Re: [IPsec] I-D Action: draft-ietf-ipsecme-rfc4307bis-00.txt
John Mattsson <john.mattsson@ericsson.com> Tue, 03 November 2015 01:43 UTC
Return-Path: <john.mattsson@ericsson.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 082651B2B58 for <ipsec@ietfa.amsl.com>; Mon, 2 Nov 2015 17:43:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VgGpl6U3Td1N for <ipsec@ietfa.amsl.com>; Mon, 2 Nov 2015 17:43:42 -0800 (PST)
Received: from sessmg22.ericsson.net (sessmg22.ericsson.net [193.180.251.58]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 674731B2B57 for <ipsec@ietf.org>; Mon, 2 Nov 2015 17:43:41 -0800 (PST)
X-AuditID: c1b4fb3a-f79136d0000071e2-ed-5638114bfa46
Received: from ESESSHC017.ericsson.se (Unknown_Domain [153.88.183.69]) by sessmg22.ericsson.net (Symantec Mail Security) with SMTP id E4.65.29154.B4118365; Tue, 3 Nov 2015 02:43:39 +0100 (CET)
Received: from ESESSMB307.ericsson.se ([169.254.7.39]) by ESESSHC017.ericsson.se ([153.88.183.69]) with mapi id 14.03.0248.002; Tue, 3 Nov 2015 02:43:30 +0100
From: John Mattsson <john.mattsson@ericsson.com>
To: Tero Kivinen <kivinen@iki.fi>
Thread-Topic: [IPsec] I-D Action: draft-ietf-ipsecme-rfc4307bis-00.txt
Thread-Index: AQHRFXu7qgXgtELg9k6Y0s/OKlhTiZ6JZSyAgACoCoA=
Date: Tue, 03 Nov 2015 01:43:29 +0000
Message-ID: <D25E35DB.3F72B%john.mattsson@ericsson.com>
References: <8E795DD4-DF63-452D-96AA-F6D7BE232530@ericsson.com> <22072.729.246850.109764@fireball.acr.fi>
In-Reply-To: <22072.729.246850.109764@fireball.acr.fi>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.5.4.150722
x-originating-ip: [153.88.183.150]
Content-Type: text/plain; charset="utf-8"
Content-ID: <AD80091B85B93B489F2458854F392ABC@ericsson.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrJIsWRmVeSWpSXmKPExsUyM2K7q663oEWYwcU7shb7t7xgszh6/jmb A5PHkiU/mTwOf13IEsAUxWWTkpqTWZZapG+XwJVx5fxZtoI+9YoLN7awNzD2qHUxcnJICJhI dD9vYoWwxSQu3FvP1sXIxSEkcJhRouPGUkYIZxGjxKEJu9hBqtgEDCTm7mlgA7FFBBQldj/Z ygRiMwuoStzdPxVskrCAq8S3nn52iBo3iYVLprJ0MXIA2VYSW464gYRZBFQk9rbuAWvlFTCX WPcApIQTaFe2xK1p38BsTgEziVfrFjGD2IxAx30/tQZqlbjErSfzmSCOFpBYsuc8M4QtKvHy 8T9WkFWiAnoSe5ZLQoSVJFZsv8QIEmYW0JRYv0sfYoq1xOMna1khbEWJKd0P2SGuEZQ4OfMJ ywRGiVlIls1C6J6FpHsWku5ZSLoXMLKuYhQtTi0uzk03MtJLLcpMLi7Oz9PLSy3ZxAiMwINb flvtYDz43PEQowAHoxIP74ZN5mFCrIllxZW5hxglOJiVRHhfclmECfGmJFZWpRblxxeV5qQW H2KU5mBREudtZnoQKiSQnliSmp2aWpBaBJNl4uCUamCMyTU5n6F+Otzhn9/Jsxq2Nvb/itrC n/9etLk6/vKDGj/byF0PGkVOzQhr+XOj97KgR8vnmd8aZNxEeGc4rFRbGCzTHF1+oN74oLmU waN5Bd/Ovq4pC7aO5Jxfuang3tyNcvfDk39LK4rmZr3eLDizvfA2L/NKaUa+0zN81v+2fXDh /uOfJ3OVWIozEg21mIuKEwFHyzZgvAIAAA==
Archived-At: <http://mailarchive.ietf.org/arch/msg/ipsec/pqJL1vs3bQ45qIsMyoVmqd_AvGY>
Cc: "ipsec@ietf.org" <ipsec@ietf.org>
Subject: Re: [IPsec] I-D Action: draft-ietf-ipsecme-rfc4307bis-00.txt
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Nov 2015 01:43:44 -0000
On 03/11/15 09:42, "Tero Kivinen" <kivinen@iki.fi> wrote: >>- Section 3.2. says “When an AEAD algorithm (see Section 3.1) is >> used, no algorithm from this table needs to be used.” Shouldn’t this >> be “MUST NOT be used”. > >This document just states the fact, the actual MUST NOT is in the >RFC5282, and I do not think we should repeat that here. I.e. this text >just states the fact of life based on the RFC5282, but does not make >any requirements. Then you should probably remove the ‘MUST' in "Algorithms that are not AEAD MUST be used in conjunction with the integrity algorithms in Section 3.2.” >>- Section 3.1. I think AES_CCM_8 should