Re: [IPsec] draft-ietf-ipsecme-implicit-iv-06 - key length is missing
Daniel Migault <daniel.migault@ericsson.com> Tue, 02 April 2019 18:40 UTC
Return-Path: <mglt.ietf@gmail.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BAA2B120194 for <ipsec@ietfa.amsl.com>; Tue, 2 Apr 2019 11:40:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.647
X-Spam-Level:
X-Spam-Status: No, score=-1.647 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LqkEjxkuTwcg for <ipsec@ietfa.amsl.com>; Tue, 2 Apr 2019 11:40:46 -0700 (PDT)
Received: from mail-lj1-f175.google.com (mail-lj1-f175.google.com [209.85.208.175]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6EBFF120192 for <ipsec@ietf.org>; Tue, 2 Apr 2019 11:40:46 -0700 (PDT)
Received: by mail-lj1-f175.google.com with SMTP id f18so12510252lja.10 for <ipsec@ietf.org>; Tue, 02 Apr 2019 11:40:46 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=BEgA9HLsSW92gKBsjvs0wTX/5MGzMZ7JDan5n4FB+I4=; b=e2bhVUnoLKize9vOsX+526BoEUImSdnk7urWuLiBMu3aTJqMzjby4HYeOeSrpr4n/Z AW8TtjBB3VrEjnVQjL8UJKtbwsLoV7iHzyUjtazaaLK5j+0bHu3vviFcQ5mw/j9nebTe 8ArAfjUvvkuNJYBznH74g759gGbKdg6KkRLBo2sD56Pdpil3FuXKNioSEa1cel4J/HUq e1nvJBQd2rJNmS2ieGeNow3r9KMMw31rmayO1EnCB1fmYmTiLdDNhIZPmZVYqbrLQxmW DqUyLHruxtnCOoNObL4+s8nnka3YixPqg/9eicOv/I4R3O5FW/OaPXjBwcbmMKKfhPXk a4Dw==
X-Gm-Message-State: APjAAAXP/D/8fxgL0xmTtYGAJPkDKNmt4lr3Zjv/60xtVvb/MdvH+aJo ouumU+7bqsi+UVryommzXvZH8bFDstYDt4yHmkY=
X-Google-Smtp-Source: APXvYqw08XjnU02awueXeI+tAyrv9wIzKoQ4s0fBXtVcUBjggQfzqWoDBKJuFjkn66LPiRBOe69cASefCQExYl4QCXk=
X-Received: by 2002:a2e:5056:: with SMTP id v22mr39977633ljd.153.1554230444652; Tue, 02 Apr 2019 11:40:44 -0700 (PDT)
MIME-Version: 1.0
References: <010501d4e961$ddae8a90$990b9fb0$@gmail.com> <alpine.LRH.2.21.1904021250150.14241@bofh.nohats.ca>
In-Reply-To: <alpine.LRH.2.21.1904021250150.14241@bofh.nohats.ca>
From: Daniel Migault <daniel.migault@ericsson.com>
Date: Tue, 02 Apr 2019 14:40:33 -0400
Message-ID: <CADZyTknc_aDoNqrXE2vt1k6sA-rW+yx4uk2QpcS8kF3MMEq5pg@mail.gmail.com>
To: Paul Wouters <paul@nohats.ca>
Cc: Valery Smyslov <smyslov.ietf@gmail.com>, IPsecME WG <ipsec@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000008d7c2305859079ca"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/DhGIW4vgC5ZpvcWMDD--kMRXscE>
Subject: Re: [IPsec] draft-ietf-ipsecme-implicit-iv-06 - key length is missing
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Apr 2019 18:40:49 -0000
Hi, Thanks Valery for your comment. My reading of the draft is that it only focuses on the generation of the nonce and leave the remaining to 4306 [1]. The use of a code points different from 4306 is to indicate the implicit IV - as opposed to a new transform. In this case, the negotiation of the key length is left to 4306. I am inclined to think this is not necessary to discuss the key length attribute in this draft, but I would like to see what the other think. That said, if people strongly think that should be added, I would add the text from 4306 mentioned below[2]. Yours, Daniel [1] The