[{"author": "Paul Wouters", "text": "<p>1RTT is 1RTT :)</p>", "time": "2022-11-09T15:01:04Z"}, {"author": "Mohamed Boucadair", "text": "<p>@Chairs: draft-ietf-ipsecme-add-ike is in WGLC since 2022-08-09. Is there a plan to conclude the call?</p>", "time": "2022-11-09T15:03:13Z"}, {"author": "Paul Wouters", "text": "<p>\"after this meeting\"   i think that implies \"today\" :P not \"in 10 years\" :P</p>", "time": "2022-11-09T15:11:10Z"}, {"author": "Yoav Nir", "text": "<p>@meetecho: is it possible to turn the camera to the speaker?</p>", "time": "2022-11-09T15:11:20Z"}, {"author": "Mohamed Boucadair", "text": "<p>@Paul: <a href=\"https://datatracker.ietf.org/doc/html/draft-farrel-soon-07\">https://datatracker.ietf.org/doc/html/draft-farrel-soon-07</a></p>", "time": "2022-11-09T15:16:59Z"}, {"author": "Tero Kivinen", "text": "<p><span class=\"user-mention silent\" data-user-id=\"43\">Paul Wouters</span> <a href=\"#narrow/stream/237-ipsecme/topic/jabber/near/53154\">said</a>:</p>\n<blockquote>\n<p>\"after this meeting\"   i think that implies \"today\" :P not \"in 10 years\" :P</p>\n</blockquote>\n<p>Done.</p>", "time": "2022-11-09T15:18:07Z"}, {"author": "Yoav Nir", "text": "<p>That doesn't really fall under the definition of \"after this meeting\"</p>", "time": "2022-11-09T15:19:08Z"}, {"author": "Yoav Nir", "text": "<p>Isn't IPComp in practice almost deprecated?</p>", "time": "2022-11-09T15:19:43Z"}, {"author": "Dan Harkins", "text": "<p>@Yoav, that was my thought. Who uses this today?</p>", "time": "2022-11-09T15:20:00Z"}, {"author": "Yoav Nir", "text": "<p>We didn't have an attack demonstrated on stage like in TLS, but from what I remember we kind of hid it.</p>", "time": "2022-11-09T15:21:17Z"}, {"author": "Dan Harkins", "text": "<p>And I don't believe it was ever intended to stand-alone (i.e. just do IPcomp not ESP+IPcomp).</p>", "time": "2022-11-09T15:21:29Z"}, {"author": "Valery Smyslov", "text": "<p>@Dan: this my impression too</p>", "time": "2022-11-09T15:22:07Z"}, {"author": "\u00c9ric Vyncke", "text": "<p>You may also have a look at draft-ietf-intarea-schc-ip-protocol-number (running LPWAN SCHC directly over IP layer)</p>", "time": "2022-11-09T15:23:19Z"}, {"author": "Benjamin Schwartz", "text": "<p>Does IPComp even measurably help on the modern internet?  Everything is incompressible.</p>", "time": "2022-11-09T15:24:32Z"}, {"author": "Dan Harkins", "text": "<p>@Benjamin, not really. That's why it wasn't used. Compression is good when it's stateful but in practice the state got flushed with each packet and the result was meh.</p>", "time": "2022-11-09T15:25:39Z"}, {"author": "Yoav Nir", "text": "<p>@Benjamin: it depends. If you're using IPsec (and IPcomp) to compress HTTPS streams, than obviously you're not gaining much. If you are compressing some unencrypted FTP stream, maybe you are.</p>", "time": "2022-11-09T15:26:17Z"}, {"author": "Yoav Nir", "text": "<p>@Dan: we (CP) stopped recommending it because the acceleration didn't support it, and it wasn't worth the effort making the acceleration support it.</p>", "time": "2022-11-09T15:27:12Z"}, {"author": "Benjamin Schwartz", "text": "<p><span class=\"user-mention\" data-user-id=\"325\">@Yoav Nir</span> Even FTP supports DEFLATE, which will work much better</p>", "time": "2022-11-09T15:27:37Z"}, {"author": "Tero Kivinen", "text": "<p>And most of the files you move are already compressed.</p>", "time": "2022-11-09T15:27:59Z"}, {"author": "Yoav Nir", "text": "<p>Need a big payload to transfer the entire organization network in a CP payload. And then again in a TSr payload.</p>", "time": "2022-11-09T15:28:21Z"}, {"author": "Benjamin Schwartz", "text": "<p>Could this be fixed by defining a simple auto-retry heuristic?</p>", "time": "2022-11-09T15:47:50Z"}, {"author": "Dan Harkins", "text": "<p>it seems unwise for authentication to succeed if the peers don't agree on what the cookies are.