[IPsec] Please publish: draft-ietf-ipsecme-dh-checks

Paul Hoffman <paul.hoffman@vpnc.org> Mon, 22 April 2013 20:10 UTC

Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 3200321E80DF; Mon, 22 Apr 2013 13:10:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.554
X-Spam-Status: No, score=-102.554 tagged_above=-999 required=5 tests=[AWL=0.045, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id jaAURzxZBw2b; Mon, 22 Apr 2013 13:10:33 -0700 (PDT)
Received: from hoffman.proper.com (IPv6.Hoffman.Proper.COM [IPv6:2605:8e00:100:41::81]) by ietfa.amsl.com (Postfix) with ESMTP id 228B721E80D5; Mon, 22 Apr 2013 13:10:30 -0700 (PDT)
Received: from [] (50-1-98-173.dsl.dynamic.sonic.net []) (authenticated bits=0) by hoffman.proper.com (8.14.5/8.14.5) with ESMTP id r3MKAIgW091163 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Mon, 22 Apr 2013 13:10:18 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
From: Paul Hoffman <paul.hoffman@vpnc.org>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Date: Mon, 22 Apr 2013 13:10:17 -0700
Message-Id: <85FAF6CE-FF60-469D-89D8-51296DF489D2@vpnc.org>
To: iesg-secretary@ietf.org, Sean Turner <turners@ieca.com>
Mime-Version: 1.0 (Mac OS X Mail 6.3 \(1503\))
X-Mailer: Apple Mail (2.1503)
Cc: IPsecme WG <ipsec@ietf.org>
Subject: [IPsec] Please publish: draft-ietf-ipsecme-dh-checks
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Apr 2013 20:10:34 -0000

Document write-up for draft-ietf-ipsecme-dh-checks-03

1. Summary

This is a document writeup for draft-ietf-ipsecme-dh-checks-03, prepared by Paul Hoffman for Sean Turner.

The document corrects a problem found well after RFC 5996 was published. Implementations that support elliptic curves and DSA, and also reuse private keys, are vulnerable to some attacks that can be prevented by some simple checking. This document specifies the circumstances where the attack might happen and how to prevent them.

This document is appropriate for Standards Track because, if the attack had been known and understood when RFC 5996 was written, it would certainly have been part of that document.

2. Review and Consensus

The document was reviewed by enough active developers and cryptographically-inclined participants to be sufficient for Standards Track. There is definite consensus to publish.

3. Intellectual Property

Both authors have stated that their direct, personal knowledge of any IPR related to this document has already been disclosed, in conformance with BCPs 78 and 79. There was no WG discussion about any IPR disclosures regarding this document.

--Paul Hoffman