IETF Logo Mail Archive

Re: [IPsec] Charter review

"Dan Harkins" <dharkins@lounge.org> Fri, 07 November 2014 14:08 UTC

Return-Path: <dharkins@lounge.org>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9774C1AD021 for <ipsec@ietfa.amsl.com>; Fri, 7 Nov 2014 06:08:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.867
X-Spam-Level:
X-Spam-Status: No, score=-3.867 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WzuMYVPb38Af for <ipsec@ietfa.amsl.com>; Fri, 7 Nov 2014 06:08:20 -0800 (PST)
Received: from colo.trepanning.net (colo.trepanning.net [69.55.226.174]) by ietfa.amsl.com (Postfix) with ESMTP id 1CF1E1AD01C for <ipsec@ietf.org>; Fri, 7 Nov 2014 06:08:20 -0800 (PST)
Received: from www.trepanning.net (localhost [127.0.0.1]) by colo.trepanning.net (Postfix) with ESMTP id A5D2810224008; Fri, 7 Nov 2014 06:08:19 -0800 (PST)
Received: from 66.140.241.100 (SquirrelMail authenticated user dharkins@lounge.org) by www.trepanning.net with HTTP; Fri, 7 Nov 2014 06:08:19 -0800 (PST)
Message-ID: <e78f45de3ff83cce581381d8438daaee.squirrel@www.trepanning.net>
In-Reply-To: <545C7CCC.9030402@gmail.com>
References: <CAHbuEH6OfTnizY+jVh=gOim0drtBq+XAxObq-X67A4_9o64O6A@mail.gmail.com> <6B331BE7-5972-48FC-9DFD-BA92222F938D@cisco.com> <9bb29bdb72d4710b6960d898420152b8.squirrel@www.trepanning.net> <545C7CCC.9030402@gmail.com>
Date: Fri, 07 Nov 2014 06:08:19 -0800
From: Dan Harkins <dharkins@lounge.org>
To: Yaron Sheffer <yaronf.ietf@gmail.com>
User-Agent: SquirrelMail/1.4.14 [SVN]
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Archived-At: http://mailarchive.ietf.org/arch/msg/ipsec/AFq7EpssNR96LpnBJtxrMscQG_c
Cc: "ipsec@ietf.org" <ipsec@ietf.org>, Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>, Brian Weis <bew@cisco.com>, Dan Harkins <dharkins@lounge.org>
Subject: Re: [IPsec] Charter review
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Nov 2014 14:08:22 -0000


On Fri, November 7, 2014 12:03 am, Yaron Sheffer wrote:
> <hats off>
>
> Regarding formal security proofs, I strongly disagree.
>
> The current wording is extremely mild. It does not require an actual
> security proof (which would not be realistic), but says "The solution
> should be in line with current best practices, including ... possible
> formal protocol security proofs."
>
> This to me means that people have looked at the modified protocol and
> can say that the new stuff does not inhibit such a security proof in the
> future, and that we formally understand the security properties that are
> supposed to be provided by the protocol.
>
> We are making a major change to IKE, and as much as I care about its
> goals, we should try to do it right. Relying on "the security afforded
> by DH" is not easy when in the real world, both peers might be reusing
> exponents and/or using too short DH groups.

  This "major change" is to remove authentication. Peers reusing
exponents is already entirely permissible in IKE. Authenticating a
reused exponent does not change the problem caused by reusing
an exponent. I don't even know what "too short DH groups" are but
if you can do it in IKE with authentication then what's the issue that
is introduced when you take away authentication?

  I welcome the new interest in formal security proofs in the IETF but
I don't think this particular charter change compels one.

  regards,

  Dan.

v2.23.0 | Report a Bug | By Email