</p>", "time": "2022-11-09T15:48:42Z"}, {"author": "Benjamin Schwartz", "text": "<p>It seems like \"retry up to N times on authentication failure\" would solve this without a protocol change.</p>", "time": "2022-11-09T15:49:30Z"}, {"author": "Yoav Nir", "text": "<p>@Benjamin: Yes, but if you get a bad AUTH payload (think digital signature) from the responder, it looks like a bad security issue that the initiator needs to alert about.</p>", "time": "2022-11-09T15:49:51Z"}, {"author": "Yoav Nir", "text": "<p>There's no \"good\" reason for a bad AUTH payload</p>", "time": "2022-11-09T15:50:04Z"}, {"author": "Benjamin Schwartz", "text": "<p>Also, what about diversifying the source ports?</p>", "time": "2022-11-09T15:51:21Z"}, {"author": "Yoav Nir", "text": "<p>*** Take it to the list</p>", "time": "2022-11-09T15:54:19Z"}, {"author": "Tobias Brunner", "text": "<p>You could also just let the CHILD_SA negotiation fail, you end up with a childless IKE_SA</p>", "time": "2022-11-09T16:12:40Z"}, {"author": "Valery Smyslov", "text": "<p>What about NO_ADDITIONAL_SAS ?</p>", "time": "2022-11-09T16:14:11Z"}, {"author": "Valery Smyslov", "text": "<p>It's a standard notify that Child SA cannot be created.</p>", "time": "2022-11-09T16:14:50Z"}, {"author": "Valery Smyslov", "text": "<p>Permanently.</p>", "time": "2022-11-09T16:14:59Z"}, {"author": "Yoav Nir", "text": "<p>Permanently until the next IKE SA.</p>", "time": "2022-11-09T16:15:35Z"}, {"author": "Benjamin Schwartz", "text": "<p><span class=\"user-mention\" data-user-id=\"110\">@Valery Smyslov</span> Interesting, thanks!</p>", "time": "2022-11-09T16:15:42Z"}, {"author": "Valery Smyslov", "text": "<p>Sure</p>", "time": "2022-11-09T16:15:44Z"}, {"author": "Benjamin Schwartz", "text": "<p><span class=\"user-mention\" data-user-id=\"1950\">@Tobias Brunner</span> Is that true?  Or do you end up with a child SA automatically from the AUTH exchange?</p>", "time": "2022-11-09T16:16:27Z"}, {"author": "Yoav Nir", "text": "<p>@meetecho: please point the camera at the speaker</p>", "time": "2022-11-09T16:16:45Z"}, {"author": "Yoav Nir", "text": "<p>If the IPsec part of the IKE_AUTH fails (like disagreeing on crypto methods) you remain with a valid IKE SA but no IPsec SA</p>", "time": "2022-11-09T16:17:54Z"}, {"author": "Benjamin Schwartz", "text": "<p><span class=\"user-mention\" data-user-id=\"325\">@Yoav Nir</span> Yes, but that's an unauthenticated failure mode that could be an attack.  We are looking for a way to produce an authenticated declaration that means \"Actually let's not use IPsec\".</p>", "time": "2022-11-09T16:19:00Z"}, {"author": "Tobias Brunner", "text": "<p>The SA is still fully authenticated</p>", "time": "2022-11-09T16:19:19Z"}, {"author": "Benjamin Schwartz", "text": "<p>(or can be interpreted that way in this context)</p>", "time": "2022-11-09T16:19:25Z"}, {"author": "Yoav Nir", "text": "<p>The child part of the IKE_AUTH is authenticated</p>", "time": "2022-11-09T16:19:35Z"}, {"author": "Benjamin Schwartz", "text": "<p>OK, thanks</p>", "time": "2022-11-09T16:19:52Z"}, {"author": "Yoav Nir", "text": "<p>The motivation for CHILDLESS was to avoid these situations - to make the child SA negotiations separate.  The use case then was VPN clients - separate the user-initiated \"connect\" operation from the traffic-initiated \"child SA setup\"</p>", "time": "2022-11-09T16:20:53Z"}, {"author": "Tobias Brunner", "text": "<p>It also allows using independent key exchanges for every CHILD_SA and not have the first CHILD_SA have keys derived from the key exchange already used for the IKE_SA</p>", "time": "2022-11-09T16:22:28Z"}, {"author": "Yoav Nir", "text": "<p>Wasn't there a big discussion in TLS and CFRG a few years back with the conclusion that you needed to replace AES-GCM keys far more often?</p>", "time": "2022-11-09T16:26:51Z"}]