Re: [IPsec] Warren Kumari's No Objection on draft-ietf-ipsecme-ikev2-multiple-ke-10: (with COMMENT)
Valery Smyslov <svan@elvis.ru> Wed, 30 November 2022 08:32 UTC
Return-Path: <svan@elvis.ru>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EDFC7C1526E9; Wed, 30 Nov 2022 00:32:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=elvis.ru
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mwETY9NOjIVT; Wed, 30 Nov 2022 00:31:56 -0800 (PST)
Received: from akmail.elvis.ru (akmail.elvis.ru [82.138.51.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CAAACC14F731; Wed, 30 Nov 2022 00:31:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=elvis.ru; s=mail; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID: Date:Subject:In-Reply-To:References:CC:To:From:Sender:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=SDHxBqhU3LioZN/WX0R102XO4p2201tqvkjPegJHD+E=; b=IrFbQ7N7N2tK+FbiMlvZhqS893 qhRCrH/rhb6GNt0/+7o+cqoVkeb5kexXRGpl31dMpq6XNZ3D/JPNNQiyc4/lhdwGfYh8Rxokz4iqa 6ZVU+lnsz9FktXd6fq5JYa1LIEYAUG2cbSLSrRtCfSkEnta7eUyXshy8ddKXJCep1ArU=;
Received: from kmail.elvis.ru ([93.188.44.208]) by akmail.elvis.ru with esmtp (Exim 4.92) (envelope-from <svan@elvis.ru>) id 1p0IVT-0001iC-8L; Wed, 30 Nov 2022 11:31:51 +0300
Received: from mail16.office.elvis.ru ([10.111.1.29] helo=mail.office.elvis.ru) by kmail.elvis.ru with esmtp (Exim 4.92) (envelope-from <svan@elvis.ru>) id 1p0IVS-0007Dr-Ty; Wed, 30 Nov 2022 11:31:51 +0300
Received: from MAIL16.office.elvis.ru (10.111.1.29) by MAIL16.office.elvis.ru (10.111.1.29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1779.2; Wed, 30 Nov 2022 11:31:50 +0300
Received: from buildpc (10.111.10.33) by MAIL16.office.elvis.ru (10.111.1.29) with Microsoft SMTP Server id 15.1.1779.2 via Frontend Transport; Wed, 30 Nov 2022 11:31:50 +0300
From: Valery Smyslov <svan@elvis.ru>
To: 'Warren Kumari' <warren@kumari.net>, 'The IESG' <iesg@ietf.org>
CC: draft-ietf-ipsecme-ikev2-multiple-ke@ietf.org, ipsecme-chairs@ietf.org, ipsec@ietf.org, kivinen@iki.fi, gih@apnic.net
References: <166976032811.53412.3446255420646554196@ietfa.amsl.com>
In-Reply-To: <166976032811.53412.3446255420646554196@ietfa.amsl.com>
Date: Wed, 30 Nov 2022 11:31:52 +0300
Message-ID: <155301d90496$32ab6880$98023980$@elvis.ru>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQHyR6nXRPHjgfMn237vTc8XQIUHuq4kdk/g
Content-Language: ru
X-CrossPremisesHeadersFilteredBySendConnector: MAIL16.office.elvis.ru
X-OrganizationHeadersPreserved: MAIL16.office.elvis.ru
X-KLMS-AntiSpam-Interceptor-Info: not scanned
X-KLMS-Rule-ID: 1
X-KLMS-Message-Action: clean
X-KLMS-AntiSpam-Status: not scanned, disabled by settings
X-KLMS-AntiPhishing: Clean, bases: 2022/11/30 06:37:00
X-KLMS-AntiVirus: Kaspersky Security for Linux Mail Server, version 8.0.3.30, bases: 2022/11/30 05:53:00 #20627193
X-KLMS-AntiVirus-Status: Clean, skipped
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/2AyqXjZbEjWIeHWZS4AbJuyFQwM>
Subject: Re: [IPsec] Warren Kumari's No Objection on draft-ietf-ipsecme-ikev2-multiple-ke-10: (with COMMENT)
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Nov 2022 08:32:01 -0000
Hi Warren, thank you for your comments. Please see inline. > -----Original Message----- > From: Warren Kumari via Datatracker [mailto:noreply@ietf.org] > Sent: Wednesday, November 30, 2022 1:19 AM > To: The IESG > Cc: draft-ietf-ipsecme-ikev2-multiple-ke@ietf.org; ipsecme-chairs@ietf.org; ipsec@ietf.org; > kivinen@iki.fi; kivinen@iki.fi; gih@apnic.net > Subject: Warren Kumari's No Objection on draft-ietf-ipsecme-ikev2-multiple-ke-10: (with COMMENT) > > Warren Kumari has entered the following ballot position for > draft-ietf-ipsecme-ikev2-multiple-ke-10: No Objection > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ > for more information about how to handle DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-ipsecme-ikev2-multiple-ke/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > Thank you for writing this document (and also making it easy for someone like > me to understand :-)) Also thanks to Geoff Huston for his DNSDOR review > (https://datatracker.ietf.org/doc/review-ietf-ipsecme-ikev2-multiple-ke-07-dnsdir-lc-huston-2022-10- > 10/) > > I have a few non-blocking comments -- feel free to address them or not. > > I think that moving Section 2, Bullet 2 towards to top of the document would > help the reader better understand why this document exists... Éric has suggested to put this or similar text to the Abstract, so it is now there. The Abstract now is: This document describes how to extend the Internet Key Exchange Protocol Version 2 (IKEv2) to allow multiple key exchanges to take place while computing a shared secret during a Security Association (SA) setup. The primary application of this feature in IKEv2 is the ability to perform one or more post-quantum key exchanges in conjunction with the classical (Elliptic Curve) Diffie-Hellman (EC)DH key exchange, so that the resulting shared key is resistant against quantum computer attacks. Since there is currently no post-quantum key exchange that is trusted at the level that (EC)DH is trusted for against conventional (non-quantum) adversaries, performing multiple key exchanges with different post-quantum algorithms along with the well-established classical key exchange algorithms addresses this concern, since the overall security is at least as strong as each individual primitive. Another possible application for this extension is the ability to combine several key exchanges in situations when no single key exchange algorithm is trusted by both initiator and responder. This document updates RFC7296 by renaming a transform type 4 from "Diffie-Hellman Group (D-H)" to "Key Exchange Method (KE)" and renaming a field in the Key Exchange Payload from "Diffie-Hellman Group Num" to "Key Exchange Method". It also renames an IANA registry for this transform type from "Transform Type 4 - Diffie-Hellman Group Transform IDs" to "Transform Type 4 - Key Exchange Method Transform IDs". These changes generalize key exchange algorithms that can be used in IKEv2. Is it OK? > 1: "While solving such a problem remains difficult with current > computing power, it is believed that general purpose quantum > computers will be able to solve this problem, implying that the > security of IKEv2 is compromised." > > 'solving such a problem remains difficult with current computing power' implies > that they *can* be solved with current computing power, while 'it is *believed* > that general purpose quantum computers will be able to solve this problem' > implies that quantum only *might* be able to solve them...this makes it sound > like quantum machines are less of a concern than current ones :-). Perhaps > 'general purpose quantum computers will *easily* be able to solve this > problem'? Or 'solving such a problem is infeasible with current computing > power'? (handwaving away trivial parameters) My suggestion isn't great, but > hopefully I've managed to explain my concern? I see your point. I would use one of your suggestions, unless my co-authors disagree: While solving such a problem remains infeasible with current computing power, it is believed that general purpose quantum computers will be able to solve this problem, implying that the security of IKEv2 is compromised. (I don't like "easily", since it's very subjective). > 2: Design Criteria - 3) Focus on post-quantum confidentiality. > I understand what this is trying to say, but it feels very disjointed. I don't > really have any suggested test to fix it, but just dropping the last sentence > (or folding it into an earlier one) would make it much much easier to read. What if we rewrite this para a bit? Focus on post-quantum confidentiality. A passive attacker can store all monitored encrypted IPsec communication today and decrypt it once a quantum computer is available in the future. This attack can have serious consequences that won't be visible for years to come. On the other hand, an attacker can only perform active attacks such as impersonation of the communicating peers once a quantum computer is available, sometime in the future. Thus, this specification focuses on confidentiality due to the urgency of this problem and presents a defense against the serious attack described above, but it does not address authentication since it is less urgent at this stage. Is it better now? The updated PR is available at: https://github.com/post-quantum/ietf-pq-ikev2/pull/22 Regards, Valery.
- [IPsec] Warren Kumari's No Objection on draft-iet… Warren Kumari via Datatracker
- Re: [IPsec] Warren Kumari's No Objection on draft… Valery Smyslov
- Re: [IPsec] Warren Kumari's No Objection on draft… Paul Wouters
- Re: [IPsec] Warren Kumari's No Objection on draft… Warren Kumari