IETF Logo Mail Archive

Re: [IPsec] Maximum sizes of IKEv2 messages and UDP messages ?

Valery Smyslov <smyslov.ietf@gmail.com> Wed, 17 June 2020 13:58 UTC

Return-Path: <smyslov.ietf@gmail.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D42DE3A081D for <ipsec@ietfa.amsl.com>; Wed, 17 Jun 2020 06:58:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 15yixPQZM7BK for <ipsec@ietfa.amsl.com>; Wed, 17 Jun 2020 06:58:02 -0700 (PDT)
Received: from mail-lf1-x131.google.com (mail-lf1-x131.google.com [IPv6:2a00:1450:4864:20::131]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1EF753A081B for <ipsec@ietf.org>; Wed, 17 Jun 2020 06:57:59 -0700 (PDT)
Received: by mail-lf1-x131.google.com with SMTP id c21so1361179lfb.3 for <ipsec@ietf.org>; Wed, 17 Jun 2020 06:57:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:references:in-reply-to:subject:date:message-id:mime-version :thread-index:content-language; bh=h8lCJffNnuEgBLkm2TeIbOy2s3S9A13bfxgcYbrLXXY=; b=CjrutFh3QEsdQaCkKMRxZGeZ1SbSZK6ZkXUvD3zn60ImV5t9yvKpjv7a1rSNinoysh qVjT6o41kaabkuVJk1BaA0ie9xrqqF7kko+hFrf1wkEhvZwMguoasWrZcZIFxUlNUfIB fKZLFtbOHsbsxS1AjacWrAFlNZO7vbqHaPNL5uQfrtV0fL63xI6Vfnl1urv9wqkj17I5 vCm87NbG+NYn75sF7eNFEL86wv2ZaMSkJjqEMZxJjsUHxYAnmx3wy8kcHas6GCT8AEi4 998JA2g9kmP8huTbR/zO3OdQoO8qfD/Dov4AtE32zH7TmYp6DDftSiXChy18aF9u4FNr FxhA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:references:in-reply-to:subject:date :message-id:mime-version:thread-index:content-language; bh=h8lCJffNnuEgBLkm2TeIbOy2s3S9A13bfxgcYbrLXXY=; b=ia78FQk7OMKwY2jsERzdBJnA2uqlD/WBe00cR8cgF2jebXt42Rtz4304AuVz1rBJvA VG7YoEeLRmBE2tECNx1ULyNMc2bwkGLjmjYsh0iMWOtnkqiHN8dnqI+Hj4h8xO5xB1IB iGvsMHPsNsQsJHYoyxaDjNJ01+isHe8a6CqrWC/yGA1H/wvaj7pgkZSU9N1hxHDaTHLo VZifL6sMk7u00dpKN4WWCMHBC7DlWkMrWN3wZLWqerMxpVGwT5RKTnZV25C7VwJRTsUK WwtZJri/gZ+fPozWGrmp2rzyx4CBcIM1g9keO5uERg75u441psE/d9REYS9HPkdF07yn Lmiw==
X-Gm-Message-State: AOAM530Ikb4WrETos23D4Mbsf80eXhggr2Kts5mY7OpU8j4+yp8QOVVo BRjGhXtnlTRzBvTirG/MRWTyCF3i
X-Google-Smtp-Source: ABdhPJwKIz5nUDQrLJzqhFudp2OrC/PIXYniXL4Rp0MSU8i8ot9gA1vKN5Y7W+/8ap6XJuJPdoStqw==
X-Received: by 2002:a19:c194:: with SMTP id r142mr4627918lff.87.1592402276962; Wed, 17 Jun 2020 06:57:56 -0700 (PDT)
Received: from buildpc ([82.138.51.3]) by smtp.gmail.com with ESMTPSA id s8sm5005540ljh.101.2020.06.17.06.57.55 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 17 Jun 2020 06:57:56 -0700 (PDT)
From: Valery Smyslov <smyslov.ietf@gmail.com>
To: "'Dang, Quynh H. (Fed)'" <quynh.dang=40nist.gov@dmarc.ietf.org>, 'ipsecme mailing list' <ipsec@ietf.org>
References: <BY5PR09MB47550EF86C79AD4B009DACE2F39A0@BY5PR09MB4755.namprd09.prod.outlook.com>
In-Reply-To: <BY5PR09MB47550EF86C79AD4B009DACE2F39A0@BY5PR09MB4755.namprd09.prod.outlook.com>
Date: Wed, 17 Jun 2020 16:57:58 +0300
Message-ID: <059d01d644af$4f2c7ed0$ed857c70$@gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_059E_01D644C8.747B3D70"
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQHCZ+QZYbN6OZwcSebby6LP6QErR6kEjYFA
Content-Language: ru
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/VPE-Wn4Qtk5n4zIOkq38dXBw4wc>
Subject: Re: [IPsec] Maximum sizes of IKEv2 messages and UDP messages ?
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Jun 2020 13:58:04 -0000

Hi Quinh,

 

please look at the  draft-ietf-ipsecme-ikev2-multiple-ke-00.

It specifically addresses your concern about large public keys of PQ KE methods.

 

Actually, it's generally OK to have public keys/signatures up to 64Kbytes.

If you need to deal with larger keys, then some update of the specs is needed.

 

Regards,

Valery.

 

 

From: IPsec [mailto:ipsec-bounces@ietf.org] On Behalf Of Dang, Quynh H. (Fed)
Sent: Wednesday, June 17, 2020 4:49 PM
To: ipsecme mailing list
Subject: [IPsec] Maximum sizes of IKEv2 messages and UDP messages ?

 

Hi everyone,

 

I am interested in knowing what are typical maximum sizes for IKEv2 messages and UDP messages in implementations. 

 

The reason is that the IKEv2's spec has a must and a should being 1280 and 3000 bytes respectively for IKEv2 messages, but does not
have a maximum limit.

 

As you know some of the post quantum cryptographic candidates in our standardization process have large or very large public key ,
signature and/or ciphertext sizes.

 

My guess is that some updates to the spec and/or implementations would make them work. 

 

Your data points and discussions are appreciated.

 

Regards,

Quynh.

v2.23.0 | Report a Bug | By Email