Re: [IPsec] Stephen Farrell's Yes on draft-ietf-ipsecme-safecurves-05: (with COMMENT)
Yoav Nir <ynir.ietf@gmail.com> Thu, 13 October 2016 12:27 UTC
Return-Path: <ynir.ietf@gmail.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3F2CD12964A; Thu, 13 Oct 2016 05:27:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M70OiqqncsRK; Thu, 13 Oct 2016 05:27:46 -0700 (PDT)
Received: from mail-qt0-x230.google.com (mail-qt0-x230.google.com [IPv6:2607:f8b0:400d:c0d::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6D5021294A4; Thu, 13 Oct 2016 05:27:46 -0700 (PDT)
Received: by mail-qt0-x230.google.com with SMTP id s49so40648369qta.0; Thu, 13 Oct 2016 05:27:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=2tvuPVd/Gko/k3TD5qZB9DUvnQ+9+FIx09iDJXHN96I=; b=euYSXLDasnx7MhNnPfOh/iK6WkylETKFRtvNH5fge8rekckg6jKgW/Fy6BXdk5RqtA 06WxF/AN8OUkPUO8nyV2AyXv/ZuM6DcSRxkh4sFFmMNcASC3i059CXrS9yUkYj0F5yeo mG1comKxrSjvtuHR1jtHTp4A5M6nzR1L6iWKPO92wBx8Z68uX2M0naFBD1Rigr7SaKDh A+m/71f1NfIfrb839CN/XRcpVyIAO7PyX7EP5Vz0JIfqhv8wzob0sNSPa0OQz2SOuT/Z 5BT8npR8pJWZQIs5jSagxDMC4dMLba5jn5uzQObmE7VT+tsdggTabnope9QOSb4OQds5 CAXw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=2tvuPVd/Gko/k3TD5qZB9DUvnQ+9+FIx09iDJXHN96I=; b=XIaFgI43BXF2svnAdzm1NnhvkXnqR8OMs7KNl3vX0yHt5vZ5+bznS4v3CgdOwZc/4t cnc9bP39bD2b1ZaaXNYOl1j3aTSfkOE5hL+GEnPi/gmaHoiCItKQ8gBdoIkcOe1BE+Jo OLcsCNav+inA6fYzJbmUhmVGkl+nJnFClybSpsR1deOB0BTBz6qWbVyhXliZExSYv/C0 bt/47zWxxlTcXwznjIrfVV4ray9811aSIlbxOqO41EjTNp26t3fXVlTN/MVVrjKYJKil 4BEuGX5JJqZ789n/PJduN7DeqbT5EXoSDNS0U1JiHZhGURHaydMW/C2YIHfdc7tm89++ 8sRg==
X-Gm-Message-State: AA6/9RkHMeV+Y5G++mKfFgl8pD2Hwbg2y+iD3Z/u7cN8ANfOfYy4faWtTwJsqNB+Dgvanw==
X-Received: by 10.28.66.149 with SMTP id k21mr1992439wmi.106.1476361662273; Thu, 13 Oct 2016 05:27:42 -0700 (PDT)
Received: from [172.24.251.108] (dyn32-131.checkpoint.com. [194.29.32.131]) by smtp.gmail.com with ESMTPSA id rv12sm22228160wjb.29.2016.10.13.05.27.40 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 13 Oct 2016 05:27:41 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 10.0 \(3226\))
From: Yoav Nir <ynir.ietf@gmail.com>
In-Reply-To: <147635944969.2874.17979129045296855264.idtracker@ietfa.amsl.com>
Date: Thu, 13 Oct 2016 15:27:39 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <2C57AD9C-33F3-4C9B-8C1F-27FEE35B9A97@gmail.com>
References: <147635944969.2874.17979129045296855264.idtracker@ietfa.amsl.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
X-Mailer: Apple Mail (2.3226)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/8zng_p0FV0otetlKgWNvTCnXGJc>
Cc: ipsec@ietf.org, ipsecme-chairs@ietf.org, The IESG <iesg@ietf.org>, Tero Kivinen <kivinen@iki.fi>, draft-ietf-ipsecme-safecurves@ietf.org
Subject: Re: [IPsec] Stephen Farrell's Yes on draft-ietf-ipsecme-safecurves-05: (with COMMENT)
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Oct 2016 12:27:48 -0000
Hi, Stephen > > - Wouldn't it be good to encourage minimising re-use of > public values for multiple key exchanges? As-is, the text > sort-of encourages use for "many key exchanges" in > section 4. I don’t think so. Re-use reduces the computation cost of an IKE Responder (or TLS server) without sacrificing security. There was some discussion of this in CFRG, but I see that it didn’t make it into RFC 7748, so all I can find is some StackExchange question ([1]). It does make the static keypair valuable. It is definitely not a good idea to store the private key on-disk and keep it forever, but generating a new key once in a while and discarding the old key is usually a good compromise there. Anyway key-pair reuse is established practice. Using constant-time implementations is essential to making this practice safe, and the Security Considerations sections says just that. Yoav [1] http://crypto.stackexchange.com/questions/11012/reuse-of-a-dh-ecdh-public-key
- [IPsec] Stephen Farrell's Yes on draft-ietf-ipsec… Stephen Farrell
- [IPsec] Stephen Farrell's Yes on draft-ietf-ipsec… Tero Kivinen
- Re: [IPsec] Stephen Farrell's Yes on draft-ietf-i… Stephen Farrell
- Re: [IPsec] Stephen Farrell's Yes on draft-ietf-i… Yoav Nir
- Re: [IPsec] Stephen Farrell's Yes on draft-ietf-i… Stephen Farrell