IETF Logo Mail Archive

Re: [IPsec] New Version Notification for draft-tjhai-ipsecme-hybrid-qske-ikev2-03.txt

"Valery Smyslov" <smyslov.ietf@gmail.com> Fri, 15 February 2019 12:14 UTC

Return-Path: <smyslov.ietf@gmail.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 085B3130DC9; Fri, 15 Feb 2019 04:14:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.499
X-Spam-Level:
X-Spam-Status: No, score=-0.499 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_SORBS_WEB=1.5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jBt8Qfv6Gyq5; Fri, 15 Feb 2019 04:14:18 -0800 (PST)
Received: from mail-lf1-x132.google.com (mail-lf1-x132.google.com [IPv6:2a00:1450:4864:20::132]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C5DB4124408; Fri, 15 Feb 2019 04:14:17 -0800 (PST)
Received: by mail-lf1-x132.google.com with SMTP id q11so7019738lfd.3; Fri, 15 Feb 2019 04:14:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:references:in-reply-to:subject:date:message-id :mime-version:content-transfer-encoding:thread-index :content-language; bh=k7CofPUc9UzvayeJXOAVpxIqxcmeTSI6w5Y5H3m7B5M=; b=rsQaNyEl6FpdTC1lu9vtHBbm1GNIkcGgbkM/QnT6xyUvbMSlu1urtTv7ZjOHodhWQK jmhvHfHowQpPxNh5eDl4MrU8nETDrN84IVEbbCneFBpTKEFRFjEORRVzmispERkCSJeW CL6ak2Ya9DVE/8hYdQFP66LN9AvEyqI/yVtLOXQoM1pfw0rFY5d8NK5AfDCh099eAvR7 qfMPRzLvFEU2XV/39Nm/YTPeaqvM6ZEwva2MTBLhJzmcLBXxHXGQ7AxejBt2Hp/4uUww hHOvAYZlBgpZ8xWEOAO0JOPEybcmBiVH3PiXFUpgnDTKHVYb7+SJ3IQol8CYaDuk5Sdr A6zg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:references:in-reply-to:subject:date :message-id:mime-version:content-transfer-encoding:thread-index :content-language; bh=k7CofPUc9UzvayeJXOAVpxIqxcmeTSI6w5Y5H3m7B5M=; b=clZIZyYWfZ4XT3MvB/pPl5ZE86Zt37G12idtVbz6V5T7gz7XvL4x9vc3g7uJmgkLNp wDi0c2UZg6xGoG1qM9qCj8s0HkilvyevtkHukEy6BhjqIdYaDDOv5d4kPFx4Yhz9bgw9 Let6GVy0KknLgra2FPK/vcI74FAhuN2MmsK0BFC/3lhyP5/5ixu5J2xB53NZisFevpIL 5ManEHncEalBfWkcn/ZyHTXZPw4gm/VngJJpP1+LrwxfeGhpiF/AlvQwGbk3c/XQin6R q4aQ8c+iwxW3UMwx39CXXCpAGmU7WQam+tmtUy4HLOHnlGGEdIiI/c0tOTXjdyYSr4+Z A0Qw==
X-Gm-Message-State: AHQUAuafqqeU4Qd0kRfR4Iies5eEWfKaDLsdOQ1BIyO0oN+jIw/RPy7i HdKqWUf3aWTc5thmOK6bjOhR5Wke
X-Google-Smtp-Source: AHgI3IYoqnzrKxqG0WU/t9E3B/d63CETmIXrdUHN52Aw3/a8qNN1lnPGHPWnFwakSY1IBkEEt1lQGw==
X-Received: by 2002:a19:4f03:: with SMTP id d3mr4867710lfb.52.1550232855521; Fri, 15 Feb 2019 04:14:15 -0800 (PST)
Received: from buildpc ([82.138.51.4]) by smtp.gmail.com with ESMTPSA id r11sm1241286ljb.29.2019.02.15.04.14.14 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 15 Feb 2019 04:14:14 -0800 (PST)
From: Valery Smyslov <smyslov.ietf@gmail.com>
To: "'Bruckert, Leonie'" <Leonie.Bruckert@secunet.com>, 'IPsecME WG' <ipsec@ietf.org>
Cc: draft-tjhai-ipsecme-hybrid-qske-ikev2@ietf.org
References: <154748799416.9552.17299073748247797491.idtracker@ietfa.amsl.com> <000101d4ad6b$4a790ca0$df6b25e0$@gmail.com> <DE8E4C1F24911E469CC24DD4819274AA4CBCE9F7@mail-essen-01.secunet.de>
In-Reply-To: <DE8E4C1F24911E469CC24DD4819274AA4CBCE9F7@mail-essen-01.secunet.de>
Date: Fri, 15 Feb 2019 15:14:03 +0300
Message-ID: <012501d4c527$f1400c90$d3c025b0$@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQHua0po1SQdv3p8eF/bRngBUmtvnwHW2sz0Axgd5xilhfEUYA==
Content-Language: ru
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/oyJ57Tlq3wwrsvpbN_IVo4hP-n0>
Subject: Re: [IPsec] New Version Notification for draft-tjhai-ipsecme-hybrid-qske-ikev2-03.txt
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Feb 2019 12:14:20 -0000

Hi Leonie,

> Hi,
> 
> The draft specifies how to use additional key exchanges for Child SAs. It states that if several key exchanges
> are negotiated in CREATE_CHILD_SA, key shares are transmitted in a series of INFORMATIONAL exchanges.
> So I was wondering if keys are updated after each INFORMATIONAL exchange, similar as its done with the
> INTERMEDIATE exchange?

