IETF Logo Mail Archive

Re: [IPsec] I-D on Using the ECC Brainpool Curves for IKEv2 Key Exchange

Johannes Merkle <johannes.merkle@secunet.com> Thu, 08 November 2012 08:27 UTC

Return-Path: <Johannes.Merkle@secunet.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4758521F86C1 for <ipsec@ietfa.amsl.com>; Thu, 8 Nov 2012 00:27:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VzsHHjh39Z+N for <ipsec@ietfa.amsl.com>; Thu, 8 Nov 2012 00:26:59 -0800 (PST)
Received: from a.mx.secunet.com (a.mx.secunet.com [195.81.216.161]) by ietfa.amsl.com (Postfix) with ESMTP id 4733121F84DC for <ipsec@ietf.org>; Thu, 8 Nov 2012 00:26:58 -0800 (PST)
Received: from localhost (alg1 [127.0.0.1]) by a.mx.secunet.com (Postfix) with ESMTP id EC83D1A007E; Thu, 8 Nov 2012 09:26:56 +0100 (CET)
X-Virus-Scanned: by secunet
Received: from mail-srv1.secumail.de (unknown [10.53.40.200]) by a.mx.secunet.com (Postfix) with ESMTP id 185051A0066; Thu, 8 Nov 2012 09:26:52 +0100 (CET)
Received: from [172.16.48.110] ([172.16.48.110]) by mail-srv1.secumail.de with Microsoft SMTPSVC(6.0.3790.4675); Thu, 8 Nov 2012 09:26:51 +0100
Message-ID: <509B6CC5.90407@secunet.com>
Date: Thu, 08 Nov 2012 09:26:45 +0100
From: Johannes Merkle <johannes.merkle@secunet.com>
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:16.0) Gecko/20121026 Thunderbird/16.0.2
MIME-Version: 1.0
To: Tero Kivinen <kivinen@iki.fi>
References: <747787E65E3FBD4E93F0EB2F14DB556B0F507F6B@xmb-rcd-x04.cisco.com> <509AA6B9.9040309@secunet.com> <20634.45743.909055.939291@fireball.kivinen.iki.fi>
In-Reply-To: <20634.45743.909055.939291@fireball.kivinen.iki.fi>
X-Enigmail-Version: 1.4.5
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 08 Nov 2012 08:26:51.0941 (UTC) FILETIME=[CDCB6D50:01CDBD8A]
Cc: IPsecme WG <ipsec@ietf.org>, Manfred Lochter <Manfred.Lochter@bsi.bund.de>, "David McGrew (mcgrew)" <mcgrew@cisco.com>, "rfc-ise@rfc-editor.org" <rfc-ise@rfc-editor.org>
Subject: Re: [IPsec] I-D on Using the ECC Brainpool Curves for IKEv2 Key Exchange
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Nov 2012 08:27:00 -0000

Hi Tero,

> Every single option adds complexity, so I do not think we should add
> more optional things. 

Point compression is not the focus of our draft. Given the opposition it is facing here, I suggest to wait for further
replies and if point compression turns out to be objected by the majority on this list, I will not insist on this feature.
BTW: In an earlier thread Dan Haskins has already indicated his preference to leave point compression out.

> 
> Not sending the CERT, but replacing it with hash and url offers much
> bigger savings, and people are not even doing that.
You can not be sure that this option isn't used is some constrained environments.

Just a note: the relative saving of point compression is larger when sending hash + URL instead of the CERT.

> 
> Note, that negotiating the use of point compression without retry or
> not would waste more bytes then the point compression saves... The KE
> payload is in the first packet, which means that to be able to
> negotiate it beforehand would require one extra roundtrip. The IKEv2
> headers + notify payloads etc would be 2 * (28 + 8 bytes) = 72 bytes
> which is already quite big EC key Y part... 

What I had in mind are constraint environments where using bandwidth saving techniques like point compression can be
assumed to be the default.


> If I remember right the reason IKEv2 does not use point compression
> for the current groups was that there was some IPR. Is that issue
> already been cleared?

The the patent expires in 2014.
http://cr.yp.to/patents/us/6141420.html

-- 
Johannes

v2.23.0 | Report a Bug | By Email