JnIWJsoboOvt8Ypxcqa4vlX w=; X-LoopCount0: from 10.170.28.39 X-IronPort-AV: E=Sophos;i="5.07,587,1413262800"; d="scan'208";a="732756757" From: To: Thread-Topic: [IPsec] RFC-4303 - Does ESN really worth/help to reduce/avoid replayed packets? Thread-Index: AQHQGIObq94+fYaO502FOt0r2zUijpyRPE+AgAGWoQCAAASRgA== Date: Tue, 16 Dec 2014 17:01:48 +0000 Message-ID: <0960BFC1-E306-45CB-A954-4CF2595686B3@dell.com> References: <66CAB7BB-DAC5-4675-82CB-317907C17712@dell.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.166.135.94] Content-Type: text/plain; charset="utf-8" Content-ID: <32620C032BCCC441B2CCA15673AC1437@dell.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 Archived-At: http://mailarchive.ietf.org/arch/msg/ipsec/o-6UGDBpIUGCid_wINR0rWyZ4YM Cc: ipsec@ietf.org Subject: Re: [IPsec] RFC-4303 - Does ESN really worth/help to reduce/avoid replayed packets? X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Dec 2014 17:02:16 -0000 DQo+IE9uIERlYyAxNiwgMjAxNCwgYXQgMTE6NDUgQU0sIEFzaG9rIEt1bWFyIDxhc2hva2FyQGdt YWlsLmNvbT4gd3JvdGU6DQo+IA0KPiBIaSBQYXVsLA0KPiANCj4gSSBhZ3JlZSB0aGF0IGl0IGhl bHBzIHRvIGF2b2lkIGRlbGl2ZXJpbmcgZHVwbGljYXRlIHBhY2tldHMgdG8gdGhlIGVuZCBzeXN0 ZW0uDQo+IEJ1dCBJIGFtIG5vdCBjb252aW5jZWQgYWJvdXQgdGhlIGZvbGxvd2luZyBzdGF0ZW1l bnQuDQo+IA0KPiA+IFRoZSBwdXJwb3NlIGlzIHRvIGF2b2lkIGRlbGl2ZXJpbmcgZHVwbGljYXRl IHBhY2tldHMgdG8gdGhlIGVuZCBzeXN0ZW0sIHdoZXJlIChkZXBlbmRpbmcNCj4gPiBvbiB0aGUg cHJvdG9jb2wpIHRoZXkgbWlnaHQgY2F1c2UgYXBwbGljYXRpb25zIHRvIG1hbGZ1bmN0aW9uLg0K PiANCj4gVGhlIElQc2VjIGlzIHRyYW5zcGFyZW50IHRvIGVuZCBzeXN0ZW0uIFNvIElJVUMsIGVu ZC10by1lbmQgc3lzdGVtL2FwcGxpY2F0aW9uDQo+IHNob3VsZG4ndCBhc3N1bWUgdGhhdCBpdCB3 aWxsIG5ldmVyIHJlY2VpdmUgZHVwbGljYXRlIHBhY2tldHMuIFNvIHJlZ2FyZGxlc3Mgb2YNCj4g d2hldGhlciBJUHNlYyBpcyB1c2VkL2RlcGxveWVkIG9yIG5vdCwgaXQgaXMgZW5kIHN5c3RlbS9h cHBsaWNhdGlvbiByZXNwb25zaWJpbGl0eQ0KPiB0byBoYW5kbGUgYW55IGR1cGxpY2F0ZSBwYWNr ZXRzLiBJc24ndCBpdD8NCg0KQ29udmVudGlvbmFsIHByb3RvY29sIGRlc2lnbiBjb25jZW50cmF0 ZXMgb24gaGFuZGxpbmcgZXZlbnRzIHRoYXQgb2NjdXIgbm9ybWFsbHkgaW4gYSBuZXR3b3JrLiAg Rm9yIGV4YW1wbGUsIGFjY2lkZW50YWwgZGF0YSBjb3JydXB0aW9uIG9jY3VycyBvbiBwaHlzaWNh bCBsaW5rcyBkdWUgdG8gbm9pc2UgYW5kIHRoZSBsaWtlLiAgUGFja2V0IHJlb3JkZXJpbmcgb2Nj dXJzIGR1ZSB0byBob3cgcm91dGluZyB3b3Jrcy4gIFBhY2tldCBkdXBsaWNhdGlvbiBtYXkgYWxz byBvY2N1ciBub3JtYWxseSBvbiBvY2Nhc2lvbi4gIEluIGFsbCB0aGVzZSwgdGhlIGRlc2lnbiBm b2N1c2VzIG9uIG5vbi1tYWxpY2lvdXMgZXZlbnRzOiByYW5kb20gb3Igb3RoZXJ3aXNlIGludGVy bWl0dGVudCBldmVudHMgYnV0IG5vdCBldmVudHMgY29uc3RydWN0ZWQgYnkgYW4gYWR2ZXJzYXJ5 IGludGVudCBvbiBicmVha2luZyB0aGluZ3MuDQoNCkJ5IGNvbnRyYXN0LCBzZWN1cml0eSBwcm90 b2NvbHMgc3VjaCBhcyBJUFNlYyBzcGVjaWZpY2FsbHkgYWltIHRvIGhhbmRsZSBldmVudHMgY3Jl YXRlZCBieSBhIG1hbGljaW91cyBhZHZlcnNhcnkuICBDb25zaWRlciB0aGUgZGF0YSBjb3JydXB0 aW9uIGNhc2U6IENSQyB3b3JrcyB2ZXJ5IHdlbGwgZm9yIHJhbmRvbSBiaXQgZXJyb3JzLCB3aGlj aCBpcyB3aHkgZGF0YSBsaW5rIGxheWVycyAoc3VjaCBhcyBFdGhlcm5ldCkgdXNlIGl0IHdpZGVs