Re: [IPsec] I-D on Using the ECC Brainpool Curves for IKEv2 Key Exchange
Yoav Nir <ynir@checkpoint.com> Thu, 08 November 2012 21:44 UTC
Return-Path: <ynir@checkpoint.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A2FD621F855E for <ipsec@ietfa.amsl.com>; Thu, 8 Nov 2012 13:44:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.299
X-Spam-Level:
X-Spam-Status: No, score=-10.299 tagged_above=-999 required=5 tests=[AWL=-0.300, BAYES_00=-2.599, J_CHICKENPOX_43=0.6, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ojmPm+UT+xSf for <ipsec@ietfa.amsl.com>; Thu, 8 Nov 2012 13:44:34 -0800 (PST)
Received: from smtp.checkpoint.com (smtp.checkpoint.com [194.29.34.68]) by ietfa.amsl.com (Postfix) with ESMTP id 1777921F85E3 for <ipsec@ietf.org>; Thu, 8 Nov 2012 13:44:32 -0800 (PST)
Received: from il-ex01.ad.checkpoint.com (il-ex01.ad.checkpoint.com [194.29.34.26]) by smtp.checkpoint.com (8.13.8/8.13.8) with ESMTP id qA8LiPaA027122; Thu, 8 Nov 2012 23:44:25 +0200
X-CheckPoint: {509C24F3-4-1B221DC2-2FFFF}
Received: from il-ex03.ad.checkpoint.com (194.29.34.71) by il-ex01.ad.checkpoint.com (194.29.34.26) with Microsoft SMTP Server (TLS) id 8.3.213.0; Thu, 8 Nov 2012 23:44:25 +0200
Received: from il-ex01.ad.checkpoint.com ([194.29.34.26]) by il-ex03.ad.checkpoint.com ([194.29.34.71]) with mapi; Thu, 8 Nov 2012 23:44:25 +0200
From: Yoav Nir <ynir@checkpoint.com>
To: "David McGrew (mcgrew)" <mcgrew@cisco.com>
Date: Thu, 08 Nov 2012 23:44:23 +0200
Thread-Topic: [IPsec] I-D on Using the ECC Brainpool Curves for IKEv2 Key Exchange
Thread-Index: Ac29+jhQAvMTELTvTxy8NgA++UttVQ==
Message-ID: <3E61AE58-F8E5-4213-8C36-189238CD8E9C@checkpoint.com>
References: <747787E65E3FBD4E93F0EB2F14DB556B0F509D58@xmb-rcd-x04.cisco.com>
In-Reply-To: <747787E65E3FBD4E93F0EB2F14DB556B0F509D58@xmb-rcd-x04.cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
x-kse-antivirus-interceptor-info: scan successful
x-kse-antivirus-info: Clean
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-KSE-AntiSpam-Interceptor-Info: protection disabled
Cc: IPsecme WG <ipsec@ietf.org>, Manfred Lochter <Manfred.Lochter@bsi.bund.de>, Johannes Merkle <johannes.merkle@secunet.com>, "rfc-ise@rfc-editor.org" <rfc-ise@rfc-editor.org>, Tero Kivinen <kivinen@iki.fi>
Subject: Re: [IPsec] I-D on Using the ECC Brainpool Curves for IKEv2 Key Exchange
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Nov 2012 21:44:34 -0000
On Nov 8, 2012, at 4:24 PM, David McGrew (mcgrew) wrote: > > > On 11/8/12 3:26 AM, "Johannes Merkle" <johannes.merkle@secunet.com> wrote: > >> Hi Tero, >> >>> Every single option adds complexity, so I do not think we should add >>> more optional things. >> >> Point compression is not the focus of our draft. Given the opposition it >> is facing here, I suggest to wait for further >> replies and if point compression turns out to be objected by the majority >> on this list, I will not insist on this feature. >> BTW: In an earlier thread Dan Haskins has already indicated his >> preference to leave point compression out. >> >>> >>> Not sending the CERT, but replacing it with hash and url offers much >>> bigger savings, and people are not even doing that. >> You can not be sure that this option isn't used is some constrained >> environments. >> >> Just a note: the relative saving of point compression is larger when >> sending hash + URL instead of the CERT. > > What's the scenario