Re: [IPsec] NUDGE: WG Last Call for draft-ietf-ipsecme-dh-checks

Dan Brown <dbrown@certicom.com> Tue, 09 April 2013 17:09 UTC

Return-Path: <prvs=6811d4ab8c=dbrown@certicom.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C891B21F91BC for <ipsec@ietfa.amsl.com>; Tue, 9 Apr 2013 10:09:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.203
X-Spam-Level:
X-Spam-Status: No, score=-5.203 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, MIME_QP_LONG_LINE=1.396, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rUouk61d+8eA for <ipsec@ietfa.amsl.com>; Tue, 9 Apr 2013 10:09:20 -0700 (PDT)
Received: from mhs061cnc.rim.net (mhs061cnc.rim.net [208.65.73.35]) by ietfa.amsl.com (Postfix) with ESMTP id 051B621F9156 for <ipsec@ietf.org>; Tue, 9 Apr 2013 10:09:19 -0700 (PDT)
X-AuditID: 0a412830-b7f2f6d000007c2a-d3-51644b37765b
Received: from XCT107CNC.rim.net (xct107cnc.rim.net [10.65.161.207]) (using TLS with cipher AES128-SHA (128/128 bits)) (Client did not present a certificate) by mhs061cnc.rim.net (SBG) with SMTP id 8C.C0.31786.73B44615; Tue, 9 Apr 2013 12:09:11 -0500 (CDT)
Received: from XMB111CNC.rim.net ([fe80::fcd6:cc6c:9e0b:25bc]) by XCT107CNC.rim.net ([fe80::b815:71ef:9f8f:e07c%16]) with mapi id 14.02.0328.009; Tue, 9 Apr 2013 13:09:11 -0400
From: Dan Brown <dbrown@certicom.com>
To: 'Michael Richardson' <mcr+ietf@sandelman.ca>
Thread-Topic: [IPsec] NUDGE: WG Last Call for draft-ietf-ipsecme-dh-checks
Thread-Index: AQHONKJ+NLt7HaOtnk2NvnDv7KiS3JjNdr0AgAAV3ACAAJjvAP//xcCggABM7gD//+NOQA==
Date: Tue, 9 Apr 2013 17:09:10 +0000
Message-ID: <810C31990B57ED40B2062BA10D43FBF513E46D@XMB111CNC.rim.net>
References: <9F821C79-A855-4060-A356-ED8E5C50048B@vpnc.org> <5697.1365476466@sandelman.ca> <A113ACFD9DF8B04F96395BDEACB3404209060652@xmb-rcd-x04.cisco.com> <17925.1365514002@sandelman.ca> <810C31990B57ED40B2062BA10D43FBF513E325@XMB111CNC.rim.net> <29765.1365518014@sandelman.ca>
In-Reply-To: <29765.1365518014@sandelman.ca>
Accept-Language: en-CA, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.65.160.252]
Content-Type: text/plain; charset="us-ascii"
content-transfer-encoding: quoted-printable
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrNKsWRmVeSWpSXmKPExsXC5bjwvK65d0qgQcN+I4v9W16wWfQc6me3 mNri58DsMeX3RlaPJUt+Mnm0zNnDHMAc1cBok5RYUhacmZ6nb2eTmJeXX5JYkqqQklqcbKvk k5qemKMQUJRZlphcqeCSWZyck5iZm1qkpJCZYqtkoqRQkJOYnJqbmldiq5RYUJCal6Jkx6WA AWyAyjLzFFLzkvNTMvPSbZU8g/11LSxMLXUNlex0Ezp5MnYevchWsJy7oq3lNWMD432OLkZO DgkBE4lTUz4wQ9hiEhfurWfrYuTiEBJoZ5L4tH0nI4SzhVFi845bbCBVbAKqEvePngPrEBEw kPg36x0jiM0sECRxqH87mC0s4CkxaVIHG0SNl0T3kS+MEHaYxOEZK9lBbBYBFYnJk2+xdDFy cPAKuEmcXVcOsWsBk8SzXevB5nMK6Eg8nnOEFcRmFJCV2H32OhPELnGJW0/mM0FcLSCxZM95 qA9EJV4+/scKYStKPLuzlB2iXkdiwe5PbBC2tsSyha/B6nkFBCVOznzCMoFRbBaSsbOQtMxC 0jILScsCRpZVjIK5GcUGZobJecl6RZm5enmpJZsYwalDw2AH4/v3FocYBTgYlXh4LW1TAoVY E8uKK3MPMUpwMCuJ8CpZAoV4UxIrq1KL8uOLSnNSiw8xugJDZSKzFHdyPjCt5ZXEGxsY4OYo ifP+Fo4OFBJIB6al7NTUgtQimDlMHJwge7ikRIqBySW1KLG0JCMelALji4FJUKqBcXWX6IMr fl8Zec/38DDzveVeLvTVmungobNXmnfeWiToqf0gV+h9UY543oPznPJ/zxnUqcb83XSk58HN aJ9zNlXfzas7F2q8f7Ep8qJdy125t3wlzY5zj07yu7/X7ZilhlvuVRl75hlVKsdtP7WrCBvN O2mXfMZzxfWFfsXrfy2Ze/CQl71qqxJLcUaioRZzUXEiAAswmsReAwAA
Cc: IPsecme WG <ipsec@ietf.org>, "Scott Fluhrer \(sfluhrer\)" <sfluhrer@cisco.com>
Subject: Re: [IPsec] NUDGE: WG Last Call for draft-ietf-ipsecme-dh-checks
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Apr 2013 17:09:21 -0000

> -----Original Message-----
> From: ipsec-bounces@ietf.org [mailto:ipsec-bounces@ietf.org] On Behalf
> Of Michael Richardson
> Sent: Tuesday, April 09, 2013 10:34 AM
> 
>     Dan> [DB] The concern is that receiver wants to protect her own
>     Dan> reused private key from an invalid public key from a malicious
>     Dan> peer.  To do this, the receiver checks the received value to
>     Dan> make sure it is valid and safe to combine with her reused
>     Dan> private key.  Another option for the receiver is not reusing
>     Dan> the private key at all.
> 
> okay, that wasn't clear to me at all.
> 
> When you say "private key", we are talking about the y, not the g^y.

[DB] Yes (and I'm sorry if I did not use the IPSec terminology, (is it "secret value"?))

> 
> I guess I recall that there are some implementations which calculate
> their g^x/g^y, and cache that for many DH operations.

[DB] The implementation would also cache its secret value x (or y).

> 
> Is the the point here is that this is safe if we do these tests.
> 
[DB]  Yes, that is the point.  

I gather the document's motivation was unclear to you.  Were the document's specified actions also unclear to you?

Could you suggest a specific clarification to the document that would correct what made it unclear to you?  

The document reads clearly to me, but its topic is already quite familiar to me.


---------------------------------------------------------------------
This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful.