Re: [secdir] secdir review of draft-kuegler-ipsecme-pace-ikev2

Nico Williams <> Thu, 14 April 2011 16:29 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id C687DE08ED for <>; Thu, 14 Apr 2011 09:29:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.592
X-Spam-Status: No, score=-1.592 tagged_above=-999 required=5 tests=[AWL=-0.215, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, J_CHICKENPOX_23=0.6]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id bhURmOYx-GCT for <>; Thu, 14 Apr 2011 09:29:13 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id C926BE08E6 for <>; Thu, 14 Apr 2011 09:29:09 -0700 (PDT)
Received: from (localhost []) by (Postfix) with ESMTP id D27A0674082 for <>; Thu, 14 Apr 2011 09:29:08 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; c=nofws;; h=mime-version :in-reply-to:references:date:message-id:subject:from:to:cc :content-type:content-transfer-encoding; q=dns; s=; b=qlGKKgFKLI8ss01sWSLi5BH9l/2NS77M8p00Z6hudYV3 n5gc/5qnweOvAmv75sw8hatodxL09UjxQ4R6l8+8apiIFK9nNbCxl/D4kSs6nWBP RkfGKr6ixi9N9ahATpOz36FrRK2Ow3yUONqAkilZFASIbZXr3uiA9AYuYlVZetI=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed;; h= mime-version:in-reply-to:references:date:message-id:subject:from :to:cc:content-type:content-transfer-encoding; s=; bh=FxCq3RXSVTGQgJ+FGipgsi+aBw8=; b=Eg4tfkhbirB F9BL3HE32qALMicCzkryzH6x2BHwopsnhsIdDnOwkeoIxxTfq6cj1bv0wmTlrGmu j+to6AOG7uhJPWg1yKXlkq+J2eqJtRHel60oGqoiHn336gVJvHgzVMxwroDbrqwS tM7oUHHcn709jxc4SbilRKyQ96EVJU38=
Received: from ( []) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: by (Postfix) with ESMTPSA id AFA9A67407C for <>; Thu, 14 Apr 2011 09:29:08 -0700 (PDT)
Received: by vws12 with SMTP id 12so1812231vws.31 for <>; Thu, 14 Apr 2011 09:29:07 -0700 (PDT)
MIME-Version: 1.0
Received: by with SMTP id eq8mr1342673vdc.214.1302798547926; Thu, 14 Apr 2011 09:29:07 -0700 (PDT)
Received: by with HTTP; Thu, 14 Apr 2011 09:29:07 -0700 (PDT)
In-Reply-To: <>
References: <> <> <> <>
Date: Thu, 14 Apr 2011 11:29:07 -0500
Message-ID: <>
From: Nico Williams <>
To: Paul Hoffman <>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Cc: "" <>, "" <>
Subject: Re: [secdir] secdir review of draft-kuegler-ipsecme-pace-ikev2
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 14 Apr 2011 16:29:13 -0000

On Thu, Apr 14, 2011 at 11:00 AM, Paul Hoffman <> wrote:
> On Apr 14, 2011, at 8:38 AM, Nico Williams wrote:
>> Of course, PACE is targeting Experimental... do we care about
>> cryptographic issues in Experimental RFCs?  I'd say we should, though
>> less so than for Standards Track RFCs since we can only spare so much
>> energy.
> If we "care about" such things, they should be discussed on open mailing lists, particularly if you are criticizing academic publications related to the document.

I'm not sure what you mean.  I cc'ed all, and reviewers are supposed
to cc authors, so the authors should have a copy of my reply.  Also,
over on the IPsec list we've been discussing password-based mechanisms
(though not this one, yet, because I didn't know it was progressing so
fast).  Since I just became aware of these issues as a result of a
secdir posting, that's where I replied.

Are you suggesting that secdir reviews should always be cc'ed to the
lists where the I-Ds in question were first reviewed?  Or that
responders to secdir reviews should do so?  Did I do something wrong?

>> I'm rather disappointed to see this wheel reinvented.  SCRAM (RFC5802)
>> would fit right in instead of PACE, for example, and has the same
>> kinds of properties as PACE, but with a number of advantages over PACE
>> (SCRAM is on the Standards Track, received much more review, uses a
>> PBKDF with salt and iteration count, is implemented, is reusable in
>> many contexts, does channel binding, there's an LDAP schema for
>> storing SCRAM password verifiers, ...).
>> We, secdir, should be encouraging wheel reuse wherever possible over
>> wheel reinvention.
> "We" never have encouraged that. Many of "us" are chairs of WGs whose charters explicitly allow or mandate the opposite of what you are proposing. If you want a change, it has to come from the ADs, not from "us".

"We", secdir, are volunteers.  This volunteer would rather avoid wheel
reinvention, and this volunteer, perhaps naively, had hoped others
would agree.  Perhaps other volunteers disagree (you do).  I
explicitly referred to secdir, not WG chairs, not ADs, nor did I refer
to actual current practice, but rather stated an opinion of what we
ought to do.

All that aside, is it really the case that "we" (secdir) don't mind
the lack of salting?  Really?!  In 2011, four decades or so since the
invention of salting?  Or did you really just mean to criticize me for
not cc'ing the IPsec list on my reply?