Re: [IPsec] [Technical Errata Reported] RFC7634 (5441)
Yoav Nir <ynir.ietf@gmail.com> Thu, 26 July 2018 19:06 UTC
Return-Path: <ynir.ietf@gmail.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 89032130DF5 for <ipsec@ietfa.amsl.com>; Thu, 26 Jul 2018 12:06:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id L94jnbRwQcZ7 for <ipsec@ietfa.amsl.com>; Thu, 26 Jul 2018 12:06:39 -0700 (PDT)
Received: from mail-wr1-x42c.google.com (mail-wr1-x42c.google.com [IPv6:2a00:1450:4864:20::42c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5DB93130E0F for <ipsec@ietf.org>; Thu, 26 Jul 2018 12:06:39 -0700 (PDT)
Received: by mail-wr1-x42c.google.com with SMTP id j5-v6so2741175wrr.8 for <ipsec@ietf.org>; Thu, 26 Jul 2018 12:06:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=y3ugDwXNz8TpSRqgYUOQKYIXmW4cl2eq0M5hVuK5RRg=; b=KEfqlHESa6yodWI44vstOFJ10SU3DEspacjo9Vnkt9MKtq7KbNg7veKCktfh946/CW 4IlRn5rl5HYKrE8u/NqYrW97JERnNLPJT7GNiVNuqbI8/N1RGv10NCo44ftfV2Hs/RQx xQ9RBOb3emn1e/CMVjMCJ8aqLT9t/bx72dazUYa6BIeRiyBa8bxJSZQwerWK+qRUt/G5 LKYQMqH716NDAK2L4hhrZs7Rg2iNC3Dacrro93dM1vM/Xlly+cuH3Orhp9evFjXSSTxl pyWgtHOsIYgmYD3G/XE+3EZV/m+OKgXN7waXph24nnW8JIE/o0hsc7isClRIii07BH01 h7PQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=y3ugDwXNz8TpSRqgYUOQKYIXmW4cl2eq0M5hVuK5RRg=; b=Pc0wk/Nk1E94KIk/HY0pfy2HSg23ljmBgIiFAvWUTAEcw4AvKcuLDRGtG+v8qFExyL Dl8hG4nNdDtky86qGmaQ2p/JZHmu57hC2uaa3qhCtq8iZDjMUPOHEyb3QmQFfYXqezDB 5vCxLa5UBNSKa5nRsBB9c9WEQumCge63ZjaWESmVE31AblugE1AfTIE4taaX+97IZrUh HvDRzE5Jmvt3xgnTEHWS1FNrjbJNBevvYScJgKf27y+r3wCKN1gdf9Asq4wLlcbGmwH2 CQwJL8zU4UtgLlxQo/Bby3hjShigetIgtrTI+0b7IlHv+oxXHuWwb2aHvcGw8a81LgW7 0f7w==
X-Gm-Message-State: AOUpUlGObutIgFhcEULOmtOH0mMnrvXBV8y5EQ66+t1bTDp+T0kBbu+u 3FMEM76Fy2JCVQr+JS07/y0=
X-Google-Smtp-Source: AAOMgpd71fBsSpREP2XkElrF80vJePHsSqm0OiFAf0i3vC/jbjWhjHhlTlkO/26dRdb7wuCZ3gsP8w==
X-Received: by 2002:adf:93a3:: with SMTP id 32-v6mr2444556wrp.140.1532631997882; Thu, 26 Jul 2018 12:06:37 -0700 (PDT)
Received: from [192.168.1.12] ([46.120.57.147]) by smtp.gmail.com with ESMTPSA id h14-v6sm1391767wro.15.2018.07.26.12.06.34 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 26 Jul 2018 12:06:36 -0700 (PDT)
From: Yoav Nir <ynir.ietf@gmail.com>
Message-Id: <20FE97E3-768B-426D-9DF1-A228E8DEB143@gmail.com>
Content-Type: multipart/signed; boundary="Apple-Mail=_97951598-C06E-409E-8117-7DF201AC9F06"; protocol="application/pgp-signature"; micalg="pgp-sha512"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
Date: Thu, 26 Jul 2018 22:06:30 +0300
In-Reply-To: <20180726182923.D548CB8125E@rfc-editor.org>
Cc: kaduk@mit.edu, ekr@rtfm.com, david.waltermire@nist.gov, kivinen@iki.fi, andrew.cagney@gmail.com, ipsec@ietf.org
To: RFC Errata System <rfc-editor@rfc-editor.org>
References: <20180726182923.D548CB8125E@rfc-editor.org>
X-Mailer: Apple Mail (2.3445.9.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/K9HttQDQ_K7aJmu8eQ143T5O3XI>
Subject: Re: [IPsec] [Technical Errata Reported] RFC7634 (5441)
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Jul 2018 19:06:43 -0000
This errata proposes to add the following sentence to section 4 of RFC 7634 <https://tools.ietf.org/html/rfc7634#section-4>: As with other transforms that use a fixed-length key, the Key Length attribute MUST NOT be specified. This sentence is correct. If this came up as a suggestion during WG processing or during LC, I think we would add it. Looking back in RFC 7296, we have in section 3.3.5 <https://tools.ietf.org/html/rfc7296#section-3.3.5>: o The Key Length attribute MUST NOT be used with transforms that use a fixed-length key. For example, this