This item does not have charter text yet, we do have text which
explains what the problem is, but I think it requires some
reformatting to fit as charter text.
The problem description is:
----------------------------------------------------------------------
IKEv2 is currently vulnerable to the two following privacy concerns:
1) It's not possible to run a server that obfuscates IKEv2/IPsec using
TLS.
Today thanks to RFC 8229 it is possible to run an IKEv2/IPsec
server on TCP port 443 with TLS. However if a government agent
tries to send an SA_INIT over that it will discover that this
server runs IKEv2/IPsec, and may blacklist it. We should add a
mechanism to IKEv2 that allows the server to only respond to
SA_INIT from known entities (e.g. that possess a shared secret).
2) The privacy of the initiator's identity in the presence of a man in
the middle attacker is not protected.
Today an attacker with full control of the network can receive the
IDi/IDr sent by the initiator in the first AUTH packet. We should
add a mechanism to IKEv2 that allows the initiator to only send
IDi/IDr to known entities (e.g. that possess a shared secret).
----------------------------------------------------------------------
Is this something that we should add to charter? Do people understand
the issue?
Note, that there are multiple ways of solving these issues, for
example the 2nd problem can also be solved by using pseudonyms, i.e.,
sending random one use ID payloads during the IKE_AUTH, and after the
peers have authenticated each other, they can do new exchange which
will change the pseudonyms for next use. I think the 2nd option should
be rewritten in bit more generic ways to allow that kind of option
too.
Send your comments and whether you support adding this to the charter
to the ipsec list in next two weeks.
--
[email protected]
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
