IETF Logo Mail Archive

[IPsec] draft-ietf-ipsecme-implicit-iv-06 - key length is missing

"Valery Smyslov" <smyslov.ietf@gmail.com> Tue, 02 April 2019 14:39 UTC

Return-Path: <smyslov.ietf@gmail.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 22FE5120134 for <ipsec@ietfa.amsl.com>; Tue, 2 Apr 2019 07:39:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.5
X-Spam-Level:
X-Spam-Status: No, score=-0.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_SORBS_WEB=1.5, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5LFipSQe9-HV for <ipsec@ietfa.amsl.com>; Tue, 2 Apr 2019 07:39:26 -0700 (PDT)
Received: from mail-wm1-x333.google.com (mail-wm1-x333.google.com [IPv6:2a00:1450:4864:20::333]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F31DB120133 for <ipsec@ietf.org>; Tue, 2 Apr 2019 07:39:25 -0700 (PDT)
Received: by mail-wm1-x333.google.com with SMTP id y197so4064779wmd.0 for <ipsec@ietf.org>; Tue, 02 Apr 2019 07:39:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id:mime-version :content-transfer-encoding:thread-index:content-language; bh=sAjolM8wJsWkSI8qK+MzmRQnF91RDn/tuqWk51j08AA=; b=lDSRk2pnh8zW7875a630wlC18PV7Cfhu6xjBgpDFZl4vlg8Vx/CzKJzXj7NrwpSMQ1 niQxUFC+QyR7rLLHeWYJSE+lRrzN7IKNB0/HdfLR+LO2F23NdwrUSeoRHEWDPRpqRMSo Dtb9V/wzGHDbSEaHUsG896DgqxY2Bg+eewVxN7oX95GkkoxCBUy3L/yuGdv8dIh5NE/c csRGE65LQ6PXsNk4lQlv34tUdpFvjJU516JkiVrn5RS+5CpyoUxuoZ7Oa1ATu6JMHpzT 40waZ1NyEDTeVS4IaJ0Ur1CxUSZRakQeF6y7WN7kUaCQyWWZDACfZmJU5X87iP4t5Kpt yVqg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:mime-version :content-transfer-encoding:thread-index:content-language; bh=sAjolM8wJsWkSI8qK+MzmRQnF91RDn/tuqWk51j08AA=; b=m4ioj9+FJiICj+QJYQK4c5hEYJnzNUpNgVC0cBi/3dhpbQMtJ71cvixCZm9SjSJeAD 9ImwtUg2SoO4a+ABicyx4raEvYNxlD1CrY3wbmzJnZktsiN7TUVnS/uMvHxa1sckFnVc 60H75zRF45uFdrOi6NIuOnlq+jorKq0sd73gKF1QUSA0TSnUwAC2zNFMrVYoJGscZkNU h87jenAguvJHC3V1GLbSRhefZeHFsnbCy/E353ppkVYFo0BqY56bgqD8gYxL4xGRk3kq wnOOThOII72E4ub19ozDJBz0bRCUZJHrmBzKnT1X1c2qmeaQVf6ENnc9kOwt0WqjDhvv Rmzg==
X-Gm-Message-State: APjAAAVUR4FuX6z+Yif+Bdzf0pgLl1r1qfgRr4zkz6N75EJn+rZK6nz9 EMin5XftqOB6g50Y0qE7/zBPfPYs
X-Google-Smtp-Source: APXvYqwERwEukzBZqSIEAbmRBbYV4bQoyotiioxGKhypj2B2Fs4aMtiRkfgBEXt9y+VdOrwUcqCp9w==
X-Received: by 2002:a1c:5459:: with SMTP id p25mr3808663wmi.20.1554215963979; Tue, 02 Apr 2019 07:39:23 -0700 (PDT)
Received: from buildpc ([82.138.51.4]) by smtp.gmail.com with ESMTPSA id j11sm15769099wrw.85.2019.04.02.07.39.22 for <ipsec@ietf.org> (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 02 Apr 2019 07:39:23 -0700 (PDT)
From: Valery Smyslov <smyslov.ietf@gmail.com>
To: IPsecME WG <ipsec@ietf.org>
Date: Tue, 02 Apr 2019 17:39:22 +0300
Message-ID: <010501d4e961$ddae8a90$990b9fb0$@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AdTpX/sIuOL4i/bEQI6NWoh1phmLjA==
Content-Language: ru
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/oxeav_kcOodO5Za7Qcx854-96pU>
Subject: [IPsec] draft-ietf-ipsecme-implicit-iv-06 - key length is missing
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Apr 2019 14:39:28 -0000

Hi,

It's a bit late, since WGLC for the draft is already over, but hope it's not too late.

While re-reading of the draft I realized, that it's completely silent on the necessity 
of Key Length attribute in newly defined transforms. AES accepts keys
of different sizes, so there must be a way to negotiate key length 
(by including key length attribute). Currently the draft completely ignores
this issue, that may lead to interoperability problems. 

I suggest either to copy-paste relevant text from any other AES-transform related 
RFC (e.g. 4106 or 5282), or make it a bit smarter: make a key length attribute optional
and define a default key length for the case when it is absent (e.g. 256 bits).
It'll allow us to save few bytes by omitting attribute for most common cases.

Either way, something should be added to the draft to remove current ambiguity
(this issue seems to not be concerned with Chacha20, which is defined with 256 bit key only).

Regards,
Valery.

v2.23.0 | Report a Bug | By Email