IETF Logo Mail Archive

Re: [IPsec] [Technical Errata Reported] RFC7634 (5441)

Paul Wouters <paul@nohats.ca> Thu, 26 July 2018 19:31 UTC

Return-Path: <paul@nohats.ca>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BF651130E6F for <ipsec@ietfa.amsl.com>; Thu, 26 Jul 2018 12:31:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S381cATCz4ir for <ipsec@ietfa.amsl.com>; Thu, 26 Jul 2018 12:31:00 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [IPv6:2a03:6000:1004:1::68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 01527130E66 for <ipsec@ietf.org>; Thu, 26 Jul 2018 12:30:59 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 41c2JL0z80z34r; Thu, 26 Jul 2018 21:30:58 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1532633458; bh=pwLbJ8teNV+U547Vk3JaJZCgtCOG2lFr5J31vBQiy3s=; h=Subject:From:In-Reply-To:Date:Cc:References:To; b=qdQrcDiG8ZxEviHSpRDSkcv7MR4Ek4WToHNfM5X1gpj++MB7F9DfoL7UPiiAzSw7X ih1v9JRX7hG+tXRPCrpFsBd8jySOcBs6trdff5WGo5q9CX2GZ0VS12dZyJ741VwnOM emr8mj0taKy4+fSjK6ci4dPgRh858E7EAXaZG9D8=
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id BaumzfWnJG0S; Thu, 26 Jul 2018 21:30:55 +0200 (CEST)
Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Thu, 26 Jul 2018 21:30:54 +0200 (CEST)
Received: from [172.20.10.3] (unknown [172.58.91.163]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by bofh.nohats.ca (Postfix) with ESMTPSA id BC9A8381FC0; Thu, 26 Jul 2018 15:30:52 -0400 (EDT)
DKIM-Filter: OpenDKIM Filter v2.11.0 bofh.nohats.ca BC9A8381FC0
Content-Type: multipart/alternative; boundary="Apple-Mail-DC649E73-2431-42DB-B49B-DBE8B8D80AB9"
Mime-Version: 1.0 (1.0)
From: Paul Wouters <paul@nohats.ca>
X-Mailer: iPhone Mail (15G77)
In-Reply-To: <20FE97E3-768B-426D-9DF1-A228E8DEB143@gmail.com>
Date: Thu, 26 Jul 2018 12:30:50 -0700
Cc: RFC Errata System <rfc-editor@rfc-editor.org>, ekr@rtfm.com, andrew.cagney@gmail.com, kivinen@iki.fi, ipsec@ietf.org, kaduk@mit.edu, david.waltermire@nist.gov
Content-Transfer-Encoding: 7bit
Message-Id: <F27D6E34-2DDC-45FD-B5D6-DE4F4BE50D91@nohats.ca>
References: <20180726182923.D548CB8125E@rfc-editor.org> <20FE97E3-768B-426D-9DF1-A228E8DEB143@gmail.com>
To: Yoav Nir <ynir.ietf@gmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/PevySL4MebNAGkWxfHLpnl0EY_E>
Subject: Re: [IPsec] [Technical Errata Reported] RFC7634 (5441)
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Jul 2018 19:31:04 -0000

Some note would be good because apparently strongswan insists of the KEY_LENGTH attribute they shouldn’t be there?

Sent from my phone

> On Jul 26, 2018, at 12:06, Yoav Nir <ynir.ietf@gmail.com> wrote:
> 
> This errata proposes to add the following sentence to section 4 of RFC 7634:
> 
> As with other transforms that use a fixed-length key, the Key Length attribute MUST NOT be specified.
> 
> This sentence is correct. If this came up as a suggestion during WG processing or during LC, I think we would add it. 
> 
> Looking back in RFC 7296, we have in section 3.3.5:
> 
>    o  The Key Length attribute MUST NOT be used with transforms that use
>       a fixed-length key.  For example, this includes ENCR_DES,
>       ENCR_IDEA, and all the Type 2 (Pseudorandom Function) and Type 3
>       (Integrity Algorithm) transforms specified in this document.  It
>       is recommended that future Type 2 or 3 transforms do not use this
>       attribute.
> 
> And RFC 7634 says:
> 
>    o  The encryption key is 256 bits.
> 
> Given that, I don’t think there is any chance for a conscientious implementer to make the mistake of including the Key Length attribute.
> 
> I don’t believe adding clarifying text is a proper use of the errata system. At best it should be marked as editorial and held for document update, if not rejected outright.
> 
> Yoav
> 
>> On 26 Jul 2018, at 21:29, RFC Errata System <rfc-editor@rfc-editor.org> wrote:
>> 
>> The following errata report has been submitted for RFC7634,
>> "ChaCha20, Poly1305, and Their Use in the Internet Key Exchange Protocol (IKE) and IPsec".
>> 
>> --------------------------------------
>> You may review the report below and at:
>> http://www.rfc-editor.org/errata/eid5441
>> 
>> --------------------------------------
>> Type: Technical
>> Reported by: Andrew Cagney <andrew.cagney@gmail.com>
>> 
>> Section: 4
>> 
>> Original Text
>> -------------
>>   When negotiating the ChaCha20-Poly1305 algorithm for use in IKE or
>>   IPsec, the value ENCR_CHACHA20_POLY1305 (28) should be used in the
>>   transform substructure of the SA payload as the ENCR (type 1)
>>   transform ID.  As with other AEAD algorithms, INTEG (type 3)
>>   transform substructures MUST NOT be specified, or just one INTEG
>>   transform MAY be included with value NONE (0).
>> 
>> Corrected Text
>> --------------
>>   When negotiating the ChaCha20-Poly1305 algorithm for use in IKE or
>>   IPsec, the value ENCR_CHACHA20_POLY1305 (28) should be used in the
>>   transform substructure of the SA payload as the ENCR (type 1)
>>   transform ID.
>>   As with other transforms that use a fixed-length key, the Key Length
>>   attribute MUST NOT be specified.
>>   As with other AEAD algorithms, INTEG (type 3)
>>   transform substructures MUST NOT be specified, or just one INTEG
>>   transform MAY be included with value NONE (0).
>> 
>> Notes
>> -----
>> Reading both RFC7634 and RFC7539 there seems to be a single fixed-length key of 256-bits. 
>> Hence, I think https://tools.ietf.org/html/rfc7296#section-3.3.5:
>>   o  The Key Length attribute MUST NOT be used with transforms that use
>>      a fixed-length key.  For example, this includes ENCR_DES,
>>      ENCR_IDEA,...
>> applies (my intent is to clarify this).
>> 
>> Instructions:
>> -------------
>> This erratum is currently posted as "Reported". If necessary, please
>> use "Reply All" to discuss whether it should be verified or
>> rejected. When a decision is reached, the verifying party  
>> can log in to change the status and edit the report, if necessary. 
>> 
>> --------------------------------------
>> RFC7634 (draft-ietf-ipsecme-chacha20-poly1305-12)
>> --------------------------------------
>> Title               : ChaCha20, Poly1305, and Their Use in the Internet Key Exchange Protocol (IKE) and IPsec
>> Publication Date    : August 2015
>> Author(s)           : Y. Nir
>> Category            : PROPOSED STANDARD
>> Source              : IP Security Maintenance and Extensions
>> Area                : Security
>> Stream              : IETF
>> Verifying Party     : IESG
> 
> _______________________________________________
> IPsec mailing list
> IPsec@ietf.org
> https://www.ietf.org/mailman/listinfo/ipsec

v2.23.0 | Report a Bug | By Email