Re: [IPsec] draft-ietf-ipsecme-implicit-iv-06 - key length is missing
"Valery Smyslov" <smyslov.ietf@gmail.com> Wed, 03 April 2019 07:10 UTC
Return-Path: <smyslov.ietf@gmail.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 24FCD120086 for <ipsec@ietfa.amsl.com>; Wed, 3 Apr 2019 00:10:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.498
X-Spam-Level:
X-Spam-Status: No, score=-0.498 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_SORBS_WEB=1.5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O8IAdLhDNQiQ for <ipsec@ietfa.amsl.com>; Wed, 3 Apr 2019 00:10:09 -0700 (PDT)
Received: from mail-wr1-x435.google.com (mail-wr1-x435.google.com [IPv6:2a00:1450:4864:20::435]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3802E120013 for <ipsec@ietf.org>; Wed, 3 Apr 2019 00:10:09 -0700 (PDT)
Received: by mail-wr1-x435.google.com with SMTP id y13so19823040wrd.3 for <ipsec@ietf.org>; Wed, 03 Apr 2019 00:10:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:references:in-reply-to:subject:date:message-id :mime-version:thread-index:content-language; bh=zCIhi5BdP6tvW1+BLRH6/E8EWHN3YpE3SrQRDil0en0=; b=hTtRGeeVwxfV+6rNwYrhqdLcfEik21oWaGrKoRmVxPETxe7F3uoyNGhTkAVXM5DPF5 LGI5iZQZcz8a7So0IAb5ISQPnJ7xfhxj7ClafNtRjSHEX0J2ebY6X6SUQQ4bz6K2Sftb A73DB51GQE2iEG9ru6h76R6DzOM5nNxQ5hTH9W86MmlwRO9uNQfdKiqq+OIfUlVGtjwo rOWcp4ze0uck7R1X4hB+hn0Roa0SVwSdfjJaRb2Ex8lbbU+5X10msGlq+Isi1w/UrOHM w3IxHjZuTpw4Q2w3vC3EfvOM2PmMpdQgTFTjSYSniG+UBskGyKyL+ut8p6z68d9qRHfV dMdA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:references:in-reply-to:subject:date :message-id:mime-version:thread-index:content-language; bh=zCIhi5BdP6tvW1+BLRH6/E8EWHN3YpE3SrQRDil0en0=; b=oEVAOiwpwue/qCpV6S7Q3S0tVREjb5vkO/1jMngcn/Y8kqEZfKuW3rW5E0eaIwwFHl IIPhNt0Bu8+tTWRokmDFPe2YSbVxi6k4BRESLdKp9v/+qrchvaAUKRTzudWUEZCJsqbz LQpGZsGNcaLuiTrMr2T9JQBiM22+YgKFGvL1YLPF0hPshDXgZlz1nAZTlFGnjqUXbVPU vfdb3KtsqG1HsmAyDRa/yQ7Jg2OLHb31OBsWqmeHfBU4+AZHZy+icSZMStzATnnFWGcE rcqtke0+KjOlpgzNiuQl7TESb+5bAmevoOMKwoHK9mqoGktNxfO9yaqeS6riDowDWkbw i/dQ==
X-Gm-Message-State: APjAAAXIr6xt6g3O5YcSgGONRyDvXp5j/FH7rju4eCZ6IB6YJn8REzam f3C5WfbFKpmegpYFQF1utIs=
X-Google-Smtp-Source: APXvYqz40n6e6wLuap+x0jxlxaqTN7I0Us2o6Exw7vho+vLTfIYLNtTioho5YFf0jb68vXlIOxyy2w==
X-Received: by 2002:a5d:54c4:: with SMTP id x4mr46521439wrv.296.1554275407630; Wed, 03 Apr 2019 00:10:07 -0700 (PDT)
Received: from buildpc ([82.138.51.4]) by smtp.gmail.com with ESMTPSA id c10sm19336539wru.83.2019.04.03.00.10.06 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 03 Apr 2019 00:10:06 -0700 (PDT)
From: Valery Smyslov <smyslov.ietf@gmail.com>
To: 'Daniel Migault' <daniel.migault@ericsson.com>, 'Paul Wouters' <paul@nohats.ca>
Cc: 'IPsecME WG' <ipsec@ietf.org>
References: <010501d4e961$ddae8a90$990b9fb0$@gmail.com> <alpine.LRH.2.21.1904021250150.14241@bofh.nohats.ca> <CADZyTknc_aDoNqrXE2vt1k6sA-rW+yx4uk2QpcS8kF3MMEq5pg@mail.gmail.com> <018301d4e9e3$31b831f0$952895d0$@gmail.com>
In-Reply-To: <018301d4e9e3$31b831f0$952895d0$@gmail.com>
Date: Wed, 03 Apr 2019 10:10:06 +0300
Message-ID: <01c001d4e9ec$44f900b0$ceeb0210$@gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_01C1_01D4EA05.6A4DD9D0"
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQH2Bk3AMgto0NN/T2TCjcWtr4PQxgGM/hO3Aj4WHpsCnMvTzKW0iiIg
Content-Language: ru
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/fidvsfTFTa-u--cpl5EapV4Xq8k>
Subject: Re: [IPsec] draft-ietf-ipsecme-implicit-iv-06 - key length is missing
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Apr 2019 07:10:12 -0000
In any case I’d like to see an explicit text in the draft saying that this document only redefines how IV is generated and (non) transmitted, all the other aspects of applying these transforms are defined in the relevant RFCs: ENCR_AES_CCM_8_IIV – from RFC 4309 (for ENCR_AES_GCM_8) ENCR_AES_GCM_16_IIV – from RFC 4106 (for ENCR_AES_GCM_16) ENCR_CHACHA20_POLY1305_IIV – from RFC 7634 This is probably obvious, but I prefer to explicitly state this, since it’s a technical document and it should not leave a space for ambiguity. Regards, Valery. From: Valery Smyslov [mailto:smyslov.ietf@gmail.com] Sent: Wednesday, April 03, 2019 9:05 AM To: 'Daniel Migault'; 'Paul Wouters' Cc: 'IPsecME WG' Subject: RE: [IPsec] draft-ietf-ipsecme-implicit-iv-06 - key length is missing Hi Daniel, I understand that the draft is only focused on the