Re: [IPsec] Comments on draft-smyslov-ipsecme-ikev2-auth-announce
Valery Smyslov <smyslov.ietf@gmail.com> Tue, 09 November 2021 11:16 UTC
Return-Path: <smyslov.ietf@gmail.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4F3C43A0ECB for <ipsec@ietfa.amsl.com>; Tue, 9 Nov 2021 03:16:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UhTfPHGRQQvX for <ipsec@ietfa.amsl.com>; Tue, 9 Nov 2021 03:16:38 -0800 (PST)
Received: from mail-lf1-x12a.google.com (mail-lf1-x12a.google.com [IPv6:2a00:1450:4864:20::12a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 57AD93A0EDA for <ipsec@ietf.org>; Tue, 9 Nov 2021 03:16:38 -0800 (PST)
Received: by mail-lf1-x12a.google.com with SMTP id y26so43487253lfa.11 for <ipsec@ietf.org>; Tue, 09 Nov 2021 03:16:38 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:references:in-reply-to:subject:date:message-id:mime-version :content-language:thread-index; bh=gmAcOvegBzFKcaJ8ZwHfq5aqQwje9wO3+sJl4wBFh7s=; b=ik9Elfpqn5OOtAAQuHtcRyY0m5R1JlIc/CZK0fyThZKEkkyfCEpiklTUiMLh7pv7oM oKDZGQY3eyH1FAZaexz5M9+xMzN0qiZXHhG9uzyVksJCwpQtnuOf6pkpTQSF1o4GbsGS vRgsQ8zysj/6WIOv1vZiDmmzX6MIM823HJRJBvzmskfeOdHxawu6tZsD+1DiDn2XXC7N hhPltObdTtg43H8rtDztfx14kiMGXogwZkKfIZJaiTSORCvqOCred3Z5JCmK8Wy9UsZr WrruCMI+hfS+5g2dkddD+BRUnzDoozQT3fUn5gP5W8+CUrVWqPOmOKDK8k0urhaOIj3n EDng==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:references:in-reply-to:subject:date :message-id:mime-version:content-language:thread-index; bh=gmAcOvegBzFKcaJ8ZwHfq5aqQwje9wO3+sJl4wBFh7s=; b=xIjmgfprppy0BC9c+YaxeedMCzSo4QyCNFqN4zKfbWqNIfn0NHT96u0ut3Ip9WqolY I74y1Xtoqdc8pDDSj07WK21l6/ptifM3ZEv42zrwytzaCFadqBWJn6zvHlz/28njzsIg hw0/i/DUqQxCtJMhCcWdXzpHCcsUDqMQKHOpESWVzfzjRLmujRFmieYCu1nZYWtX5fqk ryRNZWrUam/wulyurszdNhmfD4UCuCtwlgjNPSFMZ42CYbBoIZcShHBLVVcmMhcEh3uK ggKuKmHNGbiYxq4XZRb1ujnc2ynh0cajQ68+06f7ixjYS6F4Bn7w8MJqmqAXM1VNBVs/ 6qjw==
X-Gm-Message-State: AOAM530iIM/xsucSIudqEmm0iqlvcYEBCJDn1MZfqmh19chKjwC0mjEX JhDOluhCXMgWH2Naj+HzAn4pMzr7EOM=
X-Google-Smtp-Source: ABdhPJzyAfL8IpapS1RElTbzG72fayIhBh4uIVFXoX3kQjPvT0v7mw1+Jd6B8o94Q68dtoMHcfskqQ==
X-Received: by 2002:a05:6512:607:: with SMTP id b7mr6094755lfe.489.1636456596177; Tue, 09 Nov 2021 03:16:36 -0800 (PST)
Received: from chichi (37-144-56-120.broadband.corbina.ru. [37.144.56.120]) by smtp.gmail.com with ESMTPSA id t9sm1275135ljh.59.2021.11.09.03.16.35 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 09 Nov 2021 03:16:35 -0800 (PST)
From: Valery Smyslov <smyslov.ietf@gmail.com>
To: "'Scott Fluhrer (sfluhrer)'" <sfluhrer=40cisco.com@dmarc.ietf.org>, ipsec@ietf.org
References: <BL3PR11MB5682B8216D3A393B4D1771DBC1919@BL3PR11MB5682.namprd11.prod.outlook.com>
In-Reply-To: <BL3PR11MB5682B8216D3A393B4D1771DBC1919@BL3PR11MB5682.namprd11.prod.outlook.com>
Date: Tue, 09 Nov 2021 14:16:31 +0300
Message-ID: <006801d7d55b$4003f3a0$c00bdae0$@gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0069_01D7D574.65539CA0"
X-Mailer: Microsoft Outlook 14.0
Content-Language: ru
Thread-Index: AQITNjdT9KgrrlqUI5ai5H2Nb8x5bauEQwMg
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/UaUctxXnvfhqWtPV8VLGVAg-B8o>
Subject: Re: [IPsec] Comments on draft-smyslov-ipsecme-ikev2-auth-announce
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Nov 2021 11:16:41 -0000
Hi Scott.
I’m glad to see this work;
Thank you.
however I see a potentially important constraint on authentication that the current draft does not appear to address.
It allows the peers to specify which signature algorithms they accept; however if we are talking about certificates, those include internal signature algorithms, which may be different. One instance where I expect this to come up is that the root certificate may have a more conservative algorithm choice (e.g. a hash based signature, or one with NIST level 5) than the device certificates (which may have a short expiry time, and so being so conservative might not be necessary).
Does the AuthMethod apply to the algorithms within the certificate as well? The RFC should clarify this.
Maybe implicitly, but not explicitly. The problem the draft addresses is an ambiguity
for an IKE implementation having several credentials which to use so that its peer can authenticate it.
So, if there are several certificate chains for host's certificates (e.g. several CAs each issuing
EE certificate), then an implementation selects one of its certificates, thus implicitly
selecting the chain to corresponding CA. But of course, the announced Auth Methods
indicate only the algorithm the implementation use to create AUTH payloads, not algorithm within the chain.
Listing the AlgorithmIdentifier’s for all the signature algorithms we can support seems unnecessarily chatty; would it be more prudent to extend the AuthMethod field to 16 bits (and so we (or IANA) would feel more free to dole them out?
I considered this option. My intention was to avoid creating new registries so, that
new algorithms can be used without the process of allocation a new value
(that takes a while), so the choice of AlgorithmIdentifier. I agree that it makes
the size of the notification larger. Whether it is a real problem depends
on the number of supported algorithms. RFC 7427 lists a dozen, and
most of them (except for RSA-PSS) have AlgorithmIdentifier length 11-15 bytes.
RSA-PSS is very special, it has a lot of parameters, but in practice most of
time it is used with default parameters. We don't know yet about
AlgorithmIdentifiers for PQ signature schemes, but it is my understanding
from yesterday's LAMPS meeting that they most likely will contain no
parameters, just a single OID.
So, it looks like in most cases the size of the SUPPORTED_AUTH_METHODS
notification will be about one or two hundred bytes compared to about 20-30
bytes if we use new registry. One can also use IKE_INTERMEDIATE
if this amount extra bytes overflows IKE_SA_INIT.
So, there is a trade of, but we can return to this and probably reconsider
if the draft is adopted.
And, finally, a typo: it’s P-521, not P-512 😊
Thank you. These buttons are so close to each other :-)
Regards,
Valery.
- [IPsec] Comments on draft-smyslov-ipsecme-ikev2-a… Scott Fluhrer (sfluhrer)
- [IPsec] Comments on draft-smyslov-ipsecme-ikev2-a… Tero Kivinen
- Re: [IPsec] Comments on draft-smyslov-ipsecme-ike… Paul Wouters
- Re: [IPsec] Comments on draft-smyslov-ipsecme-ike… Tero Kivinen
- Re: [IPsec] Comments on draft-smyslov-ipsecme-ike… Valery Smyslov
- Re: [IPsec] Comments on draft-smyslov-ipsecme-ike… Valery Smyslov
- Re: [IPsec] Comments on draft-smyslov-ipsecme-ike… Paul Wouters