IETF Logo Mail Archive

Re: [secdir] I-D Action: draft-harkins-brainpool-ike-groups-00.txt

"Polk, William T." <william.polk@nist.gov> Tue, 28 August 2012 14:28 UTC

Return-Path: <william.polk@nist.gov>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CCCAF21F8468 for <secdir@ietfa.amsl.com>; Tue, 28 Aug 2012 07:28:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[AWL=-0.001, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NP0cM0XJaqA4 for <secdir@ietfa.amsl.com>; Tue, 28 Aug 2012 07:28:11 -0700 (PDT)
Received: from wsget2.nist.gov (wsget2.nist.gov [129.6.13.151]) by ietfa.amsl.com (Postfix) with ESMTP id C934421F843E for <secdir@ietf.org>; Tue, 28 Aug 2012 07:28:10 -0700 (PDT)
Received: from WSXGHUB1.xchange.nist.gov (129.6.18.96) by wsget2.nist.gov (129.6.13.151) with Microsoft SMTP Server (TLS) id 14.1.379.0; Tue, 28 Aug 2012 10:27:52 -0400
Received: from MBCLUSTER.xchange.nist.gov ([fe80::d479:3188:aec0:cb66]) by WSXGHUB1.xchange.nist.gov ([129.6.18.96]) with mapi; Tue, 28 Aug 2012 10:28:09 -0400
From: "Polk, William T." <william.polk@nist.gov>
To: "dharkins@arubanetworks.com" <dharkins@arubanetworks.com>
Content-Class: urn:content-classes:message
Date: Tue, 28 Aug 2012 10:28:08 -0400
Thread-Topic: [secdir] I-D Action: draft-harkins-brainpool-ike-groups-00.txt
Thread-Index: Ac2FE6IIjcWrSValQ3yW5vF1s0rHHQAE8k0VAAB7SWg=
Message-ID: <DDAF3F15-4C72-4CC9-AC4D-29D7496A7BD3@mimectl>
References: <20120809010519.15222.89232.idtracker@ietfa.amsl.com> <503CAA6F.30302@ieca.com> <9035196F-001D-4E15-B6D6-30B59BEBBB01@cs.tcd.ie>, <73F8581B-716F-4466-8F6B-645206789C5E@checkpoint.com>
In-Reply-To: <73F8581B-716F-4466-8F6B-645206789C5E@checkpoint.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
x-mimectl: Produced By Microsoft Exchange V8.2.176.0
Content-Type: multipart/alternative; boundary="_000_DDAF3F154C724CC9AC4D29D7496A7BD3mimectl_"
MIME-Version: 1.0
Cc: "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] I-D Action: draft-harkins-brainpool-ike-groups-00.txt
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Aug 2012 14:28:11 -0000

hi Dan,

Thanks for getting this work underway.

First observation: I think a reference to RFC 6090 is warranted.

Second Observation: 80 bit crypto is on its last legs.  Do we really need to specify curves with less than 112 bit strength?

Third Observation: The security considerations section does not address the security strength of 192 or 384 bit curves.  It feels incomplete, although I guess most readers can work it out for themselves.

General observation: my experience is that specifying so many curves dilutes implementer enthusiasm.  We finally started to get some interest in ECC support for FIPS 201 when we pared the list down from six curves in three families to two prime curves (P-256 and P-384).

Specifying two alternatives for each security level feels like an implementer's nightmare.  Are Brainpool implementations general enough to handle the normal and twisted curves at a particular level?  If the implementations are agnostic, maybe that should get noted in yout insecurity considerations.

Tim

________________________________
From: secdir-bounces@ietf.org [secdir-bounces@ietf.org] On Behalf Of Yoav Nir [ynir@checkpoint.com]
Sent: Tuesday, August 28, 2012 7:52 AM
To: Stephen Farrell
Cc: secdir@ietf.org
Subject: Re: [secdir] I-D Action: draft-harkins-brainpool-ike-groups-00.txt


On Aug 28, 2012, at 2:31 PM, Stephen Farrell wrote:

>
>
> On 28 Aug 2012, at 12:24, Sean Turner <turners@ieca.com> wrote:
>
>> BTW - Dan's submitted a draft about the topic we had in Vancouver. Comments are welcome.
>
> I've one: I didn't realize Dan wanted 14 code points. That seems a lot.

BTW: Johannes Merkle submitted http://tools.ietf.org/html/draft-merkle-ikev2-ke-brainpool-00 that requests points for the same curves for IKEv2.

I'm wondering if we really need 7 different strengths as opposed to, say, 3, and whether we need both a twisted and non-twisted variation for each. Neither document discusses the why one would prefer the twisted to the non-twisted variant, or the non-twisted to the twisted. RFC 5639 does not give such considerations either, but documents that relate to protocols should IMO.

Yoav

_______________________________________________
secdir mailing list
secdir@ietf.org
https://www.ietf.org/mailman/listinfo/secdir
wiki: http://tools.ietf.org/area/sec/trac/wiki/SecDirReview

v2.23.0 | Report a Bug | By Email