eS4gIENSQyBhbmQgY2hlY2tzdW1zIHdvcmsgd2VsbCBmb3Igc29tZSBvdGhlciBjbGFzc2VzIG9m IGFjY2lkZW50YWwgZGF0YSBlcnJvcnMsIHdoaWNoIGlzIHdoeSBTQ1RQIGFuZCBpU0NTSSB1c2Vz IENSQywgYW5kIFRDUCB1c2VzIGEgc2ltcGxlciBjaGVja3N1bS4NCg0KTm9uZSBvZiB0aG9zZSBh cmUgYW55IGhlbHAgYXQgYWxsIGFnYWluc3QgZGVsaWJlcmF0ZSBhdHRhY2tzLiAgSXQgaXMgdXR0 ZXJseSB0cml2aWFsIHRvIG1vZGlmeSBwYWNrZXRzIGluIGEgd2F5IHRoYXQgbGVhdmVzIHRoZSBj aGVja3N1bSBvciBDUkMgdW5jaGFuZ2VkIChvciwgZm9yIHRoYXQgbWF0dGVyLCB0byBhZGp1c3Qg dGhlIGNoZWNrc3VtIHNvIGl0IHN0aWxsIGxvb2tzIGNvcnJlY3QpLiAgU28gSVBTZWMgZG9lcyBu b3QgZG8gaXQgdGhhdCB3YXk7IGluc3RlYWQsIGl0IHVzZXMgYSBrZXllZCBzZWN1cmUgaGFzaCwg d2hpY2ggZG9lcyBoYXZlIHRoZSBwcm9wZXJ0eSB0aGF0IGl0IHJlc2lzdHMgZGVsaWJlcmF0ZSBt YWxpY2lvdXMgbW9kaWZpY2F0aW9uLg0KDQpTbyB0b28gd2l0aCBkdXBsaWNhdGUgcGFja2V0cy4g IFRDUCwgZm9yIGV4YW1wbGUsIGRlYWxzIHdpdGggZHVwbGljYXRlIHBhY2tldHMsIHdpdGhpbiBs aW1pdHMsIGFuZCBhc3N1bWluZyB0aGF0IHRoZXJlIGlzbuKAmXQgYW4gYWN0aXZlIGF0dGFja2Vy IG1vZGlmeWluZyB0aGUgcGFja2V0IHN0cmVhbS4gIEJ1dCB0aGUgVENQIG1lY2hhbmlzbXMgYXJl IG5vdCBkZXNpZ25lZCBmb3IgYW5kIGRvIG5vdCBoYW5kbGUgYSBkZWxpYmVyYXRlIGF0dGFjayBi eSBhIHNraWxsZnVsIGF0dGFja2VyLiAgT24gdGhlIG90aGVyIGhhbmQsIHRoZSBJUFNlYyByZXBs YXkgcHJldmVudGlvbiBtZWNoYW5pc20gZG9lcyBhZGRyZXNzIHN1Y2ggYXR0YWNrcy4NCg0KU28g d2hpbGUgaXQgbWF5IHNlZW0gdGhhdCBJUFNlYyBkb2VzIGEgYnVuY2ggb2YgdGhpbmdzIHRoYXQg b3RoZXIgcHJvdG9jb2xzIGFscmVhZHkgZG8sIG9yIHNob3VsZCBhbHJlYWR5IGRvLCB0aGlzIGlz IGdlbmVyYWxseSBub3QgdGhlIGNhc2U7IHRoZSBrZXkgZGlmZmVyZW5jZSBpcyDigJxhY2NpZGVu dGFs4oCdIHZzLiDigJxkZWxpYmVyYXRl4oCdIGluIGVhY2ggb2YgdGhlc2UgYXJlYXMuDQoNCglw YXVsDQoNCg== From nobody Tue Dec 16 09:14:02 2014 Return-Path: X-Original-To: ipsec@ietfa.amsl.com Delivered-To: ipsec@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 342511A7002 for ; Tue, 16 Dec 2014 09:13:41 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.999 X-Spam-Level: X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1h99apAuENWJ for ; Tue, 16 Dec 2014 09:13:38 -0800 (PST) Received: from mail-qg0-x22d.google.com (mail-qg0-x22d.google.com [IPv6:2607:f8b0:400d:c04::22d]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0E5321A7029 for ; Tue, 16 Dec 2014 09:11:58 -0800 (PST) Received: by mail-qg0-f45.google.com with SMTP id f51so10327511qge.4 for ; Tue, 16 Dec 2014 09:11:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=QTJtZDRzZwRyMYQYwC9vcgoOgPyHQRLKECFgJ0fuf2o=; b=U0ckAzR0BgDLzMPsifxa5ydjzzWjkfyCF1Qq/Ge9Esp9OHJOv14q2nRExlMwEnvO/n yIUH3QPCx++KxS6JKRku+1jMz0pWXcnew1huRHTFxnhLIC06PkXuNQZ+Wbhqq4Fe2jjX NXY5Bhj16RHvXUXbWSzZ12rBp25VD+usTv6maCkzO1fF/gVCfu8wxokdfEI4g35iUXQG HxSlZ9rgQkHCTmB2vv88xmivjLaaUMT2QW13/5GPKg42zmO1e7qHhlGR+TUYjje9hKli LSmD6e8TM1UzzTIKgSYzgtAxsfmz2vmhTu+2Q1x4pPygNlJiZ4XYn6SbmBLbcII3Cnz6 aq5A== MIME-Version: 1.0 X-Received: by 10.140.82.101 with SMTP id g92mr27167593qgd.26.1418749917116; Tue, 16 Dec 2014 09:11:57 -0800 (PST) Received: