Re: [IPsec] New Version Notification for draft-guo-ipsecme-ikev2-using-shangmi-00.txt
Paul Wouters <paul@nohats.ca> Mon, 11 March 2024 00:29 UTC
Return-Path: <paul@nohats.ca>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CC51DC14F61D for <ipsec@ietfa.amsl.com>; Sun, 10 Mar 2024 17:29:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.405
X-Spam-Level:
X-Spam-Status: No, score=-4.405 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sWwAwl_ClHff for <ipsec@ietfa.amsl.com>; Sun, 10 Mar 2024 17:29:05 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [193.110.157.85]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 27D73C14F61B for <ipsec@ietf.org>; Sun, 10 Mar 2024 17:29:04 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 4TtHhG6c3Jz3Ns; Mon, 11 Mar 2024 01:29:02 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1710116942; bh=cPV6gWcI0ZitMXXDDEhjAKaLDnG6hxs+gwTZB52JIbo=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=So3uE5RCQupxcBTgvs+uubu5uWoL5mtPROSBNyETX/dn74aIyT6XC46mCq2iO/dRX aLRUotLNxUqnGCrFuhA6BoDlUa3gEgZtw8WNyEBVQ6lzueSQSPAPTmhw5OuzprMFJZ 5pkKvCLGmxtY/1NICt80Xt2OGhYyQ9A6+sJYjgPU=
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id Zi4o1gFPas8d; Mon, 11 Mar 2024 01:29:01 +0100 (CET)
Received: from bofh.nohats.ca (bofh.nohats.ca [193.110.157.194]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Mon, 11 Mar 2024 01:29:01 +0100 (CET)
Received: by bofh.nohats.ca (Postfix, from userid 1000) id 985931186564; Sun, 10 Mar 2024 20:29:00 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 94F871186563; Sun, 10 Mar 2024 20:29:00 -0400 (EDT)
Date: Sun, 10 Mar 2024 20:29:00 -0400
From: Paul Wouters <paul@nohats.ca>
To: "Xialiang(Frank, IP Security Standard)" <frank.xialiang=40huawei.com@dmarc.ietf.org>
cc: "ipsec@ietf.org" <ipsec@ietf.org>, guoyanfei <guoyanfei3@huawei.com>, Yu Fu <fuy186@chinaunicom.cn>
In-Reply-To: <a94d736ce8df4d649b1dab089128a593@huawei.com>
Message-ID: <23f6de95-0ddc-bd03-f762-9943a94009c9@nohats.ca>
References: <a94d736ce8df4d649b1dab089128a593@huawei.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/keJyyITMp20UfsXDs2FnKuZJhyQ>
Subject: Re: [IPsec] New Version Notification for draft-guo-ipsecme-ikev2-using-shangmi-00.txt
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Mar 2024 00:29:09 -0000
On Mon, 29 Jan 2024, Xialiang(Frank, IP Security Standard) wrote: > We have submitted this new draft “Using ShangMi in the Internet Key Exchange Protocol Version 2 (IKEv2)”, which defines a set of cryptographic transforms for using in the IKEv2 based on Chinese cryptographic standard algorithms (called "ShangMi" or “SM” algorithms). > The SM algorithms are mandatory in China, so this document provides a description of how to use the SM algorithms with IKEv2 and specifies a set of cryptographic transforms so that implementers can produce interworking implementations. Thanks for the document. I believe the best way forward for these would be via the ISE. In which case the Working Group and Intended Status would need to be updated. But if the document proceeds that way, please keep the IPsecME WG in the loop. All the registries involved are "Expert Review", so it can be registered regardless of where or how the specification is published. As for the draft itself, I have two questions. Is the CBC variant really neccessary? CBS is being made historic or deprecated for all other IETF uses (eg see TLS 1.3). Why introduce it now for IKEv2 and ESP in combination with ShangMi ? For the GCM variants, do you know if these can make use of the ghash hardware instructions? As in, would ENCR_SM4_GCM also benefit from CPU hardware instructions available? Regards, Paul > Your comments are warmly welcome! > > B.R. > Frank > > -----邮件原件----- > 发件人: internet-drafts@ietf.org <internet-drafts@ietf.org> > 发送时间: 2024年1月29日 14:09 > 收件人: Xialiang(Frank, IP Security Standard) <frank.xialiang@huawei.com>; guoyanfei <guoyanfei3@huawei.com>; Yu Fu <fuy186@chinaunicom.cn> > 主题: New Version Notification for draft-guo-ipsecme-ikev2-using-shangmi-00.txt > > A new version of Internet-Draft draft-guo-ipsecme-ikev2-using-shangmi-00.txt > has been successfully submitted by Liang Xia and posted to the IETF repository. > > Name: draft-guo-ipsecme-ikev2-using-shangmi > Revision: 00 > Title: Using ShangMi in the Internet Key Exchange Protocol Version 2 (IKEv2) > Date: 2024-01-29 > Group: Individual Submission > Pages: 14 > URL: https://www.ietf.org/archive/id/draft-guo-ipsecme-ikev2-using-shangmi-00.txt > Status: https://datatracker.ietf.org/doc/draft-guo-ipsecme-ikev2-using-shangmi/ > HTMLized: https://datatracker.ietf.org/doc/html/draft-guo-ipsecme-ikev2-using-shangmi > > > Abstract: > > This document defines a set of cryptographic transforms for using in > the Internet Key Exchange Protocol version 2 (IKEv2). The transforms > are based on Chinese cryptographic standard algorithms (called > "ShangMi" or “SM” algorithms). > > The use of these algorithms with IKEv2 is not endorsed by the IETF. > The SM algorithms are mandatory in China, so this document provides a > description of how to use the SM algorithms with IKEv2 and specifies > a set of cryptographic transforms so that implementers can produce > interworking implementations. > > > > The IETF Secretariat > > > _______________________________________________ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec
- Re: [IPsec] New Version Notification for draft-gu… Xialiang(Frank, IP Security Standard)
- Re: [IPsec] New Version Notification for draft-gu… Paul Wouters
- [IPsec] 答复: New Version Notification for draft-gu… Xialiang(Frank, IP Security Standard)