IETF Logo Mail Archive

Re: [IPsec] IKE's DH groups 19-21, NIST, FIPS 140-2, etc.

Scott C Moonen <smoonen@us.ibm.com> Sat, 04 July 2009 11:43 UTC

Return-Path: <smoonen@us.ibm.com>
X-Original-To: ipsec@core3.amsl.com
Delivered-To: ipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 432CD3A6836; Sat, 4 Jul 2009 04:43:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.298
X-Spam-Level:
X-Spam-Status: No, score=-5.298 tagged_above=-999 required=5 tests=[AWL=-1.301, BAYES_00=-2.599, HTML_MESSAGE=0.001, OBSCURED_EMAIL=0.001, RCVD_IN_DNSWL_MED=-4, SARE_BAYES_5x8=0.8, SARE_BAYES_6x8=0.8, SARE_BAYES_7x8=1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SYKoqmA9obvf; Sat, 4 Jul 2009 04:43:30 -0700 (PDT)
Received: from e36.co.us.ibm.com (e36.co.us.ibm.com [32.97.110.154]) by core3.amsl.com (Postfix) with ESMTP id D42FB3A69D3; Sat, 4 Jul 2009 04:43:29 -0700 (PDT)
Received: from d03relay04.boulder.ibm.com (d03relay04.boulder.ibm.com [9.17.195.106]) by e36.co.us.ibm.com (8.13.1/8.13.1) with ESMTP id n64Bfgrv002440; Sat, 4 Jul 2009 05:41:42 -0600
Received: from d03av01.boulder.ibm.com (d03av01.boulder.ibm.com [9.17.195.167]) by d03relay04.boulder.ibm.com (8.13.8/8.13.8/NCO v9.2) with ESMTP id n64BhC3U200060; Sat, 4 Jul 2009 05:43:12 -0600
Received: from d03av01.boulder.ibm.com (loopback [127.0.0.1]) by d03av01.boulder.ibm.com (8.12.11.20060308/8.13.3) with ESMTP id n64BhCSA004031; Sat, 4 Jul 2009 05:43:12 -0600
Received: from d03nm118.boulder.ibm.com (d03nm118.boulder.ibm.com [9.17.195.144]) by d03av01.boulder.ibm.com (8.12.11.20060308/8.12.11) with ESMTP id n64BhC3L004028; Sat, 4 Jul 2009 05:43:12 -0600
In-Reply-To: <p062408e0c67317806446@[10.20.30.158]>
References: <B500CA54-010F-469F-AFA2-92AB44F71D54@stratussolutions.com> <p062408b4c672f6178fca@[10.20.30.158]> <7D42CBF1-5BEB-4EE3-93E2-754A4BC2764A@stratussolutions.com> <p062408e0c67317806446@[10.20.30.158]>
To: Paul Hoffman <paul.hoffman@vpnc.org>
MIME-Version: 1.0
X-KeepSent: 3AB4DB32:79E9CCEB-852575E9:00403C25; type=4; name=$KeepSent
X-Mailer: Lotus Notes Release 8.0.2 HF623 January 16, 2009
From: Scott C Moonen <smoonen@us.ibm.com>
X-MIMETrack: S/MIME Sign by Notes Client on Scott C Moonen/Raleigh/IBM(Release 8.0.2 HF623|January 16, 2009) at 07/04/2009 07:42:52 AM, Serialize by Notes Client on Scott C Moonen/Raleigh/IBM(Release 8.0.2 HF623|January 16, 2009) at 07/04/2009 07:42:52 AM, Serialize complete at 07/04/2009 07:42:52 AM, S/MIME Sign failed at 07/04/2009 07:42:52 AM: The cryptographic key was not found, Serialize by Router on D03NM118/03/M/IBM(Release 8.5|December 05, 2008) at 07/04/2009 05:43:12, Serialize complete at 07/04/2009 05:43:12
Message-ID: <OF3AB4DB32.79E9CCEB-ON852575E9.00403C25-852575E9.0040606B@us.ibm.com>
Date: Sat, 04 Jul 2009 07:43:11 -0400
Content-Type: multipart/alternative; boundary="=_alternative 004059CA852575E9_="
Cc: ipsec@ietf.org, ipsec-bounces@ietf.org, Sean Kevin O'Keeffe <sean@stratussolutions.com>
Subject: Re: [IPsec] IKE's DH groups 19-21, NIST, FIPS 140-2, etc.
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 04 Jul 2009 11:43:31 -0000

Thanks, Paul, Sean.

What's the next step?  If there's agreement that we need a new RFC, I'd be 
glad to pitch in with the effort.


Scott Moonen (smoonen@us.ibm.com)
z/OS Communications Server TCP/IP Development
http://scott.andstuff.org/
http://www.linkedin.com/in/smoonen



From:
Paul Hoffman <paul.hoffman@vpnc.org>
To:
"Sean Kevin O'Keeffe" <sean@stratussolutions.com>
Cc:
ipsec@ietf.org
Date:
07/02/2009 10:13 PM
Subject:
Re: [IPsec] IKE's DH groups 19-21, NIST, FIPS 140-2, etc.



At 9:46 PM -0400 7/2/09, Sean Kevin O'Keeffe wrote:
>We need to differentiate between the values transmitted over the
>wire between IKEv2 peers, and the value they used as a seed to
>derive keying material.

The fact that they're different seems needlessly error-prone.

>I think the KE payload examples are correct in 8.1.  The peers need
>both coordinates to compute the derived point. However, they only
>need to use the x coordinate of this point as the shared secret.

Correct; that's what Scott was referring to when he started this thread.

>In the context of the example in 8.1, I interpreted the errata as
>changing the last sentence in the section to:
>   "girx is the value that is used in the formation of SKEYSEED."

This might make sense, but it still completely disagrees with examples 
given. Look at the end of 8.1:
-----------------------
   The shared secret value g^ir=(girx,giry) where

girx:
 D6840F6B 42F6EDAF D13116E0 E1256520 2FEF8E9E CE7DCE03 812464D0 4B9442DE

giry:
 522BDE0A F0D8585B 8DEF9C18 3B5AE38F 50235206 A8674ECB 5D98EDB2 0EB153A2

   These are concatenated to form

g^ir:
 D6840F6B 42F6EDAF D13116E0 E1256520 2FEF8E9E CE7DCE03 812464D0 4B9442DE
 522BDE0A F0D8585B 8DEF9C18 3B5AE38F 50235206 A8674ECB 5D98EDB2 0EB153A2

   This is the value that is used in the formation of SKEYSEED.
------------------------

Doesn't that say "the concatenated values is used in the formation of 
SKEYSEED"?


>I'm aware of several implementations that comply with this errata,

This might be true, but it doesn't follow from the RFC, or from the 
errata. The fact that several implementations agreed after testing with 
each other is cause to update the RFC.

>so I think a decision to withdraw it requires careful deliberation.

Absolutely. It would be much better to, instead, obsolete this RFC with 
one that matches what the implementations are doing, noting the difference 
in the new RFC.

>That being said, this issue needs to be clearly resolved so
>implementations from different vendors can interoperate.

Fully agree.

--Paul Hoffman, Director
--VPN Consortium
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec

v2.31.3 | Report a Bug | By Email | System Status