[IPsec] Working Group Last Call: draft-ietf-ipsecme-aes-ctr-ikev2-02.txt
Tero Kivinen <kivinen@iki.fi> Thu, 17 September 2009 11:23 UTC
Return-Path: <kivinen@iki.fi>
X-Original-To: ipsec@core3.amsl.com
Delivered-To: ipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9DBA23A6A89 for <ipsec@core3.amsl.com>; Thu, 17 Sep 2009 04:23:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.578
X-Spam-Level:
X-Spam-Status: No, score=-2.578 tagged_above=-999 required=5 tests=[AWL=0.021, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LQkQdgwEwwnw for <ipsec@core3.amsl.com>; Thu, 17 Sep 2009 04:23:10 -0700 (PDT)
Received: from mail.kivinen.iki.fi (fireball.acr.fi [83.145.195.1]) by core3.amsl.com (Postfix) with ESMTP id 3EA363A68B8 for <ipsec@ietf.org>; Thu, 17 Sep 2009 04:23:09 -0700 (PDT)
Received: from fireball.kivinen.iki.fi (localhost [127.0.0.1]) by mail.kivinen.iki.fi (8.14.3/8.13.8) with ESMTP id n8HBNuZU000352 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 17 Sep 2009 14:23:56 +0300 (EEST)
Received: (from kivinen@localhost) by fireball.kivinen.iki.fi (8.14.3/8.12.11) id n8HBNt07003474; Thu, 17 Sep 2009 14:23:55 +0300 (EEST)
X-Authentication-Warning: fireball.kivinen.iki.fi: kivinen set sender to kivinen@iki.fi using -f
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <19122.7243.53280.198935@fireball.kivinen.iki.fi>
Date: Thu, 17 Sep 2009 14:23:55 +0300
From: Tero Kivinen <kivinen@iki.fi>
To: Paul Hoffman <paul.hoffman@vpnc.org>
In-Reply-To: <p06240810c6d6a8611c82@[10.20.30.158]>
References: <p06240810c6d6a8611c82@[10.20.30.158]>
X-Mailer: VM 7.19 under Emacs 21.4.1
X-Edit-Time: 21 min
X-Total-Time: 22 min
Cc: IPsecme WG <ipsec@ietf.org>
Subject: [IPsec] Working Group Last Call: draft-ietf-ipsecme-aes-ctr-ikev2-02.txt
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Sep 2009 11:23:11 -0000
Paul Hoffman writes: > Greetings again. This message starts the WG Last Call on > draft-ietf-ipsecme-aes-ctr-ikev2-02.txt. Please read the draft and > comment on the list whether or not you think it is ready for > standardization. We are particularly interested in hearing from > implementers who have carefully read the details to be sure they are > implementable and seem correct. Of course, we want to hear from > everyone as well. When reading the roadmap I noticed that camellia-ctr is also not defined for IKEv2 SAs, so I was wondering if the text in this document could be made generic enough so any counter mode cipher could be used. There is not really anything that much different between different counter mode ciphers, they take IV, which must not be repeated for same key, I think almost all of them also take nonce which is generated when key is generated but not transmitted on the wire and they do not have padding requirements. To be able to use counter mode in IKEv2 SA the implementation needs to know the IV format, transmitted IV length and padding requirements. Usually the RFC specifying the counter mode cipher defines IV format already and also specifies the transmitted IV length, so the required information is there but as the RFC4306 talks only about CBC mode ciphers and says things like the IV is same size as block length of cipher we could not use CTR ciphers in IKEv2. Making part of the draft bit more generic so it can be used to combine any counter mode cipher document and IKEv2 document in a such way that counter mode cipher can also be used to protect IKEv2, would make things easier for the future (i.e. there is no need to create separate RFC for each counter mode cipher). Mostly the information is already there in section 3, but some text might need to talk generic case first and the add text specifically for AES_CTR. For example: Changing: ---------------------------------------------------------------------- 3.1. Initialization Vector(IV) The IV field MUST be eight octets when AES_CTR algorithm is used for encryption. The IV MUST be chosen by the encryptor in a manner that ensures that the same IV value is NOT used more than once with a given encryption key. The encryptor can generate the IV in any manner that ensures uniqueness. Common approaches to IV generation include incrementing a counter for each packet and linear feedback shift registers (LFSRs). ---------------------------------------------------------------------- to ---------------------------------------------------------------------- 3.1. Initialization Vector(IV) The IV field length used for encryption depends on the counter mode algorithm. The IV MUST be chosen by the encryptor in a manner that ensures that the same IV value is NOT used more than once with a given encryption key. The encryptor can generate the IV in any manner that ensures uniqueness. Common approaches to IV generation include incrementing a counter for each packet and linear feedback shift registers (LFSRs). For AES_CTR algorithm IV field MUST be eight octects. ---------------------------------------------------------------------- Other option is of course to include text to ikev2bis which specifies how to use counter mode ciphers when protecting IKEv2 SAs. Currently draft-ietf-ipsecme-ikev2bis-04.txt says: ... Future documents may specify the processing of Encrypted payloads for other types of transforms, such as counter mode encryption and authenticated encryption algorithms. so instead of saying that we could say that [RFC5282] specifies how to use authenticated encryption algorithms with the Encrypted Payload, and [draft-ietf-ipsecme-aes-ctr-ikev2] specifies how to use counter mode encryption algorithms with Encrypted Payload. Future documents may specify the processing of Encrypted payloads for other types of transforms. -- kivinen@iki.fi
- [IPsec] Working Group Last Call: draft-ietf-ipsec… Paul Hoffman
- [IPsec] Working Group Last Call: draft-ietf-ipsec… Tero Kivinen
- Re: [IPsec] Working Group Last Call: draft-ietf-i… Paul Hoffman
- Re: [IPsec] Working Group Last Call: draft-ietf-i… Tero Kivinen