Re: [IPsec] Éric Vyncke's No Objection on draft-ietf-ipsecme-ikev2-multiple-ke-10: (with COMMENT)
Valery Smyslov <svan@elvis.ru> Wed, 30 November 2022 07:48 UTC
Return-Path: <svan@elvis.ru>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 62838C14CE22; Tue, 29 Nov 2022 23:48:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=elvis.ru
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FS1qizNOvP_d; Tue, 29 Nov 2022 23:48:11 -0800 (PST)
Received: from akmail.elvis.ru (akmail.elvis.ru [82.138.51.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C92D0C14CF1A; Tue, 29 Nov 2022 23:48:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=elvis.ru; s=mail; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID: Date:Subject:In-Reply-To:References:CC:To:From:Sender:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=iJAQ3Suf+XzRahpdPJ8JlTE6XVO+Qfft70JAXI/WD9g=; b=TEKWyXj/pbLMktk4dSdKe/ekad 7TZQCzXfid/YlOMq29GU1sS+MUYLd4ZexXRnHZST0GQqnvAXUcX2aAYB5Mnm3kU7pq+HqE4ZDUK9Y tREs/oMDrL6dHM931m18jtovX8wx47WWlWzu6kh7S4TJIWnzaEuarhNpi6PvTpYtbyS8=;
Received: from kmail.elvis.ru ([93.188.44.208]) by akmail.elvis.ru with esmtp (Exim 4.92) (envelope-from <svan@elvis.ru>) id 1p0Hp4-0001Kz-4H; Wed, 30 Nov 2022 10:48:02 +0300
Received: from mail16.office.elvis.ru ([10.111.1.29] helo=mail.office.elvis.ru) by kmail.elvis.ru with esmtp (Exim 4.92) (envelope-from <svan@elvis.ru>) id 1p0Hp3-0006fz-T2; Wed, 30 Nov 2022 10:48:02 +0300
Received: from MAIL16.office.elvis.ru (10.111.1.29) by MAIL16.office.elvis.ru (10.111.1.29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1779.2; Wed, 30 Nov 2022 10:48:01 +0300
Received: from buildpc (10.111.10.33) by MAIL16.office.elvis.ru (10.111.1.29) with Microsoft SMTP Server id 15.1.1779.2 via Frontend Transport; Wed, 30 Nov 2022 10:48:01 +0300
From: Valery Smyslov <svan@elvis.ru>
To: "'Eric Vyncke (evyncke)'" <evyncke@cisco.com>, 'The IESG' <iesg@ietf.org>
CC: draft-ietf-ipsecme-ikev2-multiple-ke@ietf.org, ipsecme-chairs@ietf.org, ipsec@ietf.org, kivinen@iki.fi, charliep@computer.org, gih@apnic.net
References: <166971468911.7554.15756404808608648113@ietfa.amsl.com> <150a01d9041a$9c8b3590$d5a1a0b0$@elvis.ru> <9F638EF3-9E79-42C2-9318-1353703D2A7B@cisco.com>
In-Reply-To: <9F638EF3-9E79-42C2-9318-1353703D2A7B@cisco.com>
Date: Wed, 30 Nov 2022 10:48:03 +0300
Message-ID: <154301d90490$139fc5e0$3adf51a0$@elvis.ru>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQHLbR3DTJkNFJdObyrZMalkiEcAqwIv0BmTAnFKSBquTTRrYA==
Content-Language: ru
X-CrossPremisesHeadersFilteredBySendConnector: MAIL16.office.elvis.ru
X-OrganizationHeadersPreserved: MAIL16.office.elvis.ru
X-KLMS-AntiSpam-Interceptor-Info: not scanned
X-KLMS-Rule-ID: 1
X-KLMS-Message-Action: clean
X-KLMS-AntiSpam-Status: not scanned, disabled by settings
X-KLMS-AntiPhishing: Clean, bases: 2022/11/30 06:37:00
X-KLMS-AntiVirus: Kaspersky Security for Linux Mail Server, version 8.0.3.30, bases: 2022/11/30 05:53:00 #20627193
X-KLMS-AntiVirus-Status: Clean, skipped
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/ZcpCkKePYLaCHucb_4k3i6GYG-I>
Subject: Re: [IPsec] Éric Vyncke's No Objection on draft-ietf-ipsecme-ikev2-multiple-ke-10: (with COMMENT)
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Nov 2022 07:48:15 -0000
Hi Éric,
> Hello Valery,
>
> TL;DR: Thanks for your reply and your comments. I agree with them ;-)
>
> If you want a more detailed reply, then look for EV> below
OK, I snipped the text where we have an agreement.
