Ben,
Thanks for the comments.
Please see inline [VC].
-Violeta
-----Original Message-----
From: Ben Campbell [mailto:ben(_at_)nostrum(_dot_)com]
Sent: Friday, June 03, 2011 4:10 PM
To:
draft-ietf-dime-ikev2-psk-diameter(_dot_)all(_at_)tools(_dot_)ietf(_dot_)org;
gen-art(_at_)ietf(_dot_)org Review Team
Cc: The IETF
Subject: Gen-ART LC review of draft-ietf-dime-ikev2-psk-diameter-07
I am the assigned Gen-ART reviewer for this draft. For background on Gen-ART,
please see the FAQ at <http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>.
Please resolve these comments along with any other Last Call comments you may
receive.
Document: draft-ietf-dime-ikev2-psk-diameter-07
Reviewer: Ben Campbell
Review Date: 2011-06-03
IETF LC End Date: 2011-06-03
Summary:
This draft is almost ready for publication as a proposed standard. I have a
question concerning the procedure for generating PSKs, and a number of minor
and editorial comments.
Major issues:
The draft says that the procedure that the HAAA follows to generate the PSK is
out of scope. But doesn't the IKE2 initiator need to understand the procedure?
If the procedure is not defined somewhere, how you achieve any degree of
interoperability?
[VC] Indeed the IKEv2 initiator needs to understand the procedure. However,
this draft focuses on IKEv2 server, as a Diameter client, to the Diameter
server communication for IKEv2 with pre-shared key based authentication, and
specifies Diameter application for this communication. It is left to
specifications that make use of this Diameter application to specify where the
PSK comes from and how it is generated. There are two 3GPP2 specs that make use
of this Diameter application and both of those specs specify generation of the
PSK. Statements to clarify this are added in v8.
Minor issues:
-- section 4.1, 1st paragraph:"The IDi payload extracted from the IKE_AUTH
message MUST contain an identity that is meaningful for the Diameter
infrastructure, such as a Network Access Identifier (NAI), since it is used by
the IKEv2 Server to populate the User-Name AVP in the Diameter message. "
Do you mean that as a normative MUST, or a statement of fact? If normative,
isn't that a requirement on the initiator?
[VC] Good point. It is changed to statement of fact in v8.
-- section 10:
The security considerations should describe the threat models. We're talking
about requesting an authentication key from a third party, which is tricky from
a security perspective. Does the PSK have greater security concerns than for
Diameter AVPs in general? In particular, what are the consequences if the PSK
is disclosed or tampered with?
[VC] If the PSK is disclosed to an adversary then it would present a security
breach. Hence we recommend that the PSK be short-lived. As well,
the assumption is that the IKEv2 Server and the Diameter Server where the PSK
is generated are in a trusted relationship. They may be in the same
Administrative domain (typical case) or third party but nevertheless there is a
trust relationship between them. As such we assume that there is an
appropriate security mechanism to protect the communication between these
servers. For example the IKEV2 Server and the Diameter server would be
deployed in the same secure network or would utilize transport layer security
as specified by Diameter 3588 specification. We added statements in v8 to
reflect this.
-- section 10, 1st paragraph: "Furthermore, any agents that process
IKEv2-PSK-Answer messages can see the contents of the Key AVP. For this reason,
this specification strongly recommends avoiding Diameter agents when they
cannot be trusted to keep the keys secret."
Should that be normative? Is there no way to protect the PSK AVP from diameter
agents? E.g. can it be encrypted?
[VC] It is hard to use normative text here as this application can be used for
many uses cases. Depending on the use case it may be possible to encrypt the
PSK, however it is not possible to make it a requirement.
-- section 10, 2nd paragraph: "this specification also recommends the use of
nonces included in IKEv2-PSK-Request."
Actually, the spec requires it using a normative SHALL.
[VC] In v8 it is aligned as 'recommended' throughout the document.
Nits/editorial comments:
-- IDNits reports an out-of-date reference
[VC] I missed this one in v8. This will be fixed in v9.
-- Section 1, general:
It's probably worth elaborating that we are talking about a PSK used during the
IKEv2 authentication process, which is distinct from any shared secrets
negotiated by IKE for use in the resulting SA.
[VC] In v8 there are statements clarifying that it is a PSK used for IKEv2
authentication.
-- Section 1, paragraph 1, 1st sentence:
The use, and lack of, commas in this sentence is confusing. It's easy to parse
as saying IKE2 is a protocol and a set of algorithms, when I think you meant to
say that the resulting SA has a set of algorithms along with the shared secret.
[VC] Changed in v8 to 'The Internet Key Exchange version 2 (IKEv2) protocol
[RFC5996] is
used to mutually authenticate two parities and to establish a
security association (SA) that can be used to efficiently secure the
communication between the IKEv2 Peer and Server, for example, using
Encapsulating Security Payload (ESP) [RFC4303] and/or Authentication
Header (AH) [RFC4302].'
-- section 4.1, 2nd paragraph: "message is routed to the IKEv2 Peer's HAAA."
What routes it? ( be careful not to let passive voice obscure responsibilities)
[VC] Changed in v8 to 'The IKEv2 Server sends the IKEv2-PSK-Request message to
the IKEv2
Peer's HAAA.'
-- section 4.2, paragraph 1: "The HAAA may maintain state or may be stateless"
What kind of state? I assume from the following sentences you mean Diameter
session state, but it should be explicit.
[VC] Changed in v8 to 'The HAAA may maintain Diameter session state or may be
stateless.'
-- "indicated by presence or absence of the Auth-Session-State AVP."
In what message(s)?
[VC] This is clarified by adding that it is the Answer message.
-- section 4.2, paragraph 2:
This sentence is long and hard to parse. Can it be broken up?
[VC] Based on some other comments this sentence is removed.
-- section 5.1, last paragraph: "SHALL be used to identify the appropriate PSK."
Shall be used by what? (passive voice obscures responsibility)
[VC] Changed in v8 to 'If
included, it contains the Security Parameter Index (SPI) that HAAA
SHALL use to identify the appropriate PSK.'
-- 5.2, last paragraph: "associated key SHALL NOT be used if the lifetime has
expired."
SHALL NOT be used by what?
[VC] In v8 changed to: 'The Key-Lifetime AVP may be
included and if it is included then the associated key SHALL NOT be
used by the receiver of the answer if the lifetime has expired.'
-- section 8, first paragraph: "whether the AVP MAY be encrypted."
I don't see anything about encryption in the table.
[VC] The text referring to encryption is deleted.
-- section 8, AVP table:
Are all the Key* AVPs intended to have the same code? I assume not, but mixing
in TBD with the various TBD* placeholders is confusing.
[VC] These AVPs are being defined in another ietf draft that has not been
published yet. There is Note 1 clarifying it.
-- section 9:
Consider a note to the RFC editor to change all occurances of TBD(x) with the
IANA assignment throughout the entire document. Since these are scattered
throughout the doc, the intent may not be obvious to them.
[VC] We will do that.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf