IETF Logo Mail Archive

Re: [IPsec] New draft on IKE Diffie-Hellman checks

Dan Brown <dbrown@certicom.com> Tue, 11 December 2012 21:36 UTC

Return-Path: <prvs=469265c35f=dbrown@certicom.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C7E1D21F84FE for <ipsec@ietfa.amsl.com>; Tue, 11 Dec 2012 13:36:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.603
X-Spam-Level:
X-Spam-Status: No, score=-4.603 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, J_CHICKENPOX_28=0.6, MIME_QP_LONG_LINE=1.396, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i9v8QtbysDNX for <ipsec@ietfa.amsl.com>; Tue, 11 Dec 2012 13:36:30 -0800 (PST)
Received: from mhs060cnc.rim.net (mhs060cnc.rim.net [208.65.73.34]) by ietfa.amsl.com (Postfix) with ESMTP id 187F721F84F3 for <ipsec@ietf.org>; Tue, 11 Dec 2012 13:36:29 -0800 (PST)
X-AuditID: 0a41282f-b7fea6d000001d56-d9-50c7a756cb85
Received: from XCT106CNC.rim.net (xct106cnc.rim.net [10.65.161.206]) by mhs060cnc.rim.net (SBG) with SMTP id 04.0E.07510.657A7C05; Tue, 11 Dec 2012 15:36:22 -0600 (CST)
Received: from XCT113CNC.rim.net (10.65.161.213) by XCT106CNC.rim.net (10.65.161.206) with Microsoft SMTP Server (TLS) id 14.2.318.1; Tue, 11 Dec 2012 16:36:22 -0500
Received: from XMB111CNC.rim.net ([fe80::fcd6:cc6c:9e0b:25bc]) by XCT113CNC.rim.net ([::1]) with mapi id 14.02.0318.001; Tue, 11 Dec 2012 16:36:21 -0500
From: Dan Brown <dbrown@certicom.com>
To: 'Dan Harkins' <dharkins@lounge.org>
Thread-Topic: [IPsec] New draft on IKE Diffie-Hellman checks
Thread-Index: AQHN1wZilu/9uGwwRUmtYsZlChLDnZgUOiUAgAA5pgD//6x6sA==
Date: Tue, 11 Dec 2012 21:36:21 +0000
Message-ID: <810C31990B57ED40B2062BA10D43FBF50EC94B@XMB111CNC.rim.net>
References: <50C62D6A.8010709@gmail.com> <5808c090d8485cc6698829b522fade80.squirrel@www.trepanning.net> <c2cc7c6b1feed9c2cec2ce5d5adcfbf1.squirrel@www.trepanning.net>
In-Reply-To: <c2cc7c6b1feed9c2cec2ce5d5adcfbf1.squirrel@www.trepanning.net>
Accept-Language: en-CA, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.65.160.245]
Content-Type: text/plain; charset="us-ascii"
content-transfer-encoding: quoted-printable
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFrrFKsWRmVeSWpSXmKPExsXC5bjwnG7Y8uMBBht6lSyW/vvCYrF/yws2 ByaPJUt+Mnk82/2SJYApqoHRJimxpCw4Mz1P384mMS8vvySxJFUhJbU42VbJJzU9MUchoCiz LDG5UsElszg5JzEzN7VISSEzxVbJREmhICcxOTU3Na/EVimxoCA1L0XJjksBA9gAlWXmKaTm JeenZOal2yp5BvvrWliYWuoaKtnpJnTyZKw5cYOp4BRnxd3OCYwNjAvYuxg5OSQETCQO32uC ssUkLtxbz9bFyMUhJLCKUeJG6zQWkISQwEpGiYXN0hCJOYwSx/ccYQVJsAmoStw/eo65i5GD Q0RAXWLL91iQMLOAvMTmL7vYQGxhAWuJ9b/2M4LYIgI2EvNW3GOFsJ0k/vUfB6thARrz5MEu ZhCbV8BN4t2Pa6xwR6x82gvWzCngLTFx03UmEJtRQFZi91kIm1lAXOLWk/lMEB8ISCzZc54Z whaVePn4HyuErSix+tUtNoh6HYkFuz9B2doSyxa+hlosKHFy5hOohxUkrlzfxzKBUWIWkhWz kLTPQtI+C0n7AkaWVYyCuRnFBmYGyXnJekWZuXp5qSWbGMGJRUN/B+Pb9xaHGAU4GJV4eOOP HQsQYk0sK67MPcQowcGsJMI7K+F4gBBvSmJlVWpRfnxRaU5q8SFGV2AQTWSW4k7OBya9vJJ4 YwMD3BwlcV5l5oMBQgLpwDSWnZpakFoEM4eJgxNkD5eUSDEwGaUWJZaWZMSDUmZ8MTBpSjUw 6nlvniUzd23GlwiZp2kiz3vq5vGyqOxZ7vn1YfoCjh0bfX40SnyWq572wna2VuTVy7t8/ssX eF7bXeG0uTmgqXKOeeSp2Zc/6X08a/m049iqEMMFy/1KlMKXPBK7/a7/e0drSvwu3suFAlIW F4Vd33/qrpL+NWPppykrt9rZZnHGq17UV3j4SomlOCPRUIu5qDgRAKyOGOltAwAA
Cc: IPsecme WG <ipsec@ietf.org>
Subject: Re: [IPsec] New draft on IKE Diffie-Hellman checks
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Dec 2012 21:36:30 -0000

> -----Original Message-----
> From: ipsec-bounces@ietf.org [mailto:ipsec-bounces@ietf.org] On Behalf
> Of Dan Harkins
> Sent: Tuesday, December 11, 2012 4:32 PM
> To: Dan Harkins
> Cc: IPsecme WG
> Subject: Re: [IPsec] New draft on IKE Diffie-Hellman checks
> 
> 
>   I made a mistake below. Thanks to Dan Brown for pointing it out.
> 
> On Tue, December 11, 2012 10:06 am, Dan Harkins wrote:
> [snip]
> >   - I think it should be mentioned that elliptic curve groups
> >      have a co-factor, h, and if h > 1 that a further check is
> >      also required, namely, if the x- and y-coordinates define
> >      a point Q then ensure that:
> >
> >            hQ = point-at-infinity
> >
> >      Add this check to both 2.3 and 2.4. Of course if h=1 then this
> >      check can be skipped.
> 
>   The check should be hQ != point-at-infinity. An equivalent check
> could be nQ = point-at-infinity where n is the order of the group
> formed by the generator, G.
> 
[DB] Well, the hQ != infinity check is insufficient for security, and not equivalent to ensuring that nQ=infinity.

Dan, sorry, I did not explain these details in my response to you.

Best regards,

Dan


---------------------------------------------------------------------
This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful.

v2.23.0 | Report a Bug | By Email