by 10.140.80.136 with HTTP; Tue, 16 Dec 2014 09:11:57 -0800 (PST) In-Reply-To: <25104.1418666518@sandelman.ca> References: <66CAB7BB-DAC5-4675-82CB-317907C17712@dell.com> <25104.1418666518@sandelman.ca> Date: Tue, 16 Dec 2014 22:41:57 +0530 Message-ID: From: Ashok Kumar To: Michael Richardson Content-Type: multipart/alternative; boundary=001a11c118d0d5c33b050a5874d5 Archived-At: http://mailarchive.ietf.org/arch/msg/ipsec/RVKhtkWrcRvYts53zWtrcU3MnDA Cc: ipsec@ietf.org, Paul_Koning@dell.com Subject: Re: [IPsec] RFC-4303 - Does ESN really worth/help to reduce/avoid replayed packets? X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Dec 2014 17:13:41 -0000 --001a11c118d0d5c33b050a5874d5 Content-Type: text/plain; charset=UTF-8 Exactly. Michael has got my observation right. With ESN, the receiver will unnecessarily do MAC calculation for replayed packets which falls before the replay window. The reason is, replayed packets whose sequence number is lesser than the window start, will be considered as newer packet and anti-replay check would be skipped for such packets (as per pseudo code given in the RFC). Thanks, Ashok Kumar On Mon, Dec 15, 2014 at 11:31 PM, Michael Richardson wrote: > > > wrote: > >> Hi All, > >> > >> As per my understanding, the anti-replay feature in IPsec helps to > >> save CPU cycles in the IPsec gateway (or host) by discarding the > >> replayed packets so that costly operation like MAC calculation and > >> decryption can be avoided for such packets. Is my understanding > >> right? > > > No. The anti-replay feature prevents replay attacks. The purpose is > > to avoid delivering duplicate packets to the end system, where > > (depending on the protocol) they might cause applications to > > malfunction. The benefit you describe (to the IPSec gateway) is > > insignificant. > > Paul: what you said is correct about the reply feature. > > But what Ashok observed about the implementation recommendation is also > correct. > > The anti-replay *WINDOW* (a bit map of a particular size) in on the receive > allows the receiver to receive packets out of order, but puts a lower limit > on replay values that will be accepted. Once the window is closed, the > gateway can discard packets without performing a MAC calculation. > The affect on the IPsec gateway is not insignificant if the IPsec gateway > can not perform MAC operations at wire speeds. For much of the life of the > IPsec specification, software implementations of IPsec have been slower > than > line card speeds. It has only been in the past 7 to 9 years that this is > frequently not been the case; and it is still the case for most home > gateways, for instance. > > > > -- > Michael Richardson , Sandelman Software Works > -= IPv6 IoT consulting =- > > > > --001a11c118d0d5c33b050a5874d5 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

