IETF Logo Mail Archive

Re: [IPsec] [Technical Errata Reported] RFC7634 (5441)

Yoav Nir <ynir.ietf@gmail.com> Thu, 26 July 2018 19:06 UTC

Return-Path: <ynir.ietf@gmail.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 89032130DF5 for <ipsec@ietfa.amsl.com>; Thu, 26 Jul 2018 12:06:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id L94jnbRwQcZ7 for <ipsec@ietfa.amsl.com>; Thu, 26 Jul 2018 12:06:39 -0700 (PDT)
Received: from mail-wr1-x42c.google.com (mail-wr1-x42c.google.com [IPv6:2a00:1450:4864:20::42c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5DB93130E0F for <ipsec@ietf.org>; Thu, 26 Jul 2018 12:06:39 -0700 (PDT)
Received: by mail-wr1-x42c.google.com with SMTP id j5-v6so2741175wrr.8 for <ipsec@ietf.org>; Thu, 26 Jul 2018 12:06:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=y3ugDwXNz8TpSRqgYUOQKYIXmW4cl2eq0M5hVuK5RRg=; b=KEfqlHESa6yodWI44vstOFJ10SU3DEspacjo9Vnkt9MKtq7KbNg7veKCktfh946/CW 4IlRn5rl5HYKrE8u/NqYrW97JERnNLPJT7GNiVNuqbI8/N1RGv10NCo44ftfV2Hs/RQx xQ9RBOb3emn1e/CMVjMCJ8aqLT9t/bx72dazUYa6BIeRiyBa8bxJSZQwerWK+qRUt/G5 LKYQMqH716NDAK2L4hhrZs7Rg2iNC3Dacrro93dM1vM/Xlly+cuH3Orhp9evFjXSSTxl pyWgtHOsIYgmYD3G/XE+3EZV/m+OKgXN7waXph24nnW8JIE/o0hsc7isClRIii07BH01 h7PQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=y3ugDwXNz8TpSRqgYUOQKYIXmW4cl2eq0M5hVuK5RRg=; b=Pc0wk/Nk1E94KIk/HY0pfy2HSg23ljmBgIiFAvWUTAEcw4AvKcuLDRGtG+v8qFExyL Dl8hG4nNdDtky86qGmaQ2p/JZHmu57hC2uaa3qhCtq8iZDjMUPOHEyb3QmQFfYXqezDB 5vCxLa5UBNSKa5nRsBB9c9WEQumCge63ZjaWESmVE31AblugE1AfTIE4taaX+97IZrUh HvDRzE5Jmvt3xgnTEHWS1FNrjbJNBevvYScJgKf27y+r3wCKN1gdf9Asq4wLlcbGmwH2 CQwJL8zU4UtgLlxQo/Bby3hjShigetIgtrTI+0b7IlHv+oxXHuWwb2aHvcGw8a81LgW7 0f7w==
X-Gm-Message-State: AOUpUlGObutIgFhcEULOmtOH0mMnrvXBV8y5EQ66+t1bTDp+T0kBbu+u 3FMEM76Fy2JCVQr+JS07/y0=
X-Google-Smtp-Source: AAOMgpd71fBsSpREP2XkElrF80vJePHsSqm0OiFAf0i3vC/jbjWhjHhlTlkO/26dRdb7wuCZ3gsP8w==
X-Received: by 2002:adf:93a3:: with SMTP id 32-v6mr2444556wrp.140.1532631997882; Thu, 26 Jul 2018 12:06:37 -0700 (PDT)
Received: from [192.168.1.12] ([46.120.57.147]) by smtp.gmail.com with ESMTPSA id h14-v6sm1391767wro.15.2018.07.26.12.06.34 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 26 Jul 2018 12:06:36 -0700 (PDT)
From: Yoav Nir <ynir.ietf@gmail.com>
Message-Id: <20FE97E3-768B-426D-9DF1-A228E8DEB143@gmail.com>
Content-Type: multipart/signed; boundary="Apple-Mail=_97951598-C06E-409E-8117-7DF201AC9F06"; protocol="application/pgp-signature"; micalg="pgp-sha512"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
Date: Thu, 26 Jul 2018 22:06:30 +0300
In-Reply-To: <20180726182923.D548CB8125E@rfc-editor.org>
Cc: kaduk@mit.edu, ekr@rtfm.com, david.waltermire@nist.gov, kivinen@iki.fi, andrew.cagney@gmail.com, ipsec@ietf.org
To: RFC Errata System <rfc-editor@rfc-editor.org>
References: <20180726182923.D548CB8125E@rfc-editor.org>
X-Mailer: Apple Mail (2.3445.9.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/K9HttQDQ_K7aJmu8eQ143T5O3XI>
Subject: Re: [IPsec] [Technical Errata Reported] RFC7634 (5441)
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Jul 2018 19:06:43 -0000

