Re: [IPsec] I-D on Using the ECC Brainpool Curves for IKEv2 Key Exchange
"Scott Fluhrer (sfluhrer)" <sfluhrer@cisco.com> Fri, 07 December 2012 14:28 UTC
Return-Path: <sfluhrer@cisco.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C0CCC21F8A1B for <ipsec@ietfa.amsl.com>; Fri, 7 Dec 2012 06:28:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Level:
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VfkQFpx86U5o for <ipsec@ietfa.amsl.com>; Fri, 7 Dec 2012 06:28:19 -0800 (PST)
Received: from rcdn-iport-4.cisco.com (rcdn-iport-4.cisco.com [173.37.86.75]) by ietfa.amsl.com (Postfix) with ESMTP id 1AC3221F89AD for <ipsec@ietf.org>; Fri, 7 Dec 2012 06:28:19 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=635; q=dns/txt; s=iport; t=1354890499; x=1356100099; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=DScj/8i4u9Qc1ssoAJkq8JdQK7RtuUJzXM8CPBbNo8o=; b=XqlFrB0Nf3RZZsTHqu1hIJStFfZkAJiClOXa9Ue0f2oGNmgAAovUNarl pTq50YpPz6FaCmD1PX4x1qno6xvLh9CqqivQlS51WFmH1x5eK4PdClpfz yFxlTK4BxHbBFCbs8QMdwB0RLMQ9iap2pFtjT7NDGIYxS2pKLi3xF2+n9 8=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: ApAFAIr8wVCtJXHA/2dsb2JhbABEhW64SRZzgh4BAQEEOj8MBAIBCBEEAQELFAkHMhQJCAIEDgUIiAnCTYw/g2JhA6ZNgnOCIg
X-IronPort-AV: E=McAfee;i="5400,1158,6918"; a="150530840"
Received: from rcdn-core2-5.cisco.com ([173.37.113.192]) by rcdn-iport-4.cisco.com with ESMTP; 07 Dec 2012 14:28:13 +0000
Received: from xhc-aln-x14.cisco.com (xhc-aln-x14.cisco.com [173.36.12.88]) by rcdn-core2-5.cisco.com (8.14.5/8.14.5) with ESMTP id qB7ESDEw031124 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Fri, 7 Dec 2012 14:28:13 GMT
Received: from xmb-rcd-x04.cisco.com ([169.254.8.203]) by xhc-aln-x14.cisco.com ([173.36.12.88]) with mapi id 14.02.0318.001; Fri, 7 Dec 2012 08:28:13 -0600
From: "Scott Fluhrer (sfluhrer)" <sfluhrer@cisco.com>
To: Johannes Merkle <johannes.merkle@secunet.com>
Thread-Topic: [IPsec] I-D on Using the ECC Brainpool Curves for IKEv2 Key Exchange
Thread-Index: AQHNz/olcML1jJ9U4EC5RJIM/xfJWZgHG0cggAaTyQD//73eUA==
Date: Fri, 07 Dec 2012 14:28:12 +0000
Message-ID: <A113ACFD9DF8B04F96395BDEACB340421CE204@xmb-rcd-x04.cisco.com>
References: <50B8A287.9090509@secunet.com> <074557eff2f722f10198aac4fb2f8d9c.squirrel@www.trepanning.net> <4613980CFC78314ABFD7F85CC30277210EDCE571@IL-EX10.ad.checkpoint.com> <A113ACFD9DF8B04F96395BDEACB340421C9045@xmb-rcd-x04.cisco.com> <50B9DC95.80202@gmail.com> <A113ACFD9DF8B04F96395BDEACB340421CA383@xmb-rcd-x04.cisco.com> <50BA5A70.6030808@gmail.com> <A113ACFD9DF8B04F96395BDEACB340421CB714@xmb-rcd-x04.cisco.com> <50C1DF02.2030309@secunet.com>
In-Reply-To: <50C1DF02.2030309@secunet.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.32.244.86]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: Manfred Lochter <manfred.lochter@bsi.bund.de>, Yoav Nir <ynir@checkpoint.com>, Dan Harkins <dharkins@lounge.org>, IPsecme WG <ipsec@ietf.org>, "rfc-ise@rfc-editor.org" <rfc-ise@rfc-editor.org>, "Sean P. Turner" <turners@ieca.com>
Subject: Re: [IPsec] I-D on Using the ECC Brainpool Curves for IKEv2 Key Exchange
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Dec 2012 14:28:19 -0000