Exactly. Michael has got my observatio= n right.

With ESN, the receiver will unnecessarily= do MAC calculation for replayed packets

which falls before the r= eplay window. The reason is, replayed packets whose sequence

numb= er is lesser than the window start, will be considered as newer packet and = anti-replay

check would be skipped for such packets (as per pseud= o code given in the RFC).

Thanks,

Ashok Kumar

<= /div>

On Mon, Dec 15, 2014 at 11:31 PM, Michael Ri= chardson <mcr+ietf@sandelman.ca> wrote:

<Paul_Koning@Dell.com> wrote:
=C2=A0 =C2=A0 >> Hi All,
=C2=A0 =C2=A0 >>
=C2=A0 =C2=A0 >> As per my understanding, the anti-replay feature in = IPsec helps to
=C2=A0 =C2=A0 >> save CPU cycles in the IPsec gateway (or host) by di= scarding the
=C2=A0 =C2=A0 >> replayed packets so that costly operation like MAC c= alculation and
=C2=A0 =C2=A0 >> decryption can be avoided for such packets.=C2=A0 Is= my understanding
=C2=A0 =C2=A0 >> right?

=C2=A0 =C2=A0 > No.=C2=A0 The anti-replay feature prevents replay attack= s.=C2=A0 The purpose is
=C2=A0 =C2=A0 > to avoid delivering duplicate packets to the end system,= where
=C2=A0 =C2=A0 > (depending on the protocol) they might cause application= s to
=C2=A0 =C2=A0 > malfunction.=C2=A0 The benefit you describe (to the IPSe= c gateway) is
=C2=A0 =C2=A0 > insignificant.

Paul: what you said is correct about the reply feature.

But what Ashok observed about the implementation recommendation is also cor= rect.

The anti-replay *WINDOW* (a bit map of a particular size) in on the receive=
allows the receiver to receive packets out of order, but puts a lower limit=
on replay values that will be accepted.=C2=A0 Once the window is closed, th= e
gateway can discard packets without performing a MAC calculation.
The affect on the IPsec gateway is not insignificant if the IPsec gateway can not perform MAC operations at wire speeds.=C2=A0 For much of the life o= f the
IPsec specification, software implementations of IPsec have been slower tha= n
line card speeds.=C2=A0 It has only been in the past 7 to 9 years that this= is
frequently not been the case; and it is still the case for most home
gateways, for instance.

--
Michael Richardson <mcr+IETF@= sandelman.ca>, Sandelman Software Works
=C2=A0-=3D IPv6 IoT consulting =3D-

--001a11c118d0d5c33b050a5874d5-- From nobody Tue Dec 16 09:26:06 2014 Return-Path: X-Original-To: ipsec@ietfa.amsl.com Delivered-To: ipsec@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 720691A6EFC for ; Tue, 16 Dec 2014 09:26:03 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.999 X-Spam-Level: X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vc64lrwc4KIc for ; Tue, 16 Dec 2014 09:26:01 -0800 (PST) Received: from mail-qc0-x233.google.com (mail-qc0-x233.google.com [IPv6:2607:f8b0:400d:c01::233]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 88F6D1A1EF3 for ; Tue, 16 Dec 2014 09:26:01 -0800 (PST) Received: by mail-qc0-f179.google.com with SMTP id c9so10842247qcz.10 for ; Tue, 16 Dec 2014 09:26:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=9n7kASjzzBV1Ox8PtYNhKvCKbzGzWk7IE2/aTH7MD5k=; b=IKqCtAyGmeEPdoDgS7szn8Sxrr8UAttNJC1iVzkjEdGcjDgBIaspfkIpTMvCdRLhGc ihkgR1xkdvxRDRrKA/i++wn3Y2KBe3hTM4xpWQidHNkeoyuj7/YpdbzvaU4h6yZ8bIsC