somehow be restricted to >> IoT, as using 64 bit tags in IKE does not sound like general good >> advise. Also IoT implementations would probably just implement >> “ENCR_AES_CCM_8”, “PRF_HMAC_SHA2_256", and "256-bit random ECP >> group" and skip everything else. It seem to make more sense to >> specify an IoT profile in a separate section. > >The IoT devices talk to each other, but also to more general purpose >servers, i.e., in your home you might have some kind home area network >server, where all the IoT devices connect to. In that case those >bigger boxes do want to implement the same AES_CCM_8 just so that >those IoT devices which didn't implement anything else can talk to >them. > >I.e. I think it is good thing to require real systems to have SHOULD >for the AES_CCM_8. Of couse if your implementation is never expected >to talk to IoT devices, then that is good reason to go against the >SHOULD and leave the AES_CCM_8 implementation out. That sound reasonable, but shouldn’t the IoT devices have some guidelines (maybe just a sentence) on what they should implement? We know that they will not implement everything, and if they chose different subsets, they will not be able to talk to each other. >>- Section 3.4. The Diffie-Hellman group table diverges heavily from >> the rest with only 112-bit security as MUST, and no group offering >> 128-bit security as even SHOULD+. > >That depends how you calculate the securities of the Diffie-Hellman >groups. If you check RFC3526 that gives two strengh estimates for >2014-bit group, 110 and 160 bits. The 160 bit strength takes also >account the memory prices in the calculations, the 110 assumes memory >is free, and CPU cost is only thing that matters. There is also: - Lenstra (http://infoscience.epfl.ch/record/164539/files/NPDF-32.pdf) giving the estimate 95 bit strength - The IETF BCP (RFC3766) giving the estimate 103 bit strength - ECRYPT giving the estimate 103 bit strength So if anything, I would say the general consensus is that 2048 MODP may not even give 112 bits security… >>This may be ok, but I think the ipsecme group should try to fulfill >> general recommendations on security levels (NIST, ECRYPT) and have a >> plan on how to make 2048-bit MOPD a MUST NOT before 2030. > >I think we are going to replace this document several times before >2030. We actually should have replaced this already few years ago, so >this update is already bit late, but I would assume we might make new >version after we get those new EC groups now being defined to the >implementations. That sounds really good. It’s very important that both this and RFC7321 gets updated regularly. > On the other hand there are lots of people still >running IKEv1, so getting them to implementations might get time. But IKEv1 is not in scope for RFC4307 or RFC4307bis so what they implement or not should not be taken into consideration.
- [IPsec] I-D Action: draft-ietf-ipsecme-rfc4307bis… internet-drafts
- Re: [IPsec] I-D Action: draft-ietf-ipsecme-rfc430… Sean Turner
- Re: [IPsec] I-D Action: draft-ietf-ipsecme-rfc430… John Mattsson
- Re: [IPsec] I-D Action: draft-ietf-ipsecme-rfc430… Tero Kivinen
- Re: [IPsec] I-D Action: draft-ietf-ipsecme-rfc430… John Mattsson
- Re: [IPsec] I-D Action: draft-ietf-ipsecme-rfc430… Yoav Nir
- Re: [IPsec] I-D Action: draft-ietf-ipsecme-rfc430… Paul Wouters
- Re: [IPsec] I-D Action: draft-ietf-ipsecme-rfc430… Paul Wouters
- Re: [IPsec] I-D Action: draft-ietf-ipsecme-rfc430… Tero Kivinen