Re: [IPsec] Éric Vyncke's No Objection on draft-ietf-ipsecme-ikev2-multiple-ke-10: (with COMMENT)
Valery Smyslov <svan@elvis.ru> Thu, 01 December 2022 11:25 UTC
Return-Path: <svan@elvis.ru>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 521A2C14F75F; Thu, 1 Dec 2022 03:25:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.096
X-Spam-Level:
X-Spam-Status: No, score=-7.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=elvis.ru
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D_O_Sm7WLQXW; Thu, 1 Dec 2022 03:25:11 -0800 (PST)
Received: from akmail.elvis.ru (akmail.elvis.ru [82.138.51.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 821E6C14F74A; Thu, 1 Dec 2022 03:25:08 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=elvis.ru; s=mail; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID: Date:Subject:In-Reply-To:References:CC:To:From:Sender:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=Fy2k21V7Mx15vUwJTS9TTlvFrHVGUETxS35fOW81erk=; b=vvru266Mi/Iil8NgsBYDn7QrpO zXmDtQwNQxnjay0dF+W046/w0muU8+4NHstJQZDCF6or6/uijnJg3epbzsPmm7U6CaWGZN0mvhAkd 8Mlxu6EIkvZclrNCMM6Z4kvkTMORK0djuZ1bdFgCqkYsyMf87w7kalWUBKiV/IqXSzAc=;
Received: from kmail.elvis.ru ([93.188.44.208]) by akmail.elvis.ru with esmtp (Exim 4.92) (envelope-from <svan@elvis.ru>) id 1p0hge-0003qu-NV; Thu, 01 Dec 2022 14:25:04 +0300
Received: from mail16.office.elvis.ru ([10.111.1.29] helo=mail.office.elvis.ru) by kmail.elvis.ru with esmtp (Exim 4.92) (envelope-from <svan@elvis.ru>) id 1p0hge-0006UU-Gw; Thu, 01 Dec 2022 14:25:04 +0300
Received: from MAIL16.office.elvis.ru (10.111.1.29) by MAIL16.office.elvis.ru (10.111.1.29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1779.2; Thu, 1 Dec 2022 14:25:04 +0300
Received: from buildpc (10.111.10.33) by MAIL16.office.elvis.ru (10.111.1.29) with Microsoft SMTP Server id 15.1.1779.2 via Frontend Transport; Thu, 1 Dec 2022 14:25:04 +0300
From: Valery Smyslov <svan@elvis.ru>
To: "'Eric Vyncke (evyncke)'" <evyncke@cisco.com>, 'The IESG' <iesg@ietf.org>
CC: draft-ietf-ipsecme-ikev2-multiple-ke@ietf.org, ipsecme-chairs@ietf.org, ipsec@ietf.org, kivinen@iki.fi, charliep@computer.org, gih@apnic.net
References: <166971468911.7554.15756404808608648113@ietfa.amsl.com> <150a01d9041a$9c8b3590$d5a1a0b0$@elvis.ru> <9F638EF3-9E79-42C2-9318-1353703D2A7B@cisco.com> <154301d90490$139fc5e0$3adf51a0$@elvis.ru> <A1DD6BE1-824A-4BB2-82A7-C956842AD70C@cisco.com>
In-Reply-To: <A1DD6BE1-824A-4BB2-82A7-C956842AD70C@cisco.com>
Date: Thu, 01 Dec 2022 14:25:06 +0300
Message-ID: <16d801d90577$907a94e0$b16fbea0$@elvis.ru>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQHLbR3DTJkNFJdObyrZMalkiEcAqwIv0BmTAnFKSBoCb3fF1gKVuCShribdhIA=
Content-Language: ru
X-CrossPremisesHeadersFilteredBySendConnector: MAIL16.office.elvis.ru
X-OrganizationHeadersPreserved: MAIL16.office.elvis.ru
X-KLMS-AntiSpam-Interceptor-Info: not scanned
X-KLMS-Rule-ID: 1
X-KLMS-Message-Action: clean
X-KLMS-AntiSpam-Status: not scanned, disabled by settings
X-KLMS-AntiPhishing: Clean, bases: 2022/12/01 10:32:00
X-KLMS-AntiVirus: Kaspersky Security for Linux Mail Server, version 8.0.3.30, bases: 2022/12/01 00:48:00 #20630840
X-KLMS-AntiVirus-Status: Clean, skipped
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/d5eglMpem7M0tA-X4qs63hYHWzM>
Subject: Re: [IPsec] Éric Vyncke's No Objection on draft-ietf-ipsecme-ikev2-multiple-ke-10: (with COMMENT)
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Dec 2022 11:25:15 -0000
Hi Éric, > -----Original Message----- > From: Eric Vyncke (evyncke) [mailto:evyncke@cisco.com] > Sent: Thursday, December 01, 2022 1:41 PM > To: Valery Smyslov; 'The IESG' > Cc: draft-ietf-ipsecme-ikev2-multiple-ke@ietf.org; ipsecme-chairs@ietf.org; ipsec@ietf.org; > kivinen@iki.fi; charliep@computer.org; gih@apnic.net > Subject: Re: Éric Vyncke's No Objection on draft-ietf-ipsecme-ikev2-multiple-ke-10: (with COMMENT) > > Hello Valery, > > Thanks for your suggested text for the abstract, may I suggest a little more concise (albeit less precise) > text for the 2nd paragraph (up to the authors of course): > > The primary application of this feature in IKEv2 is the ability to perform one or more > post-quantum key exchanges in conjunction with the classical key exchange, > so that the resulting shared key is resistant against quantum computer attacks. > Since there is currently no post-quantum key exchange that is against conventional (non- > quantum) > adversaries, performing multiple key exchanges with different post-quantum algorithms along > with the classical key exchange algorithms addresses this concern, since the > overall security is at least as strong as each individual primitive. I think in this text an important consideration is missing - that we now have enough trust in (EC)DH against conventional computers, but we don't have this level of trust in most post-quantum algorithms (both against conventional and quantum adversaries). That's why we want to combine them. Ah, I can see now that the original text can be interpreted, that we don't trust post-quantum key exchange only against conventional adversaries... We can modify the text as follows (make it