Re: [IPsec] NUDGE: WG Last Call for draft-ietf-ipsecme-dh-checks

Michael Richardson <mcr+ietf@sandelman.ca> Tue, 09 April 2013 14:33 UTC

Return-Path: <mcr@sandelman.ca>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 74D5121F9299 for <ipsec@ietfa.amsl.com>; Tue, 9 Apr 2013 07:33:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8eKPUkXNdp62 for <ipsec@ietfa.amsl.com>; Tue, 9 Apr 2013 07:33:55 -0700 (PDT)
Received: from tuna.sandelman.ca (unknown [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) by ietfa.amsl.com (Postfix) with ESMTP id 7A29521F8F39 for <ipsec@ietf.org>; Tue, 9 Apr 2013 07:33:55 -0700 (PDT)
Received: from sandelman.ca (desk.marajade.sandelman.ca [209.87.252.247]) by tuna.sandelman.ca (Postfix) with ESMTP id 327192016F; Tue, 9 Apr 2013 10:43:30 -0400 (EDT)
Received: by sandelman.ca (Postfix, from userid 179) id 9B238A9946; Tue, 9 Apr 2013 10:33:34 -0400 (EDT)
Received: from sandelman.ca (localhost [127.0.0.1]) by sandelman.ca (Postfix) with ESMTP id 84843B9396; Tue, 9 Apr 2013 10:33:34 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Dan Brown <dbrown@certicom.com>
In-Reply-To: <810C31990B57ED40B2062BA10D43FBF513E325@XMB111CNC.rim.net>
References: <9F821C79-A855-4060-A356-ED8E5C50048B@vpnc.org> <5697.1365476466@sandelman.ca> <A113ACFD9DF8B04F96395BDEACB3404209060652@xmb-rcd-x04.cisco.com> <17925.1365514002@sandelman.ca> <810C31990B57ED40B2062BA10D43FBF513E325@XMB111CNC.rim.net>
X-Mailer: MH-E 8.3; nmh 1.3-dev; XEmacs 21.4 (patch 22)
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha1; protocol="application/pgp-signature"
Date: Tue, 09 Apr 2013 10:33:34 -0400
Message-ID: <29765.1365518014@sandelman.ca>
Sender: mcr@sandelman.ca
Cc: IPsecme WG <ipsec@ietf.org>, "Scott Fluhrer \(sfluhrer\)" <sfluhrer@cisco.com>
Subject: Re: [IPsec] NUDGE: WG Last Call for draft-ietf-ipsecme-dh-checks
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Apr 2013 14:33:56 -0000

>>>>> "Dan" == Dan Brown <dbrown@certicom.com> writes:
    >> Perhaps these things belong in seperate sections.
    >> It seems that from the receiver of g^x's point of view, point two
    >> repeats point one, since the receiver is not in a position to know if
    >> the DH private value was reused.

    Dan> [DB] The concern is that receiver wants to protect her own
    Dan> reused private key from an invalid public key from a malicious
    Dan> peer.  To do this, the receiver checks the received value to
    Dan> make sure it is valid and safe to combine with her reused
    Dan> private key.  Another option for the receiver is not reusing
    Dan> the private key at all.  

okay, that wasn't clear to me at all.

When you say "private key", we are talking about the y, not the g^y.

I guess I recall that there are some implementations which calculate
their g^x/g^y, and cache that for many DH operations.  

Is the the point here is that this is safe if we do these tests.

-- 
]               Never tell me the odds!                 | ipv6 mesh networks [ 
]   Michael Richardson, Sandelman Software Works        | network architect  [ 
]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [