IETF Logo Mail Archive

[secdir] Secdir review of draft-ietf-ipsecme-implicit-iv-07

Magnus Nyström <magnusn@gmail.com> Mon, 14 October 2019 05:46 UTC

Return-Path: <magnusn@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EBCCF1200CD; Sun, 13 Oct 2019 22:46:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8tTZROlI0Pup; Sun, 13 Oct 2019 22:46:42 -0700 (PDT)
Received: from mail-pl1-x635.google.com (mail-pl1-x635.google.com [IPv6:2607:f8b0:4864:20::635]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0D1D81200BA; Sun, 13 Oct 2019 22:46:42 -0700 (PDT)
Received: by mail-pl1-x635.google.com with SMTP id u20so7516114plq.4; Sun, 13 Oct 2019 22:46:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=DZa2tzIlbWZxM5FlGqqIthFA9pXmte2I+RQSIFNxxMk=; b=Z7baatOuDnpO+MdKdDBr1rpuA2i0H6V4OQ0Mxaa51w+J9lZYN8MM6d51V3G33oE6k5 lBTt3GVkt7mgrcpZxIODDkIZMhp0tbxhkJCGS3A3VtZXT8qRqo7eZTYngY07IVsx9kPP GmjS938Dv5IV6wiio0ThhWDRxw0l3dg/OaL0vdnMAClIqYHccMF0cJ2QiWeVEO72NO0m x4y1q8gKsxNwyg+W/fd5J0dgEE5cW7wRq06tFCxp2JbSVQ0/0f+xYG9hhVgxkTjYLwn6 mczJe5kuBhZvsZ0gcVQFYluVhlKp/pzFulMOvOhjFI/jmLuGJAK/7qGY7HnuPMKXF8cT Uk1A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=DZa2tzIlbWZxM5FlGqqIthFA9pXmte2I+RQSIFNxxMk=; b=SbxCxzWe4AQODObpyX6Tyb5/20SL1Qhx3ZfbckCQx6uU4Q6SeKPsSPXEGyFiRIEfyU NoUZSx7aTwEyePFH77vBjSp19CtE8DfnLOq6Dnqjis2ZgcChg718CZRaTEMIqMx2Y+vX RlLhGSpTjGmWPIktJvbbwXozv3uKjQ/LIfKajSsm40rolXCCOD24BDCrlwHhvcvLIds0 L7+NvKS8HAda48JeyfhWMyi/p6dOZvlZLvFs9ATAgeOERPS919if3KVLUtHSekUDv1AQ /vrqivJK3dg+voMmw/+iX95fqXg4KLa9lk+a+eIkhqnhqKSfSJi46raSUoJ2zWYWHD4j tzQg==
X-Gm-Message-State: APjAAAWkZNT3utsZgba0dQgV+jNxbZPDQBpxraxv/G5EU433dLTTZvan 1q5u/nGazmoF1kFivpqqXufizGmvXGUShmNytT7EKSM5
X-Google-Smtp-Source: APXvYqyNMbxV5HC3ToRDvS6+aqqXYUz0dy1/OBldyJfNkjX10B1VZFHikD/mUQyYkN2NskIrdeK+lyoZS0dCHl6O6VE=
X-Received: by 2002:a17:902:8bca:: with SMTP id r10mr28741494plo.43.1571032001380; Sun, 13 Oct 2019 22:46:41 -0700 (PDT)
MIME-Version: 1.0
References: <CADajj4ZQnWkjKdWpBgsB0oyX8_Kzj6HOL-Vkm=TrByBQMEJfPw@mail.gmail.com>
In-Reply-To: <CADajj4ZQnWkjKdWpBgsB0oyX8_Kzj6HOL-Vkm=TrByBQMEJfPw@mail.gmail.com>
From: Magnus Nyström <magnusn@gmail.com>
Date: Sun, 13 Oct 2019 22:46:30 -0700
Message-ID: <CADajj4bCTF5EeF6DZkCHpP0_GTnUYQtqa0OE3qf3Z5_AmKWfyA@mail.gmail.com>
To: secdir@ietf.org, draft-ietf-ipsecme-implicit-iv@ietf.org
Content-Type: multipart/alternative; boundary="0000000000005f85f00594d8642a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/BCV1Q8sl5E__Hn9PU-q5JdUM3rk>
Subject: [secdir] Secdir review of draft-ietf-ipsecme-implicit-iv-07
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Oct 2019 05:46:44 -0000

 I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the IESG.
These comments were written primarily for the benefit of the security area
directors.  Document editors and WG chairs should treat these comments just
like any other last call comments.

This document defines a mechanism to save on bandwidth in ESP connections
when certain ciphers have been negotiated by using implicit IVs. The
savings are limited to 8 bytes for the current version of this document.



   - Section 2 mentions AES-CCM, AES-CTR, AES-GCM and ChaCha. For all of
   these ciphers, an 8-byte nonce is used. The mechanism to make the IV
   implicit is by coupling it to the sequence number. Yet, Section 4 gives two
   examples of sequence numbers, one  of 4 bytes and one of 8 bytes. This is
   confusing, presumably only the extended sequence number is usable?
   - Also, while the Abstract says the memo offers a mechanism to save on
   the explicit IV also for AES-CTR, and Section 2 includes AES-CTR in its
   description, Section 4 explicitly states that only AES-CCM, AES-GCM and
   ChaCha are subject of the optimization in this memo. This is also
   confusing. Why including AES-CTR in the memo at all if it isn't covered? At
   the very least it seems the Abstract should be updated.
   - It would be very helpful and useful to include an example of a
   handshake with an IIV and the resulting IV in an Appendix; this could
   assist implementors to get things right.


(Editorial: English grammar needs some updates/reviews)

Thanks,
-- Magnus

v2.23.0 | Report a Bug | By Email