Re: [IPsec] rfc 8750 question
Robert Moskowitz <rgm-sec@htt-consult.com> Tue, 10 May 2022 12:51 UTC
Return-Path: <rgm-sec@htt-consult.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5C547C159824 for <ipsec@ietfa.amsl.com>; Tue, 10 May 2022 05:51:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.756
X-Spam-Level:
X-Spam-Status: No, score=-3.756 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, NICE_REPLY_A=-1.857, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HpNpxoYwHFUU for <ipsec@ietfa.amsl.com>; Tue, 10 May 2022 05:51:34 -0700 (PDT)
Received: from z9m9z.htt-consult.com (z9m9z.htt-consult.com [23.123.122.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5E5F6C15E3E3 for <ipsec@ietf.org>; Tue, 10 May 2022 05:51:34 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by z9m9z.htt-consult.com (Postfix) with ESMTP id 532B162569; Tue, 10 May 2022 08:50:46 -0400 (EDT)
X-Virus-Scanned: amavisd-new at htt-consult.com
Received: from z9m9z.htt-consult.com ([127.0.0.1]) by localhost (z9m9z.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id EWgnrgnQV0jk; Tue, 10 May 2022 08:50:37 -0400 (EDT)
Received: from [192.168.160.11] (unknown [192.168.160.11]) (using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by z9m9z.htt-consult.com (Postfix) with ESMTPSA id 21ED662434; Tue, 10 May 2022 08:50:34 -0400 (EDT)
Content-Type: multipart/alternative; boundary="------------s9DMADwuwEbOGSP1d3YYSc0d"
Message-ID: <c47e2f9c-0409-5080-2152-90584c5fddf4@htt-consult.com>
Date: Tue, 10 May 2022 08:51:16 -0400
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.8.0
Content-Language: en-US
To: Paul Wouters <paul.wouters=40aiven.io@dmarc.ietf.org>
Cc: Valery Smyslov <smyslov.ietf@gmail.com>, ipsec@ietf.org
References: <cac94813-33e1-5b7b-5245-eda7c1878513@htt-consult.com> <48675BBB-9C59-43B4-A98C-E5A1565CAF15@aiven.io>
From: Robert Moskowitz <rgm-sec@htt-consult.com>
In-Reply-To: <48675BBB-9C59-43B4-A98C-E5A1565CAF15@aiven.io>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/7DRKpfzsySwoLOxaDAbsXrvDjJg>
Subject: Re: [IPsec] rfc 8750 question
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 May 2022 12:51:37 -0000
On 5/10/22 08:25, Paul Wouters wrote: > On May 10, 2022, at 07:59, Robert Moskowitz <rgm-sec@htt-consult.com> > wrote: >> >> >> >> 20 ENCR_AES_GCM_16 >>> >>> and what RFC 8750 defined: >>> >>> 30 ENCR_AES_GCM_16_IIV >>> >>> The only difference is a suffix "_IIV". >> >> Actually, I thought that was the implicit IV size. And thus this was >> some kind of AND condition of the base cipher AND implicit IV. > > It is. But it seems you don't include both ESP ciphers in your IKE payload to inform how ESP is encyphering. > >> I really want the AES_GCM_12 used along with diet-esp. Those 4 bytes >> are important when you are dealing with an MTU of 64 bytes and only >> have a 26 byte UDP data packet. > > From RFC 8247: > > As the advantage of the shorter (and > weaker) Integrity Check Values (ICVs) is minimal, the 8- and 12-octet > ICVs remain at the MAY level. > > This explanation was not repeated in RFC8221, but the reason is the > same. These weren’t really used or supported and kind of unwanted. > Basically the authors of GCM really didn’t want shorter than 16 ICV > but were pushed to include it. The advantage comes into play in diet-esp situations. > >> With diet-esp in transport mode for a single UDP app, I can have a >> 2-byte SPI (server will have LOTS of clients). I COULD get by with a >> 1-byte SN, but that would only cover ~4 min of comm before advancing >> the implicit msb > > So that is one packet per second. That’s a lot of traffic. Does the > ICV size really matter at that point? Is it causing you to go from 1 > to 2 packets per second ? And this kind of kills LoRaWAN 64-byte MTU duty cycle. Drats. Though I am still investigating LoRaWAN. There are other UHF networks where this will work, and there are sat networks that some are looking to use. > > Paul > >> so better a 2-byte SN and that gives word alignment for the ESP >> header (not really soooo important). Those 4 bytes in the ICV hurt. >> And the data is only valid for 1sec for the app. >> >> The lightweigt crypto (like Xoodyak) from the NIST LWC effort >> (workshop this week) looks more attractive, as I can easily only >> squeeze the 12 bytes out of the sponge for the tag... >
- [IPsec] rfc 8750 question Robert Moskowitz
- Re: [IPsec] rfc 8750 question Valery Smyslov
- Re: [IPsec] rfc 8750 question Robert Moskowitz
- Re: [IPsec] rfc 8750 question Paul Wouters
- Re: [IPsec] rfc 8750 question Robert Moskowitz
- Re: [IPsec] rfc 8750 question Robert Moskowitz