IETF Logo Mail Archive

[Ipsec] Key length attribute (was: Important changes in draft-hoffman-rfc3664bis; please review)

Pasi.Eronen@nokia.com Thu, 13 October 2005 13:53 UTC

Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EQ3WS-00057A-J2; Thu, 13 Oct 2005 09:53:28 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EQ3WR-00056u-FO for ipsec@megatron.ietf.org; Thu, 13 Oct 2005 09:53:27 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA18949 for <ipsec@ietf.org>; Thu, 13 Oct 2005 09:53:24 -0400 (EDT)
From: Pasi.Eronen@nokia.com
Received: from mgw-ext03.nokia.com ([131.228.20.95]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1EQ3gw-0004Cv-Uf for ipsec@ietf.org; Thu, 13 Oct 2005 10:04:20 -0400
Received: from esebh105.NOE.Nokia.com (esebh105.ntc.nokia.com [172.21.138.211]) by mgw-ext03.nokia.com (Switch-3.1.7/Switch-3.1.7) with ESMTP id j9DDpS2C032285; Thu, 13 Oct 2005 16:51:30 +0300
Received: from esebh102.NOE.Nokia.com ([172.21.138.183]) by esebh105.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.1830); Thu, 13 Oct 2005 16:53:20 +0300
Received: from esebe105.NOE.Nokia.com ([172.21.143.53]) by esebh102.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.1830); Thu, 13 Oct 2005 16:52:33 +0300
X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Thu, 13 Oct 2005 16:52:29 +0300
Message-ID: <B356D8F434D20B40A8CEDAEC305A1F24019A5FB6@esebe105.NOE.Nokia.com>
Thread-Topic: Key length attribute (was: Important changes in draft-hoffman-rfc3664bis; please review)
Thread-Index: AcXPM6AhCPvjH+BeRsa2kcOHaWXDUwAySiCw
To: kivinen@iki.fi
X-OriginalArrivalTime: 13 Oct 2005 13:52:33.0273 (UTC) FILETIME=[5C55CE90:01C5CFFD]
X-Spam-Score: 0.3 (/)
X-Scan-Signature: 00e94c813bef7832af255170dca19e36
Content-Transfer-Encoding: quoted-printable
Cc: ipsec@ietf.org
Subject: [Ipsec] Key length attribute (was: Important changes in draft-hoffman-rfc3664bis; please review)
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IP Security <ipsec.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
Sender: ipsec-bounces@ietf.org
Errors-To: ipsec-bounces@ietf.org

Tero Kivinen wrote:
> Pasi.Eronen@nokia.com writes:
> > The text should also say that for the purpose of algorithm
> > negotiation, this PRF has a fixed key length.  In other words,
> > the "key length" attribute is not included in the SA payloads.
> 
> I was about the send the same comment earlier, but noticed that the
> Key Lenght attribute is defined to be used with Encryption algorithm,
> not with PRFs, so there is not really specified way to tell what is
> the PRF key lenght (i.e. the key length is taken from the actual
> keying material fed to the PRF). 

Hmm... that's true.
 
> > BTW, there's text in IKEv2 -17 that has this wrong. Section 3.3.5
> > says that
> > 
> >    "The only algorithms defined in this document that accept
> >    attributes are the AES based encryption, integrity, and
> >    pseudo-random functions, which require a single attribute
> >    specifying key width."
> > 
> > Only ENCR_AES_CBC and ENCR_AES_CTR accept different key lengths; 
> > and since there's no specified default key length, the key length
> > attribute MUST be included.
> > 
> > But AUTH_AES_XCBC_96 [RFC3566] always uses 128-bit keys, and
> > PRF_AES128_CBC always uses 128-bit AES internally (even 
> with 3664bis).
> 
> That text in the IKEv2 has always confused me, is it so that for
> example ENCR_CAST or ENCR_BLOWFISH cannot be used with any other key
> length than the default, or is it so that key length is not needed if
> it is default, but it can be given?
> 
> The text says that only algorithms defined that accept attributes are
> AES, so that would indicate BLOWFISH or CAST cannot use Key length
> attribute. I think the original text should have said that only
> algorithms that REQUIRE key lengths attributes are the AES based,
> others can use it but it is not required.

Yes, I think the intention was not to prohibit variable-length
keys with e.g. Blowfish. Here's proposed text for the clarifications
document:

   Section 3.3.5 says that "The only algorithms defined in this
   document that accept attributes are the AES based encryption,
   integrity, and pseudo-random functions, which require a single
   attribute specifying key width."

   This is incorrect. The AES-based integrity and pseudo-random
   functions defined in this document always use a 128-bit key.  In
   fact, there are currently no integrity or PRF algorithms that use
   the key length attribute (and we recommend that they should not
   be defined in the future either).

   For encryption algorithms, the situation is slightly more complex
   since there are three different types of algorithms:

   o  The key length attribute is never used with algorithms that 
      use a fixed length key, such as DES, 3DES and IDEA.
 
   o  The key length attribute is always included for the currently
      defined AES-based algorithms (CBC, CTR, CCM and GCM).  Omitting
      the key length attribute is not allowed; if the proposal does
      not contain it, it has to be rejected.

   o  For other algorithms, the key length attribute can be included
      but is not mandatory. These algorithms include, e.g., RC5, CAST
      and BLOWFISH.  If the key length attribute is not included, the 
      default value specified in [RFC2451] is used.

Does this look right to you?

Best regards,
Pasi

_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec

v2.23.0 | Report a Bug | By Email