Re: [Last-Call] Secdir telechat review of draft-ietf-ipsecme-ikev2-multiple-ke-10
Valery Smyslov <svan@elvis.ru> Tue, 29 November 2022 12:18 UTC
Return-Path: <svan@elvis.ru>
X-Original-To: last-call@ietfa.amsl.com
Delivered-To: last-call@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 83A76C152574; Tue, 29 Nov 2022 04:18:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.096
X-Spam-Level:
X-Spam-Status: No, score=-7.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=elvis.ru
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zPBCb4BIW5Jt; Tue, 29 Nov 2022 04:18:37 -0800 (PST)
Received: from akmail.elvis.ru (akmail.elvis.ru [82.138.51.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A4E7AC152590; Tue, 29 Nov 2022 04:18:31 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=elvis.ru; s=mail; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID: Date:Subject:In-Reply-To:References:CC:To:From:Sender:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=vW7IEoBU+4Ver/J5j6VpG/QT21jPlJvKcY6gn8/qTzA=; b=B5MKM46Pxbhb8ujEfzGtXVz5Ie a3XJPoxskyNhJ3r5NqKLZHNIG0oUzDlZWqIpQz32rXD15nJ1ojDJ9HZP0hFz10nZozztcT7cOAr32 cKlsHOrqDXcXVVxcDPVGyFSqPVDBfNS/nFPcU8WNoQmawdz4UFen2L0z3vG6B+jXF85Y=;
Received: from kmail.elvis.ru ([93.188.44.208]) by akmail.elvis.ru with esmtp (Exim 4.92) (envelope-from <svan@elvis.ru>) id 1ozzZ4-0002c6-H0; Tue, 29 Nov 2022 15:18:18 +0300
Received: from mail16.office.elvis.ru ([10.111.1.29] helo=mail.office.elvis.ru) by kmail.elvis.ru with esmtp (Exim 4.92) (envelope-from <svan@elvis.ru>) id 1ozzZ4-00041q-9B; Tue, 29 Nov 2022 15:18:18 +0300
Received: from MAIL16.office.elvis.ru (10.111.1.29) by MAIL16.office.elvis.ru (10.111.1.29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1779.2; Tue, 29 Nov 2022 15:18:20 +0300
Received: from buildpc (10.111.10.33) by MAIL16.office.elvis.ru (10.111.1.29) with Microsoft SMTP Server id 15.1.1779.2 via Frontend Transport; Tue, 29 Nov 2022 15:18:20 +0300
From: Valery Smyslov <svan@elvis.ru>
To: 'Sean Turner' <sean@sn3rd.com>, secdir@ietf.org
CC: draft-ietf-ipsecme-ikev2-multiple-ke.all@ietf.org, ipsec@ietf.org, last-call@ietf.org
References: <166965793078.574.10550949979516489683@ietfa.amsl.com>
In-Reply-To: <166965793078.574.10550949979516489683@ietfa.amsl.com>
Date: Tue, 29 Nov 2022 15:18:19 +0300
Message-ID: <142b01d903ec$aab1bb40$001531c0$@elvis.ru>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQI1ZguzHNDFkMcw9AvJ7PFZKpKXyq2c+JEQ
Content-Language: ru
X-CrossPremisesHeadersFilteredBySendConnector: MAIL16.office.elvis.ru
X-OrganizationHeadersPreserved: MAIL16.office.elvis.ru
X-KLMS-AntiSpam-Interceptor-Info: not scanned
X-KLMS-Rule-ID: 1
X-KLMS-Message-Action: clean
X-KLMS-AntiSpam-Status: not scanned, disabled by settings
X-KLMS-AntiPhishing: Clean, bases: 2022/11/29 11:22:00
X-KLMS-AntiVirus: Kaspersky Security for Linux Mail Server, version 8.0.3.30, bases: 2022/11/29 08:46:00 #20623389
X-KLMS-AntiVirus-Status: Clean, skipped
Archived-At: <https://mailarchive.ietf.org/arch/msg/last-call/CfGqp-5XwMKMq-szb4qnvnR8UyQ>
Subject: Re: [Last-Call] Secdir telechat review of draft-ietf-ipsecme-ikev2-multiple-ke-10
X-BeenThere: last-call@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF Last Calls <last-call.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/last-call>, <mailto:last-call-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/last-call/>
List-Post: <mailto:last-call@ietf.org>
List-Help: <mailto:last-call-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/last-call>, <mailto:last-call-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Nov 2022 12:18:41 -0000
Hi Sean,
thank you for your review. Please, see inline.
