Re: [IPsec] IKEv2 Diffie-Hellman Elliptic curve mess (RFC4753, RFC5114, RFC4869, and draft-solinas-rfc4753bis-01)
Yaron Sheffer <yaronf@checkpoint.com> Mon, 21 December 2009 15:48 UTC
Return-Path: <yaronf@checkpoint.com>
X-Original-To: ipsec@core3.amsl.com
Delivered-To: ipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 097193A67FC for <ipsec@core3.amsl.com>; Mon, 21 Dec 2009 07:48:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.568
X-Spam-Level:
X-Spam-Status: No, score=-3.568 tagged_above=-999 required=5 tests=[AWL=0.031, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4anjHVJ2ZpHv for <ipsec@core3.amsl.com>; Mon, 21 Dec 2009 07:48:38 -0800 (PST)
Received: from michael.checkpoint.com (michael.checkpoint.com [194.29.32.68]) by core3.amsl.com (Postfix) with ESMTP id 9FC013A6A39 for <ipsec@ietf.org>; Mon, 21 Dec 2009 07:48:37 -0800 (PST)
Received: from il-ex01.ad.checkpoint.com (il-ex01.checkpoint.com [194.29.32.26]) by michael.checkpoint.com (8.12.10+Sun/8.12.10) with ESMTP id nBLFmKT7003641; Mon, 21 Dec 2009 17:48:20 +0200 (IST)
Received: from il-ex01.ad.checkpoint.com ([126.0.0.2]) by il-ex01.ad.checkpoint.com ([126.0.0.2]) with mapi; Mon, 21 Dec 2009 17:48:31 +0200
From: Yaron Sheffer <yaronf@checkpoint.com>
To: Tero Kivinen <kivinen@iki.fi>, Yoav Nir <ynir@checkpoint.com>
Date: Mon, 21 Dec 2009 17:48:18 +0200
Thread-Topic: [IPsec] IKEv2 Diffie-Hellman Elliptic curve mess (RFC4753, RFC5114, RFC4869, and draft-solinas-rfc4753bis-01)
Thread-Index: AcqCL70sGu4pspP1QtmDRtT4vpDEKwAI8TLA
Message-ID: <7F9A6D26EB51614FBF9F81C0DA4CFEC801BDF893F474@il-ex01.ad.checkpoint.com>
In-Reply-To: <19247.23055.301223.938687@fireball.kivinen.iki.fi>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "ipsec@ietf.org" <ipsec@ietf.org>
Subject: Re: [IPsec] IKEv2 Diffie-Hellman Elliptic curve mess (RFC4753, RFC5114, RFC4869, and draft-solinas-rfc4753bis-01)
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Dec 2009 15:48:39 -0000
Hi Tero, I support your position (and disagree with Yoav). We had better fix this problem now by allocating a few more numbers, than live forever with an ambiguous interpretation to the numbers that everybody's using. Thanks, Yaron -----Original Message----- From: ipsec-bounces@ietf.org [mailto:ipsec-bounces@ietf.org] On Behalf Of Tero Kivinen Sent: Monday, December 21, 2009 13:21 To: Yoav Nir Cc: ipsec@ietf.org Subject: Re: [IPsec] IKEv2 Diffie-Hellman Elliptic curve mess (RFC4753, RFC5114, RFC4869, and draft-solinas-rfc4753bis-01) Yoav Nir writes: > If there is such an implementation, then it's not interoperating > with all the other implementations and should be fixed. It is following the published RFC, so why should it be fixed. I think everybody agreed that making major non-interoperable change in the errata was not proper way of fixing the thing (there were lots of developers who had missed that). This whole discussion about the errata started because one implementor was implementing the RFC and wanted to make sure that the y is really added, and he wanted to make sure that he understood it correctly as that would eman that those groups cannot be made complient to FIPS 140-2. He had not noticed the errata. There were also other people who had not noticed the errata (including me). I am sure there is also people who do not follow the IPsec list and still do implement things (following IPsec list is not really requirement for implementing IPsec). I am only person in our office who regularly follow IPsec list and all others just take RFCs and read them and write code based on them. I am not sure if any of those people actually even know how to find errata... Made quick poll around the office, and found out that noboby here