It's a good question. We haven't discuss this issue yet among authors, but I think there is no reason 
(and I believe no reliable way) to update the keys used to protect the current IKE SA.
Instead, we can just use subsequent Key Exchanges as additional inputs into prf as follows:

For IKE SA rekey:
SKEYSEED = prf(SK_d_current, KE1  | Ni1 | Nr1 | KE2  | Ni2 | Nr2 ... KEn  | Nin | Nrn)

For new Child SA or its rekey:
KEYMAT = prf+(SK_d_current, KE1  | Ni1 | Nr1 | KE2  | Ni2 | Nr2 ... KEn  | Nin | Nrn)

where KE1, Ni|r1 - from CREATE_CHILD_SA, other KE and Ni|r - fron subsequent INFORMATIONAL.

But I'd rather let cryptographers comment on this and probably suggest better ways to do it.

And in any case this should definitely be clarified in the draft, as well as some other things 
(e.g. how collisions would be handled in this case etc.)

> Besides, has anybody experiences with fragmenting INFORMATIONAL exchange? I’m not aware that
> INFORMATIONAL exchange has been used to transmit such large payloads before.

RFC 7383 explicitly says that if IKE fragmentation was negotiated, then any subsequent protected 
exchange may be sent in fragmented form. It's true that so far IKE fragmentation was 
primarily used in the IKE_AUTH exchange, however any compliant implementation must be able
to use it in any exchange containing Encrypted payload.

Regards,
Valery.

> Regards,
> Leonie
> 
> > -----Ursprüngliche Nachricht-----
> > Von: IPsec [mailto:ipsec-bounces@ietf.org] Im Auftrag von Valery Smyslov
> > Gesendet: Mittwoch, 16. Januar 2019 08:16
> > An: IPsecME WG
> > Cc: draft-tjhai-ipsecme-hybrid-qske-ikev2@ietf.org
> > Betreff: Re: [IPsec] New Version Notification for draft-tjhai-ipsecme-hybrid-
> > qske-ikev2-03.txt
> >
> > Hi,
> >
> > a new version (-03) of the QSKE draft is published. It contains quite a lot of
> > changes from the -02 version:
> >
> > 1. Negotiation method is changed to standard (via new Transform Types in
> > SA payload)
> > 2. Using multiple key exchanges in the CREATE_CHILD_SA exchange is
> > addressed
> > 3. "IKE_AUX" is changed to "INTERMEDIATE" (to align with the draft-smyslov-
> > ipsecme-ikev2-aux-02)
> > 4. IANA considerations section is added
> > 5. Temporary IDs for PQ KE methods (using VendorID) are removed
> >
> > Please, review the draft. Some issues have already been discussed and the
> > changes reflect the WG consensus,
> > some are new and the text reflects only the authors' current opinion.
> >
> > Regards,
> > Valery (for the authors)
> >
> > > A new version of I-D, draft-tjhai-ipsecme-hybrid-qske-ikev2-03.txt
> > > has been successfully submitted by C. Tjhai and posted to the
> > > IETF repository.
> > >
> > > Name:		draft-tjhai-ipsecme-hybrid-qske-ikev2
> > > Revision:	03
> > > Title:		Framework to Integrate Post-quantum Key Exchanges into
> > Internet Key Exchange Protocol
> > > Version 2 (IKEv2)
> > > Document date:	2019-01-14
> > > Group:		Individual Submission
> > > Pages:		19
> > > URL:            https://www.ietf.org/internet-drafts/draft-tjhai-ipsecme-
> > hybrid-qske-ikev2-03.txt
> > > Status:         https://datatracker.ietf.org/doc/draft-tjhai-ipsecme-hybrid-
> > qske-ikev2/
> > > Htmlized:       https://tools.ietf.org/html/draft-tjhai-ipsecme-hybrid-qske-
> > ikev2-03
> > > Htmlized:       https://datatracker.ietf.org/doc/html/draft-tjhai-ipsecme-
> > hybrid-qske-ikev2
> > > Diff:           https://www.ietf.org/rfcdiff?url2=draft-tjhai-ipsecme-hybrid-
> > qske-ikev2-03
> > >
> > > Abstract:
> > >    This document describes how to extend Internet Key Exchange Protocol
> > >    Version 2 (IKEv2) so that the shared secret exchanged between peers
> > >    has resistance against quantum computer attacks.  The basic idea is
> > >    to exchange one or more post-quantum key exchange payloads in
> > >    conjunction with the existing (Elliptic Curve) Diffie-Hellman
> > >    payload.
> > >
> > >
> > >
> > >
> > > Please note that it may take a couple of minutes from the time of
> > submission
> > > until the htmlized version and diff are available at tools.ietf.org.
> > >
> > > The IETF Secretariat
> >
> > _______________________________________________
> > IPsec mailing list
> > IPsec@ietf.org
> > https://www.ietf.org/mailman/listinfo/ipsec
> 
> _______________________________________________
> IPsec mailing list
> IPsec@ietf.org
> https://www.ietf.org/mailman/listinfo/ipsec

v2.23.0 | Report a Bug | By Email