Re: [lisp] I-D Action: draft-ietf-lisp-crypto-01.txt
"Brian Weis (bew)" <bew@cisco.com> Tue, 05 May 2015 06:47 UTC
Return-Path: <bew@cisco.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D405F1B2E17 for <lisp@ietfa.amsl.com>; Mon, 4 May 2015 23:47:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.511
X-Spam-Level:
X-Spam-Status: No, score=-14.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LgHWvzvzooMs for <lisp@ietfa.amsl.com>; Mon, 4 May 2015 23:46:59 -0700 (PDT)
Received: from alln-iport-3.cisco.com (alln-iport-3.cisco.com [173.37.142.90]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C7BA91ACD23 for <lisp@ietf.org>; Mon, 4 May 2015 23:46:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2808; q=dns/txt; s=iport; t=1430808418; x=1432018018; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=eOyKV1Kd/GLKX2zV1FcyJwb/5V3k0R1JcsvkdXN5xvY=; b=Rdao64Xugr0XIxbSc07nJfA8Vk/tyqcSh9QlCvf/tXSgq1xaq03piWTi uBo1sz1062lBULR/+uc3/mDj0H+z6m+cyVC2pfKZ05Lqmb5Rzn78l5Gxt 6d52j06W28q8CIKMACUrAyUaPWadWFaSM9AeBrRoXV407GzbQqlxDzC40 k=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0BQBAAkZ0hV/5BdJa1ZA4MMU1wFxXQJgUwKhgUCgTA4FAEBAQEBAQGBCoQgAQEBAwEBAQFrCwULAgEIGC4nCyUCBA4FiCMIDcUbAQEBAQEBAQEBAQEBAQEBAQEBAQEBEwSLOYQiEQEeIxAHEYMGgRYFj2KCK4pSgSSRKINSI4N0b4ELOYEBAQEB
X-IronPort-AV: E=Sophos;i="5.13,371,1427760000"; d="scan'208";a="147095448"
Received: from rcdn-core-8.cisco.com ([173.37.93.144]) by alln-iport-3.cisco.com with ESMTP; 05 May 2015 06:46:57 +0000
Received: from xhc-aln-x10.cisco.com (xhc-aln-x10.cisco.com [173.36.12.84]) by rcdn-core-8.cisco.com (8.14.5/8.14.5) with ESMTP id t456kvTT012558 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Tue, 5 May 2015 06:46:57 GMT
Received: from xmb-aln-x04.cisco.com ([169.254.9.236]) by xhc-aln-x10.cisco.com ([173.36.12.84]) with mapi id 14.03.0195.001; Tue, 5 May 2015 01:46:57 -0500
From: "Brian Weis (bew)" <bew@cisco.com>
To: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
Thread-Topic: [lisp] I-D Action: draft-ietf-lisp-crypto-01.txt
Thread-Index: AQHQhv9Hck/XYqgwoEKHOlxO6G+Ctw==
Date: Tue, 05 May 2015 06:46:57 +0000
Message-ID: <F269FD42-C422-438B-ACD6-BFBDBA5C76F4@cisco.com>
References: <20150501225938.17488.33586.idtracker@ietfa.amsl.com> <E0214FD5-7C51-45FA-89EC-B3656B6A6766@gmail.com> <20150502072254.GA6857@LK-Perkele-VII>
In-Reply-To: <20150502072254.GA6857@LK-Perkele-VII>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.32.244.211]
Content-Type: text/plain; charset="Windows-1252"
Content-ID: <2F635D83112B40438086450900989EFD@emea.cisco.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/lisp/3xIzUyIbt3wYwBuzKLoDy9r_1TQ>
Cc: LISP mailing list list <lisp@ietf.org>
Subject: Re: [lisp] I-D Action: draft-ietf-lisp-crypto-01.txt
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 May 2015 06:47:01 -0000
Hi Ilari, Thanks for your comments. On May 2, 2015, at 12:22 AM, Ilari Liusvaara <ilari.liusvaara@elisanet.fi> wrote: > On Fri, May 01, 2015 at 04:04:03PM -0700, Dino Farinacci wrote: >> Folks, this draft contains the following changes: >> >> B.1. Changes to draft-ietf-lisp-crypto-01.txt >> >> o Posted May 2015. >> >> o Create cipher suites and encode them in the Security LCAF. >> >> o Add IV to beginning of packet header and ICV to end of packet. >> >> o AEAD procedures are now part of encryption process. > > At least I can follow how the algorithms work. Remaining issues/notes: > - It composes AEAD mode instaed of using ready-made one. The composed > mode is if nothing else slow (SHA-1 is already slower than some > ready-made AEAD modes). These are the algorithms we’re comfortable with for now. We could have specified the combined AEAD mode cipher modes, but they add complexity in the form of maintaining a counter for the nonce. > - Key derivation looks to be missing hashing in important parameters > (like group and exchange keys) into secrets. Not sure which parameters you mean? The DH shared secret is the key for the KDF, I’m not sure why we’d provide any other keys as input to the KDF. > - Some NIST-spec KDF? I think there are RFCs that describe KDFs. Yes, there’s RFC 5869 but the NIST KDFs are also widely used. > - 1024-bit DH is regarded as quite weak nowadays. > - Two new ECDH functions from CFRG were recently annouced[1]. > Should be faster than DH1024/DH2048 with way smaller keys. We do need less computationally demanding ciphers for deices that do crypto in ARM based platforms, which explains the 1024-bit DH (and yes, we realize it is weak). As stated in the Future Work section we will be looking at these ECDH functions and should have some results before the Prague meeting. If we can replace the 1024-bit DH we will. Thanks, Brian > > > > > [1] > > The lower security one (Curve25519, as is): > > v^2 = u^3 + 486662u^2 + u (mod 2^255-19) > > Secret key size: 255 bits. > Secret key masking: Bits 0, 1, 2 off, bit 254 on. > Point encoding: u as 32-octet little-endian base-256 integer. > Base point: u=9. > > The higher security one: > > v^2 = u^3 + 156326u^2 + u (mod 2^448-2^224-1) > > Secret key size: 448 bits. > Secret key masking: Bits 0, 1 off, bit 447 on. > Point encoding: u as 56-octet little-endian base-256 integer. > Base point: u=5. > > _______________________________________________ > lisp mailing list > lisp@ietf.org > https://www.ietf.org/mailman/listinfo/lisp -- Brian Weis Security, CSG, Cisco Systems Telephone: +1 408 526 4796 Email: bew@cisco.com
- [lisp] I-D Action: draft-ietf-lisp-crypto-01.txt internet-drafts
- [lisp] Fwd: I-D Action: draft-ietf-lisp-crypto-01… Dino Farinacci
- Re: [lisp] Fwd: I-D Action: draft-ietf-lisp-crypt… Ilari Liusvaara
- Re: [lisp] I-D Action: draft-ietf-lisp-crypto-01.… Brian Weis (bew)
- Re: [lisp] I-D Action: draft-ietf-lisp-crypto-01.… Ilari Liusvaara
- Re: [lisp] I-D Action: draft-ietf-lisp-crypto-01.… Dino Farinacci
- Re: [lisp] I-D Action: draft-ietf-lisp-crypto-01.… Ilari Liusvaara
- Re: [lisp] I-D Action: draft-ietf-lisp-crypto-01.… Dino Farinacci