IETF Logo Mail Archive

Re: [IPsec] I-D Action: draft-fluhrer-qr-ikev2-02.txt

"Paul Hoffman" <paul.hoffman@vpnc.org> Tue, 09 August 2016 16:15 UTC

Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 122AA12D5D8 for <ipsec@ietfa.amsl.com>; Tue, 9 Aug 2016 09:15:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MhLnzl0efxwi for <ipsec@ietfa.amsl.com>; Tue, 9 Aug 2016 09:15:52 -0700 (PDT)
Received: from mail.proper.com (Opus1.Proper.COM [207.182.41.91]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AEFB312D0BE for <ipsec@ietf.org>; Tue, 9 Aug 2016 09:15:52 -0700 (PDT)
Received: from [10.32.60.61] (50-1-98-193.dsl.dynamic.fusionbroadband.com [50.1.98.193]) (authenticated bits=0) by mail.proper.com (8.15.2/8.14.9) with ESMTPSA id u79GFmZG009125 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 9 Aug 2016 09:15:48 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
X-Authentication-Warning: mail.proper.com: Host 50-1-98-193.dsl.dynamic.fusionbroadband.com [50.1.98.193] claimed to be [10.32.60.61]
From: Paul Hoffman <paul.hoffman@vpnc.org>
To: Scott Fluhrer <sfluhrer@cisco.com>
Date: Tue, 09 Aug 2016 09:15:47 -0700
Message-ID: <2EB225E0-2921-43E7-90A5-B1D8329E9D66@vpnc.org>
In-Reply-To: <496a3c96a34741e48f8ec4d9d2e2a031@XCH-RTP-006.cisco.com>
References: <20160805034543.15860.28796.idtracker@ietfa.amsl.com> <bd8018f8-f507-5721-5cba-976dd5a013fb@gmail.com> <04fc3cc06274464ca4b94746e50a67bc@XCH-RTP-006.cisco.com> <ac88df20-a086-6bbe-b90c-3d7bd27eb40c@gmail.com> <84F0EC1D-02BC-4892-9FC0-29B5E47A6D7F@vpnc.org> <22440.34261.193865.786849@fireball.acr.fi> <496a3c96a34741e48f8ec4d9d2e2a031@XCH-RTP-006.cisco.com>
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"
X-Mailer: MailMate (1.9.4r5234)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/ot0oO_7BmsRuVsijDAvkWkiHO9w>
Cc: "ipsec@ietf.org" <ipsec@ietf.org>
Subject: Re: [IPsec] I-D Action: draft-fluhrer-qr-ikev2-02.txt
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Aug 2016 16:15:54 -0000

On 9 Aug 2016, at 5:44, Scott Fluhrer (sfluhrer) wrote:

>> -----Original Message-----
>> From: Tero Kivinen [mailto:kivinen@iki.fi]
>> Sent: Monday, August 08, 2016 9:15 AM
>> To: Paul Hoffman
>> Cc: Yaron Sheffer; ipsec@ietf.org; Scott Fluhrer (sfluhrer)
>> Subject: Re: [IPsec] I-D Action: draft-fluhrer-qr-ikev2-02.txt
>>
>> Paul Hoffman writes:
>>> On 5 Aug 2016, at 8:23, Yaron Sheffer wrote:
>>>
>>>> The trick to that is to add a new column to the IANA table
>>>> https://www.iana.org/assignments/ikev2-parameters/ikev2-
>> parameters.x
>>>> html#ikev2-parameters-5
>>>
>>> That's the first of two tricks: the second is getting agreement 
>>> about
>>> the rules for the values in that column. It seems like there is 
>>> still
>>> disagreement in the crypto community about how susceptible different
>>> algorithms and modes are to quantum.
>>
>> As an IANA expert, I am not that happy adding yet another column to 
>> that
>> table. The ESP/IKEv2 reference columns already seem to make enough
>> confusion for people :-)
>
> On the other hand, we need to give people some guidance somehow...

Do we? Who is "we"? Why is "our" guidance any better than what they get 
from their own experts, particularly if "our" guidance gets ossified in 
an IANA registry or RFCs that are updated slowly?

>> Also I think it is bad idea to list which ciphers are quantum 
>> computing safe, as
>> I have no idea whether RC5 or Blowfish are really in that category, 
>> even
>> when they do have long keys...
>
> There's no known Quantum attack against either (assuming long keys), 
> and so they're in the same category as AES-256.

That would be better stated as "There's currently no known..."

>> It might be better to list ciphers which we consider not to be safe, 
>> i.e.,
>> explictly note that PRF_AES128_XCBC and PRF_AES128_CMAC are using 
>> 128-
>> bit keys so they might be vulnerable. (Btw it is PRF_AES128_CMAC, not
>> PRF_AES_CBC).
>
> That makes a lot of sense; ultimately, we don't really know which ones 
> are strong against Quantum Computers (then again, we really don't know 
> which ones are strong against conventional computers using 
> undiscovered attacks :-); we do know some are likely weak.

Exactly.

--Paul Hoffman

v2.23.0 | Report a Bug | By Email