IETF 115 - Wednesday November 9th, 2022 15:00-16:30 UTC
https://meetings.conf.meetecho.com/ietf115/?group=ipsecme&short=&item=1
multi-sa update - 5 min
IPsec workshop report - 10 minutes
IPComp Extension - 10 min
New IKEv2 payload format - 15 min
Revised Cookie Processing in IKEv2 - 10 min
Inter-domain source address validation using RPKI and IPsec - 15 min
IKEv2 Optional SA&TS Payloads in Child Exchange - 10 min
IPsec anti-replay subspaces - 10 min
If time permits:
(chairs)
Tero Kivinen noted we will likely not get to the last two items on the
agenda.
(chairs)
(Paul Wouters)
draft-pwouters-ipsecme-multi-sa-performance-04
Paul Ponchon: We are facing similar issues. One concern that adding
more SAs we could face scability issues.
Paul Wouters: More than one SA/tunnel might cause problems?
Paul P: In some situation you might have a few that add lot.
Paul Wouters: When you have a lot of clients and tunnels your
spreading them out over CPUs.
Valery Smyslov: I support adoption of this I-D. Will have some
experimentation. It's a good starting point.
Daniel Migault: I think it's a problem that we nneed to solve. It
would be more complicated to have multiple SAs. We sohuld limit the
number of SAs.
Christian Hopps: I was excited to hear you have an implementation.
Paul Wouters: It's in the implementation section.
(Steffen Klassert)
No comments
(Hang Shi)
draft-ls-6man-ipcomp-exclude-transport-layer
Yoav Nir: IPComp has been deprecated and mostly hidden. As much
deprecated from AH. Fine to decouple it, but not sure how useful it is.
Tero Kivinen: Decouple means move it to another WG.
Paul Wouters: One way to make this go away is not use IPComp. If use
case is MTU issues, then use IPTFS.
Hang: It's about bandwidth.
Eric (INT AD): we just got the draft that cmpresses directly over
IP. SHAKE?
Tero Kivinen: MTU problems start to appear if you add compression
header overhead without actually compressing the packet.
Daniel Migault: Look at SHAKE.
(Valery Symslov)
Daniel Migault: I think it's interesting. When we decreace redudnacy
is it easier or harder?
Valery Symslov: It's moderate. But easy to build into existingn
systems, but not that much.
Tero Kivinen: I think this is two seperate work items. Would like to
have one solution for each. There has to be interest and there appears
to be interest.
(Valery Smyslov)
draft-smyslov-ipsecme-ikev2-cookie-revised
Tero Kivinen: I think this is a little bit questionable. It's a
flaw, but is the question is that it doesn't affect the security then
maybe it's okay to leave alone. Maybe there's another way to do this ...
Tero: send a "this is the cookie that was used" in IKE_AUTH
responder. It is optional. Could fix it. You now know WHY auth failed
and know you can retry from scratch
Smyslov: Might be good idea, but what to do if you notice cookie is
different.
Tero: Send error ntification saying cookie changed.
Paul Wouters: If Valery volunteers I can help out here. ALso have
some questions about how often this happens.
Paul mumbled some wrong things and retracted :)
Tero: Need to get more comments. Valery to send message to list to
gauge interest.
(Yangfei Guo)
draft-xu-risav and draft-xu-erisav
Paul W: 1) slide 4: yes it's delete/notify. 2) ICV is optional
depending for the packet format but its use is mandated by the cipher
(ICV for non-AEAD, no ICV for AEAD) 3) transport mode can only be
requested as preference. tunnel mode fallback is mandatory. Sorry to
those who hate us for that.
Scott Fluhrer: On Static-static-DH is that there is no PQ
equivalent. Better to avoid it.
Ben Schwartz: This is early stage proposal. This is really closely
to anti-replay proposal.
(Wei PAN (潘伟))
draft-kampati-ipsecme-ikev2-sa-ts-payloads-opt
Tero: Slide 3: The middle option is from ... option for IKE SA
doesn't really apply.
Wei Wanng: Did you have deployment in any operators network.
Wei Pan: As far as I know the base station has deployed this in
their 5G network.
Wei Wang: Very interested in this solution.
Chan Meiling: Used by low power systems. Support adoption.
Valery Symslov: Read it and support adoption.
Tero: After presentation, this I-D will be in WG adoption.
(Paul Ponchon)
draft-ponchon-ipsecme-anti-replay-subspaces
Scott Fluhrer: For the GCM nonce issue remember 32 bits are cming
from the KEX. Take the subspace from there then no collisions.
Ben Schwartz: This is one of the main problems while try to do this.
Would prefer pure statelesss solution. Prefers options #2. Also talked
abut trying to hash the source ID of the sender into the secret used for
deceryption and validation.
Daniel Migault: We do support this work and happy to work together.
Tero Kivinen (no hat): We already have 32 bit sending ID; it'ss
called SPIs. Multiple SAs is the solution for that. Mandatory to
generate sequence number, but checking replay protection window is not.
Not sure you are getting much help here.
Steffeb Klassert: Rough consensus shows we work on this. Let's do an
interim to address this!
Ben Schwarts: To respond to Tero, disabling replay protection seems
danngerous. (more back and forth I didn't catch)
Pierre Pfister: I think it's a concern of anti-replay. Serious
concerns about scaling.
(Daniel Migault)
Ran out of time:
(Daniel Migault)
Ran out of time: