[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: divergent interpretations of IKE/IPsec - interop issues

To: Henry Spencer <henry@xxxxxxxxxxxxx>, silvere@xxxxxx
Subject: Re: divergent interpretations of IKE/IPsec - interop issues
From: Sami Vaarala <svaarala@xxxxxxxxx>
Date: Thu, 21 Mar 2002 14:35:12 -0800 (PST)
Cc: Michael Richardson <mcr@xxxxxxxxxxxxxxxxxxxxxx>, ipsec@xxxxxxxxxxxxxxxxx
In-reply-to: <>
Reply-to: silvere@xxxxxx
Sender: owner-ipsec@xxxxxxxxxxxxxxxxx

Henry,

--- Henry Spencer <henry@xxxxxxxxxxxxx> wrote:
>[...]
> Input would be welcome, especially detailed input -- saying "you ought to
> discuss X" is helpful, but it's much more helpful to say "X is a problem,
> the obvious solutions XA and XB don't work because of Y, but XC seems to
> work with everyone if you take precaution Z".  Some of this information is
> already present in places like mailing-list archives, but digging through
> them in search of such gems is impossibly time-consuming. 

I agree.

Here is some input off the top off my head.  If there is an effort
to write something down along these lines, I'll be happy to
contribute text.  (Most of these have already been discussed and I
might recall some of them wrong;  my apologies if this is the case.)


Don't use multiple SA payloads in QM
    - Most implementations don't support them.
    - Do them only if you know the other end supports them.

Don't use the commit bit in phase 1
    - It serves no purpose.

When you see a commit bit, start sending commit bit yourself
    - "sticky" commit
    - There were other opinions on this?

Never send redundant ID payloads in phase 2
    - Especially, don't send them in transport mode;  some implementations
      choke.

Always send the simplest matching ID payload in phase 2
    - Don't send a range or a mask if you have a single address;  some
      implementations choke.
    - Maybe it should be specified that you should always send ID
      payloads when negotiating tunnel mode?  If so, the previous
      issue should be changed to "never send ID payloads in phase 2
      when doing transport".

Use nonce size X, because Y.
    - There was some rationale on the list already on this.

The text in RFCs about cookies is misleading.  Just choose them
randomly, that is OK.
    - There is no statelessness in IKEv1, and no need to spend
      cycles in anything more complicated than just picking them
      randomly.

The IKEv1 retransmission algorithm
    - Including the "grace time" after completion of the exchange,
      during which you will retransmit the last message if receive dups.
    - Values for the various counters

The order of ESP and AH in the proposal
    - Don't trust the order; although there is an order, it is actually
      a set of proposals.
    - Always send in order XYZ  (I prefer ESP followed by AH, some
      otherwise).
    - The semantic is always the same (ESP inside AH)
    - If IPcomp involved, IPcomp, ESP, AH.

The use of tunnel vs. transport mode attribute
    - If you receive at least one tunnel mode attribute in the entire
      SA payload, assume it's a tunnel mode negotiation;  otherwise
      transport.
    - But always send the tunnel mode attributes as you are supposed to.
      (But what are you supposed to do?  Send IP AH ESP IP data as
      ESP tunnel, AH tunnel?  ESP tunnel, AH transport?  I don't care,
      as long as there is one way that is written down somewhere :)

You cannot mix tunnel and transport mode in phase 2
    - Even though the syntax allows this, it doesn't make sense.
      Don't do it.

Better advice on attribute encoding
    - Earlier, some implementations choked on attribute length 3,
      for instance.
    - Always send attributes using short encoding if possible.
    - Otherwise send using four bytes if possible.
    - Do not send larger than four byte attributes if at all possible.

Tero and others have given good text about use of cert/cert req
payloads on the list in the past.

I would personally like to see pseudocode of how to handle the SA
payloads.  In particular:
   - How to generate phase 1 SA offer
   - How to respond to one
   - How to check that the response is actually a subset of the offer
   - How to generate phase 2 SA offset
   - How to respond to one
   - How to check that the response is actually a subset of the offer

I would also like to see the relevant IPsec scenarios and packets
corresponding to them spelled out.  I.e., setting up tunnel mode ESP+AH,
what the payloads should look like.  That would clear up a number of
uncertainties.

-Sami


__________________________________________________
Do You Yahoo!?
Yahoo! Movies - coverage of the 74th Academy Awards®
http://movies.yahoo.com/

Follow-Ups:
- Re: divergent interpretations of IKE/IPsec - interop issues
  - From: Markku Savela

References:
- Re: divergent interpretations of IKE/IPsec - interop issues
  - From: Henry Spencer

Prev by Date: Re: divergent interpretations of IKE/IPsec - interop issues
Next by Date: RE: Don't remove TS from IKEv2
Previous by thread: Re: divergent interpretations of IKE/IPsec - interop issues
Next by thread: Re: divergent interpretations of IKE/IPsec - interop issues
Index(es):
- Date
- Thread