IETF Logo Mail Archive

Re: [IPsec] WGLC for draft-ietf-ipsecme-ikev2-multiple-ke

"rmguthr@uwe.nsa.gov" <rmguthr@uwe.nsa.gov> Mon, 09 August 2021 19:05 UTC

Return-Path: <rmguthr@uwe.nsa.gov>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8FD4B3A1219 for <ipsec@ietfa.amsl.com>; Mon, 9 Aug 2021 12:05:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.064
X-Spam-Level:
X-Spam-Status: No, score=-3.064 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.452, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FROM_GOV_DKIM_AU=-0.612, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=uwe.nsa.gov
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ylmTTsN12mq5 for <ipsec@ietfa.amsl.com>; Mon, 9 Aug 2021 12:05:06 -0700 (PDT)
Received: from GCC02-BL0-obe.outbound.protection.outlook.com (mail-bl2gcc02on2044.outbound.protection.outlook.com [40.107.89.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 02C243A11FB for <ipsec@ietf.org>; Mon, 9 Aug 2021 12:05:05 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=F55RfHYtHn1dIK2NVgFdgdw2OLOrMMSkkNwLURyh3NmBIj+Tq2CIOmvwJQUto4WBJrObeHfzjIq31gnAPfSgibYdNA2K68bl1qxniyBwfXiZZTQctGqDputrIM81oQCdZZX6OZz/d4lDVWXxLvS9134clZmQsbJZ9nPsSRKPvR/TOOC69R+POcaykkpSe2enFz3LKHL9YTgSAnZkalcW5PBgyiSvnxFqOoQt6Od2JLec7y+LquJVJaUc/+oP8FDyFELsfUbus9wyGSukaKuVrxMVdPloQimFlKJ4Fr59OmE02+sdPYw33qZNPd/6wjjjcLuAVMmy3c+hibIS6+fMEA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=OXP/MWzgIuQ4kafqcfyuWgDv2kaZFvOQ702zaiQuf4Q=; b=RWf6EKOwqS91dfTybKJjnvQhY6sqp6gu1D4Xuuw1++pMs0QVzDcC4FexHwyN8N47H3UUvou35ZzQJFMxORbzQGfb0napYjfjEFYTcikN5APnOy0cfDiHg3+sDlKQDj7HJuiUANitjY74MrOG/S2cm9Stvc9mYb5DvTNGx977OWye5bjnKOD9TfikuCJKZMsN1lpREQJ5nBH0BOeePAePV3yIsFiPh6bag7gwid7cr+6SdmrY0LropcdAIMGlkxnBGs1a0G2Vr0wERhvtsZsmDwkM51EknhgA8SafgGidbgqkb1XrZjq2peeZQlgsU9K/7Mup5PkYRmgX5hD4O4RL1Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=uwe.nsa.gov; dmarc=pass action=none header.from=uwe.nsa.gov; dkim=pass header.d=uwe.nsa.gov; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=uwe.nsa.gov; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=OXP/MWzgIuQ4kafqcfyuWgDv2kaZFvOQ702zaiQuf4Q=; b=ZyrlULShNVFS7hPqieOaPp95JvXUl6qwGrcW7Xteh2Aj8o9l8tXTvfWIHgJBHB/MPY6TqNVZhHcSGrfyFPfVtoeNBykQ8e3bGTlwIHsXXJ6AfT+k6zCqeUzmqWtUYLIAEY/lZp6jUqRG4yuFhlNFSDJs57E77JwnsjLyaCU7jH5PACmhR6ZmvZEnnIaeAitEYqqw2eHFWsz6Q/x69xqzDb803irKLvY2JKEH1Gg91xed/iZPL2iO7lg6wDEmOjcM53eRP9eh+n6wMh68/QrsJmNfrLAYEQaePuYJ85KC4RxUfK9p9HxrRIiTAoj4JssWOj+PVLTCLy5sjRsK8uJnPA==
Received: from BLAPR09MB7249.namprd09.prod.outlook.com (2603:10b6:208:2ae::14) by MN2PR09MB5179.namprd09.prod.outlook.com (2603:10b6:208:222::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4394.15; Mon, 9 Aug 2021 19:05:04 +0000