> Regards
>
> -éric
[snipped]
> > The bullet 2) is a nice explanation about *why* there must be multiple key
> > exchanges with different methods. Until reading that part, I was really
> > wondering why this I-D was about the link with PQC and multiple key exchanges.
> > Should this be mentioned in the abstract already ?
>
> I don't mind, but as far as I know, IESG wants abstract to be short :-)
> If you (and other ADs) think it's a good idea, then we'll add this text.
>
> EV> I know about short abstract, but they should also give an idea of the content & purpose
If it is OK with the IESG we'll extend the abstract with this text. It will look like:
This document describes how to extend the Internet Key Exchange Protocol
Version 2 (IKEv2) to allow multiple key exchanges to take place
while computing a shared secret during a Security Association (SA) setup.
The primary application of this feature in IKEv2 is the ability to perform one or more
post-quantum key exchanges in conjunction with the classical (Elliptic Curve) Diffie-Hellman (EC)DH key exchange,
so that the resulting shared key is resistant against quantum computer attacks.
Since there is currently no post-quantum key exchange that is trusted at
the level that (EC)DH is trusted for against conventional (non-quantum)
adversaries, performing multiple key exchanges with different post-quantum algorithms along
with the well-established classical key exchange algorithms addresses this concern, since the
overall security is at least as strong as each individual primitive.
Another possible application for this extension is the ability to combine several key exchanges
in situations when no single key exchange algorithm is trusted by both initiator and responder.
This document updates RFC7296 by renaming a transform type 4 from "Diffie-Hellman Group (D-H)"
to "Key Exchange Method (KE)" and renaming a field in the Key Exchange Payload from "Diffie-Hellman Group Num"
to "Key Exchange Method". It also renames an IANA registry for this transform type
from "Transform Type 4 - Diffie-Hellman Group Transform IDs" to
"Transform Type 4 - Key Exchange Method Transform IDs". These changes generalize
key exchange algorithms that can be used in IKEv2.
Hope it's now clear and not *too* long :-)
> > Should "FIPS" be prefixed by "USA" as in "USA FIPS" ?
>
> I don't know, rely on my co-authors (actually it seems that
> this is a well-known organization outside USA, but formally you are right).
>
> EV> I live a in Federal state as well (Belgium), so while I understand that FIPS stands for the USA one, let's
> be inclusive. Up to you and the authors.
No problem, will change the text to:
USA Federal Information Processing Standards (FIPS) compliance. IPsec is widely used in Federal Information
Systems and FIPS certification is an important requirement.
However, at the time of writing, none of the algorithms that is believed
to be post-quantum is FIPS compliant yet. Nonetheless, it is possible to combine
this post-quantum algorithm with a FIPS complaint key establishment method so that
the overall design remains FIPS compliant [NISTPQCFAQ].
Is it OK that prefix "USA" is added once and not to every appearance of "FIPS" ?
The updated PR is available at:
https://github.com/post-quantum/ietf-pq-ikev2/pull/22
Regards,
Valery.
> > ## Notes
> >
> > This review is in the ["IETF Comments" Markdown format][ICMF], You can use the
> > [`ietf-comments` tool][ICT] to automatically convert this review into
> > individual GitHub issues.
> >
> > [ICMF]: https://github.com/mnot/ietf-comments/blob/main/format.md
> > [ICT]: https://github.com/mnot/ietf-comments
> >
>
>
- [IPsec] Éric Vyncke's No Objection on draft-ietf-… Éric Vyncke via Datatracker
- Re: [IPsec] Éric Vyncke's No Objection on draft-i… Valery Smyslov
- Re: [IPsec] Éric Vyncke's No Objection on draft-i… Eric Vyncke (evyncke)
- Re: [IPsec] Éric Vyncke's No Objection on draft-i… Valery Smyslov
- Re: [IPsec] Éric Vyncke's No Objection on draft-i… Eric Vyncke (evyncke)
- Re: [IPsec] Éric Vyncke's No Objection on draft-i… Valery Smyslov
- Re: [IPsec] Éric Vyncke's No Objection on draft-i… Eric Vyncke (evyncke)