[IPsec] Protocol Action: 'Additional Diffie-Hellman Tests for IKEv2' to Proposed Standard (draft-ietf-ipsecme-dh-checks-05.txt)

The IESG <iesg-secretary@ietf.org> Wed, 05 June 2013 14:46 UTC

Return-Path: <iesg-secretary@ietf.org>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 3246721F9B11; Wed, 5 Jun 2013 07:46:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.535
X-Spam-Status: No, score=-102.535 tagged_above=-999 required=5 tests=[AWL=0.065, BAYES_00=-2.599, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id kN8gvTsIKtGo; Wed, 5 Jun 2013 07:46:33 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id E985F21F9B13; Wed, 5 Jun 2013 07:46:32 -0700 (PDT)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 4.50
Message-ID: <20130605144632.18949.78362.idtracker@ietfa.amsl.com>
Date: Wed, 05 Jun 2013 07:46:32 -0700
Cc: ipsecme mailing list <ipsec@ietf.org>, ipsecme chair <ipsecme-chairs@tools.ietf.org>, RFC Editor <rfc-editor@rfc-editor.org>
Subject: [IPsec] Protocol Action: 'Additional Diffie-Hellman Tests for IKEv2' to Proposed Standard (draft-ietf-ipsecme-dh-checks-05.txt)
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Jun 2013 14:46:34 -0000

The IESG has approved the following document:
- 'Additional Diffie-Hellman Tests for IKEv2'
  (draft-ietf-ipsecme-dh-checks-05.txt) as Proposed Standard

This document is the product of the IP Security Maintenance and
Extensions Working Group.

The IESG contact persons are Sean Turner and Stephen Farrell.

A URL of this Internet Draft is:

Technical Summary

The document corrects a problem found well after RFC 5996 was published. Implementations that support elliptic curves and DSA, and also reuse private keys, are vulnerable to some attacks that can be prevented by some simple checking. This document specifies the circumstances where the attack might happen and how to prevent them.

Working Group Summary

The document was reviewed by enough active developers and cryptographically-inclined participants to be sufficient for Standards Track. There is definite consensus to publish.

Document Quality

This document is appropriate for Standards Track because, if the attack had been known and understood when RFC 5996 was written, it would certainly have been part of that document.


Paul Hoffman is the shepherd.
Sean Turner is the AD.