text of the implicit draft: 2 <https://tools.ietf.org/html/draft-ietf-ipsecme-implicit-iv-06#section-2>. Introduction Counter-based AES modes of operation such as AES-CTR ([RFC3686 <https://tools.ietf.org/html/rfc3686>]), AES-CCM ([RFC4309 <https://tools.ietf.org/html/rfc4309>]), and AES-GCM ([RFC4106 <https://tools.ietf.org/html/rfc4106>]) require the specification of an nonce for each ESP packet. The same applies for ChaCha20-Poly1305 ([RFC7634 <https://tools.ietf.org/html/rfc7634>]). Currently this nonce is sent in each ESP packet ([RFC4303 <https://tools.ietf.org/html/rfc4303>]). This practice is designated in this document as "explicit nonce". [...] This document defines how to compute the nonce locally when it is implicit. It also specifies how peers agree with the Internet Key Exchange version 2 (IKEv2 - [RFC7296 <https://tools.ietf.org/html/rfc7296>]) on using an implicit IV versus an explicit IV. [2] the text on key length of RFC 4306. 8.4 <https://tools.ietf.org/html/rfc4106#section-8.4>. Key Length Attribute Because the AES supports three key lengths, the Key Length attribute MUST be specified in the IKE Phase 2 exchange [RFC2407 <https://tools.ietf.org/html/rfc2407>]. The Key Length attribute MUST have a value of 128, 192, or 256. On Tue, Apr 2, 2019 at 12:52 PM Paul Wouters <paul@nohats.ca> wrote: > On Tue, 2 Apr 2019, Valery Smyslov wrote: > > > and define a default key length for the case when it is absent (e.g. 256 > bits). > > Do not do this. There are broken implementations and interop issues on > this already by broken clients who don't send or omit to send KEY_LENGTH > (old versions of us included). > > > It'll allow us to save few bytes by omitting attribute for most common > cases. > > Not worth it. > > Paul > > _______________________________________________ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec >
- [IPsec] draft-ietf-ipsecme-implicit-iv-06 - key l… Valery Smyslov
- Re: [IPsec] draft-ietf-ipsecme-implicit-iv-06 - k… Paul Wouters
- Re: [IPsec] draft-ietf-ipsecme-implicit-iv-06 - k… Daniel Migault
- Re: [IPsec] draft-ietf-ipsecme-implicit-iv-06 - k… Valery Smyslov
- Re: [IPsec] draft-ietf-ipsecme-implicit-iv-06 - k… Valery Smyslov
- Re: [IPsec] draft-ietf-ipsecme-implicit-iv-06 - k… Tobias Guggemos
- Re: [IPsec] draft-ietf-ipsecme-implicit-iv-06 - k… Valery Smyslov
- Re: [IPsec] draft-ietf-ipsecme-implicit-iv-06 - k… Valery Smyslov
- Re: [IPsec] draft-ietf-ipsecme-implicit-iv-06 - k… Tobias Guggemos
- Re: [IPsec] draft-ietf-ipsecme-implicit-iv-06 - k… Daniel Migault
- Re: [IPsec] draft-ietf-ipsecme-implicit-iv-06 - k… Valery Smyslov
- Re: [IPsec] draft-ietf-ipsecme-implicit-iv-06 - k… Daniel Migault
- Re: [IPsec] draft-ietf-ipsecme-implicit-iv-06 - k… Valery Smyslov
- Re: [IPsec] draft-ietf-ipsecme-implicit-iv-06 - k… Daniel Migault
- Re: [IPsec] draft-ietf-ipsecme-implicit-iv-06 - k… Valery Smyslov
- Re: [IPsec] draft-ietf-ipsecme-implicit-iv-06 - k… Tero Kivinen
- Re: [IPsec] draft-ietf-ipsecme-implicit-iv-06 - k… Daniel Migault