IV, but since it defines new transforms, it formally must address key length issue for AES. You can either copy-paste text from RFC 4106 (or 4309), or add text referencing Section 8.4 of RFC 4106 for GCM and Section 7.4 of RFC 4309 for CCM. Or alternatively, as I already suggested, you can define default key length and make Key Length attribute optional – it will allow to save a couple of bytes for most common cases. In any cases, I prefer not to put this into Introduction, but instead add a new section, as it is done in all other transform-defining RFCs. Regards, Valery. From: Daniel Migault [mailto:daniel.migault@ericsson.com] Sent: Tuesday, April 02, 2019 9:41 PM To: Paul Wouters Cc: Valery Smyslov; IPsecME WG Subject: Re: [IPsec] draft-ietf-ipsecme-implicit-iv-06 - key length is missing Hi, Thanks Valery for your comment. My reading of the draft is that it only focuses on the generation of the nonce and leave the remaining to 4306 [1]. The use of a code points different from 4306 is to indicate the implicit IV - as opposed to a new transform. In this case, the negotiation of the key length is left to 4306. I am inclined to think this is not necessary to discuss the key length attribute in this draft, but I would like to see what the other think. That said, if people strongly think that should be added, I would add the text from 4306 mentioned below[2]. Yours, Daniel [1] The text of the implicit draft: <https://tools.ietf.org/html/draft-ietf-ipsecme-implicit-iv-06#section-2> 2. Introduction Counter-based AES modes of operation such as AES-CTR ([RFC3686 <https://tools.ietf.org/html/rfc3686> ]), AES-CCM ([RFC4309 <https://tools.ietf.org/html/rfc4309> ]), and AES-GCM ([RFC4106 <https://tools.ietf.org/html/rfc4106> ]) require the specification of an nonce for each ESP packet. The same applies for ChaCha20-Poly1305 ([RFC7634 <https://tools.ietf.org/html/rfc7634> ]). Currently this nonce is sent in each ESP packet ([RFC4303 <https://tools.ietf.org/html/rfc4303> ]). This practice is designated in this document as "explicit nonce". [...] This document defines how to compute the nonce locally when it is implicit. It also specifies how peers agree with the Internet Key Exchange version 2 (IKEv2 - [RFC7296 <https://tools.ietf.org/html/rfc7296> ]) on using an implicit IV versus an explicit IV. [2] the text on key length of RFC 4306. <https://tools.ietf.org/html/rfc4106#section-8.4> 8.4. Key Length Attribute Because the AES supports three key lengths, the Key Length attribute MUST be specified in the IKE Phase 2 exchange [RFC2407 <https://tools.ietf.org/html/rfc2407> ]. The Key Length attribute MUST have a value of 128, 192, or 256. On Tue, Apr 2, 2019 at 12:52 PM Paul Wouters <paul@nohats.ca> wrote: On Tue, 2 Apr 2019, Valery Smyslov wrote: > and define a default key length for the case when it is absent (e.g. 256 bits). Do not do this. There are broken implementations and interop issues on this already by broken clients who don't send or omit to send KEY_LENGTH (old versions of us included). > It'll allow us to save few bytes by omitting attribute for most common cases. Not worth it. Paul _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
- [IPsec] draft-ietf-ipsecme-implicit-iv-06 - key l… Valery Smyslov
- Re: [IPsec] draft-ietf-ipsecme-implicit-iv-06 - k… Paul Wouters
- Re: [IPsec] draft-ietf-ipsecme-implicit-iv-06 - k… Daniel Migault
- Re: [IPsec] draft-ietf-ipsecme-implicit-iv-06 - k… Valery Smyslov
- Re: [IPsec] draft-ietf-ipsecme-implicit-iv-06 - k… Valery Smyslov
- Re: [IPsec] draft-ietf-ipsecme-implicit-iv-06 - k… Tobias Guggemos
- Re: [IPsec] draft-ietf-ipsecme-implicit-iv-06 - k… Valery Smyslov
- Re: [IPsec] draft-ietf-ipsecme-implicit-iv-06 - k… Valery Smyslov
- Re: [IPsec] draft-ietf-ipsecme-implicit-iv-06 - k… Tobias Guggemos
- Re: [IPsec] draft-ietf-ipsecme-implicit-iv-06 - k… Daniel Migault
- Re: [IPsec] draft-ietf-ipsecme-implicit-iv-06 - k… Valery Smyslov
- Re: [IPsec] draft-ietf-ipsecme-implicit-iv-06 - k… Daniel Migault
- Re: [IPsec] draft-ietf-ipsecme-implicit-iv-06 - k… Valery Smyslov
- Re: [IPsec] draft-ietf-ipsecme-implicit-iv-06 - k… Daniel Migault
- Re: [IPsec] draft-ietf-ipsecme-implicit-iv-06 - k… Valery Smyslov
- Re: [IPsec] draft-ietf-ipsecme-implicit-iv-06 - k… Tero Kivinen
- Re: [IPsec] draft-ietf-ipsecme-implicit-iv-06 - k… Daniel Migault