Re: [IPsec] Warren Kumari's No Objection on draft-ietf-ipsecme-ikev2-multiple-ke-10: (with COMMENT)
Paul Wouters <paul@nohats.ca> Wed, 30 November 2022 12:57 UTC
Return-Path: <paul@nohats.ca>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D494FC152709; Wed, 30 Nov 2022 04:57:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.092
X-Spam-Level:
X-Spam-Status: No, score=-2.092 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vQF00pmJwVOC; Wed, 30 Nov 2022 04:57:48 -0800 (PST)
Received: from mx.nohats.ca (mx.nohats.ca [IPv6:2a03:6000:1004:1::85]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9F5DFC1526FD; Wed, 30 Nov 2022 04:57:47 -0800 (PST)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 4NMfPh0Rksz37V; Wed, 30 Nov 2022 13:57:44 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1669813064; bh=jRzHJMXNbtbN5HEat+Tq5q1i1Cn2pRAyDxTykmtzeWY=; h=From:Subject:Date:References:Cc:In-Reply-To:To; b=Wmb1+nZR27Zmql8BMLl93wBE3RM9FrFOcLnW44iz2WWegpQqwGahtTsAmJEoBvCXV lB3zu1AkONGFPhLkN46yiEtlJPFNyeNsb+qcXX2c3ghH+yLrKCxOQFOxW3cU0l3SWY 9rrk8J/PJMtec1ba4DZpDFnAdN79gwzbVHjVZA5o=
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id Xo1AVpsmpjra; Wed, 30 Nov 2022 13:57:42 +0100 (CET)
Received: from bofh.nohats.ca (bofh.nohats.ca [193.110.157.194]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Wed, 30 Nov 2022 13:57:42 +0100 (CET)
Received: from smtpclient.apple (unknown [193.110.157.208]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by bofh.nohats.ca (Postfix) with ESMTPSA id BF1E6414F8E; Wed, 30 Nov 2022 07:57:41 -0500 (EST)
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
From: Paul Wouters <paul@nohats.ca>
Mime-Version: 1.0 (1.0)
Date: Wed, 30 Nov 2022 07:57:38 -0500
Message-Id: <A13C6E27-CCA4-4AD6-AA84-CFA726A96926@nohats.ca>
References: <155301d90496$32ab6880$98023980$@elvis.ru>
Cc: Warren Kumari <warren@kumari.net>, The IESG <iesg@ietf.org>, draft-ietf-ipsecme-ikev2-multiple-ke@ietf.org, ipsecme-chairs@ietf.org, ipsec@ietf.org, kivinen@iki.fi, gih@apnic.net
In-Reply-To: <155301d90496$32ab6880$98023980$@elvis.ru>
To: Valery Smyslov <svan@elvis.ru>
X-Mailer: iPhone Mail (19G82)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/-I0X1VbYBy65Q_eD_y3JXu74-cM>
Subject: Re: [IPsec] Warren Kumari's No Objection on draft-ietf-ipsecme-ikev2-multiple-ke-10: (with COMMENT)
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Nov 2022 12:57:52 -0000
It should really mention the new exchange it introduces in the abstract. Sent using a virtual keyboard on a phone > On Nov 30, 2022, at 03:32, Valery Smyslov <svan@elvis.ru> wrote: > > Hi Warren, > > thank you for your comments. Please see inline. > >> -----Original Message----- >> From: Warren Kumari via Datatracker [mailto:noreply@ietf.org] >> Sent: Wednesday, November 30, 2022 1:19 AM >> To: The IESG >> Cc: draft-ietf-ipsecme-ikev2-multiple-ke@ietf.org; ipsecme-chairs@ietf.org; ipsec@ietf.org; >> kivinen@iki.fi; kivinen@iki.fi; gih@apnic.net >> Subject: Warren Kumari's No Objection on draft-ietf-ipsecme-ikev2-multiple-ke-10: (with COMMENT) >> >> Warren Kumari has entered the following ballot position for >> draft-ietf-ipsecme-ikev2-multiple-ke-10: No Objection >> >> When responding, please keep the subject line intact and reply to all >> email addresses included in the To and CC lines. (Feel free to cut this >> introductory paragraph, however.) >> >> >> Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ >> for more information about how to handle DISCUSS and COMMENT positions. >> >> >> The document, along with other ballot positions, can be found here: >> https://datatracker.ietf.org/doc/draft-ietf-ipsecme-ikev2-multiple-ke/ >> >> >> >> ---------------------------------------------------------------------- >> COMMENT: >> ---------------------------------------------------------------------- >> >> Thank you for writing this document (and also making it easy for someone like >> me to understand :-)) Also thanks to Geoff Huston for his DNSDOR review >> (https://datatracker.ietf.org/doc/review-ietf-ipsecme-ikev2-multiple-ke-07-dnsdir-lc-huston-2022-10- >> 10/) >> >> I have a few non-blocking comments -- feel free to address them or not. >> >> I think that moving Section 2, Bullet 2 towards to top of the document would >> help the reader better understand why this document exists... > > Éric has suggested to put this or similar text to the Abstract, so it is now there. > The