Re: [IPsec] IKEv2 Diffie-Hellman Elliptic curve mess (RFC4753, RFC5114, RFC4869, and draft-solinas-rfc4753bis-01)
"Dan Harkins" <dharkins@lounge.org> Mon, 21 December 2009 18:42 UTC
Return-Path: <dharkins@lounge.org>
X-Original-To: ipsec@core3.amsl.com
Delivered-To: ipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9DB583A6A9E for <ipsec@core3.amsl.com>; Mon, 21 Dec 2009 10:42:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.265
X-Spam-Level:
X-Spam-Status: No, score=-6.265 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SsR9Zbg8KwWN for <ipsec@core3.amsl.com>; Mon, 21 Dec 2009 10:42:49 -0800 (PST)
Received: from colo.trepanning.net (colo.trepanning.net [69.55.226.174]) by core3.amsl.com (Postfix) with ESMTP id 30C2F3A6A8E for <ipsec@ietf.org>; Mon, 21 Dec 2009 10:42:21 -0800 (PST)
Received: from www.trepanning.net (localhost [127.0.0.1]) by colo.trepanning.net (Postfix) with ESMTP id 1971D1022407E; Mon, 21 Dec 2009 10:42:05 -0800 (PST)
Received: from 69.12.173.8 (SquirrelMail authenticated user dharkins@lounge.org) by www.trepanning.net with HTTP; Mon, 21 Dec 2009 10:42:05 -0800 (PST)
Message-ID: <b2fd1e8da531f20cf71e4e014786ce52.squirrel@www.trepanning.net>
In-Reply-To: <19247.25734.318539.699760@fireball.kivinen.iki.fi>
References: <19243.32427.247190.77844@fireball.kivinen.iki.fi> <OF1FD3CDFB.F4E96F12-ON85257690.004924DB-85257690.004AD52E@us.ibm.com> <72a888732545c5066f493228c416d286.squirrel@www.trepanning.net> <19247.25734.318539.699760@fireball.kivinen.iki.fi>
Date: Mon, 21 Dec 2009 10:42:05 -0800
From: Dan Harkins <dharkins@lounge.org>
To: Tero Kivinen <kivinen@iki.fi>
User-Agent: SquirrelMail/1.4.14 [SVN]
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Cc: ipsec@ietf.org, Dan Harkins <dharkins@lounge.org>
Subject: Re: [IPsec] IKEv2 Diffie-Hellman Elliptic curve mess (RFC4753, RFC5114, RFC4869, and draft-solinas-rfc4753bis-01)
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Dec 2009 18:42:50 -0000
No, you won't get "no proposal chosen" or "invalid KE" payload. What you'll get, if you "guess" wrong, is garbage IKEv2 messages because a different representation of the shared secret will be fed into the prf that generates the keying material. That will not be diagnosable. Things just won't work and the customer will get really mad. And if developers aren't reading errata (as you claim) then I seriously doubt that field engineers and support do either. So we're looking at an RMA of a perfectly good piece of equipment. Your suggested fix does not actually fix the existing problem, it just makes an unambiguous way to negotiate these groups using different numbers. The same ambiguity will still exist for 19, 20, and 21. I think it would be better to fix the problem. You mentioned to Yoav that EC groups are not used that much currently. So this is an opportune time to fix the problem! Dan. On Mon, December 21, 2009 4:05 am, Tero Kivinen wrote: > Dan Harkins writes: >> The solution of allocating new numbers still doesn't really solve the >> problem because if you receive an KE payload from group 19, 20, or 21 >> "you can make your guess whether they also implemented errata or not, >> and act based on that" and that sounds like a recipe for future >> non-interoperability. > > As I just noticed we do support RFC4753 without errata in our previous > versions we need to do something on this. What my current plan would > be to make patch that will change implementations to support errata, > and also change the group numbers to new. This means you get no > proposal support or invalid ke payload notification if you try to talk > to old versions supporting groups 19-21. If the policy allows any of > the modp groups then invalid ke payload error cause both ends to move > to modp groups which means implementations can talk to each other, and > if policy only allows those new groups then you get no proposal chosen > and then you need to modify policy to support some common groups. > >> The IANA registry for these groups is used by more than just IKE(v2) >> and it would be nice if it was coherent and did not make assumption like >> that. > > ikev2-parameters IANA registry should not be used for anything else > than IKEv2. > -- > kivinen@iki.fi > _______________________________________________ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec >
- Re: [IPsec] IKEv2 Diffie-Hellman Elliptic curve m… Yaron Sheffer
- [IPsec] IKEv2 Diffie-Hellman Elliptic curve mess … Tero Kivinen
- Re: [IPsec] IKEv2 Diffie-Hellman Elliptic curve m… Scott C Moonen
- Re: [IPsec] IKEv2 Diffie-Hellman Elliptic curve m… Paul Hoffman
- Re: [IPsec] IKEv2 Diffie-Hellman Elliptic curve m… Dan Harkins
- Re: [IPsec] IKEv2 Diffie-Hellman Elliptic curve m… Yoav Nir
- Re: [IPsec] IKEv2 Diffie-Hellman Elliptic curve m… Tero Kivinen
- Re: [IPsec] IKEv2 Diffie-Hellman Elliptic curve m… Tero Kivinen
- Re: [IPsec] IKEv2 Diffie-Hellman Elliptic curve m… Tero Kivinen
- Re: [IPsec] IKEv2 Diffie-Hellman Elliptic curve m… Yaron Sheffer
- Re: [IPsec] IKEv2 Diffie-Hellman Elliptic curve m… Dan Harkins
- Re: [IPsec] IKEv2 Diffie-Hellman Elliptic curve m… Dan Harkins
- Re: [IPsec] IKEv2 Diffie-Hellman Elliptic curve m… Black_David
- Re: [IPsec] IKEv2 Diffie-Hellman Elliptic curve m… Bill Sommerfeld
- Re: [IPsec] IKEv2 Diffie-Hellman Elliptic curve m… Dan Harkins
- Re: [IPsec] IKEv2 Diffie-Hellman Elliptic curve m… Black_David
- Re: [IPsec] IKEv2 Diffie-Hellman Elliptic curve m… Dan Harkins
- Re: [IPsec] IKEv2 Diffie-Hellman Elliptic curve m… Yoav Nir
- Re: [IPsec] IKEv2 Diffie-Hellman Elliptic curve m… Tero Kivinen
- Re: [IPsec] IKEv2 Diffie-Hellman Elliptic curve m… Tero Kivinen
- Re: [IPsec] IKEv2 Diffie-Hellman Elliptic curve m… Tero Kivinen
- Re: [IPsec] IKEv2 Diffie-Hellman Elliptic curve m… Jerome A. Solinas
- Re: [IPsec] IKEv2 Diffie-Hellman Elliptic curve m… Dan Harkins
- Re: [IPsec] IKEv2 Diffie-Hellman Elliptic curve m… Tero Kivinen
- Re: [IPsec] IKEv2 Diffie-Hellman Elliptic curve m… Jerome A. Solinas