IETF Logo Mail Archive

Re: [IPsec] Proposed method to achieve quantum resistant IKEv2

"Scott Fluhrer (sfluhrer)" <sfluhrer@cisco.com> Mon, 14 August 2017 13:47 UTC

Return-Path: <sfluhrer@cisco.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 65D741321EC for <ipsec@ietfa.amsl.com>; Mon, 14 Aug 2017 06:47:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.521
X-Spam-Level:
X-Spam-Status: No, score=-14.521 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sADY3oGq5osP for <ipsec@ietfa.amsl.com>; Mon, 14 Aug 2017 06:47:15 -0700 (PDT)
Received: from rcdn-iport-4.cisco.com (rcdn-iport-4.cisco.com [173.37.86.75]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 711571320C9 for <ipsec@ietf.org>; Mon, 14 Aug 2017 06:47:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2011; q=dns/txt; s=iport; t=1502718435; x=1503928035; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=3Mu2QVmYRZ9G2PEbvD3sQGkmHS0dNzQhY95NQW/voOU=; b=b3n6aeWZLbNQPmfoJFG//3G9MvKZiYwOQ/jYbpKF9WwmftlPqH/lDR6W c+bIsZYFHZQWuZ57aWtYYiaPzU2vnXupFecLJZbnWhgORHZXVb7wZkBHj PBTz4dEenNhQ9g0Z+uturbcUCk9xQqo3HRNB5p/QfSaAbCJXhqWAETqjo M=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0CaAABfqZFZ/4ENJK1dGQEBAQEBAQEBAQEBBwEBAQEBg1pkgRQHjgqQDoFulhiCEiELhRsChHM/GAECAQEBAQEBAWsohRgBAQEBAwEBODQLDAQCAQgRBAEBHwkHJwsUCQgCBAENBQiKJxCuYYtfAQEBAQEBAQEBAQEBAQEBAQEBAQEBGAWDKIICgUyBY4MnimcFoDEClDGSXpYUAR84gQp3FUmHGnaJPoEPAQEB
X-IronPort-AV: E=Sophos;i="5.41,373,1498521600"; d="scan'208";a="282411457"
Received: from alln-core-9.cisco.com ([173.36.13.129]) by rcdn-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 14 Aug 2017 13:47:14 +0000
Received: from XCH-RTP-007.cisco.com (xch-rtp-007.cisco.com [64.101.220.147]) by alln-core-9.cisco.com (8.14.5/8.14.5) with ESMTP id v7EDlDBF022673 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 14 Aug 2017 13:47:14 GMT
Received: from xch-rtp-006.cisco.com (64.101.220.146) by XCH-RTP-007.cisco.com (64.101.220.147) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Mon, 14 Aug 2017 09:47:13 -0400
Received: from xch-rtp-006.cisco.com ([64.101.220.146]) by XCH-RTP-006.cisco.com ([64.101.220.146]) with mapi id 15.00.1210.000; Mon, 14 Aug 2017 09:47:13 -0400
From: "Scott Fluhrer (sfluhrer)" <sfluhrer@cisco.com>
To: Tero Kivinen <kivinen@iki.fi>, Michael Richardson <mcr+ietf@sandelman.ca>
CC: "ipsec@ietf.org" <ipsec@ietf.org>, Daniel Van Geest <Daniel.VanGeest@isara.com>, "Graham Bartlett (grbartle)" <grbartle@cisco.com>
Thread-Topic: [IPsec] Proposed method to achieve quantum resistant IKEv2
Thread-Index: AQHTDE+mPH5PNqQgTkK9LOvm4SvL2qJ8WOuAgABHkQCAB4XqgP//xTrQ
Date: Mon, 14 Aug 2017 13:47:13 +0000
Message-ID: <6c1b52eb9c734cd2a9fdf6256f30aefd@XCH-RTP-006.cisco.com>
References: <BBEB2C9C-9B96-4C6C-BB9B-4415F096FAE1@cisco.com> <B991A75E-0473-428E-95B8-39491D0EB098@isaracorp.com> <10412.1502302334@obiwan.sandelman.ca> <22929.40977.702012.485140@fireball.acr.fi>
In-Reply-To: <22929.40977.702012.485140@fireball.acr.fi>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.150.34.195]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/1los71pCPisMY82i2Yd1iaNao4s>
Subject: Re: [IPsec] Proposed method to achieve quantum resistant IKEv2
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Aug 2017 13:47:17 -0000


> -----Original Message-----
> From: IPsec [mailto:ipsec-bounces@ietf.org] On Behalf Of Tero Kivinen
> Sent: Monday, August 14, 2017 9:05 AM
> To: Michael Richardson
> Cc: ipsec@ietf.org; Daniel Van Geest; Graham Bartlett (grbartle)
> Subject: Re: [IPsec] Proposed method to achieve quantum resistant IKEv2
> 
> Michael Richardson writes:
> > I don't think we need to do this.
> > I think that unknown transform types will be ignored by compliant
> > implementations.
> 
> Nope. It will ignore unknown transform IDs for each known transform type,
> but it MUST understand each transform type, and if it does not understand it
> cannot pick one value for it, thus it must ignore the whole proposal, and try
> to use other proposals which might work better.

Actually, where in RFC5996 (or 4301) does it say that it must go on to the next proposal , rather than (say) silently rejecting the entire negotiation?  I searched through the text, and cannot find a MUST (or even a SHOULD) statement...

And, in the 11+ years since IKEv2 has been defined, we haven't added a single transform type.  I would suspect that most implementations have never tested out the scenario where they've seen an unexpected transform type (but which is followed by another proposal which is acceptable).  How certain are we that implementations will process the request as we hope?

After all, a large point of this exercise is backwards compability; if a QR IKEv2 initiator tries to talk to a nonupgraded IKEv2 responder, it works as we expect (that is, depends on the initiator's security policy, they either downgrade to a non-QR key exchange, or they abort the exchange as they had no mutually acceptable policy).  Hence, the actual behavior of real nonupgraded responders is important.


> --
> kivinen@iki.fi
> 
> _______________________________________________
> IPsec mailing list
> IPsec@ietf.org
> https://www.ietf.org/mailman/listinfo/ipsec

v2.23.0 | Report a Bug | By Email