Re: [IPsec] Update to RFC4307 too?
Tero Kivinen <kivinen@iki.fi> Mon, 14 October 2013 12:55 UTC
Return-Path: <kivinen@iki.fi>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A90F611E8127 for <ipsec@ietfa.amsl.com>; Mon, 14 Oct 2013 05:55:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f73ZWDIQTGEx for <ipsec@ietfa.amsl.com>; Mon, 14 Oct 2013 05:55:57 -0700 (PDT)
Received: from mail.kivinen.iki.fi (fireball.kivinen.iki.fi [IPv6:2001:1bc8:100d::2]) by ietfa.amsl.com (Postfix) with ESMTP id 378D111E8182 for <ipsec@ietf.org>; Mon, 14 Oct 2013 05:55:53 -0700 (PDT)
Received: from fireball.kivinen.iki.fi (localhost [127.0.0.1]) by mail.kivinen.iki.fi (8.14.7/8.14.5) with ESMTP id r9ECtjmL019914 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Mon, 14 Oct 2013 15:55:45 +0300 (EEST)
Received: (from kivinen@localhost) by fireball.kivinen.iki.fi (8.14.7/8.12.11) id r9ECthWY029267; Mon, 14 Oct 2013 15:55:43 +0300 (EEST)
X-Authentication-Warning: fireball.kivinen.iki.fi: kivinen set sender to kivinen@iki.fi using -f
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <21083.59855.598348.506862@fireball.kivinen.iki.fi>
Date: Mon, 14 Oct 2013 15:55:43 +0300
From: Tero Kivinen <kivinen@iki.fi>
To: Paul Wouters <paul@cypherpunks.ca>
In-Reply-To: <alpine.LFD.2.10.1310111443530.13161@bofh.nohats.ca>
References: <21077.33006.734392.994194@fireball.kivinen.iki.fi> <alpine.LFD.2.10.1310111443530.13161@bofh.nohats.ca>
X-Mailer: VM 8.2.0b under 24.3.1 (x86_64--netbsd)
X-Edit-Time: 10 min
X-Total-Time: 9 min
Cc: "ipsec@ietf.org WG" <ipsec@ietf.org>
Subject: Re: [IPsec] Update to RFC4307 too?
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Oct 2013 12:55:57 -0000
Paul Wouters writes: > which seems to imply 768 MODP group is "MAY". Which is confirmed in RFC > 4109. So I think we should also update 768 MODP group to MUST NOT. I agree on that. I thought we deprecated that already in the RFC4306 by saying: ---------------------------------------------------------------------- Appendix B: Diffie-Hellman Groups ... The strength supplied by group one may not be sufficient for the mandatory-to-implement encryption algorithm and is here for historic reasons. ... ---------------------------------------------------------------------- but it might be better to say MUST NOT explictly. > > Downgrade ENCR_3DES from MUST- to MAY > > I'm not sure how I feel about that. There are still not many > alternatives to AES, and I think having 3DES in there is good. Yes it is > slow, but I don't think it has been concluded to be weak or insecure. I think we need to downgrade it from MUST to something else anyways, as small implementations which do have hardware support for AES, might not want to add implementation for 3DES at all. You can still implement and use it, it just would not be mandatory to implement algorithm anymore. I.e. if you need to pick one algoritm I think AES is better than 3DES. If you want to implement 2 algorithms then implementing both AES and 3DES is ok. We could also make it SHOULD- instead of MAY, but I think MAY is still better. Note to others: the main problem with 3DES (i.e. the too long block length) is not relevant here as we are talking about the encryption algorithm protecting key management messages, where the number of actual bytes transmitted are going to be quite low compared to the block length restrictions from 3DES. There is mandatory requirement to rekey after 2^32 IKEv2 messages has been transmitted anyways, but in general the amount of messages transmitted is between 2 -- 10000. -- kivinen@iki.fi
- [IPsec] Update to RFC4307 too? Tero Kivinen
- Re: [IPsec] Update to RFC4307 too? Paul Wouters
- Re: [IPsec] Update to RFC4307 too? Tero Kivinen
- Re: [IPsec] Update to RFC4307 too? Michael Richardson
- Re: [IPsec] Update to RFC4307 too? Yoav Nir
- Re: [IPsec] Update to RFC4307 too? Michael Richardson
- Re: [IPsec] Update to RFC4307 too? Tero Kivinen
- Re: [IPsec] Update to RFC4307 too? Yaron Sheffer