Received: from BLAPR09MB7249.namprd09.prod.outlook.com ([fe80::d9a3:2827:2f8a:134b]) by BLAPR09MB7249.namprd09.prod.outlook.com ([fe80::d9a3:2827:2f8a:134b%7]) with mapi id 15.20.4394.023; Mon, 9 Aug 2021 19:05:04 +0000
From: "rmguthr@uwe.nsa.gov" <rmguthr@uwe.nsa.gov>
To: "ipsec@ietf.org" <ipsec@ietf.org>
Thread-Topic: [IPsec] WGLC for draft-ietf-ipsecme-ikev2-multiple-ke
Thread-Index: AQHXjVBwTGK3yYC6okKYArzyNsgfrA==
Date: Mon, 09 Aug 2021 19:05:03 +0000
Message-ID: <BLAPR09MB72493A82600FAA04CC41B844FCF69@BLAPR09MB7249.namprd09.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=uwe.nsa.gov;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: b11a2e4e-108f-41c3-afd1-08d95b689859
x-ms-traffictypediagnostic: MN2PR09MB5179:
x-microsoft-antispam-prvs: <MN2PR09MB5179FB6B33B1790F2934C67EFCF69@MN2PR09MB5179.namprd09.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: QRojoIuWJ0930WFV8iczWRRV0GtLAZUG/9sw2/4VhX10WCimdwipuy+W2DmKQ9Ijm04OEtCDX0CRfRbk5/yX0nfbiN43nHP+0x4/F3CheKmxKsaLvoRfLmhzm3ZmunT9rIQymJieXvXqVTeVxVrHfZaGyjBKfLtJif97DzB3vnPaRC5brznV0AiWe9JGFt8h4RC9ZsBpqvu2PFv2OaQGtsqEN/HMhQzkj/oMh4k5YAsLTwErTo3JsEpFLBS3xMTKmUgw1zymW9gKNNBpDLFdCVsIpjqqBLTXR3YBEOXQErmUQIaJu4dm94XKXm5ipWx/+QcfK29c7TlEEwFGH15bvnHrSfV077ZK6KQBBf4IXAVGuVh/lunnOX+wPOPSmFua4dEZOAuYjKiwciRFp52YlKBPPkGhUePXiKLVcLFlwuWeA9X0n6gcZNwC+R3RB6yC0HMqsUR77h8ZN+r4QWSowtQvPoo9lI9sNBbHTepQUNQVVlT7dogQtsZx44xjtEorVfJpKeUaV2EKwH4NovZkw9SY9u0QsVyNM6xD7B8RC3PLJpuXw+33jhdBQPlc5UM93XWRHyHtNJTfFS66R3VOFOhHPXrRpxyzOSXYjxPDmscf5wrX3iPHd1vkYh3hV6kisrOGrRJT6i/IPLGKAOXUqr4+iel3bl3NeyJQuXtRrb+LbDLd7w2q3cvRJA0NKwjIDD/gG055KJ7Ox2zHOyWGLA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BLAPR09MB7249.namprd09.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(136003)(376002)(396003)(346002)(39850400004)(8936002)(2906002)(66476007)(4744005)(52536014)(33656002)(6506007)(66946007)(64756008)(66556008)(66446008)(76116006)(8676002)(83380400001)(26005)(6916009)(5660300002)(186003)(86362001)(316002)(38100700002)(122000001)(71200400001)(9686003)(478600001)(38070700005)(7696005)(55016002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 84Vc9pyWdGGHPJ9r3c3rR26pU2tucGGC6iiOp2D0KbaKoGsjP/0yOlyHROI1zGBJZjBmXZtao2d0YyGeaKqfahGepcHcRU/VLGpCm3MC13nxw57UPy5S90ejlRTPWG/LfJ6UEaFqlU8Ww+k0hOQ/NtYszwZVz6SrwWZbxZkCBFGTDddD3gRdgMrfe+6X7qZ7F1m9l7Ba8xK119j9uo7zSYNfE9k99ET74lyLaDEQdrRPIvUcqSM+/d63BQpYjip9XaQ7pxuifqL56NURBdzE54B0SASlDnqJqxAd+L3TO50gKiGGEPYttEGRUGqfp3IaZQz1xOQpWQn3uKelx3rWnxJ66JCGIj7DIhdU1svatEC1i4tp6CyX0W8VOe90NGmf3KgFhIFKRj+xjDZAXVyBW3m5c5wYWuBQT9D+FhCaM6YDmW2LEk2Bpu3L0Q8vp5lyAdCPXJjyVppBFG1aT4V0CtwLB7ifV8XEMDYwYoMzjOkUPlLDKkh9nBwg1