Re: [IPsec] I-D Action: draft-ietf-ipsecme-dh-checks-03.txt
Johannes Merkle <johannes.merkle@secunet.com> Tue, 23 April 2013 17:41 UTC
Return-Path: <Johannes.Merkle@secunet.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F3C5D21F9412 for <ipsec@ietfa.amsl.com>; Tue, 23 Apr 2013 10:41:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9WF8ZmbOKULP for <ipsec@ietfa.amsl.com>; Tue, 23 Apr 2013 10:41:18 -0700 (PDT)
Received: from a.mx.secunet.com (a.mx.secunet.com [195.81.216.161]) by ietfa.amsl.com (Postfix) with ESMTP id CD0EE21F93F1 for <ipsec@ietf.org>; Tue, 23 Apr 2013 10:41:17 -0700 (PDT)
Received: from localhost (alg1 [127.0.0.1]) by a.mx.secunet.com (Postfix) with ESMTP id 6B84B1A0080 for <ipsec@ietf.org>; Tue, 23 Apr 2013 19:41:16 +0200 (CEST)
X-Virus-Scanned: by secunet
Received: from a.mx.secunet.com ([127.0.0.1]) by localhost (a.mx.secunet.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id IbA6rQwupzqT for <ipsec@ietf.org>; Tue, 23 Apr 2013 19:41:14 +0200 (CEST)
Received: from mail-srv1.secumail.de (unknown [10.53.40.200]) by a.mx.secunet.com (Postfix) with ESMTP id 805621A007F for <ipsec@ietf.org>; Tue, 23 Apr 2013 19:41:14 +0200 (CEST)
Received: from [10.208.1.73] ([10.208.1.73]) by mail-srv1.secumail.de with Microsoft SMTPSVC(6.0.3790.4675); Tue, 23 Apr 2013 19:41:14 +0200
Message-ID: <5176C7B9.50001@secunet.com>
Date: Tue, 23 Apr 2013 19:41:13 +0200
From: Johannes Merkle <johannes.merkle@secunet.com>
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:17.0) Gecko/20130328 Thunderbird/17.0.5
MIME-Version: 1.0
To: ipsec@ietf.org
References: <20130422184745.13680.44055.idtracker@ietfa.amsl.com>
In-Reply-To: <20130422184745.13680.44055.idtracker@ietfa.amsl.com>
X-Enigmail-Version: 1.5.1
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-OriginalArrivalTime: 23 Apr 2013 17:41:14.0339 (UTC) FILETIME=[C04D1330:01CE4049]
Subject: Re: [IPsec] I-D Action: draft-ietf-ipsecme-dh-checks-03.txt
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Apr 2013 17:41:19 -0000
I hope I am not too late as the document write-up has already been sent out. Section 2.3 specifies: A receiving peer MUST check that its peer's public value is valid; that is, it is not the point- at-infinity, and that the x and y parameters from the peer's public value satisfy the curve equation, that is, y**2 = x**3 + ax + b mod p How can a peer check this? I am not aware of any encoding rule for the point-at-infinity in RFC 5903 or RFC 5114. Does the encoding of SEC1 apply, where the point-at-infinity is encoded to 0x00? According to RFC 5903 this would be padded with zeros, so that the decoding algorithm of the receiving peer would obtain x=0 and y=0. These do certainly not fulfill the curve equation as the discriminant -16*(4*a^3 + 27*b^2) must be non-zero. So isn't the requirement to check that the value it is not the point-at-infinity confusing and redundant? Johannes > A New Internet-Draft is available from the on-line Internet-Drafts directories. > This draft is a work item of the IP Security Maintenance and Extensions Working Group of the IETF. > > Title : Additional Diffie-Hellman Tests for IKEv2 > Author(s) : Yaron Sheffer > Scott Fluhrer > Filename : draft-ietf-ipsecme-dh-checks-03.txt > Pages : 11 > Date : 2013-04-22 > > Abstract: > This document adds a small number of mandatory tests required for the > secure operation of IKEv2 with elliptic curve groups. No change is > required to IKE implementations that use modular exponential groups, > other than a few rarely used so-called DSA groups. This document > updates the IKEv2 protocol, RFC 5996. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-ipsecme-dh-checks > > There's also a htmlized version available at: > http://tools.ietf.org/html/draft-ietf-ipsecme-dh-checks-03 > > A diff from the previous version is available at: > http://www.ietf.org/rfcdiff?url2=draft-ietf-ipsecme-dh-checks-03 > > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > _______________________________________________ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec > -- Mit freundlichen Grüßen, Dr. Johannes Merkle Principal Beratung, Elektronische Identitäten Public Sector secunet Security Networks AG Mergenthaler Allee 77 65760 Eschborn Germany Telefon +49 201 54 54-3091 Telefax +49 201 54 54-1325 Mobil +49 175 2224439 johannes.merkle@secunet.com www.secunet.com
- [IPsec] I-D Action: draft-ietf-ipsecme-dh-checks-… internet-drafts
- Re: [IPsec] I-D Action: draft-ietf-ipsecme-dh-che… Johannes Merkle
- Re: [IPsec] I-D Action: draft-ietf-ipsecme-dh-che… Dan Brown
- Re: [IPsec] I-D Action: draft-ietf-ipsecme-dh-che… Johannes Merkle
- Re: [IPsec] I-D Action: draft-ietf-ipsecme-dh-che… Yaron Sheffer