Re: Last call comments for draft-lepinski-dh-groups-01
Paul Hoffman <paul.hoffman@vpnc.org> Wed, 10 October 2007 14:23 UTC
Return-path: <ietf-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IfcT9-00041s-Nz; Wed, 10 Oct 2007 10:23:27 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IfcT7-0003ws-L3; Wed, 10 Oct 2007 10:23:25 -0400
Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IfcT2-0003Pl-GQ; Wed, 10 Oct 2007 10:23:25 -0400
Received: from [192.168.1.3] (pool-72-76-39-171.nwrknj.fios.verizon.net [72.76.39.171]) (authenticated bits=0) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l9AEMxj9006313 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 10 Oct 2007 07:23:01 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
Mime-Version: 1.0
Message-Id: <p06240800c3328f15570e@[10.20.30.249]>
In-Reply-To: <B356D8F434D20B40A8CEDAEC305A1F2404B0D8C5@esebe105.NOE.Nokia.com>
References: <B356D8F434D20B40A8CEDAEC305A1F2404B0D8C5@esebe105.NOE.Nokia.com>
Date: Wed, 10 Oct 2007 10:22:53 -0400
To: Pasi.Eronen@nokia.com, ietf@ietf.org, IPsec WG <ipsec@ietf.org>
From: Paul Hoffman <paul.hoffman@vpnc.org>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 52e1467c2184c31006318542db5614d5
Cc: kent@bbn.com, mlepinski@bbn.com
Subject: Re: Last call comments for draft-lepinski-dh-groups-01
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Errors-To: ietf-bounces@ietf.org
At 1:32 PM +0300 10/9/07, <Pasi.Eronen@nokia.com> wrote: >1) Section 1 says: > > "Sixteen additional groups subsequently have been defined and > assigned values by IANA for use with IKE (v1 and v2). All of > these additional groups are optional in the IKE context. Of > the twenty-one groups defined so far, eight are MODP groups > (exponentiation groups modulo a prime), ten are EC2N groups > (elliptic curve groups over GF[2^N]) and three are ECP groups > (elliptic curve groups over GF[P]). > >This is not totally correct. As of this writing, no EC2N groups >have been assigned values for use with IKEv2. Also, eight of the >ten EC2N groups for IKEv1 are not documented in any RFC. (And yes, >I'm aware of draft-ietf-ipsec-ike-ecc-groups -- but that hasn't >been approved yet, and requires changes before approval.) draft-lepinski-dh-groups needs to track draft-ietf-ipsec-ike-ecc-groups very carefully. If there is any mis-match, we will have interoperability problems in the future. >2) For IKEv1/IKEv2, the document should explicitly specify how >ECC points are converted to octet strings (for KE payloads >and resulting shared secret value). Currently, there are at >least three incompatible options (RFC 4753, RFC 2409, and >draft-ietf-ipsec-ike-ecc-groups-10 drafts). I'd suggest just >saying "the same way as in RFC 4753". This bodes really poorly for interoperability. draft-lepinski-dh-groups needs to be revised to specify one of the methods, and that needs to be discussed on the IPsec mailing list. I would not assume that implementers would prefer RFC 4753 over draft-ietf-ipsec-ike-ecc-groups. --Paul Hoffman, Director --VPN Consortium _______________________________________________ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
- Last call comments for draft-lepinski-dh-groups-01 Pasi.Eronen
- Re: Last call comments for draft-lepinski-dh-grou… Paul Hoffman
- RE: [IPsec] Re: Last call comments for draft-lepi… Pasi.Eronen
- Re: [IPsec] Re: Last call comments for draft-lepi… Chinh Nguyen