Re: [Ipsec] Key length attribute (was: Important changes in draft-hoffman-rfc3664bis; please review)
Dan McDonald <danmcd@sun.com> Thu, 13 October 2005 14:00 UTC
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EQ3cp-0006yW-Gc; Thu, 13 Oct 2005 10:00:03 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EQ3cn-0006xU-1m for ipsec@megatron.ietf.org; Thu, 13 Oct 2005 10:00:01 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA19472 for <ipsec@ietf.org>; Thu, 13 Oct 2005 09:59:55 -0400 (EDT)
Received: from brmea-mail-4.sun.com ([192.18.98.36]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1EQ3nG-0004Rv-Da for ipsec@ietf.org; Thu, 13 Oct 2005 10:10:52 -0400
Received: from eastmail1bur.East.Sun.COM ([129.148.9.49]) by brmea-mail-4.sun.com (8.12.10/8.12.9) with ESMTP id j9DDxtvD009093 for <ipsec@ietf.org>; Thu, 13 Oct 2005 07:59:55 -0600 (MDT)
Received: from punchin-danmcd.east.sun.com (punchin-danmcd.East.Sun.COM [129.148.19.2]) by eastmail1bur.East.Sun.COM (8.12.10+Sun/8.12.10/ENSMAIL, v2.2) with ESMTP id j9DDxssn014322 for <ipsec@ietf.org>; Thu, 13 Oct 2005 09:59:55 -0400 (EDT)
Received: from punchin-danmcd.east.sun.com (localhost [127.0.0.1]) by punchin-danmcd.east.sun.com (8.13.4+Sun/8.13.4) with ESMTP id j9DDxHDL003287; Thu, 13 Oct 2005 09:59:17 -0400 (EDT)
Received: (from danmcd@localhost) by punchin-danmcd.east.sun.com (8.13.4+Sun/8.13.4/Submit) id j9DDxHsO003286; Thu, 13 Oct 2005 09:59:17 -0400 (EDT)
Date: Thu, 13 Oct 2005 09:59:17 -0400
From: Dan McDonald <danmcd@sun.com>
To: Pasi.Eronen@nokia.com
Subject: Re: [Ipsec] Key length attribute (was: Important changes in draft-hoffman-rfc3664bis; please review)
Message-ID: <20051013135917.GG3069@everywhere.east.sun.com>
References: <B356D8F434D20B40A8CEDAEC305A1F24019A5FB6@esebe105.NOE.Nokia.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <B356D8F434D20B40A8CEDAEC305A1F24019A5FB6@esebe105.NOE.Nokia.com>
User-Agent: Mutt/1.4.1i
Organization: Sun Microsystems, Inc. - Solaris Networking & Security
X-Spam-Score: 0.0 (/)
X-Scan-Signature: f607d15ccc2bc4eaf3ade8ffa8af02a0
Cc: ipsec@ietf.org, kivinen@iki.fi
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IP Security <ipsec.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
Sender: ipsec-bounces@ietf.org
Errors-To: ipsec-bounces@ietf.org
So glad this thread came up! On Thu, Oct 13, 2005 at 04:52:29PM +0300, Pasi.Eronen@nokia.com wrote: > > Yes, I think the intention was not to prohibit variable-length > keys with e.g. Blowfish. Here's proposed text for the clarifications > document: > > Section 3.3.5 says that "The only algorithms defined in this > document that accept attributes are the AES based encryption, > integrity, and pseudo-random functions, which require a single > attribute specifying key width." > > This is incorrect. The AES-based integrity and pseudo-random > functions defined in this document always use a 128-bit key. In > fact, there are currently no integrity or PRF algorithms that use > the key length attribute (and we recommend that they should not > be defined in the future either). > > For encryption algorithms, the situation is slightly more complex > since there are three different types of algorithms: > > o The key length attribute is never used with algorithms that > use a fixed length key, such as DES, 3DES and IDEA. > > o The key length attribute is always included for the currently > defined AES-based algorithms (CBC, CTR, CCM and GCM). Omitting > the key length attribute is not allowed; if the proposal does > not contain it, it has to be rejected. > > o For other algorithms, the key length attribute can be included > but is not mandatory. These algorithms include, e.g., RC5, CAST > and BLOWFISH. If the key length attribute is not included, the > default value specified in [RFC2451] is used. > > Does this look right to you? Except for one thing, yes it does. That one thing: - IKE is supposed to be algorithm-agile. Let's say some grinning weirdo comes up with a better-than-AES algorithm, or worse, some other grinning weirdo breaks AES and we NEED a new cipher. How will we handle ciphers in the future? There are two ways to solve this: 1.) All algorithms must have a default key length that is used when no key-length attribute is present. This means picking a default size for AES. 2.) All new algorithms with variable-sized keys are treated like AES, and MUST include a key-length attribute. I don't care which one of those two is picked, but one of them must be used to maintain algorithm-agility. Dan _______________________________________________ Ipsec mailing list Ipsec@ietf.org https://www1.ietf.org/mailman/listinfo/ipsec
- [Ipsec] Key length attribute (was: Important chan… Pasi.Eronen
- Re: [Ipsec] Key length attribute (was: Important … Dan McDonald
- Re: [Ipsec] Key length attribute (was: Important … Paul Hoffman
- [Ipsec] Key length attribute (was: Important chan… Tero Kivinen
- RE: [Ipsec] Key length attribute (was: Important … Pasi.Eronen
- RE: [Ipsec] Key length attribute (was: Important … Tero Kivinen