[IPsec] Comments on draft-smyslov-ipsecme-ikev2-auth-announce
Tero Kivinen <kivinen@iki.fi> Mon, 08 November 2021 21:04 UTC
Return-Path: <kivinen@iki.fi>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4F0DA3A040A for <ipsec@ietfa.amsl.com>; Mon, 8 Nov 2021 13:04:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=iki.fi
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PLIvqtpqrufY for <ipsec@ietfa.amsl.com>; Mon, 8 Nov 2021 13:04:21 -0800 (PST)
Received: from meesny.iki.fi (meesny.iki.fi [195.140.195.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8B3B23A03FA for <ipsec@ietf.org>; Mon, 8 Nov 2021 13:04:21 -0800 (PST)
Received: from fireball.acr.fi (fireball.kivinen.iki.fi [IPv6:2001:1bc8:100d::2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: kivinen@iki.fi) by meesny.iki.fi (Postfix) with ESMTPSA id 19A3320168; Mon, 8 Nov 2021 23:04:18 +0200 (EET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=iki.fi; s=meesny; t=1636405458; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=5ckAsrEAvxzzHpl/yr8TGsHypFISEHOz8i/8n82I2Jk=; b=SYFWc3lt0NChHZdY0nHmtseJQqNhH8Nj653qUrSrcFuzDKKRddgdYITrnzB1zfOWo4vKag AxAnkg9e4334it3RtUKGnHmEIaojM5hMTWYYlgxskLbKukRckFf0AtVd/HoCVcWN9z7qlM 2iW62BkhN1UCjDCybUX/uP8RQZ7AMMY=
Received: by fireball.acr.fi (Postfix, from userid 15204) id A805325C12C6; Mon, 8 Nov 2021 23:04:17 +0200 (EET)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Message-ID: <24969.37073.626018.820410@fireball.acr.fi>
Date: Mon, 08 Nov 2021 23:04:17 +0200
From: Tero Kivinen <kivinen@iki.fi>
To: "Scott Fluhrer (sfluhrer)" <sfluhrer=40cisco.com@dmarc.ietf.org>
Cc: "ipsec@ietf.org" <ipsec@ietf.org>
In-Reply-To: <BL3PR11MB5682B8216D3A393B4D1771DBC1919@BL3PR11MB5682.namprd11.prod.outlook.com>
References: <BL3PR11MB5682B8216D3A393B4D1771DBC1919@BL3PR11MB5682.namprd11.prod.outlook.com>
X-Mailer: VM 8.2.0b under 26.3 (x86_64--netbsd)
X-Edit-Time: 8 min
X-Total-Time: 7 min
ARC-Authentication-Results: i=1; ORIGINATING; auth=pass smtp.auth=kivinen@iki.fi smtp.mailfrom=kivinen@iki.fi
ARC-Seal: i=1; s=meesny; d=iki.fi; t=1636405458; a=rsa-sha256; cv=none; b=xbAamZaHTs3HoulCWwFbANr6s6qBzEyMkmjBAH3q6D+DcR+jwwZN14g255/zwoo5k9rwn3 xYWl/DuErqb8cZWY2q6CQ954CiqHrQRF/+6SZSvzCyp2uaSZohTRRGzyvci2Xf+pwS5bP9 fpIYb7oRuPKfnsFn+sn9zkHPqiB+bA0=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=iki.fi; s=meesny; t=1636405458; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=5ckAsrEAvxzzHpl/yr8TGsHypFISEHOz8i/8n82I2Jk=; b=ccn2xSiT4yyKRCCMFx2/nBazaH0ENYBaTDuM2OvjwBHGswdPvH5h1SDRsG5Lym5ITAU8x8 3qGk2MyoIewygfW4HiDA/IVSHyALL5cK0c4tibR1hL0uU+5nae8kClQvnDN0F270uEJFC1 V2uC9bI9NhHbZ/8f6Lsa0uKBVFK9DEU=
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/XnQvV7JIL4dBwc6C1BCs-anTifY>
Subject: [IPsec] Comments on draft-smyslov-ipsecme-ikev2-auth-announce
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Nov 2021 21:04:25 -0000
Scott Fluhrer \(sfluhrer\) writes: > I’m glad to see this work; however I see a potentially important > constraint on authentication that the current draft does not appear > to address. > > It allows the peers to specify which signature algorithms they > accept; however if we are talking about certificates, those include > internal signature algorithms, which may be different. One instance > where I expect this to come up is that the root certificate may have > a more conservative algorithm choice (e.g. a hash based signature, > or one with NIST level 5) than the device certificates (which may > have a short expiry time, and so being so conservative might not be > necessary). > > Does the AuthMethod apply to the algorithms within the certificate > as well? The RFC should clarify this. The reason for this notify is that if the peer has multiple key pairs (i.e., private keys) it needs to pick one private key to sign the AUTH payload with. If one of those private keys is using EC and another is using RSA, then without this notification there is no way of knowing which one to pick (except perhaps by prior configuration or by heuristics based on the CERTREQ etc). Also in some cases same private key can be used with multiple hashing methods etc, thus indicating what formats of signature are accepted is also needed. On the other hand the signatures in the certificates are already there, and the peers do not have any way of changing them, thus negotiating what are accepted does not help. Peers can already send as many certificates they want and they can also indicate the CAs they trust using CERTREQs, so that should be enough for peers to get algorithms in the certificates sorted out. I.e., if they have multiple paths from certificate(s) matching their private key they are going to use for signing to the trusted roots trusted by other end, they can send all those paths out. The one who gets all those certificate payloads will then search from them, and from its local cache, or even querying more intermediate certificates from the CA and form a trusted path from the one EE certificate to any trusted root that matches the security policy required for the that end. -- kivinen@iki.fi
- [IPsec] Comments on draft-smyslov-ipsecme-ikev2-a… Scott Fluhrer (sfluhrer)
- [IPsec] Comments on draft-smyslov-ipsecme-ikev2-a… Tero Kivinen
- Re: [IPsec] Comments on draft-smyslov-ipsecme-ike… Paul Wouters
- Re: [IPsec] Comments on draft-smyslov-ipsecme-ike… Tero Kivinen
- Re: [IPsec] Comments on draft-smyslov-ipsecme-ike… Valery Smyslov
- Re: [IPsec] Comments on draft-smyslov-ipsecme-ike… Valery Smyslov
- Re: [IPsec] Comments on draft-smyslov-ipsecme-ike… Paul Wouters