Re: [IPsec] NUDGE: WG Last Call for draft-ietf-ipsecme-dh-checks

Andrey Jivsov <openpgp@brainhub.org> Mon, 08 April 2013 22:48 UTC

Return-Path: <openpgp@brainhub.org>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7F6BC21F8F4A for <ipsec@ietfa.amsl.com>; Mon, 8 Apr 2013 15:48:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.437
X-Spam-Level:
X-Spam-Status: No, score=-0.437 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_NET=0.611, RDNS_NONE=0.1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3+MCfDdfQqkM for <ipsec@ietfa.amsl.com>; Mon, 8 Apr 2013 15:48:11 -0700 (PDT)
Received: from qmta05.emeryville.ca.mail.comcast.net (qmta05.emeryville.ca.mail.comcast.net [IPv6:2001:558:fe2d:43:76:96:30:48]) by ietfa.amsl.com (Postfix) with ESMTP id E3ED821F8F44 for <ipsec@ietf.org>; Mon, 8 Apr 2013 15:48:10 -0700 (PDT)
Received: from omta03.emeryville.ca.mail.comcast.net ([76.96.30.27]) by qmta05.emeryville.ca.mail.comcast.net with comcast id MahD1l0020b6N64A5aoA4a; Mon, 08 Apr 2013 22:48:10 +0000
Received: from [127.0.0.1] ([69.181.162.123]) by omta03.emeryville.ca.mail.comcast.net with comcast id Mao91l0092g33ZR8Pao9fg; Mon, 08 Apr 2013 22:48:10 +0000
Message-ID: <51634894.1030306@brainhub.org>
Date: Mon, 08 Apr 2013 15:45:40 -0700
From: Andrey Jivsov <openpgp@brainhub.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130110 Thunderbird/17.0.2
MIME-Version: 1.0
To: ipsec@ietf.org
References: <9F821C79-A855-4060-A356-ED8E5C50048B@vpnc.org>
In-Reply-To: <9F821C79-A855-4060-A356-ED8E5C50048B@vpnc.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.net; s=q20121106; t=1365461290; bh=XLZZuZASOWKnuJtg0PS5pu+4/ZYuZ0HWur3rpGFzcs4=; h=Received:Received:Message-ID:Date:From:MIME-Version:To:Subject: Content-Type; b=XMfP8ZHqbCXHEM6deny7hT7CXMVV5sOV44ojt38lje1jYZxgtV1TIZQPT5cNdprue 3DnOzLhTKVNj7462hzS+Avyy0O6E63EFTKx/pI4ObLw2caMShWACW0QHT84/7XAVcl 1MF96PGnOnZgzup1ZT6CdEFNlc1jOybnJg3sFNsGGmAviFu3ZVLJncFe3E9r7K6Wli OKS4QDjgREp/DAco6RdoS6ZXud/G85jyh/McbBfuzxF6rU76eMMycgIVjlx64a8TGk iz+U9irzW0wF+5MUVl11q8ZJyOk/vf4a3BPYgXpX4VeBx+hQnKqS+AXNdwkbRGsL8t I9QVYtdtoyONg==
Subject: Re: [IPsec] NUDGE: WG Last Call for draft-ietf-ipsecme-dh-checks
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Apr 2013 22:48:11 -0000

Sec 2.2:
> It MUST check both that the peer's public value is in range (1 < r
>       < p-1) and that r**q = 1 mod p (where q is the size of the
>       subgroup, as listed in the RFC).

Would it make sense to specify a more economical test for strong prime 
groups?

If q is meant to be p = q*2+1, there are only two possibilities for the 
value < p-1 received from the peer to be in the wrong subgroup. One of 
them is 1, which is ruled out by the check above. Another one is g^q. 
It's a fixed quantity for the given modp group. Seems like a memcmp with 
a fixed quantity g^q is the best way to address the problem.

On 04/08/2013 02:46 PM, Paul Hoffman wrote:
> [[ So far, we have received only *one* review of this document, from Tero. If we don't receive more reviews, the document might not progress due to lack of interest. Please review this document within the next week and contribute your review to the list. ]]
>
> Greetings. This is the start of the WG Last Call for draft-ietf-ipsecme-dh-checks; the WG period will end in two weeks, on April 15. The current draft is available at http://tools.ietf.org/html/draft-ietf-ipsecme-dh-checks-01
>
> Given that this will be a Standards Track document, it is important for it to be reviewed by as many people as possible. Possible results of individual reviewing the document are:
>
> - "Looks fine, please publish"
>
> - "Looks fine, here are some comments"
>
> - "Has some problems, here they are"
>
> - Other things of that sort
>
> Many people on this mailing list are IPsec implementers but are mostly or completely silent on the mailing list. If you are one of those people, doing a WG Last Call review is a good way to participate usefully in the WG. Please strongly consider (a) reading the current draft and (b) sending a message to the list with your short or long review. If there are too few reviews on this document, we could get pushback from the IESG about the document.
>
> --Paul Hoffman
> _______________________________________________
> IPsec mailing list
> IPsec@ietf.org
> https://www.ietf.org/mailman/listinfo/ipsec
>
> _______________________________________________
> IPsec mailing list
> IPsec@ietf.org
> https://www.ietf.org/mailman/listinfo/ipsec
>