Re: [IPsec] draft-ietf-ipsecme-implicit-iv-06 - key length is missing
Paul Wouters <paul@nohats.ca> Tue, 02 April 2019 16:51 UTC
Return-Path: <paul@nohats.ca>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A3DF3120169 for <ipsec@ietfa.amsl.com>; Tue, 2 Apr 2019 09:51:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tEX1rpSnI6Xb for <ipsec@ietfa.amsl.com>; Tue, 2 Apr 2019 09:51:46 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [IPv6:2a03:6000:1004:1::68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3A4291200A4 for <ipsec@ietf.org>; Tue, 2 Apr 2019 09:51:46 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 44YZxC6RbTzCvq; Tue, 2 Apr 2019 18:51:43 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1554223903; bh=TqiNAUu5JxJhiP6KbBj2hcZh5XmhVpn2bsDN+50GPC0=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=iFxAsmU0G42cRn2ACPjTG0vTFbdNx+FTUVipZxC2K7YUDnvfS/eVSXx8YcyNITMdr F0E0iimBEO4UZHFC2i7eEcaz8HZXzIhJgN8AVrhAgAUywgk9srBZz2Xfz2DPv8eoEL hUL8I8wsif/9QURlKDJLMFWA0zjkCjp7UZ38hToI=
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id Vrl_5R235cT4; Tue, 2 Apr 2019 18:51:43 +0200 (CEST)
Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Tue, 2 Apr 2019 18:51:42 +0200 (CEST)
Received: by bofh.nohats.ca (Postfix, from userid 1000) id 0C4C45C856; Tue, 2 Apr 2019 12:51:42 -0400 (EDT)
DKIM-Filter: OpenDKIM Filter v2.11.0 bofh.nohats.ca 0C4C45C856
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 05BDA40D358A; Tue, 2 Apr 2019 12:51:42 -0400 (EDT)
Date: Tue, 02 Apr 2019 12:51:41 -0400
From: Paul Wouters <paul@nohats.ca>
To: Valery Smyslov <smyslov.ietf@gmail.com>
cc: IPsecME WG <ipsec@ietf.org>
In-Reply-To: <010501d4e961$ddae8a90$990b9fb0$@gmail.com>
Message-ID: <alpine.LRH.2.21.1904021250150.14241@bofh.nohats.ca>
References: <010501d4e961$ddae8a90$990b9fb0$@gmail.com>
User-Agent: Alpine 2.21 (LRH 202 2017-01-01)
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/yM1bbXTwptIC0j80JdILMRCRdcE>
Subject: Re: [IPsec] draft-ietf-ipsecme-implicit-iv-06 - key length is missing
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Apr 2019 16:51:49 -0000
On Tue, 2 Apr 2019, Valery Smyslov wrote: > and define a default key length for the case when it is absent (e.g. 256 bits). Do not do this. There are broken implementations and interop issues on this already by broken clients who don't send or omit to send KEY_LENGTH (old versions of us included). > It'll allow us to save few bytes by omitting attribute for most common cases. Not worth it. Paul
- [IPsec] draft-ietf-ipsecme-implicit-iv-06 - key l… Valery Smyslov
- Re: [IPsec] draft-ietf-ipsecme-implicit-iv-06 - k… Paul Wouters
- Re: [IPsec] draft-ietf-ipsecme-implicit-iv-06 - k… Daniel Migault
- Re: [IPsec] draft-ietf-ipsecme-implicit-iv-06 - k… Valery Smyslov
- Re: [IPsec] draft-ietf-ipsecme-implicit-iv-06 - k… Valery Smyslov
- Re: [IPsec] draft-ietf-ipsecme-implicit-iv-06 - k… Tobias Guggemos
- Re: [IPsec] draft-ietf-ipsecme-implicit-iv-06 - k… Valery Smyslov
- Re: [IPsec] draft-ietf-ipsecme-implicit-iv-06 - k… Valery Smyslov
- Re: [IPsec] draft-ietf-ipsecme-implicit-iv-06 - k… Tobias Guggemos
- Re: [IPsec] draft-ietf-ipsecme-implicit-iv-06 - k… Daniel Migault
- Re: [IPsec] draft-ietf-ipsecme-implicit-iv-06 - k… Valery Smyslov
- Re: [IPsec] draft-ietf-ipsecme-implicit-iv-06 - k… Daniel Migault
- Re: [IPsec] draft-ietf-ipsecme-implicit-iv-06 - k… Valery Smyslov
- Re: [IPsec] draft-ietf-ipsecme-implicit-iv-06 - k… Daniel Migault
- Re: [IPsec] draft-ietf-ipsecme-implicit-iv-06 - k… Valery Smyslov
- Re: [IPsec] draft-ietf-ipsecme-implicit-iv-06 - k… Tero Kivinen
- Re: [IPsec] draft-ietf-ipsecme-implicit-iv-06 - k… Daniel Migault