Re: [IPsec] RFC4869 bis submitted

Paul Hoffman <> Thu, 19 November 2009 23:08 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 603A23A67F4 for <>; Thu, 19 Nov 2009 15:08:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -5.996
X-Spam-Status: No, score=-5.996 tagged_above=-999 required=5 tests=[AWL=0.050, BAYES_00=-2.599, HELO_MISMATCH_COM=0.553, RCVD_IN_DNSWL_MED=-4]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id uAvLlurcFWrM for <>; Thu, 19 Nov 2009 15:08:44 -0800 (PST)
Received: from (Balder-227.Proper.COM []) by (Postfix) with ESMTP id A58CB3A67B2 for <>; Thu, 19 Nov 2009 15:08:44 -0800 (PST)
Received: from [] ( []) (authenticated bits=0) by (8.14.2/8.14.2) with ESMTP id nAJN8e4r042011 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 19 Nov 2009 16:08:41 -0700 (MST) (envelope-from
Mime-Version: 1.0
Message-Id: <p06240828c72b7fc0c3ce@[]>
In-Reply-To: <1258667497.15596.206.camel@thunk-west>
References: < > <1258667497.15596.206.camel@thunk-west>
Date: Thu, 19 Nov 2009 15:08:39 -0800
To: Bill Sommerfeld <>, "Law, Laurie" <>
From: Paul Hoffman <>
Content-Type: text/plain; charset="us-ascii"
Subject: Re: [IPsec] RFC4869 bis submitted
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of IPsec protocols <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 19 Nov 2009 23:08:45 -0000

At 1:51 PM -0800 11/19/09, Bill Sommerfeld wrote:
>On Tue, 2009-11-10 at 17:15 -0500, Law, Laurie wrote:
>> This Internet-Draft makes several minor changes to the suites in RFC
>> 4869 and incorporates comments that have been posted to the ipsec
>> mailing list.
>On reading the spec, it's not clear to me whether an IKEv1
>implementation which supports ECP-based DH (rfc4753) with preshared keys
>but not ECDSA (rfc4754) is considered to usefully implement this

The text says:
  IKEv1 implementations MUST
  support pre-shared key authentication [RFC2409] for interoperability.
  The authentication method used with IKEv1 MUST be either pre-shared
  key [RFC2409] or ECDSA-256 [RFC4754].
To me, that sounds like preshared keys are just fine for IKEv1 in this profile, but I might be misunderstanding what you mean by "usefully".

>As a practical matter, the ECDSA piece of this spec is likely to be the
>largest and last piece built -- given a working elliptic curve codebase,
>plugging ephemeral ECDH into an IKE implementation is a much smaller
>problem than building ECDSA into both an IKE implementation and the PKI
>client codebase, tools, and keystores it relies on.

Probably true, but ECDSA is far from impossible, as the OpenSSL people have shown for a while now.

--Paul Hoffman, Director
--VPN Consortium