Well, no; step 2 of the check is unnecessary for the standard IKE groups (1, 2, 5, 14-18), and it is extremely expensive as written; and while there are optimizations possible, it's still not cheap. -----Original Message----- From: Johannes Merkle [mailto:johannes.merkle@secunet.com] Sent: Friday, December 07, 2012 7:20 AM To: Scott Fluhrer (sfluhrer) Cc: Yaron Sheffer; Manfred Lochter; Yoav Nir; Dan Harkins; IPsecme WG; rfc-ise@rfc-editor.org; Sean P. Turner Subject: Re: [IPsec] I-D on Using the ECC Brainpool Curves for IKEv2 Key Exchange For MODP groups, we can just refer to RFC 2631, Section 2.1.5
- Re: [IPsec] I-D on Using the ECC Brainpool Curves… Andrey Jivsov
- Re: [IPsec] I-D on Using the ECC Brainpool Curves… Johannes Merkle
- Re: [IPsec] I-D on Using the ECC Brainpool Curves… Andrey Jivsov
- [IPsec] I-D on Using the ECC Brainpool Curves for… Johannes Merkle
- Re: [IPsec] I-D on Using the ECC Brainpool Curves… David McGrew (mcgrew)
- Re: [IPsec] I-D on Using the ECC Brainpool Curves… Johannes Merkle
- Re: [IPsec] I-D on Using the ECC Brainpool Curves… David McGrew (mcgrew)
- Re: [IPsec] I-D on Using the ECC Brainpool Curves… Johannes Merkle
- Re: [IPsec] I-D on Using the ECC Brainpool Curves… Tero Kivinen
- Re: [IPsec] I-D on Using the ECC Brainpool Curves… Johannes Merkle
- Re: [IPsec] I-D on Using the ECC Brainpool Curves… Derek Atkins
- Re: [IPsec] I-D on Using the ECC Brainpool Curves… Dan Harkins
- Re: [IPsec] I-D on Using the ECC Brainpool Curves… David McGrew (mcgrew)
- Re: [IPsec] I-D on Using the ECC Brainpool Curves… Yoav Nir
- Re: [IPsec] I-D on Using the ECC Brainpool Curves… Tero Kivinen
- [IPsec] I-D on Using the ECC Brainpool Curves for… Johannes Merkle
- Re: [IPsec] I-D on Using the ECC Brainpool Curves… Dan Harkins
- Re: [IPsec] I-D on Using the ECC Brainpool Curves… Scott Fluhrer (sfluhrer)
- Re: [IPsec] I-D on Using the ECC Brainpool Curves… Yaron Sheffer
- Re: [IPsec] I-D on Using the ECC Brainpool Curves… Yoav Nir
- Re: [IPsec] I-D on Using the ECC Brainpool Curves… Scott Fluhrer (sfluhrer)
- Re: [IPsec] I-D on Using the ECC Brainpool Curves… Dan Harkins
- Re: [IPsec] I-D on Using the ECC Brainpool Curves… Yoav Nir
- Re: [IPsec] I-D on Using the ECC Brainpool Curves… Yaron Sheffer
- Re: [IPsec] I-D on Using the ECC Brainpool Curves… Scott Fluhrer (sfluhrer)
- Re: [IPsec] I-D on Using the ECC Brainpool Curves… Yaron Sheffer
- Re: [IPsec] I-D on Using the ECC Brainpool Curves… Johannes Merkle
- Re: [IPsec] I-D on Using the ECC Brainpool Curves… Tero Kivinen
- Re: [IPsec] I-D on Using the ECC Brainpool Curves… Scott Fluhrer (sfluhrer)
- Re: [IPsec] I-D on Using the ECC Brainpool Curves… Scott Fluhrer (sfluhrer)
- Re: [IPsec] I-D on Using the ECC Brainpool Curves… Stephen Kent
- Re: [IPsec] I-D on Using the ECC Brainpool Curves… Johannes Merkle
- Re: [IPsec] I-D on Using the ECC Brainpool Curves… Johannes Merkle
- Re: [IPsec] I-D on Using the ECC Brainpool Curves… Johannes Merkle
- Re: [IPsec] I-D on Using the ECC Brainpool Curves… Yaron Sheffer
- Re: [IPsec] I-D on Using the ECC Brainpool Curves… Tero Kivinen
- Re: [IPsec] I-D on Using the ECC Brainpool Curves… Scott Fluhrer (sfluhrer)
- Re: [IPsec] I-D on Using the ECC Brainpool Curves… Andrey Jivsov
- Re: [IPsec] I-D on Using the ECC Brainpool Curves… Johannes Merkle
- Re: [IPsec] I-D on Using the ECC Brainpool Curves… Stephen Kent
- Re: [IPsec] I-D on Using the ECC Brainpool Curves… Andrey Jivsov