Re: [IPsec] [Technical Errata Reported] RFC7634 (5441)
Paul Wouters <paul@nohats.ca> Thu, 26 July 2018 19:31 UTC
Return-Path: <paul@nohats.ca>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BF651130E6F for <ipsec@ietfa.amsl.com>; Thu, 26 Jul 2018 12:31:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S381cATCz4ir for <ipsec@ietfa.amsl.com>; Thu, 26 Jul 2018 12:31:00 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [IPv6:2a03:6000:1004:1::68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 01527130E66 for <ipsec@ietf.org>; Thu, 26 Jul 2018 12:30:59 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 41c2JL0z80z34r; Thu, 26 Jul 2018 21:30:58 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1532633458; bh=pwLbJ8teNV+U547Vk3JaJZCgtCOG2lFr5J31vBQiy3s=; h=Subject:From:In-Reply-To:Date:Cc:References:To; b=qdQrcDiG8ZxEviHSpRDSkcv7MR4Ek4WToHNfM5X1gpj++MB7F9DfoL7UPiiAzSw7X ih1v9JRX7hG+tXRPCrpFsBd8jySOcBs6trdff5WGo5q9CX2GZ0VS12dZyJ741VwnOM emr8mj0taKy4+fSjK6ci4dPgRh858E7EAXaZG9D8=
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id BaumzfWnJG0S; Thu, 26 Jul 2018 21:30:55 +0200 (CEST)
Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Thu, 26 Jul 2018 21:30:54 +0200 (CEST)
Received: from [172.20.10.3] (unknown [172.58.91.163]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by bofh.nohats.ca (Postfix) with ESMTPSA id BC9A8381FC0; Thu, 26 Jul 2018 15:30:52 -0400 (EDT)
DKIM-Filter: OpenDKIM Filter v2.11.0 bofh.nohats.ca BC9A8381FC0
Content-Type: multipart/alternative; boundary="Apple-Mail-DC649E73-2431-42DB-B49B-DBE8B8D80AB9"
Mime-Version: 1.0 (1.0)
From: Paul Wouters <paul@nohats.ca>
X-Mailer: iPhone Mail (15G77)
In-Reply-To: <20FE97E3-768B-426D-9DF1-A228E8DEB143@gmail.com>
Date: Thu, 26 Jul 2018 12:30:50 -0700
Cc: RFC Errata System <rfc-editor@rfc-editor.org>, ekr@rtfm.com, andrew.cagney@gmail.com, kivinen@iki.fi, ipsec@ietf.org, kaduk@mit.edu, david.waltermire@nist.gov
Content-Transfer-Encoding: 7bit
Message-Id: <F27D6E34-2DDC-45FD-B5D6-DE4F4BE50D91@nohats.ca>
References: <20180726182923.D548CB8125E@rfc-editor.org> <20FE97E3-768B-426D-9DF1-A228E8DEB143@gmail.com>
To: Yoav Nir <ynir.ietf@gmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/PevySL4MebNAGkWxfHLpnl0EY_E>
Subject: Re: [IPsec] [Technical Errata Reported] RFC7634 (5441)
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Jul 2018 19:31:04 -0000
Some note would be good because apparently strongswan insists of the KEY_LENGTH attribute they shouldn’t be there? Sent from my phone > On Jul 26, 2018, at 12:06, Yoav Nir <ynir.ietf@gmail.com> wrote: > > This errata proposes to add the following sentence to section 4 of RFC 7634: > > As with other transforms that use a fixed-length key, the Key Length attribute MUST NOT be specified. > > This sentence is correct. If this came up as a suggestion during WG processing or during LC, I think we would add it. > > Looking back in RFC 7296, we have in section 3.3.5: > > o The Key Length attribute MUST NOT be used with transforms that use > a fixed-length key. For example, this includes ENCR_DES, > ENCR_IDEA, and all the Type 2 (Pseudorandom Function) and Type 3 > (Integrity Algorithm) transforms specified in this document. It > is recommended that future Type 2 or 3 transforms do not use this > attribute. > > And RFC 7634 says: > > o The encryption key is 256 bits. > > Given that, I don’t think there is any chance for a conscientious implementer to make the mistake of including the Key Length attribute. > > I don’t believe adding clarifying text is a proper use of the errata system. At best it should be marked as editorial and held for document update, if not rejected outright. > > Yoav > >> On 26 Jul 2018, at 21:29, RFC Errata System <rfc-editor@rfc-editor.org> wrote: >> >> The following errata report has been submitted for RFC7634, >> "ChaCha20, Poly1305, and Their Use in the Internet Key Exchange Protocol (IKE) and IPsec". >> >> -------------------------------------- >> You may review the report below and at: >> http://www.rfc-editor.org/errata/eid5441 >> >> -------------------------------------- >> Type: Technical >> Reported by: Andrew Cagney <andrew.cagney@gmail.com> >> >> Section: 4 >> >> Original Text >> ------------- >> When negotiating the ChaCha20-Poly1305 algorithm for use in IKE or >> IPsec, the value ENCR_CHACHA20_POLY1305 (28) should be used in the >> transform substructure of the SA payload as the ENCR (type 1) >> transform ID. As with other AEAD algorithms, INTEG (type 3) >> transform substructures MUST NOT be specified, or just one INTEG >> transform MAY be included with value NONE (0). >> >> Corrected Text >> -------------- >> When negotiating the ChaCha20-Poly1305 algorithm for use in IKE or >> IPsec, the value ENCR_CHACHA20_POLY1305 (28) should be used in the >> transform substructure of the SA payload as the ENCR (type 1) >> transform ID. >> As with other transforms that use a fixed-length key, the Key Length >> attribute MUST NOT be specified. >> As with other AEAD algorithms, INTEG (type 3) >> transform substructures MUST NOT be specified, or just one INTEG >> transform MAY be included with value NONE (0). >> >> Notes >> ----- >> Reading both RFC7634 and RFC7539 there seems to be a single fixed-length key of 256-bits. >> Hence, I think https://tools.ietf.org/html/rfc7296#section-3.3.5: >> o The Key Length attribute MUST NOT be used with transforms that use >> a fixed-length key. For example, this includes ENCR_DES, >> ENCR_IDEA,... >> applies (my intent is to clarify this). >> >> Instructions: >> ------------- >> This erratum is currently posted as "Reported". If necessary, please >> use "Reply All" to discuss whether it should be verified or >> rejected. When a decision is reached, the verifying party >> can log in to change the status and edit the report, if necessary. >> >> -------------------------------------- >> RFC7634 (draft-ietf-ipsecme-chacha20-poly1305-12) >> -------------------------------------- >> Title : ChaCha20, Poly1305, and Their Use in the Internet Key Exchange Protocol (IKE) and IPsec >> Publication Date : August 2015 >> Author(s) : Y. Nir >> Category : PROPOSED STANDARD >> Source : IP Security Maintenance and Extensions >> Area : Security >> Stream : IETF >> Verifying Party : IESG > > _______________________________________________ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec
- [IPsec] [Technical Errata Reported] RFC7634 (5441) RFC Errata System
- Re: [IPsec] [Technical Errata Reported] RFC7634 (… Yoav Nir
- Re: [IPsec] [Technical Errata Reported] RFC7634 (… Paul Wouters
- Re: [IPsec] [Technical Errata Reported] RFC7634 (… Tobias Brunner
- Re: [IPsec] [Technical Errata Reported] RFC7634 (… Benjamin Kaduk
- Re: [IPsec] [Technical Errata Reported] RFC7634 (… Valery Smyslov
- [IPsec] [Technical Errata Reported] RFC7634 (5441) Tero Kivinen