IP Security Maintenance and Extensions (IPsecME) WG.

IETF 115 - Wednesday November 9th, 2022 15:00-16:30 UTC
https://meetings.conf.meetecho.com/ietf115/?group=ipsecme&short=&item=1

Agenda

Working Group Minutes

Note Well, Agenda Bashing and logistics

(chairs)

Tero Kivinen noted we will likely not get to the last two items on the
agenda.

Document status

(chairs)

Multi SA update

(Paul Wouters)
draft-pwouters-ipsecme-multi-sa-performance-04

Slides

Paul Ponchon: We are facing similar issues. One concern that adding
more SAs we could face scability issues.

Paul Wouters: More than one SA/tunnel might cause problems?

Paul P: In some situation you might have a few that add lot.

Paul Wouters: When you have a lot of clients and tunnels your
spreading them out over CPUs.

Valery Smyslov: I support adoption of this I-D. Will have some
experimentation. It's a good starting point.

Daniel Migault: I think it's a problem that we nneed to solve. It
would be more complicated to have multiple SAs. We sohuld limit the
number of SAs.

Christian Hopps: I was excited to hear you have an implementation.

Paul Wouters: It's in the implementation section.

IPsec workshop report

(Steffen Klassert)

Slides

No comments

IPComp Extension

(Hang Shi)
draft-ls-6man-ipcomp-exclude-transport-layer

Slides

Yoav Nir: IPComp has been deprecated and mostly hidden. As much
deprecated from AH. Fine to decouple it, but not sure how useful it is.

Tero Kivinen: Decouple means move it to another WG.

Paul Wouters: One way to make this go away is not use IPComp. If use
case is MTU issues, then use IPTFS.

Hang: It's about bandwidth.

Eric (INT AD): we just got the draft that cmpresses directly over
IP. SHAKE?

Tero Kivinen: MTU problems start to appear if you add compression
header overhead without actually compressing the packet.

Daniel Migault: Look at SHAKE.

New IKEv2 payload format

(Valery Symslov)

Slides

Daniel Migault: I think it's interesting. When we decreace redudnacy
is it easier or harder?

Valery Symslov: It's moderate. But easy to build into existingn
systems, but not that much.

Tero Kivinen: I think this is two seperate work items. Would like to
have one solution for each. There has to be interest and there appears
to be interest.

(Valery Smyslov)
draft-smyslov-ipsecme-ikev2-cookie-revised

Slides

Tero Kivinen: I think this is a little bit questionable. It's a
flaw, but is the question is that it doesn't affect the security then
maybe it's okay to leave alone. Maybe there's another way to do this ...

Tero: send a "this is the cookie that was used" in IKE_AUTH
responder. It is optional. Could fix it. You now know WHY auth failed
and know you can retry from scratch

Smyslov: Might be good idea, but what to do if you notice cookie is
different.

Tero: Send error ntification saying cookie changed.

Paul Wouters: If Valery volunteers I can help out here. ALso have
some questions about how often this happens.

Paul mumbled some wrong things and retracted :)

Tero: Need to get more comments. Valery to send message to list to
gauge interest.

Inter-domain source address validation using RPKI and IPsec

(Yangfei Guo)
draft-xu-risav and draft-xu-erisav

Slides

Paul W: 1) slide 4: yes it's delete/notify. 2) ICV is optional
depending for the packet format but its use is mandated by the cipher
(ICV for non-AEAD, no ICV for AEAD) 3) transport mode can only be
requested as preference. tunnel mode fallback is mandatory. Sorry to
those who hate us for that.

Scott Fluhrer: On Static-static-DH is that there is no PQ
equivalent. Better to avoid it.

Ben Schwartz: This is early stage proposal. This is really closely
to anti-replay proposal.

IKEv2 Optional SA&TS Payloads in Child Exchange

(Wei PAN (潘伟))
draft-kampati-ipsecme-ikev2-sa-ts-payloads-opt

Slides

Tero: Slide 3: The middle option is from ... option for IKE SA
doesn't really apply.

Wei Wanng: Did you have deployment in any operators network.

Wei Pan: As far as I know the base station has deployed this in
their 5G network.

Wei Wang: Very interested in this solution.

Chan Meiling: Used by low power systems. Support adoption.

Valery Symslov: Read it and support adoption.

Tero: After presentation, this I-D will be in WG adoption.

IPsec anti-replay subspaces

(Paul Ponchon)
draft-ponchon-ipsecme-anti-replay-subspaces

Slides

Scott Fluhrer: For the GCM nonce issue remember 32 bits are cming
from the KEX. Take the subspace from there then no collisions.

Ben Schwartz: This is one of the main problems while try to do this.
Would prefer pure statelesss solution. Prefers options #2. Also talked
abut trying to hash the source ID of the sender into the secret used for
deceryption and validation.

Daniel Migault: We do support this work and happy to work together.

Tero Kivinen (no hat): We already have 32 bit sending ID; it'ss
called SPIs. Multiple SAs is the solution for that. Mandatory to
generate sequence number, but checking replay protection window is not.
Not sure you are getting much help here.

Steffeb Klassert: Rough consensus shows we work on this. Let's do an
interim to address this!

Ben Schwarts: To respond to Tero, disabling replay protection seems
danngerous. (more back and forth I didn't catch)

Pierre Pfister: I think it's a concern of anti-replay. Serious
concerns about scaling.

Traffic Selector with DSCP

(Daniel Migault)

Slides

Ran out of time:

MTU fragmentation

(Daniel Migault)

Ran out of time:

END