[Swan-dev] VID and IKE v2

Paul Wouters paul at nohats.ca
Sat Oct 4 03:34:09 EEST 2014


On Fri, 3 Oct 2014, Matt Rogers wrote:

> On October 3, 2014 7:25:17 PM EDT, Paul Wouters <paul at nohats.ca> wrote:
>> On Fri, 3 Oct 2014, D. Hugh Redelmeier wrote:
>
>> fragmentation will be done differently in ikev2 unfortunately, using:
>>
>> https://tools.ietf.org/html/draft-ietf-ipsecme-ikev2-fragmentation-10
>>
>> Although nothing stops us from adding a Notify type that would mean
>> support for "ikev1 style" fragmentation (as the method is completely
>> agnostic to the IKE version)
>>
>
> What would be the benefit of that? Just a preference or interoperability?

At this point, there isn't any point I guess. It means we need to
implement the IKEv2 fragmentation though, which means storing the
unencrypted packet, and when we want to retransmit, we need to cut it
in pieces, encrypt it, store the encrypted bits (for retransmitting our
retransmit) and send the fragments out.

On the receiver end, you take in the encrypted fragments, decrypt them
and store them. If you miss any or any fail to decrypt, you wait for a
new fragment with the same fragment id. This means attackers cannot fool
you into re-assembling nonsense. (but they can do so many other things
if they can send you packets). Once you have all decryptabed pieces, you
stitch it as one packet and process it as normal.

Paul


More information about the Swan-dev mailing list