Re: [IPsec] WGLC on draft-ietf-ipsecme-rfc4307bis-11
Tero Kivinen <kivinen@iki.fi> Thu, 15 September 2016 11:01 UTC
Return-Path: <kivinen@iki.fi>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4DA3712B113 for <ipsec@ietfa.amsl.com>; Thu, 15 Sep 2016 04:01:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.121
X-Spam-Level:
X-Spam-Status: No, score=-1.121 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_NEUTRAL=0.779] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GhfSEOUSnAS9 for <ipsec@ietfa.amsl.com>; Thu, 15 Sep 2016 04:01:22 -0700 (PDT)
Received: from mail.kivinen.iki.fi (fireball.acr.fi [83.145.195.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5AF3412B0FD for <ipsec@ietf.org>; Thu, 15 Sep 2016 04:01:21 -0700 (PDT)
Received: from fireball.acr.fi (localhost [127.0.0.1]) by mail.kivinen.iki.fi (8.15.2/8.15.2) with ESMTPS id u8FB1EVg024457 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Thu, 15 Sep 2016 14:01:14 +0300 (EEST)
Received: (from kivinen@localhost) by fireball.acr.fi (8.15.2/8.14.8/Submit) id u8FB1Ela001092; Thu, 15 Sep 2016 14:01:14 +0300 (EEST)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <22490.32633.818191.899460@fireball.acr.fi>
Date: Thu, 15 Sep 2016 14:01:13 +0300
From: Tero Kivinen <kivinen@iki.fi>
To: Paul Wouters <paul@nohats.ca>
In-Reply-To: <alpine.LRH.2.20.1609131126100.10788@bofh.nohats.ca>
References: <MWHPR09MB14403260340F6DBF4DADCD8DF0E40@MWHPR09MB1440.namprd09.prod.outlook.com> <08AB2EF60E5C4A9C8950483676619B4C@buildpc> <alpine.LRH.2.20.1609131126100.10788@bofh.nohats.ca>
X-Mailer: VM 8.2.0b under 24.5.1 (x86_64--netbsd)
X-Edit-Time: 21 min
X-Total-Time: 30 min
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/VmikSAevGh-DpeGHnt5VqdE9vnw>
Cc: IPsecME WG <ipsec@ietf.org>, Valery Smyslov <svanru@gmail.com>
Subject: Re: [IPsec] WGLC on draft-ietf-ipsecme-rfc4307bis-11
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Sep 2016 11:01:25 -0000
Paul Wouters writes: > > Section 4.2 > > > > | RSASSA-PSS with Empty Parameters | MUST NOT | | > > | RSASSA-PSS with Default Parameters | MUST NOT | | > > > > Well, I'm a confused with these requirements. As far as I > > understand the RSASSA-PSS parameters default to using a SHA1 for > > both hashAlgorithm and maskGenAlgorithm. Isn't more clear for > > readers to include > > > > | RSASSA-PSS with SHA1 | MUST NOT | | > > > > instead of these two lines, which in their current form don't > > explicitely refer to any cryptographic algorithm and force > > reader to dig into RSASSA-PSS specification to just get > > know that it was SHA1 meant? Or did I miss something? > > I'll leave this one to Tero. This is aligned with RFC7427, which has 3 examples for RSASSA-PSS. The first one is RSASSA-PSS with empty parameters. This means signature uses SHA-1 and it is MUST NOT. This is the one implementations generate if they use default parameters. The second one is an example with RSASSA-PSS with Default parameters explictly encoded. This is not according to the DER, but RFC4055 still requires that implementations need to understand it, even when generating they should be using the Empty Parameters version, and it still uses SHA1 so it is also MUST NOT. The 3rd example in RFC7427 is RSASSA-PSS with SHA-256, and that is specified as MUST. In the beginning of the 4.2 we already explictly specify levels for hash functions, i.e. SHA1 is MUST NOT. The next table only lists the version we have in the RFC7427 and which are not MAY. > > AUTH_AES-XCBC is only recommended in the scope of IoT, as Internet of > > Things deployments tend to prefer AES based pseudo-random functions > > in order to avoid implementing SHA2. > > > > s/AUTH_AES-XCBC/AUTH_AES-XCBC_96 (as in IANA Registry) > > Actually, we should add this to section 9 for renaming and call it > AUTH_AES_XCBC_96. It is already called that in the IANA registry. I fixed the "-" to "_" in the Berlin IETF, while talking to the IANA people for other things, and when noticed that typo in registry. So the IANA registry already says "AUTH_AES_XCBC_96" and that is what we should use also in this document, or we can also talk about AES-XCBC (without AUTH_ and _96), when we are talking about the algorithm in general (like AES-GCM vs AES-CBC). In this case, I think the AUTH_AES_XCBC_96 is correct one. -- kivinen@iki.fi
- [IPsec] WGLC on draft-ietf-ipsecme-rfc4307bis-11 Waltermire, David A. (Fed)
- Re: [IPsec] WGLC on draft-ietf-ipsecme-rfc4307bis… Paul Wouters
- Re: [IPsec] WGLC on draft-ietf-ipsecme-rfc4307bis… Valery Smyslov
- Re: [IPsec] WGLC on draft-ietf-ipsecme-rfc4307bis… Paul Wouters
- Re: [IPsec] WGLC on draft-ietf-ipsecme-rfc4307bis… Valery Smyslov
- Re: [IPsec] WGLC on draft-ietf-ipsecme-rfc4307bis… Tero Kivinen
- Re: [IPsec] WGLC on draft-ietf-ipsecme-rfc4307bis… Valery Smyslov
- Re: [IPsec] WGLC on draft-ietf-ipsecme-rfc4307bis… Waltermire, David A. (Fed)