here? If hash + URL is sent, the certificate still > has to be retrieved. It might not be part of the IKE exchange, but moving > it to HTTP doesn't mean that it doesn't contribute to bytes on the wire > (or over the air, in the case of wireless). > Since we tend to meet the same people all the time (or communicate with the same parties), usually the hash+URL would lead to retrieving the certificate from a cache, rather than from a remote web server. Of course, if my implementation is running on a "thing", it doesn't have a cache and this argument doesn't apply. Yoav
- Re: [IPsec] I-D on Using the ECC Brainpool Curves… Andrey Jivsov
- Re: [IPsec] I-D on Using the ECC Brainpool Curves… Johannes Merkle
- Re: [IPsec] I-D on Using the ECC Brainpool Curves… Andrey Jivsov
- [IPsec] I-D on Using the ECC Brainpool Curves for… Johannes Merkle
- Re: [IPsec] I-D on Using the ECC Brainpool Curves… David McGrew (mcgrew)
- Re: [IPsec] I-D on Using the ECC Brainpool Curves… Johannes Merkle
- Re: [IPsec] I-D on Using the ECC Brainpool Curves… David McGrew (mcgrew)
- Re: [IPsec] I-D on Using the ECC Brainpool Curves… Johannes Merkle
- Re: [IPsec] I-D on Using the ECC Brainpool Curves… Tero Kivinen
- Re: [IPsec] I-D on Using the ECC Brainpool Curves… Johannes Merkle
- Re: [IPsec] I-D on Using the ECC Brainpool Curves… Derek Atkins
- Re: [IPsec] I-D on Using the ECC Brainpool Curves… Dan Harkins
- Re: [IPsec] I-D on Using the ECC Brainpool Curves… David McGrew (mcgrew)
- Re: [IPsec] I-D on Using the ECC Brainpool Curves… Yoav Nir
- Re: [IPsec] I-D on Using the ECC Brainpool Curves… Tero Kivinen
- [IPsec] I-D on Using the ECC Brainpool Curves for… Johannes Merkle
- Re: [IPsec] I-D on Using the ECC Brainpool Curves… Dan Harkins
- Re: [IPsec] I-D on Using the ECC Brainpool Curves… Scott Fluhrer (sfluhrer)
- Re: [IPsec] I-D on Using the ECC Brainpool Curves… Yaron Sheffer
- Re: [IPsec] I-D on Using the ECC Brainpool Curves… Yoav Nir
- Re: [IPsec] I-D on Using the ECC Brainpool Curves… Scott Fluhrer (sfluhrer)
- Re: [IPsec] I-D on Using the ECC Brainpool Curves… Dan Harkins
- Re: [IPsec] I-D on Using the ECC Brainpool Curves… Yoav Nir
- Re: [IPsec] I-D on Using the ECC Brainpool Curves… Yaron Sheffer
- Re: [IPsec] I-D on Using the ECC Brainpool Curves… Scott Fluhrer (sfluhrer)
- Re: [IPsec] I-D on Using the ECC Brainpool Curves… Yaron Sheffer
- Re: [IPsec] I-D on Using the ECC Brainpool Curves… Johannes Merkle
- Re: [IPsec] I-D on Using the ECC Brainpool Curves… Tero Kivinen
- Re: [IPsec] I-D on Using the ECC Brainpool Curves… Scott Fluhrer (sfluhrer)
- Re: [IPsec] I-D on Using the ECC Brainpool Curves… Scott Fluhrer (sfluhrer)
- Re: [IPsec] I-D on Using the ECC Brainpool Curves… Stephen Kent
- Re: [IPsec] I-D on Using the ECC Brainpool Curves… Johannes Merkle
- Re: [IPsec] I-D on Using the ECC Brainpool Curves… Johannes Merkle
- Re: [IPsec] I-D on Using the ECC Brainpool Curves… Johannes Merkle
- Re: [IPsec] I-D on Using the ECC Brainpool Curves… Yaron Sheffer
- Re: [IPsec] I-D on Using the ECC Brainpool Curves… Tero Kivinen
- Re: [IPsec] I-D on Using the ECC Brainpool Curves… Scott Fluhrer (sfluhrer)
- Re: [IPsec] I-D on Using the ECC Brainpool Curves… Andrey Jivsov
- Re: [IPsec] I-D on Using the ECC Brainpool Curves… Johannes Merkle
- Re: [IPsec] I-D on Using the ECC Brainpool Curves… Stephen Kent
- Re: [IPsec] I-D on Using the ECC Brainpool Curves… Andrey Jivsov