yEfs4dJ0hCrsJpHs9/IyvFu70+oFrHtOB1101R9rutvbGxE3+Kg1sRJMmQa9+7VWU+2k XON/zwQyvF4DETy0tXdmZOIdQpt62t6JUn23pd4GON0uGs06I38u60MvfV0Wn8KIIGUH EIGp7oVDykaCgw5OCqQDzuE8dKLs014SzpW+LVtinXh4RFkBdXgIPvf4fj75MvtYOrXP njqg== MIME-Version: 1.0 X-Received: by 10.140.20.104 with SMTP id 95mr38426427qgi.47.1418750760743; Tue, 16 Dec 2014 09:26:00 -0800 (PST) Received: by 10.140.80.136 with HTTP; Tue, 16 Dec 2014 09:26:00 -0800 (PST) In-Reply-To: <549030BE.2070007@bbn.com> References: <549030BE.2070007@bbn.com> Date: Tue, 16 Dec 2014 22:56:00 +0530 Message-ID: From: Ashok Kumar To: Stephen Kent Content-Type: multipart/alternative; boundary=001a11c124401e7c4b050a58a7b8 Archived-At: http://mailarchive.ietf.org/arch/msg/ipsec/tBNDC1qNkcdahebZJmU8DalKoN8 Cc: ipsec Subject: Re: [IPsec] RFC-4303 - Does ESN really worth/help to reduce/avoid replayed packets? X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Dec 2014 17:26:03 -0000 --001a11c124401e7c4b050a58a7b8 Content-Type: text/plain; charset=UTF-8 Hi Steve, On Tue, Dec 16, 2014 at 6:46 PM, Stephen Kent wrote: > Ashok, > > Hi All, > > As per my understanding, the anti-replay feature in IPsec helps to save > CPU cycles > in the IPsec gateway (or host) by discarding the replayed packets so that > costly > operation like MAC calculation and decryption can be avoided for such > packets. > Is my understanding right? > > only partially. The main reason for this is to protect an app from > receiving > replayed traffic that it might not otherwise detect and reject. Not an > issue for > TCP, but a possible issue for UDP-based apps. > IMHO, the end system/application shouldn't assume that IPsec is deployed in between. Even if IPsec is deployed, the anti-replay may not be enabled. Though anti-replay feature helps to avoid delivering duplicate packets, the application should still be able to handle any potential duplicate packets. > > From "A2.3. Pseudo-Code Example" in RFC-4303, looks like any packet > which > are older than the anti-replay window start, would skip the anti-replay > check > and MAC check will be done. Though MAC check would fail (because Seqh > would be incorrect), MAC calculation would still happens. It is most > likely to > happen for almost all replayed packets in a high throughput tunnel. Isn't > it? > > That's not the intent. The intent is to immediately drop any packet for > which > the sequence number is older than the AR window, thus avoiding crypto > operations > that are not necessary. > Exactly, that was my point too. With ESN (as per pseudo code given in the RFC), the replayed packet whose sequence number is older than window start wouldn't be dropped immediately. It will be dropped only after MAC check as higher 32-bit sequence number taken for MAC would be incorrect for such packets. May be, the pseudo code didn't cover the exact intention. Thanks, Ashok Kumar > Without ESN support, we will discard all packets whose sequence number > is less than the anti-replay window base. So the problem which I see is, > only with ESN support. Please correct me if I am missing something. > > See comments above. > > Steve > --001a11c124401e7c4b050a58a7b8 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

