Re: [Emu] EAP-GPSK: Ciphersuites
David McGrew <mcgrew@cisco.com> Mon, 28 August 2006 19:07 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GHmSa-0005Oq-FN; Mon, 28 Aug 2006 15:07:48 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GHmSY-0005Og-Ni for emu@ietf.org; Mon, 28 Aug 2006 15:07:46 -0400
Received: from sj-iport-2-in.cisco.com ([171.71.176.71] helo=sj-iport-2.cisco.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GHmSX-0001Wu-4Q for emu@ietf.org; Mon, 28 Aug 2006 15:07:46 -0400
Received: from sj-dkim-3.cisco.com ([171.71.179.195]) by sj-iport-2.cisco.com with ESMTP; 28 Aug 2006 12:07:45 -0700
X-IronPort-AV: i="4.08,176,1154934000"; d="scan'208"; a="338505454:sNHT34723764"
Received: from sj-core-1.cisco.com (sj-core-1.cisco.com [171.71.177.237]) by sj-dkim-3.cisco.com (8.12.11.20060308/8.12.11) with ESMTP id k7SJ7iIB022501; Mon, 28 Aug 2006 12:07:44 -0700
Received: from xbh-sjc-211.amer.cisco.com (xbh-sjc-211.cisco.com [171.70.151.144]) by sj-core-1.cisco.com (8.12.10/8.12.6) with ESMTP id k7SJ7iQV010276; Mon, 28 Aug 2006 12:07:44 -0700 (PDT)
Received: from xfe-sjc-212.amer.cisco.com ([171.70.151.187]) by xbh-sjc-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 28 Aug 2006 12:07:44 -0700
Received: from [192.168.1.100] ([10.32.254.211]) by xfe-sjc-212.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 28 Aug 2006 12:07:43 -0700
In-Reply-To: <44F3394C.4080703@gmx.net>
References: <AC1CFD94F59A264488DC2BEC3E890DE50258040E@xmb-sjc-225.amer.cisco.com> <4A985FCF-ED5D-4EB5-B034-162EE1CBF1A0@cisco.com> <44F3394C.4080703@gmx.net>
Mime-Version: 1.0 (Apple Message framework v752.2)
Content-Type: text/plain; charset="US-ASCII"; delsp="yes"; format="flowed"
Message-Id: <8D8204B0-64C0-4EDD-A5FE-4D63202881CC@cisco.com>
Content-Transfer-Encoding: 7bit
From: David McGrew <mcgrew@cisco.com>
Subject: Re: [Emu] EAP-GPSK: Ciphersuites
Date: Mon, 28 Aug 2006 12:07:41 -0700
To: Hannes Tschofenig <Hannes.Tschofenig@gmx.net>
X-Mailer: Apple Mail (2.752.2)
X-OriginalArrivalTime: 28 Aug 2006 19:07:44.0032 (UTC) FILETIME=[3DCCE200:01C6CAD5]
DKIM-Signature: a=rsa-sha1; q=dns; l=5021; t=1156792064; x=1157656064; c=relaxed/simple; s=sjdkim3002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=mcgrew@cisco.com; z=From:David=20McGrew=20<mcgrew@cisco.com> |Subject:Re=3A=20[Emu]=20EAP-GPSK=3A=20Ciphersuites; X=v=3Dcisco.com=3B=20h=3DbVIcIhSDmSaT1Cxpa00uf1jA/Fc=3D; b=n7o49uQDAKycfklFTWvrb/bGNdv0nomUC/5N6mCL7qPVJdeBZRhfT5Oo7PmZVHFdue9zxvlR h923YsoRYEF15Og/+4baQyjmH3KJ9NJq5a6nh8rT26ceMOQm2X7R9lXY;
Authentication-Results: sj-dkim-3.cisco.com; header.From=mcgrew@cisco.com; dkim=pass ( sig from cisco.com verified; );
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 6ba8aaf827dcb437101951262f69b3de
Cc: emu@ietf.org
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/emu>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
Errors-To: emu-bounces@ietf.org
