[Ipsec] Key length attribute (was: Important changes in draft-hoffman-rfc3664bis; please review)
Pasi.Eronen@nokia.com Thu, 13 October 2005 13:53 UTC
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EQ3WS-00057A-J2; Thu, 13 Oct 2005 09:53:28 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EQ3WR-00056u-FO for ipsec@megatron.ietf.org; Thu, 13 Oct 2005 09:53:27 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA18949 for <ipsec@ietf.org>; Thu, 13 Oct 2005 09:53:24 -0400 (EDT)
From: Pasi.Eronen@nokia.com
Received: from mgw-ext03.nokia.com ([131.228.20.95]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1EQ3gw-0004Cv-Uf for ipsec@ietf.org; Thu, 13 Oct 2005 10:04:20 -0400
Received: from esebh105.NOE.Nokia.com (esebh105.ntc.nokia.com [172.21.138.211]) by mgw-ext03.nokia.com (Switch-3.1.7/Switch-3.1.7) with ESMTP id j9DDpS2C032285; Thu, 13 Oct 2005 16:51:30 +0300
Received: from esebh102.NOE.Nokia.com ([172.21.138.183]) by esebh105.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.1830); Thu, 13 Oct 2005 16:53:20 +0300
Received: from esebe105.NOE.Nokia.com ([172.21.143.53]) by esebh102.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.1830); Thu, 13 Oct 2005 16:52:33 +0300
X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Thu, 13 Oct 2005 16:52:29 +0300
Message-ID: <B356D8F434D20B40A8CEDAEC305A1F24019A5FB6@esebe105.NOE.Nokia.com>
Thread-Topic: Key length attribute (was: Important changes in draft-hoffman-rfc3664bis; please review)
Thread-Index: AcXPM6AhCPvjH+BeRsa2kcOHaWXDUwAySiCw
To: kivinen@iki.fi
X-OriginalArrivalTime: 13 Oct 2005 13:52:33.0273 (UTC) FILETIME=[5C55CE90:01C5CFFD]
X-Spam-Score: 0.3 (/)
X-Scan-Signature: 00e94c813bef7832af255170dca19e36
Content-Transfer-Encoding: quoted-printable
Cc: ipsec@ietf.org
Subject: [Ipsec] Key length attribute (was: Important changes in draft-hoffman-rfc3664bis; please review)
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IP Security <ipsec.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
Sender: ipsec-bounces@ietf.org
Errors-To: ipsec-bounces@ietf.org
Tero Kivinen wrote: > Pasi.Eronen@nokia.com writes: > > The text should also say that for the purpose of algorithm > > negotiation, this PRF has a fixed key length. In other words, > > the "key length" attribute is not included in the SA payloads. > > I was about the send the same comment earlier, but noticed that the > Key Lenght attribute is defined to be used with Encryption algorithm, > not with PRFs, so there is not really specified way to tell what is > the PRF key lenght (i.e. the key length is taken from the actual > keying material fed to the PRF). Hmm... that's true. > > BTW, there's text in IKEv2 -17 that has this wrong. Section 3.3.5 > > says that > > > > "The only algorithms defined in this document that accept > > attributes are the AES based encryption, integrity, and > > pseudo-random functions, which require a single attribute > > specifying key width." > > > > Only ENCR_AES_CBC and ENCR_AES_CTR accept different key lengths; > > and since there's no specified default key length, the key length > > attribute MUST be included. > > > > But AUTH_AES_XCBC_96 [RFC3566] always uses 128-bit keys, and > > PRF_AES128_CBC always uses 128-bit AES internally (even > with 3664bis). > > That text in the IKEv2 has always confused me, is it so that for > example ENCR_CAST or ENCR_BLOWFISH cannot be used with any other key > length than the default, or is it so that key length is not needed if > it is default, but it can be given? > > The text says that only algorithms defined that accept attributes are > AES, so that would indicate BLOWFISH or CAST cannot use Key length > attribute. I think the original text should have said that only > algorithms that REQUIRE key lengths attributes are the AES based, > others can use it but it is not required. Yes, I think the intention was not to prohibit variable-length keys with e.g. Blowfish. Here's proposed text for the clarifications document: Section 3.3.5 says that "The only algorithms defined in this document that accept attributes are the AES based encryption, integrity, and pseudo-random functions, which require a single attribute specifying key width." This is incorrect. The AES-based integrity and pseudo-random functions defined in this document always use a 128-bit key. In fact, there are currently no integrity or PRF algorithms that use the key length attribute (and we recommend that they should not be defined in the future either). For encryption algorithms, the situation is slightly more complex since there are three different types of algorithms: o The key length attribute is never used with algorithms that use a fixed length key, such as DES, 3DES and IDEA. o The key length attribute is always included for the currently defined AES-based algorithms (CBC, CTR, CCM and GCM). Omitting the key length attribute is not allowed; if the proposal does not contain it, it has to be rejected. o For other algorithms, the key length attribute can be included but is not mandatory. These algorithms include, e.g., RC5, CAST and BLOWFISH. If the key length attribute is not included, the default value specified in [RFC2451] is used. Does this look right to you? Best regards, Pasi _______________________________________________ Ipsec mailing list Ipsec@ietf.org https://www1.ietf.org/mailman/listinfo/ipsec
- [Ipsec] Key length attribute (was: Important chan… Pasi.Eronen
- Re: [Ipsec] Key length attribute (was: Important … Dan McDonald
- Re: [Ipsec] Key length attribute (was: Important … Paul Hoffman
- [Ipsec] Key length attribute (was: Important chan… Tero Kivinen
- RE: [Ipsec] Key length attribute (was: Important … Pasi.Eronen
- RE: [Ipsec] Key length attribute (was: Important … Tero Kivinen