[IPsec] PAKE selection process - review how PAKEs fit to IKEv2
"Valery Smyslov" <smyslov.ietf@gmail.com> Tue, 10 September 2019 08:34 UTC
Return-Path: <smyslov.ietf@gmail.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1287812009E; Tue, 10 Sep 2019 01:34:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.498
X-Spam-Level:
X-Spam-Status: No, score=-0.498 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_SORBS_WEB=1.5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j3i3OlMcDTu5; Tue, 10 Sep 2019 01:34:02 -0700 (PDT)
Received: from mail-lj1-x229.google.com (mail-lj1-x229.google.com [IPv6:2a00:1450:4864:20::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3713F120045; Tue, 10 Sep 2019 01:34:02 -0700 (PDT)
Received: by mail-lj1-x229.google.com with SMTP id l20so15545235ljj.3; Tue, 10 Sep 2019 01:34:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding:thread-index:content-language; bh=inZ+Qar2CR2XEeE9fAn7qC7W5f7Dm87E1nSOpiHAAjo=; b=dr/wvmn+C32DV7slPmmZi2zNBOniDbI15MEpDqvwPvc6NErrmODFaipEo/vQfaHX/Z AqRkSgajDQ7u2AM8E2hx4EoW3VYQHXenFbSaS2H/k9qnSEZBgaPXZy8IkwFepFUvou2O TBwhGyOre60Jta70RD7PGgoEqqKqxzESizUSgn3kBv0xQtE4jeJILeWnaTSTGzgXiyXv akNwjVybUv3EVn01yVpNSn+rPilm6FY6A+DYt7d3tqN6Y1gsRLA/1JlkK29iQLL1wngj TgOpag4YfVfJtLjaTn+rPZkEkZFi/NeWustSp1Zo6Wvzdxhj5wvFzoaaWdQW13tsj8aD 4Wmg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding:thread-index:content-language; bh=inZ+Qar2CR2XEeE9fAn7qC7W5f7Dm87E1nSOpiHAAjo=; b=Hyk0VOtNDxrHIZ8Ztq8pfl1ujgFzNKFD5rxP2Y/BQKGO1oWSptWN2OHIcj7dcrS59O rgP8zrMK/4r83dLXStKD8lwIK18VJb7YBiZu8OdNvHe7eAx61uznP/3868urgwl6HBr3 PmfZPgKS6XxrP3uZ0mdhV4lKlRdS9WqiwCez6ifNlUUUoSRuwCCajy1mtmBBXVFXnSuo BGgl9VzAIF8OicvS+hUBz2DmtutYDR2R+eGio2i0d38BBUsKHsAPePT4oXdGOOl4AjAs Q1AYiBY0cbYATk92UUyIU/vgMBA3bxZ9Mf188DgDZeMl/QDBzU+92KdzIQ29jeHg+TZC lT+Q==
X-Gm-Message-State: APjAAAXiD+JCl3SztObt13eIBDW2pSwOlW89jR5Pec+4426JkMqHnHTL b0HUu/yXpAOXpAXRRDuHdy15LEB1
X-Google-Smtp-Source: APXvYqy5O4IAOJFP3w8DtslvtxtQg5uhzjAHDfJPiUfo3Xr8FST9IYAk5m83tdeYJN0si17n3+AbOg==
X-Received: by 2002:a2e:3a0e:: with SMTP id h14mr8912614lja.161.1568104440486; Tue, 10 Sep 2019 01:34:00 -0700 (PDT)
Received: from buildpc ([82.138.51.4]) by smtp.gmail.com with ESMTPSA id p9sm3674446lji.107.2019.09.10.01.33.59 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 10 Sep 2019 01:33:59 -0700 (PDT)
From: Valery Smyslov <smyslov.ietf@gmail.com>
To: "cfrg@irtf.org" <Cfrg@irtf.org>, IPsecME WG <ipsec@ietf.org>
Cc: cfrg-chairs@ietf.org
Date: Tue, 10 Sep 2019 11:34:00 +0300
Message-ID: <070e01d567b2$7f796740$7e6c35c0$@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AdVnsPt51vgTIv/KT7mOGOoTfkhs/g==
Content-Language: ru
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/P_J1qon3iHHMBazMY1nHLHxQ8t8>
Subject: [IPsec] PAKE selection process - review how PAKEs fit to IKEv2
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Sep 2019 08:34:04 -0000
(sorry for cross-posting) Hi, on CFRG secretary request I volunteered to prepare a review of how each of the eight PAKE candidates can be integrated into the IKEv2. The review is in the form of I-D (see below). Conclusion: IKEv2 is flexible enough to accommodate any of the PAKE candidates. There is already a framework for integrating PAKE protocols into IKEv2, defined in RFC6467. Unfortunately, it has an "Experimental" status and is not widely supported, but I still think using it is a good way to go. The draft also discusses some alternative approaches. Comments are appreciated. Regards, Valery Smyslov. -----Original Message----- From: internet-drafts@ietf.org [mailto:internet-drafts@ietf.org] Sent: Tuesday, September 10, 2019 11:11 AM To: Valery Smyslov Subject: New Version Notification for draft-smyslov-ikev2-pake-00.txt A new version of I-D, draft-smyslov-ikev2-pake-00.txt has been successfully submitted by Valery Smyslov and posted to the IETF repository. Name: draft-smyslov-ikev2-pake Revision: 00 Title: Usage of PAKE Protocols with IKEv2 Document date: 2019-09-09 Group: Individual Submission Pages: 16 URL: https://www.ietf.org/internet-drafts/draft-smyslov-ikev2-pake-00.txt Status: https://datatracker.ietf.org/doc/draft-smyslov-ikev2-pake/ Htmlized: https://tools.ietf.org/html/draft-smyslov-ikev2-pake-00 Htmlized: https://datatracker.ietf.org/doc/html/draft-smyslov-ikev2-pake Abstract: This memo discusses how PAKE (Password Authenticated Key Exchange) protocols can be integrated into the IKEv2 (Internet Key Exchange) protocol. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat
- [IPsec] PAKE selection process - review how PAKEs… Valery Smyslov