Re: [IPsec] Roman Danyliw's No Objection on draft-ietf-ipsecme-qr-ikev2-10: (with COMMENT)
Benjamin Kaduk <kaduk@mit.edu> Mon, 13 January 2020 17:58 UTC
Return-Path: <kaduk@mit.edu>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CABC412089F; Mon, 13 Jan 2020 09:58:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WURrFZ9e2oIm; Mon, 13 Jan 2020 09:58:18 -0800 (PST)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7B91D12088C; Mon, 13 Jan 2020 09:57:58 -0800 (PST)
Received: from kduck.mit.edu ([24.16.140.251]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 00DHvpcQ000342 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 13 Jan 2020 12:57:53 -0500
Date: Mon, 13 Jan 2020 09:57:50 -0800
From: Benjamin Kaduk <kaduk@mit.edu>
To: Valery Smyslov <smyslov.ietf@gmail.com>
Cc: 'Roman Danyliw' <rdd@cert.org>, 'The IESG' <iesg@ietf.org>, ipsec@ietf.org, ipsecme-chairs@ietf.org, david.waltermire@nist.gov, draft-ietf-ipsecme-qr-ikev2@ietf.org
Message-ID: <20200113175750.GE66991@kduck.mit.edu>
References: <157848972183.22539.2744332616397571958.idtracker@ietfa.amsl.com> <00ec01d5c631$c8b5ea40$5a21bec0$@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <00ec01d5c631$c8b5ea40$5a21bec0$@gmail.com>
User-Agent: Mutt/1.12.1 (2019-06-15)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/Fj4lbNloqTdGh0ql_ejIPC_TLdg>
Subject: Re: [IPsec] Roman Danyliw's No Objection on draft-ietf-ipsecme-qr-ikev2-10: (with COMMENT)
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Jan 2020 17:58:21 -0000
On Wed, Jan 08, 2020 at 05:41:59PM +0300, Valery Smyslov wrote:
>
> > Roman Danyliw has entered the following ballot position for
> > draft-ietf-ipsecme-qr-ikev2-10: No Objection
> >
> > ----------------------------------------------------------------------
> > COMMENT:
> > ----------------------------------------------------------------------
[...]
>
> > -- Recommend explaining the notation/relationship between the “prime
> > versions”
> > of the sub-keys (i.e., SK_d’ and SK_pi’ and SK_pr’) in the this SKEYSEED
> > formula with the SKEYSEED formula in Section 2.14 of [RFC72196].
>
> I'm not sure I fully understand what you mean.
> I think we provide formulas of how prime and non-prime versions
> are correlated (i.e. how non-prime versions are computed from prime versions).
> Am I missing something?
I think the idea is something in the general vicinity of "the un-primed
values SK_d, SK_pi, and SK_pr are used as inputs to subsequent steps of the
IKEv2 exchange; this document uses the primed versions to represent the
output of prf+ that are used directly in regular IKEv2, in order to
introduce an additional operation (combination with PPK) between prf+ and
subsequant usage". A reader looking at this document and RFC 7296
side-by-side will see that where RFC 7296 sets {SK_d [...]} = prf+
(SKEYSEED, [...]), this document uses the "primed" versions, and might
wonder what's different between SK_d (RFC 7296) and SK_d' (this document).
-Ben
- [IPsec] Roman Danyliw's No Objection on draft-iet… Roman Danyliw via Datatracker
- Re: [IPsec] Roman Danyliw's No Objection on draft… Valery Smyslov
- Re: [IPsec] Roman Danyliw's No Objection on draft… Panos Kampanakis (pkampana)
- Re: [IPsec] Roman Danyliw's No Objection on draft… Benjamin Kaduk
- Re: [IPsec] Roman Danyliw's No Objection on draft… Valery Smyslov
- Re: [IPsec] Roman Danyliw's No Objection on draft… Roman Danyliw