Re: [IPsec] Preliminary minutes from today's meeting

Yaron Sheffer <yaronf.ietf@gmail.com> Tue, 12 March 2013 20:32 UTC

Return-Path: <yaronf.ietf@gmail.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9207011E8179 for <ipsec@ietfa.amsl.com>; Tue, 12 Mar 2013 13:32:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -100.829
X-Spam-Level:
X-Spam-Status: No, score=-100.829 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_HOST_EQ_D_D_D_D=0.765, RCVD_IN_PBL=0.905, RDNS_DYNAMIC=0.1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F8YYgYWGPzWH for <ipsec@ietfa.amsl.com>; Tue, 12 Mar 2013 13:32:34 -0700 (PDT)
Received: from mail-ea0-x233.google.com (mail-ea0-x233.google.com [IPv6:2a00:1450:4013:c01::233]) by ietfa.amsl.com (Postfix) with ESMTP id CE6F811E8168 for <ipsec@ietf.org>; Tue, 12 Mar 2013 13:32:33 -0700 (PDT)
Received: by mail-ea0-f179.google.com with SMTP id f15so90075eak.38 for <ipsec@ietf.org>; Tue, 12 Mar 2013 13:32:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:message-id:date:from:user-agent:mime-version:to:cc :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=N9La+G7OaPmdDGtBTzPU2rBMiwPm8S5v9ObwnWliI8o=; b=0yoldcPpioNM00BHAwgqBzEm92k5wqEgmd9OIHAUgzZVflBup9vTiPaOeXP7hHCm46 jvzVoxVoCo32ByYq6mVcVdLpxrhTaJ0+21nv/7l6XBzYgskAJ0NYa3oV8phWkKZCFiXM dJDXnfl1dEaNtkfOStDN9UM3XkGUoVUffRbNEbaCv7VwYnXNu4A+/nQgHoo1djGMxJYc TF5FTn7pQGBiEJZ+mEkDVCDiiYMLmsUqycEhRd1aS+KgcuCFZHm+r0Cq9t9AU2dy4sRN 57IGgERCch/NqkOpuM5j8//PGtM7AMtvg5t5H4dPMNvjXMVq0eiZmhDN7J2aF+ur6u3m PHpA==
X-Received: by 10.14.194.198 with SMTP id m46mr51311973een.8.1363120352933; Tue, 12 Mar 2013 13:32:32 -0700 (PDT)
Received: from [10.0.0.5] (bzq-79-176-129-128.red.bezeqint.net. [79.176.129.128]) by mx.google.com with ESMTPS id h5sm31864531eem.1.2013.03.12.13.32.31 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 12 Mar 2013 13:32:32 -0700 (PDT)
Message-ID: <513F90DD.8080403@gmail.com>
Date: Tue, 12 Mar 2013 22:32:29 +0200
From: Yaron Sheffer <yaronf.ietf@gmail.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130221 Thunderbird/17.0.3
MIME-Version: 1.0
To: "Scott Fluhrer (sfluhrer)" <sfluhrer@cisco.com>
References: <0A7279E5-312A-4535-89C4-C1AF06C02DC3@vpnc.org> <20799.34117.86998.862225@fireball.kivinen.iki.fi> <A113ACFD9DF8B04F96395BDEACB34042090412E0@xmb-rcd-x04.cisco.com>
In-Reply-To: <A113ACFD9DF8B04F96395BDEACB34042090412E0@xmb-rcd-x04.cisco.com>
Content-Type: text/plain; charset=windows-1255; format=flowed
Content-Transfer-Encoding: 7bit
Cc: IPsecme WG <ipsec@ietf.org>, Paul Hoffman <paul.hoffman@vpnc.org>, Tero Kivinen <kivinen@iki.fi>
Subject: Re: [IPsec] Preliminary minutes from today's meeting
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Mar 2013 20:32:34 -0000

And to clarify my cryptic comment below, I meant that the draft already 
covers all DH groups currently specified for IKEv2 (i.e. those that have 
an IANA allocation plus the new Brainpool stuff). I cannot confirm - but 
maybe Scott can - that we cover any weird curve that's ever crossed 
DJB's mind.

Thanks,
	Yaron

On 03/12/2013 10:26 PM, Scott Fluhrer (sfluhrer) wrote:
>
>
>> -----Original Message-----
>> From: ipsec-bounces@ietf.org [mailto:ipsec-bounces@ietf.org] On Behalf
>> Of Tero Kivinen
>> Sent: Tuesday, March 12, 2013 3:43 PM
>> To: Paul Hoffman
>> Cc: IPsecme WG
>> Subject: [IPsec] Preliminary minutes from today's meeting
>>
>> Paul Hoffman writes:
>>> ...are at
>>> http://www.ietf.org/proceedings/86/minutes/minutes-86-ipsecme
>>>
>>> Please send changes *to the minutes* to the list. If you want to
>>> discuss something that was discussed in the minutes, please start a
>>> new mail thread. Thanks! (And thanks to Dan Harkins for turning these
>>> around quickly.)
>>
>> Very good Dan... Thanks... Some comments:
>>
>> ----------------------------------------------------------------------
>>    * D-H tests for IKEv2 (Tero Kivinen)
>> ...
>>      - tests are required if using ECDH or reusing public keys or
>> 				       ^^
>>        using groups with a small subgroup.
>> ----------------------------------------------------------------------
>>
>> That "or" needs to be "and". I.e. test are required if using ECDH and reusing
>> public keys. I.e. both are required.
>
> Actually, the condition is "reusing public keys AND (ECDH OR groups with a small subgroup)"
>
> That is,
>
> - If you're not reusing public keys, well, the attacker can learn something about the DH private key that you used when negotiating with him, however that doesn't tell him about what you used on any other SA
>
> - If you are reusing public keys, then he can learn a lot of information with ECDH, and some information with a MODP group with a small subgroup, by injecting an illegal value, and seeing how the other side reacts (that is, what keys he derives).
>
>>
>> ----------------------------------------------------------------------
>>      - Jabber! Yaron says "this is true already."
>> ----------------------------------------------------------------------
>>
>> I think that reply was to answer to Paul's comment that the draft should
>> support different types of groups we have out there.
>> --
>> kivinen@iki.fi
>> _______________________________________________
>> IPsec mailing list
>> IPsec@ietf.org
>> https://www.ietf.org/mailman/listinfo/ipsec
> _______________________________________________
> IPsec mailing list
> IPsec@ietf.org
> https://www.ietf.org/mailman/listinfo/ipsec
>