NcVOZ7sqzlP+8vU55csKHinXSzdvq4lJiiqq6byp0e0i/v56C2Ma983O6KLjXEpQehQxD/7WBN1vEWaIVdEPGnjBTjkb2f2r4BvtUl1Wgy3pxWSZuXNbMytTCDX8f3wWzsMnpmnvdl/xBhB7ngIKx58BsEdsGX99AZJi4okaGk/1moT2VtuHEoFcxNbCCIKj0L6g3wuUNeTPvNz7DPgBkkmHBoiDx7BJtw1fBXxW08HroJZpUO4P8My2CiVITCibK9JKDhTcgL2+Wr9ZJrKu1bRd3zo262mghpGoME1TGNvit/ivA8w9OdZasrxNxtZtjnscQOsb6xlCUAnrc0UtxERNX7l268wKvUOKbRSAqyrG2sW6S2kZf+0tFDm0DeoBtCjLXbNyXzCUBxjTvH2x/cqu4IuLdJ3cnuqrlNfyotcCoHYK8/DAh3zk7PuoLHQlMEZx8gAXt6gh0Fae3olr40BROLS8myXTPlNDBtzvGRltSrhyFvSCG/YaRWZbRj2W9+3fn766OnqR00bpHmZM3ZP4+7UaoKAHictHW4IZ5fLcUW35eZYw6MbR07ST8Kf/lENBRsaN8bFHXOJYUi/b2qFPFjdMRDr6my6rNlpkVyV9nUK3FFWbs6PM0m/bJ7+XsI/egX2SjinhoyCxeqDWCo+qD1ungTep3gYfCNCdg9GGOcT+U/towxJctn6/3fyhF/JqiWSUzjG+3xZkb9F3c+H2WqraWUWIvTFN6tJbwZlSPHTQ3oyGanKOrfJma6TEadfFrpglC+Mnsp6oJhsX82XG8twHmZVYAEc9sOgtrowR7uyAAbeD6w3kGWqSuO5NQV1/tzmoMa+PJYYPG7l8lReJ86wRg==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_BLAPR09MB72493A82600FAA04CC41B844FCF69BLAPR09MB7249namp_"
MIME-Version: 1.0
X-OriginatorOrg: uwe.nsa.gov
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BLAPR09MB7249.namprd09.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: b11a2e4e-108f-41c3-afd1-08d95b689859
X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Aug 2021 19:05:03.9739 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: d61e9a6f-fc16-4f84-8a3e-6eeff33e136b
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR09MB5179
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/ZOJjE4aCe8BSgDHEYh976fm1Ssc>
Subject: Re: [IPsec] WGLC for draft-ietf-ipsecme-ikev2-multiple-ke
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Aug 2021 19:05:12 -0000

Good afternoon,

Has there been any thought on whether to include more information on KEMs specifically, with regard to the KeyGen, Encaps, and Decaps algorithms? It is my understanding that a public key (pk) will be sent in the KEi payload and that a ciphertext (ct) will be sent in the KEr payload. The hybrid draft for TLS 1.3 does provide this info and gives a brief explanation of how the KEM data maps to TLS, included below:

"For the client's share, the "key_exchange" are the "pk" outputs of the corresponding KEMs' "KeyGen" algorithms, if that algorithm corresponds to a KEM; or the (EC)DH ephemeral key share, if that algorithm corresponds to an (EC)DH group.  For the server's share, the "key_exchange" values are the "ct" outputs of the corresponding KEMs' "Encaps" algorithms, if that algorithm corresponds to a KEM; or the (EC)DH ephemeral key share, if that algorithm corresponds to an (EC)DH group."

Thanks,

Rebecca Guthrie
NSA’s Center for Cybersecurity Standards

v2.23.0 | Report a Bug | By Email