[IPsec] Question about IKEv1 and ECDSA

Yoav Nir <ynir@checkpoint.com> Wed, 28 November 2012 08:08 UTC

Return-Path: <ynir@checkpoint.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 6B66321F850C for <ipsec@ietfa.amsl.com>; Wed, 28 Nov 2012 00:08:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.74
X-Spam-Status: No, score=-8.74 tagged_above=-999 required=5 tests=[BAYES_20=-0.74, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id XDFTnpImfjZB for <ipsec@ietfa.amsl.com>; Wed, 28 Nov 2012 00:08:13 -0800 (PST)
Received: from smtp.checkpoint.com (smtp.checkpoint.com []) by ietfa.amsl.com (Postfix) with ESMTP id 1C6EE21F8624 for <ipsec@ietf.org>; Wed, 28 Nov 2012 00:08:12 -0800 (PST)
Received: from IL-EX10.ad.checkpoint.com ([]) by smtp.checkpoint.com (8.13.8/8.13.8) with ESMTP id qAS88ADB028141 for <ipsec@ietf.org>; Wed, 28 Nov 2012 10:08:11 +0200
X-CheckPoint: {50B5C682-0-1B221DC2-2FFFF}
Received: from IL-EX10.ad.checkpoint.com ([]) by IL-EX10.ad.checkpoint.com ([]) with mapi id 14.02.0318.004; Wed, 28 Nov 2012 10:07:53 +0200
From: Yoav Nir <ynir@checkpoint.com>
To: IPsecme WG <ipsec@ietf.org>
Thread-Topic: Question about IKEv1 and ECDSA
Thread-Index: AQHNzT93tyWp2/IlgECv+9TpKnXuTw==
Date: Wed, 28 Nov 2012 08:07:53 +0000
Message-ID: <4613980CFC78314ABFD7F85CC3027721023F2E@IL-EX10.ad.checkpoint.com>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
x-kse-antivirus-interceptor-info: scan successful
x-kse-antivirus-info: Clean
Content-Type: text/plain; charset="us-ascii"
Content-ID: <41F598EC2363F14191CFABE5AAE75573@ad.checkpoint.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: [IPsec] Question about IKEv1 and ECDSA
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Nov 2012 08:08:14 -0000


I know we don't like IKEv1 questions, but RFC 4754 does mention it, so here goes. And sorry if this has been discussed before. I couldn't find it.

In IKEv1 the authentication method is negotiated as an SA parameter. So presumably the Initiator proposes RSA signatures, ECDSA with the P-256 curve, etc, and the Responder chooses one of them. This happens in packets #1 and #2.

Later the certificate to actually present (in packets #5 and #6) is chosen based on a Certificate Request payload, and availability. This is different from IKEv2, where authentication method is implied by the certificates rather than negotiated.

So two questions:
1. Is it impossible to have one peer authenticate with RSA while the other authenticates with ECDSA, or even to mix curves?  Or am I missing something?
2. What if an IKE endpoint has >1 certificates, but the one best-suited for the certificate request has a different type key than the one agreed to in packet #2?

If I'm not missing something, it seems like IKEv1 is the wrong vehicle for the gradual introduction of ECDSA.  I'm not proposing to fix it, just trying to understand.