IETF Logo Mail Archive

Re: [Last-Call] Secdir telechat review of draft-ietf-ipsecme-ikev2-multiple-ke-10

Sean Turner <sean@sn3rd.com> Thu, 01 December 2022 03:11 UTC

Return-Path: <sean@sn3rd.com>
X-Original-To: last-call@ietfa.amsl.com
Delivered-To: last-call@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 49C23C13A05F for <last-call@ietfa.amsl.com>; Wed, 30 Nov 2022 19:11:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5fDVol8aH11B for <last-call@ietfa.amsl.com>; Wed, 30 Nov 2022 19:11:25 -0800 (PST)
Received: from mail-qk1-x730.google.com (mail-qk1-x730.google.com [IPv6:2607:f8b0:4864:20::730]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CE7EEC13A068 for <last-call@ietf.org>; Wed, 30 Nov 2022 19:10:19 -0800 (PST)
Received: by mail-qk1-x730.google.com with SMTP id c2so329293qko.1 for <last-call@ietf.org>; Wed, 30 Nov 2022 19:10:19 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=lPTVzU1IwpiI+LhGLzb6qepBSTPzjiVnIWi1DFEpVmg=; b=SxJmbN5t5dCpqzBGhtJ6rjDOCiYjKRA570L5MT23KXDQEIs5kJ4WEU9P9FbAhQlc+j wzr52/W9Sc2KGxP7knAvlJZcwnHTXXKc2butzDR97lLOqYDrVOOdEldrg/zm49X+upmq 5mCCSrnBzzeixZRKLP/yJEQYm05SAn9k70Dkg=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=lPTVzU1IwpiI+LhGLzb6qepBSTPzjiVnIWi1DFEpVmg=; b=7Rd9vYhQjvbskMOdkImpt2GyUqeGtbfz00AxLKW8skViZ+Ck0pba/2Uyur0vBL5njV AX63HLKyaSTfy+fvPyshg3pAuU/BSP0hmOglm8YdzYUM6jEHSTa8kMO4B91ZNq2fWecY vx4tjx1o0alwUwkaieifr/UYlDKmeqwrQ7dByvzpxaNTrhFymn553cuifW7ShHgaiTPD obPCMqu1ZwnGFPd8/xaSVsZbi0vQQmfzf1p1zymq3db3aghyWPhBbYP4FKtsEXfyceYI DQCeYcBR6RZrk0i9lmy3MHgugDFfqLKg2Hv6fCBbT1KUfDn4aJJkqUBu3Q+/aFLzqqA4 zErA==
X-Gm-Message-State: ANoB5pnUiCMYoibnGAPV4cCK8n7CyQvU7Tm5//9TAh0Fk9qrWA4jqtME IVAEnvdoGlfAadfxT5lnk2rG0A==
X-Google-Smtp-Source: AA0mqf7S1rf7bdmT91TMesSGdjo4F/rud3qRaxaPCYGD59iaAOCisAT05nymSl722xf1f959me5EmA==
X-Received: by 2002:ae9:e415:0:b0:6e2:5fce:f291 with SMTP id q21-20020ae9e415000000b006e25fcef291mr57159143qkc.86.1669864218637; Wed, 30 Nov 2022 19:10:18 -0800 (PST)
Received: from smtpclient.apple ([2600:4040:253b:7300:911a:efb7:8e5c:f5f7]) by smtp.gmail.com with ESMTPSA id z18-20020ac87112000000b0039853b7b771sm1870395qto.80.2022.11.30.19.10.17 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 30 Nov 2022 19:10:18 -0800 (PST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.120.0.1.13\))
From: Sean Turner <sean@sn3rd.com>
In-Reply-To: <CANs=h-X4quQCaw3iFeXAKbxTajRjGYwSBKe4a5=awU5mAmS1iA@mail.gmail.com>
Date: Wed, 30 Nov 2022 22:10:17 -0500
Cc: Valery Smyslov <svan@elvis.ru>, secdir@ietf.org, draft-ietf-ipsecme-ikev2-multiple-ke.all@ietf.org, ipsec@ietf.org, last-call@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <3D97A9D4-4B19-46C5-B366-E9BA9181B3E2@sn3rd.com>
References: <166965793078.574.10550949979516489683@ietfa.amsl.com> <142b01d903ec$aab1bb40$001531c0$@elvis.ru> <CANs=h-X4quQCaw3iFeXAKbxTajRjGYwSBKe4a5=awU5mAmS1iA@mail.gmail.com>
To: CJ Tjhai <cjt@post-quantum.com>
X-Mailer: Apple Mail (2.3654.120.0.1.13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/last-call/k6-O0NBZRUfXJNiibLOZ2yFmwU8>
Subject: Re: [Last-Call] Secdir telechat review of draft-ietf-ipsecme-ikev2-multiple-ke-10
X-BeenThere: last-call@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF Last Calls <last-call.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/last-call>, <mailto:last-call-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/last-call/>
List-Post: <mailto:last-call@ietf.org>
List-Help: <mailto:last-call-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/last-call>, <mailto:last-call-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Dec 2022 03:11:29 -0000

Thanks for these, I think we’re all resolved!

