Bakeoff Summary Jari Arkko, Ericsson Arne Dybdahl, SSH August 17 th, 2001

What’s New? What’s Tested? N x NAT traversal N x AES N x IPv6 Certificate management: SCEP, OCSP, CMP?... New Diffie-Hellman groups New implementations (cellphones, new vendors,...) Hybrid auth, xauth,... Hub-and-Spoke VPNs Multiple trusted roots, certificate chains, subordinate certs, PKCS #7

What Works Well? IPsec SHA1, 3DES IKE with preshared keys IKE with RSA signature certificates AES Rekey With established vendors, no problems in testing Fragmentation Basic IPv6 cases

Problem Areas 1(4) IPsec IPcomp –Some problems? Re-keying –A couple of problems IKE –AES key length attributes: phase 1 optional, phase mandatory! –Slow new D-H group calculations cause timeouts –Delete messages? –If xauth phase 1.5 fails, torn down phase 1? –If don't support all xauth attrs, turn down the whole thing? –Retranmission and long RTT problems in some people's IKE state machines

Problem Areas 2(4) Certificates –Many smaller problems –CR wars: when to send and what to include? –Also, is the whole chain sent or not? –Problems in certain fields, e.g. identity fqdn vs. ip-address –CR with null cert authority: send multiple certs, some implementations can't cope with this –Enrollment: SCEP RA/CA certificate chain - use of all cert; CA certificates might not have the key encipherment bit set –Correct ordering of relative distinguished name encodings – X.509 vs. LDAP –Not much testing of revokation –Certificate hierarchy and multiple CA troubles NAT Traversal –Packet fragmentation problems with ESP-UDP

Problem Areas 3(4) IPv6 –Certificates with IPv6 identities –Neighbour Discovery to work with IPsec –Missing combinations (v6 inside v4) –Many types of IPv6 addresses –Source address selection –Link local addresses –Fragmentation –Some IPv6 connectivity set-up problems Configuration problems –From "no" to "lots" Specification problems –Keepalives, how to solve? –Some interpretations on NAT traversal –AES key length proposals - send or not –Use of default lifetimes, if other type provided

Problem Areas 4(4) Implementation problems –Some: lifetimes, IKE, proposal numbers, too many unnecessary checks, CRL content formats Disjoint options problem –Not many people have AES –Not many people have larger D-H groups –Somebody wasn't able to turn PFS off –Different sets of id types (DN vs. ) –Clean vs. abrupt tunnel close –Not many support IPv6 –Address-only SPD –Some people require certs –Certificate encodings –3DES, SHA1, v4 are well supported

Registration, Bakeoff? Registration –Generally good feedback –Additional information had to be requested by some (how much power available etc) –Map to the site would have been useful General –Good feedback –Uphill walk from the hotel in the morning –Some didn't bring all equipment, used over network –Less people than last time –Where are the CA vendors? –Busy people, not much time to test –Good food –Some time zone problems with crews back home –Security guards?

Network OK? Website and network configuration –Generally good feedback –Wanted to see network/vendor/implementation information before event –Web site was a bit slow –Network problems at start? –Too many steps for adding machines, interfaces, etc. –We need a NAT –More realistic test environments: delay, drop, capacity, … –IPv6 worked great –IPv6 has other apps than ping6? –WLAN was great –Firewall would have been nice –Regular phones or more mobile phones –DNS set-up very useful

Future Bakeoffs? Yes! –Maybe more participants if in the U.S. –System for testing over the network? Test what? –Whatever gets implemented –Advanced certificate things: enrollment, ocsp,... –NAT traversal –IPv6 –DHCP –AES –Opportunistic encryption –Maybe "ipsec and pki" bakeoff to attract more CA vendors –New D-H groups –Son-of-IKE