includes ENCR_DES, ENCR_IDEA, and all the Type 2 (Pseudorandom Function) and Type 3 (Integrity Algorithm) transforms specified in this document. It is recommended that future Type 2 or 3 transforms do not use this attribute. And RFC 7634 says: o The encryption key is 256 bits. Given that, I don’t think there is any chance for a conscientious implementer to make the mistake of including the Key Length attribute. I don’t believe adding clarifying text is a proper use of the errata system. At best it should be marked as editorial and held for document update, if not rejected outright. Yoav > On 26 Jul 2018, at 21:29, RFC Errata System <rfc-editor@rfc-editor.org> wrote: > > The following errata report has been submitted for RFC7634, > "ChaCha20, Poly1305, and Their Use in the Internet Key Exchange Protocol (IKE) and IPsec". > > -------------------------------------- > You may review the report below and at: > http://www.rfc-editor.org/errata/eid5441 > > -------------------------------------- > Type: Technical > Reported by: Andrew Cagney <andrew.cagney@gmail.com> > > Section: 4 > > Original Text > ------------- > When negotiating the ChaCha20-Poly1305 algorithm for use in IKE or > IPsec, the value ENCR_CHACHA20_POLY1305 (28) should be used in the > transform substructure of the SA payload as the ENCR (type 1) > transform ID. As with other AEAD algorithms, INTEG (type 3) > transform substructures MUST NOT be specified, or just one INTEG > transform MAY be included with value NONE (0). > > Corrected Text > -------------- > When negotiating the ChaCha20-Poly1305 algorithm for use in IKE or > IPsec, the value ENCR_CHACHA20_POLY1305 (28) should be used in the > transform substructure of the SA payload as the ENCR (type 1) > transform ID. > As with other transforms that use a fixed-length key, the Key Length > attribute MUST NOT be specified. > As with other AEAD algorithms, INTEG (type 3) > transform substructures MUST NOT be specified, or just one INTEG > transform MAY be included with value NONE (0). > > Notes > ----- > Reading both RFC7634 and RFC7539 there seems to be a single fixed-length key of 256-bits. > Hence, I think https://tools.ietf.org/html/rfc7296#section-3.3.5: > o The Key Length attribute MUST NOT be used with transforms that use > a fixed-length key. For example, this includes ENCR_DES, > ENCR_IDEA,... > applies (my intent is to clarify this). > > Instructions: > ------------- > This erratum is currently posted as "Reported". If necessary, please > use "Reply All" to discuss whether it should be verified or > rejected. When a decision is reached, the verifying party > can log in to change the status and edit the report, if necessary. > > -------------------------------------- > RFC7634 (draft-ietf-ipsecme-chacha20-poly1305-12) > -------------------------------------- > Title : ChaCha20, Poly1305, and Their Use in the Internet Key Exchange Protocol (IKE) and IPsec > Publication Date : August 2015 > Author(s) : Y. Nir > Category : PROPOSED STANDARD > Source : IP Security Maintenance and Extensions > Area : Security > Stream : IETF > Verifying Party : IESG
- [IPsec] [Technical Errata Reported] RFC7634 (5441) RFC Errata System
- Re: [IPsec] [Technical Errata Reported] RFC7634 (… Yoav Nir
- Re: [IPsec] [Technical Errata Reported] RFC7634 (… Paul Wouters
- Re: [IPsec] [Technical Errata Reported] RFC7634 (… Tobias Brunner
- Re: [IPsec] [Technical Errata Reported] RFC7634 (… Benjamin Kaduk
- Re: [IPsec] [Technical Errata Reported] RFC7634 (… Valery Smyslov
- [IPsec] [Technical Errata Reported] RFC7634 (5441) Tero Kivinen