IETF Logo Mail Archive

Re: [IPsec] [Technical Errata Reported] RFC7634 (5441)

Tobias Brunner <tobias.brunner@hsr.ch> Fri, 27 July 2018 07:01 UTC

Return-Path: <tobias.brunner@hsr.ch>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8F5A3130E92 for <ipsec@ietfa.amsl.com>; Fri, 27 Jul 2018 00:01:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aKpvZBnKOFqB for <ipsec@ietfa.amsl.com>; Fri, 27 Jul 2018 00:01:12 -0700 (PDT)
Received: from mx2.hsr.ch (mx2.hsr.ch [IPv6:2001:620:130:a036::32]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 33E9D130E88 for <ipsec@ietf.org>; Fri, 27 Jul 2018 00:01:10 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mx2.hsr.ch (Postfix) with ESMTP id 5B71823C65FE; Fri, 27 Jul 2018 09:01:08 +0200 (CEST)
Received: from mx2.hsr.ch ([127.0.0.1]) by localhost (mx2.hsr.ch [127.0.0.1]) (amavisd-new, port 10024) with LMTP id aaW-HnJ5NwP1; Fri, 27 Jul 2018 09:01:06 +0200 (CEST)
Received: from webmail.hsr.ch (sid00233.hsr.ch [152.96.21.233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mx2.hsr.ch (Postfix) with ESMTPS id D739523C6606; Fri, 27 Jul 2018 09:01:04 +0200 (CEST)
Received: from [192.168.2.100] (152.96.21.199) by sid00233.hsr.ch (152.96.21.233) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1531.3; Fri, 27 Jul 2018 09:01:03 +0200
To: Paul Wouters <paul@nohats.ca>, Yoav Nir <ynir.ietf@gmail.com>
CC: ekr@rtfm.com, david.waltermire@nist.gov, andrew.cagney@gmail.com, kivinen@iki.fi, ipsec@ietf.org, kaduk@mit.edu, RFC Errata System <rfc-editor@rfc-editor.org>
References: <20180726182923.D548CB8125E@rfc-editor.org> <20FE97E3-768B-426D-9DF1-A228E8DEB143@gmail.com> <F27D6E34-2DDC-45FD-B5D6-DE4F4BE50D91@nohats.ca>
From: Tobias Brunner <tobias.brunner@hsr.ch>
Message-ID: <ecd5b519-a382-e1a9-10b2-2ba6bd6e5961@hsr.ch>
Date: Fri, 27 Jul 2018 09:00:58 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1
MIME-Version: 1.0
In-Reply-To: <F27D6E34-2DDC-45FD-B5D6-DE4F4BE50D91@nohats.ca>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-Originating-IP: [152.96.21.199]
X-ClientProxiedBy: sid00234.hsr.ch (152.96.21.234) To sid00233.hsr.ch (152.96.21.233)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/FMug6R2hBB0Pha2TVEr6vtqaAU8>
Subject: Re: [IPsec] [Technical Errata Reported] RFC7634 (5441)
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Jul 2018 07:01:16 -0000

Hi Paul,

> Some note would be good because apparently strongswan insists of the
> KEY_LENGTH attribute they shouldn’t be there?

Yes, we did that incorrectly before 5.6.3 [1].  Since then the key
length attribute is omitted, but it's still possible to add a transform
with it to a proposal by using the chacha20poly1305compat keyword (for
compatibility with older releases).

Regards,
Tobias

[1] https://wiki.strongswan.org/versions/69

v2.23.0 | Report a Bug | By Email