Hi Steve,

On Tue, Dec 16, 2014 at 6:= 46 PM, Stephen Kent <kent@bbn.com> wrote:

=20 =20 =20
Ashok,

Hi All,

As per my understanding, the anti-replay feature in IPsec helps to save CPU cycles

in the IPsec gateway (or host) by discarding the replayed packets so that costly

operation like MAC calculation and decryption can be avoided for such packets.

Is my understanding right?

only partially. The main reason for this is to protect an app from receiving
replayed traffic that it might not otherwise detect and reject. Not an issue for
TCP, but a possible issue for UDP-based apps.

IMHO, the end system/application shouldn't assume that IPs= ec is deployed in between.

Even if IPsec is deployed, the anti-re= play may not be enabled. Though anti-replay feature

helps to avoi= d delivering duplicate packets, the application should still be able

<= div>to handle any potential duplicate packets.

=C2=A0

From "A2.3. Pseudo-Code Example" in RFC-4303, looks like any packet which

are older than the anti-replay window start, would skip the anti-replay check

and MAC check will be done. Though MAC check would fail (because Seqh

would be incorrect), MAC calculation would still happens. It is most likely to

happen for almost all replayed packets in a high throughput tunnel. Isn't it?

That's not the intent. The intent is to immediately drop any packet for which
the sequence number is older than the AR window, thus avoiding crypto operations
that are not necessary.

Exactly, = that was my point too. With ESN (as =C2=A0per pseudo code given in the RFC)= ,

the replayed packet whose sequence number is older than window = start

wouldn't be dropped immediately. It will be dropped onl= y after MAC check

as higher 32-bit sequence number taken for MAC = would be incorrect for

such packets. May be, the pseudo code didn= 't cover the exact intention.

Thanks,

Ashok Kumar

Without ESN support, we will discard all packets whose sequence number

is less than the anti-replay window base. So the problem which I see is,

only with ESN support. Please correct me if I am missing something.

See comments above.

Steve