had checked any of the errata for any of the RFCs they have worked on. They said they usually do check for rfc-index to see if the RFC was updated or obsoleted, but that is it. > If someone shipped something like that, then the only reason they > haven't noticed yet, is because they (1) didn't test it well enough, Doing testing against your implementation does not detect that kind of problem as everything works fine. Also for quite a lot of IPsec vendors the main goal is to make implementation which works with their own products and the secondary goal is that it works with other vendor's product too. > and (2) their customers are using some other option like 1024-bit > MODP group (and 3DES, but that's beside the point) That is most likely true for all current IPsec implementations. Elliptic curves are not really used that much yet. That is the reason I want to fix this problem now, not move it to future. > Anyway, making everyone add a new group "28" just so nobody needs to > patch their old implementation of group "20" seems like wasted > effort to me. We can keep group 20, and fix the spec to prescribe > what everybody is doing anyway. I do not want to see the support request saying that our product does not interoperate vendor X's product when using group 19 and then later find out that is because the other vendor has implemented RFC4753 and didn't notice the errata. Also it will most likely take our customer and our support quite a long time before they even realize why recipient of IKE_AUTH will simply drop the packet because of wrong MAC. After that wasted effort I know that it will come to me, and I need to explain to our customer that our code is correct and the other implementation was also correct when they wrote the code, but they are not correct anymore... I do not think the elliptic curves are used that much in the current IPsec installations, so I think we still have time to fix this problem properly. -- kivinen@iki.fi _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec Scanned by Check Point Total Security Gateway.
- Re: [IPsec] IKEv2 Diffie-Hellman Elliptic curve m… Yaron Sheffer
- [IPsec] IKEv2 Diffie-Hellman Elliptic curve mess … Tero Kivinen
- Re: [IPsec] IKEv2 Diffie-Hellman Elliptic curve m… Scott C Moonen
- Re: [IPsec] IKEv2 Diffie-Hellman Elliptic curve m… Paul Hoffman
- Re: [IPsec] IKEv2 Diffie-Hellman Elliptic curve m… Dan Harkins
- Re: [IPsec] IKEv2 Diffie-Hellman Elliptic curve m… Yoav Nir
- Re: [IPsec] IKEv2 Diffie-Hellman Elliptic curve m… Tero Kivinen
- Re: [IPsec] IKEv2 Diffie-Hellman Elliptic curve m… Tero Kivinen
- Re: [IPsec] IKEv2 Diffie-Hellman Elliptic curve m… Tero Kivinen
- Re: [IPsec] IKEv2 Diffie-Hellman Elliptic curve m… Yaron Sheffer
- Re: [IPsec] IKEv2 Diffie-Hellman Elliptic curve m… Dan Harkins
- Re: [IPsec] IKEv2 Diffie-Hellman Elliptic curve m… Dan Harkins
- Re: [IPsec] IKEv2 Diffie-Hellman Elliptic curve m… Black_David
- Re: [IPsec] IKEv2 Diffie-Hellman Elliptic curve m… Bill Sommerfeld
- Re: [IPsec] IKEv2 Diffie-Hellman Elliptic curve m… Dan Harkins
- Re: [IPsec] IKEv2 Diffie-Hellman Elliptic curve m… Black_David
- Re: [IPsec] IKEv2 Diffie-Hellman Elliptic curve m… Dan Harkins
- Re: [IPsec] IKEv2 Diffie-Hellman Elliptic curve m… Yoav Nir
- Re: [IPsec] IKEv2 Diffie-Hellman Elliptic curve m… Tero Kivinen
- Re: [IPsec] IKEv2 Diffie-Hellman Elliptic curve m… Tero Kivinen
- Re: [IPsec] IKEv2 Diffie-Hellman Elliptic curve m… Tero Kivinen
- Re: [IPsec] IKEv2 Diffie-Hellman Elliptic curve m… Jerome A. Solinas
- Re: [IPsec] IKEv2 Diffie-Hellman Elliptic curve m… Dan Harkins
- Re: [IPsec] IKEv2 Diffie-Hellman Elliptic curve m… Tero Kivinen
- Re: [IPsec] IKEv2 Diffie-Hellman Elliptic curve m… Jerome A. Solinas