Re: [IPsec] Question about IKEv1 and ECDSA
"Dan Harkins" <dharkins@lounge.org> Wed, 28 November 2012 19:56 UTC
Return-Path: <dharkins@lounge.org>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 127E021F8593 for <ipsec@ietfa.amsl.com>; Wed, 28 Nov 2012 11:56:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.265
X-Spam-Level:
X-Spam-Status: No, score=-6.265 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OF7AkBgC5Yyn for <ipsec@ietfa.amsl.com>; Wed, 28 Nov 2012 11:56:48 -0800 (PST)
Received: from colo.trepanning.net (colo.trepanning.net [69.55.226.174]) by ietfa.amsl.com (Postfix) with ESMTP id 99AC821F8590 for <ipsec@ietf.org>; Wed, 28 Nov 2012 11:56:48 -0800 (PST)
Received: from www.trepanning.net (localhost [127.0.0.1]) by colo.trepanning.net (Postfix) with ESMTP id 93F031022400A; Wed, 28 Nov 2012 11:56:47 -0800 (PST)
Received: from 69.12.173.8 (SquirrelMail authenticated user dharkins@lounge.org) by www.trepanning.net with HTTP; Wed, 28 Nov 2012 11:56:48 -0800 (PST)
Message-ID: <1578f8a270e41136de93c6eb6ef78ddb.squirrel@www.trepanning.net>
In-Reply-To: <4613980CFC78314ABFD7F85CC3027721023F2E@IL-EX10.ad.checkpoint.com>
References: <4613980CFC78314ABFD7F85CC3027721023F2E@IL-EX10.ad.checkpoint.com>
Date: Wed, 28 Nov 2012 11:56:48 -0800
From: Dan Harkins <dharkins@lounge.org>
To: Yoav Nir <ynir@checkpoint.com>
User-Agent: SquirrelMail/1.4.14 [SVN]
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Cc: IPsecme WG <ipsec@ietf.org>
Subject: Re: [IPsec] Question about IKEv1 and ECDSA
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Nov 2012 19:56:49 -0000
Hello, On Wed, November 28, 2012 12:07 am, Yoav Nir wrote: > Hi > > I know we don't like IKEv1 questions, but RFC 4754 does mention it, so > here goes. And sorry if this has been discussed before. I couldn't find > it. What do you mean "we"? :-) > In IKEv1 the authentication method is negotiated as an SA parameter. So > presumably the Initiator proposes RSA signatures, ECDSA with the P-256 > curve, etc, and the Responder chooses one of them. This happens in packets > #1 and #2. > > Later the certificate to actually present (in packets #5 and #6) is chosen > based on a Certificate Request payload, and availability. This is > different from IKEv2, where authentication method is implied by the > certificates rather than negotiated. > > So two questions: > 1. Is it impossible to have one peer authenticate with RSA while the other > authenticates with ECDSA, or even to mix curves? Or am I missing > something? No, they both have to do ECDSA. The way that ECDSA was added to IKEv1-- make it bound to the curve-- was unfortunate. That means that you can't really mix curves either after agreeing to do ECDSA with one particular curve. It would have be much more useful to divorce the curve from the willingness to do ECDSA. But oh well. > 2. What if an IKE endpoint has >1 certificates, but the one best-suited > for the certificate request has a different type key than the one agreed > to in packet #2? Tough luck. You agreed to ECDSA with a particular curve and that's what you go with. > If I'm not missing something, it seems like IKEv1 is the wrong vehicle for > the gradual introduction of ECDSA. I'm not proposing to fix it, just > trying to understand. It should work in the general case but you have pointed out some conditions that make it somewhat suboptimal. I believe the ECDSA tiger team has properly addressed these issues for IKEv2. Please speak up if you disagree. regards, Dan.
- [IPsec] Question about IKEv1 and ECDSA Yoav Nir
- Re: [IPsec] Question about IKEv1 and ECDSA Paul Hoffman
- Re: [IPsec] Question about IKEv1 and ECDSA Dan Harkins