RE: [Ipsec] Key length attribute (was: Important changes in draft-hoffman-rfc3664bis; please review)
Pasi.Eronen@nokia.com Fri, 14 October 2005 09:41 UTC
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EQM4N-0004Wo-3J; Fri, 14 Oct 2005 05:41:43 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EQM4L-0004Wj-9t for ipsec@megatron.ietf.org; Fri, 14 Oct 2005 05:41:41 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id FAA28467 for <ipsec@ietf.org>; Fri, 14 Oct 2005 05:41:37 -0400 (EDT)
From: Pasi.Eronen@nokia.com
Received: from mgw-ext02.nokia.com ([131.228.20.94]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1EQMEz-0005uf-86 for ipsec@ietf.org; Fri, 14 Oct 2005 05:52:44 -0400
Received: from esebh108.NOE.Nokia.com (esebh108.ntc.nokia.com [172.21.143.145]) by mgw-ext02.nokia.com (Switch-3.1.7/Switch-3.1.7) with ESMTP id j9E9fZ9s007159; Fri, 14 Oct 2005 12:41:36 +0300
Received: from esebh101.NOE.Nokia.com ([172.21.138.177]) by esebh108.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.1830); Fri, 14 Oct 2005 12:41:32 +0300
Received: from esebe105.NOE.Nokia.com ([172.21.143.53]) by esebh101.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.1830); Fri, 14 Oct 2005 12:41:32 +0300
X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [Ipsec] Key length attribute (was: Important changes in draft-hoffman-rfc3664bis; please review)
Date: Fri, 14 Oct 2005 12:41:26 +0300
Message-ID: <B356D8F434D20B40A8CEDAEC305A1F24019A629A@esebe105.NOE.Nokia.com>
Thread-Topic: [Ipsec] Key length attribute (was: Important changes in draft-hoffman-rfc3664bis; please review)
Thread-Index: AcXP/qEu7KmqByByTUiXiToUjVOAzgAodx/w
To: danmcd@sun.com
X-OriginalArrivalTime: 14 Oct 2005 09:41:32.0569 (UTC) FILETIME=[75DE8090:01C5D0A3]
X-Spam-Score: 0.4 (/)
X-Scan-Signature: 82c9bddb247d9ba4471160a9a865a5f3
Content-Transfer-Encoding: quoted-printable
Cc: ipsec@ietf.org
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IP Security <ipsec.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
Sender: ipsec-bounces@ietf.org
Errors-To: ipsec-bounces@ietf.org
Dan McDonald wrote:
> Except for one thing, yes it does.
>
> That one thing:
>
> - IKE is supposed to be algorithm-agile. Let's say
> some grinning weirdo comes up with a better-than-AES
> algorithm, or worse, some other grinning weirdo breaks
> AES and we NEED a new cipher.
>
> How will we handle ciphers in the future?
>
> There are two ways to solve this:
>
> 1.) All algorithms must have a default key length that
> is used when no key-length attribute is present.
> This means picking a default size for AES.
>
> 2.) All new algorithms with variable-sized keys are
> treated like AES, and MUST include a key-length
> attribute.
>
> I don't care which one of those two is picked, but one of
> them must be used to maintain algorithm-agility.
Option 1 would be an incompatible technical change to the
current specification, so I'm not in favour of that one.
Option 2 sounds reasonable to me, but actually there are a
couple of other options that would work as well:
3.) All new algorithms must allocate different transform numbers
for different key lengths. E.g., when someone defines a new
Really Great Encryption Algorithm (RGEA), we would allocate
two numbers for ENCR_RGEA128_CBC and ENCR_RGEA256_CBC.
4.) When a new algorithm with a variable-sized key is defined,
the specification can choose which way to go: either it
defines a default key length (like Blowfish and RC5), or
it says that including the key length transform attribute
is mandatory.
These are not totally exclusive; one algorithm could follow 2
and another algorithm 3 without problems...
There was actually some discussion about this issue before; see the
"AES Algorithm Negotiation in IKE" thread in Oct-Nov 2004. The end
result of that discussion was that CTR/CCM/GCM use the key length
attribute just like CBC, but they define different transform IDs for
different ICV lengths (instead of defining a separate "ICV length"
transform attribute).
Best regards,
Pasi
_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec
- [Ipsec] Key length attribute (was: Important chan… Pasi.Eronen
- Re: [Ipsec] Key length attribute (was: Important … Dan McDonald
- Re: [Ipsec] Key length attribute (was: Important … Paul Hoffman
- [Ipsec] Key length attribute (was: Important chan… Tero Kivinen
- RE: [Ipsec] Key length attribute (was: Important … Pasi.Eronen
- RE: [Ipsec] Key length attribute (was: Important … Tero Kivinen