IETF Logo Mail Archive

Re: [Emu] EAP-GPSK: Ciphersuites

Hannes Tschofenig <Hannes.Tschofenig@gmx.net> Mon, 28 August 2006 19:41 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GHmzO-0003LU-Bh; Mon, 28 Aug 2006 15:41:42 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GHmzL-0003Ce-Me for emu@ietf.org; Mon, 28 Aug 2006 15:41:39 -0400
Received: from mail.gmx.net ([213.165.64.20]) by ietf-mx.ietf.org with smtp (Exim 4.43) id 1GHmpe-0003zG-Vr for emu@ietf.org; Mon, 28 Aug 2006 15:31:40 -0400
Received: (qmail invoked by alias); 28 Aug 2006 18:31:38 -0000
Received: from p54984D01.dip.t-dialin.net (EHLO [192.168.2.33]) [84.152.77.1] by mail.gmx.net (mp027) with SMTP; 28 Aug 2006 20:31:38 +0200
X-Authenticated: #29516787
Message-ID: <44F3368D.2020807@gmx.net>
Date: Mon, 28 Aug 2006 20:31:41 +0200
From: Hannes Tschofenig <Hannes.Tschofenig@gmx.net>
User-Agent: Thunderbird 1.5.0.5 (Windows/20060719)
MIME-Version: 1.0
To: "Joseph Salowey (jsalowey)" <jsalowey@cisco.com>
Subject: Re: [Emu] EAP-GPSK: Ciphersuites
References: <AC1CFD94F59A264488DC2BEC3E890DE50258040E@xmb-sjc-225.amer.cisco.com>
In-Reply-To: <AC1CFD94F59A264488DC2BEC3E890DE50258040E@xmb-sjc-225.amer.cisco.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Y-GMX-Trusted: 0
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 5d7a7e767f20255fce80fa0b77fb2433
Cc: emu@ietf.org
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/emu>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
Errors-To: emu-bounces@ietf.org

Hi Joe,

we might want to ask ourself why IKEv2 guys have chosen the indicated 
list of algorithms and why we decide to use different onces.

If we think that their list represents a problem we might want to 
convince them to submit an updated version of RFC 4307.

Ciao
Hannes

Joseph Salowey (jsalowey) schrieb:
> Is the proposal to make 3DES mandatory and AES optional? 
> It seems that we should be moving toward AES.  Since this is a new
> method it may be better to make AES mandatory and 3DES optional.    
> 
>> -----Original Message-----
>> From: Hannes Tschofenig [mailto:Hannes.Tschofenig@gmx.net] 
>> Sent: Tuesday, August 22, 2006 2:20 AM
>> To: M. Vanderveen
>> Cc: emu@ietf.org
>> Subject: Re: [Emu] EAP-GPSK: Ciphersuites
>>
>> Hi
>>
>> let us for a moment assume that RFC 4307 makes some 
>> reasonable algorithm choices (we are talking about IKEv2 
>> here). If we take the text and apply it to EAP-GPSK then we 
>> would produce something like:
>>
>> Conservative Choice:
>> -----------------------
>>
>> (Integrity)
>>        AUTH_HMAC_SHA1_96        2            [RFC2404]            MUST
>>
>> (Encryption)
>>        ENCR_3DES                3         [RFC2451]       MUST-
>>
>> (Key Derivation)
>>        PRF_HMAC_SHA1       2          [RFC2104]    MUST
>>
>> (Note that there is no MUST for encryption algorithms specified in RFC
>> 4307.)
>>
>>
>> Choice for the Future:
>> -----------------------
>>
>> (Encryption)
>>       ENCR_AES_CBC             12        [AES-CBC]       SHOULD+
>>
>> (Integrity)
>>       AUTH_AES_XCBC_96         5         [AES-MAC]       SHOULD+
>>
>> (Key Derivation)
>>        PRF_AES128_CBC      4          [AESPRF]     SHOULD+
>>
>> Does this sound like a terrible bad idea?
>>
>> Ciao
>> Hannes
>>
>> M. Vanderveen schrieb:
>>> Both are pretty popular. Why not list them both? As for 
>> which one to be 
>>> mandatory to implement, someone should to a search through 
>> other systems 
>>> (e.g. IEEE, IPSec) and see which one is most popular.
>>>
>>> */Hannes Tschofenig <Hannes.Tschofenig@gmx.net>/* wrote:
>>>
>>>     Hi all,
>>>
>>>     the current version of the document
>>>     
>> http://tools.ietf.org/wg/emu/draft-clancy-emu-eap-shared-secret-01.txt
>>>     still supports AES-EAX:
>>>
>>>     
>> +-----------+----+-------------+---------------+--------------------+
>>>     | CSuite/ | KS | Encryption | Integrity | Key Derivation |
>>>     | Specifier | | | | Function |
>>>     
>> +-----------+----+-------------+---------------+--------------------+
>>>     | 0x000001 | 16 | AES-EAX-128 | AES-CMAC-128 | GKDF-128 |
>>>     
>> +-----------+----+-------------+---------------+--------------------+
>>>     At the IETF#66 EMU meeting AES CCM was suggested.
>>>
>>>     Later, it got the impression that AES-CBC was more 
>> appreciated. Should
>>>     we update the draft with AES-CBC?
>>>
>>>     Ciao
>>>     Hannes
>>>
>>>
>>>     _______________________________________________
>>>     Emu mailing list
>>>     Emu@ietf.org
>>>     https://www1.ietf.org/mailman/listinfo/emu
>>>
>>>
>>>
>> --------------------------------------------------------------
>> ----------
>>> Do you Yahoo!?
>>> Get on board. You're invited 
>>>
>> <http://us.rd.yahoo.com/evt=40791/*http://advision.webevents.y
>> ahoo.com/handraisers> 
>>> to try the new Yahoo! Mail Beta.
>>
>> _______________________________________________
>> Emu mailing list
>> Emu@ietf.org
>> https://www1.ietf.org/mailman/listinfo/emu
>>
> 
> 


_______________________________________________
Emu mailing list
Emu@ietf.org
https://www1.ietf.org/mailman/listinfo/emu

v2.23.0 | Report a Bug | By Email