This errata proposes to add the following sentence to section 4 of RFC 7634 <https://tools.ietf.org/html/rfc7634#section-4>:

As with other transforms that use a fixed-length key, the Key Length attribute MUST NOT be specified.

This sentence is correct. If this came up as a suggestion during WG processing or during LC, I think we would add it.

Looking back in RFC 7296, we have in section 3.3.5 <https://tools.ietf.org/html/rfc7296#section-3.3.5>:

   o  The Key Length attribute MUST NOT be used with transforms that use
      a fixed-length key.  For example, this includes ENCR_DES,
      ENCR_IDEA, and all the Type 2 (Pseudorandom Function) and Type 3
      (Integrity Algorithm) transforms specified in this document.  It
      is recommended that future Type 2 or 3 transforms do not use this
      attribute.

And RFC 7634 says:

   o  The encryption key is 256 bits.

Given that, I don’t think there is any chance for a conscientious implementer to make the mistake of including the Key Length attribute.

I don’t believe adding clarifying text is a proper use of the errata system. At best it should be marked as editorial and held for document update, if not rejected outright.

Yoav

> On 26 Jul 2018, at 21:29, RFC Errata System <rfc-editor@rfc-editor.org> wrote:
> 
> The following errata report has been submitted for RFC7634,
> "ChaCha20, Poly1305, and Their Use in the Internet Key Exchange Protocol (IKE) and IPsec".
> 
> --------------------------------------
> You may review the report below and at:
> http://www.rfc-editor.org/errata/eid5441
> 
> --------------------------------------
> Type: Technical
> Reported by: Andrew Cagney <andrew.cagney@gmail.com>
> 
> Section: 4
> 
> Original Text
> -------------
>   When negotiating the ChaCha20-Poly1305 algorithm for use in IKE or
>   IPsec, the value ENCR_CHACHA20_POLY1305 (28) should be used in the
>   transform substructure of the SA payload as the ENCR (type 1)
>   transform ID.  As with other AEAD algorithms, INTEG (type 3)
>   transform substructures MUST NOT be specified, or just one INTEG
>   transform MAY be included with value NONE (0).
> 
> Corrected Text
> --------------
>   When negotiating the ChaCha20-Poly1305 algorithm for use in IKE or
>   IPsec, the value ENCR_CHACHA20_POLY1305 (28) should be used in the
>   transform substructure of the SA payload as the ENCR (type 1)
>   transform ID.
>   As with other transforms that use a fixed-length key, the Key Length
>   attribute MUST NOT be specified.
>   As with other AEAD algorithms, INTEG (type 3)
>   transform substructures MUST NOT be specified, or just one INTEG
>   transform MAY be included with value NONE (0).
> 
> Notes
> -----
> Reading both RFC7634 and RFC7539 there seems to be a single fixed-length key of 256-bits.
> Hence, I think https://tools.ietf.org/html/rfc7296#section-3.3.5:
>   o  The Key Length attribute MUST NOT be used with transforms that use
>      a fixed-length key.  For example, this includes ENCR_DES,
>      ENCR_IDEA,...
> applies (my intent is to clarify this).
> 
> Instructions:
> -------------
> This erratum is currently posted as "Reported". If necessary, please
> use "Reply All" to discuss whether it should be verified or
> rejected. When a decision is reached, the verifying party
> can log in to change the status and edit the report, if necessary.
> 
> --------------------------------------
> RFC7634 (draft-ietf-ipsecme-chacha20-poly1305-12)
> --------------------------------------
> Title               : ChaCha20, Poly1305, and Their Use in the Internet Key Exchange Protocol (IKE) and IPsec
> Publication Date    : August 2015
> Author(s)           : Y. Nir
> Category            : PROPOSED STANDARD
> Source              : IP Security Maintenance and Extensions
> Area                : Security
> Stream              : IETF
> Verifying Party     : IESG

v2.23.0 | Report a Bug | By Email