Abstract now is: > > This document describes how to extend the Internet Key Exchange Protocol > Version 2 (IKEv2) to allow multiple key exchanges to take place > while computing a shared secret during a Security Association (SA) setup. > > The primary application of this feature in IKEv2 is the ability to perform one or more > post-quantum key exchanges in conjunction with the classical (Elliptic Curve) Diffie-Hellman (EC)DH key exchange, > so that the resulting shared key is resistant against quantum computer attacks. > Since there is currently no post-quantum key exchange that is trusted at > the level that (EC)DH is trusted for against conventional (non-quantum) > adversaries, performing multiple key exchanges with different post-quantum algorithms along > with the well-established classical key exchange algorithms addresses this concern, since the > overall security is at least as strong as each individual primitive. > > Another possible application for this extension is the ability to combine several key exchanges > in situations when no single key exchange algorithm is trusted by both initiator and responder. > > This document updates RFC7296 by renaming a transform type 4 from "Diffie-Hellman Group (D-H)" > to "Key Exchange Method (KE)" and renaming a field in the Key Exchange Payload from "Diffie-Hellman Group Num" > to "Key Exchange Method". It also renames an IANA registry for this transform type > from "Transform Type 4 - Diffie-Hellman Group Transform IDs" to > "Transform Type 4 - Key Exchange Method Transform IDs". These changes generalize > key exchange algorithms that can be used in IKEv2. > > Is it OK? > >> 1: "While solving such a problem remains difficult with current >> computing power, it is believed that general purpose quantum >> computers will be able to solve this problem, implying that the >> security of IKEv2 is compromised." >> >> 'solving such a problem remains difficult with current computing power' implies >> that they *can* be solved with current computing power, while 'it is *believed* >> that general purpose quantum computers will be able to solve this problem' >> implies that quantum only *might* be able to solve them...this makes it sound >> like quantum machines are less of a concern than current ones :-). Perhaps >> 'general purpose quantum computers will *easily* be able to solve this >> problem'? Or 'solving such a problem is infeasible with current computing >> power'? (handwaving away trivial parameters) My suggestion isn't great, but >> hopefully I've managed to explain my concern? > > I see your point. I would use one of your suggestions, unless my co-authors disagree: > > While solving such > a problem remains infeasible with current computing power, it is > believed that general purpose quantum computers will be able to solve > this problem, implying that the security of IKEv2 is compromised. > > (I don't like "easily", since it's very subjective). > >> 2: Design Criteria - 3) Focus on post-quantum confidentiality. >> I understand what this is trying to say, but it feels very disjointed. I don't >> really have any suggested test to fix it, but just dropping the last sentence >> (or folding it into an earlier one) would make it much much easier to read. > > What if we rewrite this para a bit? > > Focus on post-quantum confidentiality. A passive attacker > can store all monitored encrypted IPsec communication today and decrypt it > once a quantum computer is available in the future. This attack can have serious > consequences that won't be visible for years to come. On the other hand, > an attacker can only perform active attacks such as impersonation of the > communicating peers once a quantum computer is available, > sometime in the future. Thus, this specification focuses on > confidentiality due to the urgency of this problem and > presents a defense against the serious attack described above, but > it does not address authentication since it is less urgent at this stage. > > Is it better now? > > The updated PR is available at: > https://github.com/post-quantum/ietf-pq-ikev2/pull/22 > > Regards, > Valery. >
- [IPsec] Warren Kumari's No Objection on draft-iet… Warren Kumari via Datatracker
- Re: [IPsec] Warren Kumari's No Objection on draft… Valery Smyslov
- Re: [IPsec] Warren Kumari's No Objection on draft… Paul Wouters
- Re: [IPsec] Warren Kumari's No Objection on draft… Warren Kumari