spt

> On Nov 29, 2022, at 08:31, CJ Tjhai <cjt@post-quantum.com> wrote:
> 
> Hi Sean,
> 
> Many thanks for the review.
> 
> Please see the comments inlined below.
> 
> Best regards,
> CJ
> 
> PS. Hi @Valery Smyslov, you've beat me to it again. I've added my changes to your PR. 
> 
> 
> 
> On Tue, 29 Nov 2022 at 12:18, Valery Smyslov <svan@elvis.ru> wrote:
> Hi Sean,
> 
> thank you for your review. Please, see inline.
> 
> > Reviewer: Sean Turner
> > Review result: Has Nits
> > 
> > Hi! Thanks for the well written draft. I really liked Appendix B that includes
> > the tried but discarded designs.
> 
> Thank you.
> 
> > Issue worth discussing (and it might be a short discussion):
> > 
> > Are there any instructions that the DEs needs to make sure that this registry
> > is not populated with PQ-wanna-be Transforms? E.g., I show up my shiny new (and
> > supposedly) PQ resistant alg and the DE says ....
> 
> I'm not sure the DEs have enough qualification to judge whether the proposed 
> algorithm is good or bad with its cryptographic properties. I believe it is the CFRG's task 
> to bless algorithms and the DEs should only pay attention to is whether 
> the proposed algorithm meets the protocol restrictions (and those are 
> listed in Section 4.1 for the DEs).
> 
> 
> I agree with Valery on this. Besides, the current draft is a generic one, it doesn't specify any specific algorithms. So I would expect that there will be specific documents specifying how to use a particular algorithm with this draft. That document will specify amongst other thing the wire format, key generation, encapsulation, decapsulation, etc. Once that document is approved, then only entries will be added into the registry.  
>  
> > Nits:
> > 
> > The use of “we” is a style thing that I would change, but if the WG/IESG are
> > good with it I can get on board too.
> 
> I'll rely on my co-authors on this :-)
> 
> Thanks, the use of "we" and "ours" have now been removed. The changes can be found in the same PR: https://github.com/post-quantum/ietf-pq-ikev2/pull/22 
>  
> 
> > s1.2, last para: “require such a requirement” is a bit awkward. How about “have
> > such a requirement” or “levy such a requirement”?
> 
> Changed to "have such a requirement".
> 
> > s2, hybrid: I think you might want to include some words by what you mean by
> > “hybrid”? Maybe as simple as copy some of the text from the 1st para of s3.1
> > forward, “when multiple key exchanges are performed and the calculated shared
> > key depends on all of them”.
> > 
> > s3.1, s/Note that with this semantics,/Note that with these semantics,
> 
> Fixed, thank you.
> 
> > s4.1:
> > 
> > s/must/MUST in the DE instructions?
> 
> Hm, I may be wrong, but in my understanding RFC2119 words have their meaning
> only in the context of an RFC/I-D (to which the DE instructions don't belong to)...
> 
> > s/addition,any/addition, any
> 
> Fixed.
> 
> > s5:
> > 
> > s/dwarfed/ with thwart or mitigate
> 
> Changed to mitigate.
> 
> > s/the data need to remain/the data needs to remain
> 
> Fixed.
> 
> > A.1:
> > 
> > s/as follows/as follows.
> 
> OK.
> 
> > s/SKEYSEED(1)  …. )./SKEYSEED(1) … )
> 
> Done.
> 
> > s/{SK_d(1) … SPIr)./{SK_d(1) … SPIr)
> 
> Ditto.
> 
> > Is this missing:
> > 
> >  The updated SKEYSEED value is then used to derive the following
> >  keying materials
> > 
> > between these two lines:
> > 
> >  SKEYSEED(2) = prf(SK_d(1), SK(2) | Ni | Nr)
> >  {SK_d(2) | SK_ai(2) | SK_ar(2) | SK_ei(2) | SK_er(2) | SK_pi(2) |
> >     SK_pr(2)} = prf+ (SKEYSEED(2), Ni | Nr | SPIi | SPIr)
> 
> Well, I think it must be clear enough from the formulas - 
> we first calculate new SKEYSEED (SKEYSEED(2)) and then
> use it to calculate new SK_* keys (SK_*(2)).
> We purposely added indexes in round braces to make it easier 
> for readers to figure out "generations" of the keys.
> Do you think it is not clear enough?
> 
> > A.4:s/a security association/an IKE SA
> 
> OK.
> 
> The changes can be reviewed in the PR:
> https://github.com/post-quantum/ietf-pq-ikev2/pull/22
> 
> Regards,
> Valery.
> 
> 
> 
> PQ Solutions Limited (trading as ‘Post-Quantum’) is a private limited company incorporated in England and Wales with registered number 06808505.
>  
> This email is meant only for the intended recipient. If you have received this email in error, any review, use, dissemination, distribution, or copying of this email is strictly prohibited. Please notify us immediately of the error by return email and please delete this message from your system. Thank you in advance for your cooperation.
> 
> For more information about Post-Quantum, please visit www.post-quantum.com.
> 
> In the course of our business relationship, we may collect, store and transfer information about you. Please see our privacy notice at www.post-quantum.com/privacy-policy/ to learn about how we use this information.

v2.23.0 | Report a Bug | By Email