more concise, less precise, but still correct, IMHO): Since there is currently no post-quantum key exchange that is studied at the level that (EC)DH is studied, performing multiple key exchanges with different post-quantum algorithms along with the well-established classical key exchange algorithms addresses this concern, since the overall security is at least as strong as each individual primitive. Is it OK? Regards, Valery. > > Hope this helps > > -éric > > > On 30/11/2022, 08:48, "iesg on behalf of Valery Smyslov" <iesg-bounces@ietf.org on behalf of > svan@elvis.ru> wrote: > > Hi Éric, > > > Hello Valery, > > > > TL;DR: Thanks for your reply and your comments. I agree with them ;-) > > > > If you want a more detailed reply, then look for EV> below > > OK, I snipped the text where we have an agreement. > > > Regards > > > > -éric > > [snipped] > > > > The bullet 2) is a nice explanation about *why* there must be multiple key > > > exchanges with different methods. Until reading that part, I was really > > > wondering why this I-D was about the link with PQC and multiple key exchanges. > > > Should this be mentioned in the abstract already ? > > > > I don't mind, but as far as I know, IESG wants abstract to be short :-) > > If you (and other ADs) think it's a good idea, then we'll add this text. > > > > EV> I know about short abstract, but they should also give an idea of the content & purpose > > If it is OK with the IESG we'll extend the abstract with this text. It will look like: > > This document describes how to extend the Internet Key Exchange Protocol > Version 2 (IKEv2) to allow multiple key exchanges to take place > while computing a shared secret during a Security Association (SA) setup. > > The primary application of this feature in IKEv2 is the ability to perform one or more > post-quantum key exchanges in conjunction with the classical (Elliptic Curve) Diffie-Hellman > (EC)DH key exchange, > so that the resulting shared key is resistant against quantum computer attacks. > Since there is currently no post-quantum key exchange that is trusted at > the level that (EC)DH is trusted for against conventional (non-quantum) > adversaries, performing multiple key exchanges with different post-quantum algorithms along > with the well-established classical key exchange algorithms addresses this concern, since the > overall security is at least as strong as each individual primitive. > > Another possible application for this extension is the ability to combine several key exchanges > in situations when no single key exchange algorithm is trusted by both initiator and responder. > > This document updates RFC7296 by renaming a transform type 4 from "Diffie-Hellman Group (D- > H)" > to "Key Exchange Method (KE)" and renaming a field in the Key Exchange Payload from "Diffie- > Hellman Group Num" > to "Key Exchange Method". It also renames an IANA registry for this transform type > from "Transform Type 4 - Diffie-Hellman Group Transform IDs" to > "Transform Type 4 - Key Exchange Method Transform IDs". These changes generalize > key exchange algorithms that can be used in IKEv2. > > Hope it's now clear and not *too* long :-) > > > > Should "FIPS" be prefixed by "USA" as in "USA FIPS" ? > > > > I don't know, rely on my co-authors (actually it seems that > > this is a well-known organization outside USA, but formally you are right). > > > > EV> I live a in Federal state as well (Belgium), so while I understand that FIPS stands for the USA one, > let's > > be inclusive. Up to you and the authors. > > No problem, will change the text to: > > USA Federal Information Processing Standards (FIPS) compliance. IPsec is widely used in Federal > Information > Systems and FIPS certification is an important requirement. > However, at the time of writing, none of the algorithms that is believed > to be post-quantum is FIPS compliant yet. Nonetheless, it is possible to combine > this post-quantum algorithm with a FIPS complaint key establishment method so that > the overall design remains FIPS compliant [NISTPQCFAQ]. > > Is it OK that prefix "USA" is added once and not to every appearance of "FIPS" ? > > The updated PR is available at: > https://github.com/post-quantum/ietf-pq-ikev2/pull/22 > > Regards, > Valery. > > > > ## Notes > > > > > > This review is in the ["IETF Comments" Markdown format][ICMF], You can use the > > > [`ietf-comments` tool][ICT] to automatically convert this review into > > > individual GitHub issues. > > > > > > [ICMF]: https://github.com/mnot/ietf-comments/blob/main/format.md > > > [ICT]: https://github.com/mnot/ietf-comments > > > > > > > > >
- [IPsec] Éric Vyncke's No Objection on draft-ietf-… Éric Vyncke via Datatracker
- Re: [IPsec] Éric Vyncke's No Objection on draft-i… Valery Smyslov
- Re: [IPsec] Éric Vyncke's No Objection on draft-i… Eric Vyncke (evyncke)
- Re: [IPsec] Éric Vyncke's No Objection on draft-i… Valery Smyslov
- Re: [IPsec] Éric Vyncke's No Objection on draft-i… Eric Vyncke (evyncke)
- Re: [IPsec] Éric Vyncke's No Objection on draft-i… Valery Smyslov
- Re: [IPsec] Éric Vyncke's No Objection on draft-i… Eric Vyncke (evyncke)