> Reviewer: Sean Turner
> Review result: Has Nits
>
> Hi! Thanks for the well written draft. I really liked Appendix B that includes
> the tried but discarded designs.
Thank you.
> Issue worth discussing (and it might be a short discussion):
>
> Are there any instructions that the DEs needs to make sure that this registry
> is not populated with PQ-wanna-be Transforms? E.g., I show up my shiny new (and
> supposedly) PQ resistant alg and the DE says ....
I'm not sure the DEs have enough qualification to judge whether the proposed
algorithm is good or bad with its cryptographic properties. I believe it is the CFRG's task
to bless algorithms and the DEs should only pay attention to is whether
the proposed algorithm meets the protocol restrictions (and those are
listed in Section 4.1 for the DEs).
> Nits:
>
> The use of “we” is a style thing that I would change, but if the WG/IESG are
> good with it I can get on board too.
I'll rely on my co-authors on this :-)
> s1.2, last para: “require such a requirement” is a bit awkward. How about “have
> such a requirement” or “levy such a requirement”?
Changed to "have such a requirement".
> s2, hybrid: I think you might want to include some words by what you mean by
> “hybrid”? Maybe as simple as copy some of the text from the 1st para of s3.1
> forward, “when multiple key exchanges are performed and the calculated shared
> key depends on all of them”.
>
> s3.1, s/Note that with this semantics,/Note that with these semantics,
Fixed, thank you.
> s4.1:
>
> s/must/MUST in the DE instructions?
Hm, I may be wrong, but in my understanding RFC2119 words have their meaning
only in the context of an RFC/I-D (to which the DE instructions don't belong to)...
> s/addition,any/addition, any
Fixed.
> s5:
>
> s/dwarfed/ with thwart or mitigate
Changed to mitigate.
> s/the data need to remain/the data needs to remain
Fixed.
> A.1:
>
> s/as follows/as follows.
OK.
> s/SKEYSEED(1) …. )./SKEYSEED(1) … )
Done.
> s/{SK_d(1) … SPIr)./{SK_d(1) … SPIr)
Ditto.
> Is this missing:
>
> The updated SKEYSEED value is then used to derive the following
> keying materials
>
> between these two lines:
>
> SKEYSEED(2) = prf(SK_d(1), SK(2) | Ni | Nr)
> {SK_d(2) | SK_ai(2) | SK_ar(2) | SK_ei(2) | SK_er(2) | SK_pi(2) |
> SK_pr(2)} = prf+ (SKEYSEED(2), Ni | Nr | SPIi | SPIr)
Well, I think it must be clear enough from the formulas -
we first calculate new SKEYSEED (SKEYSEED(2)) and then
use it to calculate new SK_* keys (SK_*(2)).
We purposely added indexes in round braces to make it easier
for readers to figure out "generations" of the keys.
Do you think it is not clear enough?
> A.4:s/a security association/an IKE SA
OK.
The changes can be reviewed in the PR:
https://github.com/post-quantum/ietf-pq-ikev2/pull/22
Regards,
Valery.
- [Last-Call] Secdir telechat review of draft-ietf-… Sean Turner via Datatracker
- Re: [Last-Call] Secdir telechat review of draft-i… Valery Smyslov
- Re: [Last-Call] Secdir telechat review of draft-i… CJ Tjhai
- Re: [Last-Call] Secdir telechat review of draft-i… Sean Turner
- Re: [Last-Call] Secdir telechat review of draft-i… Valery Smyslov
- Re: [Last-Call] Secdir telechat review of draft-i… Sean Turner
- Re: [Last-Call] Secdir telechat review of draft-i… Sean Turner