Re: [IPsec] Beginning discussion on secure password-only authentication for IKEv2

[Tero Kivinen <kivinen@iki.fi>]

Yoav Nir writes:
> Yes, you can sort-of negotiate DH groups, but you don't have the
> "New Group Mode" that we had in section 5.6 or RFC 2409. 

Yes, that was left out but as it was seen that nobody will accept new
group proposed from unknown party without checking it first, and
checking that the modulus is prime and otherwise secure is quite hard
task... 

> So with RFC 4306, you're stuck with only those groups that appear in
> the IANA registry, rather than your own pet DH groups.

That is not completely true. RFC4306 has a SHOULD requirement which
says:

----------------------------------------------------------------------
				   ... In support of this goal, all
   implementations of IKEv2 SHOULD include a management facility that
   allows specification (by a user or system administrator) of Diffie-
   Hellman (DH) parameters (the generator, modulus, and exponent lengths
   and values) for new DH groups.  Implementations SHOULD provide a
   management interface via which these parameters and the associated
   transform IDs may be entered (by a user or system administrator), to
   enable negotiating such groups.
----------------------------------------------------------------------

I.e. as it was seen that implementations will not want to accept group
they have not verified, and that verification is computationally
costly operation, it will not be done online. So if you want to use
your own private groups you use off-line communication and communicate
the group parameters to the other side and both ends store that group
parameters along with the group number allocated from private number
space, and then you can use the privete group.
-- 
kivinen@iki.fi