Hi Hannes, On Aug 28, 2006, at 11:43 AM, Hannes Tschofenig wrote: > Hi David, > > thanks for your feedback. > > If I read through it I get the impression that the IKEv2 selected > algorithms (as defined in RFC 4307) would not be allowed to go > forward. I wonder whether we put the bar a bit high here. > > One might even get the impression that nobody read RFC 4307 before > it was published. > I think that it comes down to unfortunate timing. XCBC was proposed to NIST but not adopted by them when it got picked up by IKEv2; afterwards, XCBC got improved into OMAC. I believe that IKEv2 re- used HMAC as a KDF out of a desire for compatibility with IKEv1. NIST SP 800-56 Sec. 5.3 mandates a hash-based KDF; NIST has made an exception for IKE and TLS, allowing their use in FIPS-140 certified crypto modules, but AFAICT this exception is specific to those protocols, and would not apply to GPSK. (I would be happy to be wrong on this point. If it is important, then let's ask the NIST crypto folks.) David > Ciao > Hannes > > David McGrew schrieb: >> Hi Hannes, >> a few comments inline: >>> -----Original Message----- >>> From: Hannes Tschofenig [mailto:Hannes.Tschofenig@gmx.net] >>> Sent: Tuesday, August 22, 2006 2:20 AM >>> To: M. Vanderveen >>> Cc: emu@ietf.org >>> Subject: Re: [Emu] EAP-GPSK: Ciphersuites >>> >>> Hi >>> >>> let us for a moment assume that RFC 4307 makes some >>> reasonable algorithm choices (we are talking about IKEv2 >>> here). If we take the text and apply it to EAP-GPSK then we >>> would produce something like: >>> >>> Conservative Choice: >>> ----------------------- >>> >>> (Integrity) >>> AUTH_HMAC_SHA1_96 2 [RFC2404] >>> MUST >>> >>> (Encryption) >>> ENCR_3DES 3 [RFC2451] MUST- >> I agree with Joe that AES is preferable to 3DES, barring some >> strong legacy considerations. >>> >>> (Key Derivation) >>> PRF_HMAC_SHA1 2 [RFC2104] MUST >> If it is a goal to conform to FIPS-140-2, that goal will probably >> drive the key derivation function choice in the direction of >> http://www.ietf.org/internet-drafts/draft-dang-nistkdf-01.txt. >> (I like HMAC as a KDF, but I am not confident that it is going to >> be approved for that purpose within FIPS-140-2.) >>> >>> (Note that there is no MUST for encryption algorithms specified >>> in RFC >>> 4307.) >>> >>> >>> Choice for the Future: >>> ----------------------- >>> >>> (Encryption) >>> ENCR_AES_CBC 12 [AES-CBC] SHOULD+ >>> >>> (Integrity) >>> AUTH_AES_XCBC_96 5 [AES-MAC] SHOULD+ >> OMAC is a better choice than XCBC, since it is FIPS-140 approved, >> and has some minor advantages (it's a refinement of XCBC that is >> unfortunately not backwards compatible with it). >>> >>> (Key Derivation) >>> PRF_AES128_CBC 4 [AESPRF] SHOULD+ >>> >> Same KDF considerations as above. >> David >>> Does this sound like a terrible bad idea? >>> >>> Ciao >>> Hannes >>> >>> M. Vanderveen schrieb: >>>> Both are pretty popular. Why not list them both? As for >>> which one to be >>>> mandatory to implement, someone should to a search through >>> other systems >>>> (e.g. IEEE, IPSec) and see which one is most popular. >>>> >>>> */Hannes Tschofenig <Hannes.Tschofenig@gmx.net>/* wrote: >>>> >>>> Hi all, >>>> >>>> the current version of the document >>>> >>> http://tools.ietf.org/wg/emu/draft-clancy-emu-eap-shared- >>> secret-01.txt >>>> still supports AES-EAX: >>>> >>>> >>> +-----------+----+-------------+--------------- >>> +--------------------+ >>>> | CSuite/ | KS | Encryption | Integrity | Key Derivation | >>>> | Specifier | | | | Function | >>>> >>> +-----------+----+-------------+--------------- >>> +--------------------+ >>>> | 0x000001 | 16 | AES-EAX-128 | AES-CMAC-128 | GKDF-128 | >>>> >>> +-----------+----+-------------+--------------- >>> +--------------------+ >>>> >>>> At the IETF#66 EMU meeting AES CCM was suggested. >>>> >>>> Later, it got the impression that AES-CBC was more >>> appreciated. Should >>>> we update the draft with AES-CBC? >>>> >>>> Ciao >>>> Hannes >>>> >>>> >>>> _______________________________________________ >>>> Emu mailing list >>>> Emu@ietf.org >>>> https://www1.ietf.org/mailman/listinfo/emu >>>> >>>> >>>> >>> -------------------------------------------------------------- >>> ---------- >>>> Do you Yahoo!? >>>> Get on board. You're invited >>>> >>> <http://us.rd.yahoo.com/evt=40791/*http://advision.webevents.y >>> ahoo.com/handraisers> >>>> to try the new Yahoo! Mail Beta. >>> >>> >>> _______________________________________________ >>> Emu mailing list >>> Emu@ietf.org >>> https://www1.ietf.org/mailman/listinfo/emu >>> _______________________________________________ Emu mailing list Emu@ietf.org https://www1.ietf.org/mailman/listinfo/emu
- [Emu] EAP-GPSK: Ciphersuites Hannes Tschofenig
- Re: [Emu] EAP-GPSK: Ciphersuites Lakshminath Dondeti
- Re: [Emu] EAP-GPSK: Ciphersuites M. Vanderveen
- Re: [Emu] EAP-GPSK: Ciphersuites Hannes Tschofenig
- Re: [Emu] EAP-GPSK: Ciphersuites Hannes Tschofenig
- Re: [Emu] EAP-GPSK: Ciphersuites Lakshminath Dondeti
- Re: [Emu] EAP-GPSK: Ciphersuites Charles Clancy
- AW: [Emu] EAP-GPSK: Ciphersuites Tschofenig, Hannes
- Re: [Emu] EAP-GPSK: Ciphersuites Bernard Aboba
- RE: [Emu] EAP-GPSK: Ciphersuites Ray Bell
- Re: [Emu] EAP-GPSK: Ciphersuites Hannes Tschofenig
- [Emu] RFC 2716bis update Bernard Aboba
- RE: [Emu] EAP-GPSK: Ciphersuites Joseph Salowey (jsalowey)
- Re: [Emu] EAP-GPSK: Ciphersuites David McGrew
- RE: [Emu] EAP-GPSK: Ciphersuites Joseph Salowey (jsalowey)
- Re: [Emu] EAP-GPSK: Ciphersuites Hannes Tschofenig
- Re: [Emu] EAP-GPSK: Ciphersuites Hannes Tschofenig
- RE: [Emu] EAP-GPSK: Ciphersuites Joseph Salowey (jsalowey)
- RE: [Emu] EAP-GPSK: Ciphersuites Joseph Salowey (jsalowey)
- Re: [Emu] EAP-GPSK: Ciphersuites Hannes Tschofenig
- Re: [Emu] EAP-GPSK: Ciphersuites David McGrew
- Re: [Emu] EAP-GPSK: Ciphersuites David McGrew
- Re: [Emu] EAP-GPSK: Ciphersuites Hannes Tschofenig
- RE: [Emu] EAP-GPSK: Ciphersuites Joseph Salowey (jsalowey)
- Re: [Emu] EAP-GPSK: Ciphersuites Charles Clancy
- RE: [Emu] EAP-GPSK: Ciphersuites Lakshminath Dondeti
- RE: [Emu] EAP-GPSK: Ciphersuites Joseph Salowey (jsalowey)
- Re: [Emu] EAP-GPSK: Ciphersuites David McGrew