IETF Logo Mail Archive

Re: [secdir] I-D Action: draft-harkins-brainpool-ike-groups-00.txt

Yaron Sheffer <yaronf.ietf@gmail.com> Tue, 28 August 2012 16:05 UTC

Return-Path: <yaronf.ietf@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 788D711E80A5; Tue, 28 Aug 2012 09:05:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.599
X-Spam-Level:
X-Spam-Status: No, score=-103.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LaxwE7eotYcM; Tue, 28 Aug 2012 09:05:49 -0700 (PDT)
Received: from mail-bk0-f44.google.com (mail-bk0-f44.google.com [209.85.214.44]) by ietfa.amsl.com (Postfix) with ESMTP id 0E5E511E808D; Tue, 28 Aug 2012 09:05:48 -0700 (PDT)
Received: by bkty12 with SMTP id y12so1437273bkt.31 for <multiple recipients>; Tue, 28 Aug 2012 09:05:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=y8Z275qQJVu23z8+c6/36N46WB9IiUjbu6Pe7QzzbuI=; b=QYXs0xkMB+yq8K6+L7q3Fv0BJ8ncom/hrt+4PSUyg+lI/wdstq2SYOWSohp4qh60o4 PcKqLc6audWn4Azvuo71ST6sTw0XWL5TevLHE2WDrYB9vdszPsh9deWdjuQn1kx9u/tK s0CMFpXDvai4bTsnRp301TxNodumhJi2p7nOsco/Jse2Tal7YfdRWkIREfnnrCzw7wVL uMYvOVeYs1BszgW62xVD2KITD+JDM96VXhNI8bc8HhHWvbky0Bzdzjq+XqFMYfsxlLP3 RY/T3pTQHb8fWAKWOOzQ+3HCanZdjeNdOwRzdbhhELCEcAX8EQeFpe32I8upJFU+DZ3Y C8DQ==
Received: by 10.204.157.18 with SMTP id z18mr5292381bkw.16.1346169947727; Tue, 28 Aug 2012 09:05:47 -0700 (PDT)
Received: from [10.0.0.8] ([109.67.151.97]) by mx.google.com with ESMTPS id n5sm13150103bkv.14.2012.08.28.09.05.46 (version=SSLv3 cipher=OTHER); Tue, 28 Aug 2012 09:05:47 -0700 (PDT)
Message-ID: <503CEC59.9080601@gmail.com>
Date: Tue, 28 Aug 2012 19:05:45 +0300
From: Yaron Sheffer <yaronf.ietf@gmail.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:14.0) Gecko/20120714 Thunderbird/14.0
MIME-Version: 1.0
To: Dan Harkins <dharkins@lounge.org>
References: <20120809010519.15222.89232.idtracker@ietfa.amsl.com> <503CAA6F.30302@ieca.com> <9035196F-001D-4E15-B6D6-30B59BEBBB01@cs.tcd.ie>, <73F8581B-716F-4466-8F6B-645206789C5E@checkpoint.com> <DDAF3F15-4C72-4CC9-AC4D-29D7496A7BD3@mimectl> <f78fae22050825d0da20c332fc4136d4.squirrel@www.trepanning.net>
In-Reply-To: <f78fae22050825d0da20c332fc4136d4.squirrel@www.trepanning.net>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: IPsecme WG <ipsec@ietf.org>, "dharkins@arubanetworks.com" <dharkins@arubanetworks.com>, "Polk, William T." <william.polk@nist.gov>, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] I-D Action: draft-harkins-brainpool-ike-groups-00.txt
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Aug 2012 16:05:50 -0000

Hi Tim, Dan,

can you please move this discussion to the ipsecme mailing list 
(copied)? I believe that is a more appropriate venue to discuss IKE code 
points.

Thanks,
	Yaron

On 08/28/2012 06:48 PM, Dan Harkins wrote:
>
>    Hi Tim,
>
> On Tue, August 28, 2012 7:28 am, Polk, William T. wrote:
>> hi Dan,
>>
>> Thanks for getting this work underway.
>>
>> First observation: I think a reference to RFC 6090 is warranted.
>
>    Yes, good point. I'll add a reference to it at the start of section 2 where
> the equation for the curves is noted.
>
>> Second Observation: 80 bit crypto is on its last legs.  Do we really need
>> to specify curves with less than 112 bit strength?
>
>    There is the notion that "if it's worth protecting, it's worth protecting
> properly" and I'm not sure of the current usefulness of 80-bit crypto but
> this is more for completeness. The Brainpool defined them and I'm just
> asking for a magic numbers to be assigned to all the defined curves.
>
>    That also is the the answer to the "14 code points, oh my!" comments.
> Note that we still have over 32,000 code points available so we're talking
> about taking 4/100th of 1%.
>
>> Third Observation: The security considerations section does not address
>> the security strength of 192 or 384 bit curves.  It feels incomplete,
>> although I guess most readers can work it out for themselves.
>
>    I refer the reader to RFC 5639 which mentions the security considerations
> of the curves. If you like I can also mention something about how the best
> known attacks run on the order of the square root of the order. Would that
> be satisfactory?
>
>> General observation: my experience is that specifying so many curves
>> dilutes implementer enthusiasm.  We finally started to get some interest
>> in ECC support for FIPS 201 when we pared the list down from six curves in
>> three families to two prime curves (P-256 and P-384).
>
>    That is a very good observation. I guess we should talk to the Brainpool.
> Their consortium seems to have some large and important companies in
> it. The concern is that one of the members would promote the use of a
> particular curve in some operational or regulatory fashion and it's
> important that the users of the IKEv1 registry be able to work anywhere.
>
>> Specifying two alternatives for each security level feels like an
>> implementer's nightmare.  Are Brainpool implementations general enough to
>> handle the normal and twisted curves at a particular level?  If the
>> implementations are agnostic, maybe that should get noted in yout
>> insecurity considerations.
>
>    You're right, it is a nightmare! As it turns out quite a few of my test
> vectors are wrong. I think implementations will be agnostic and I will
> mention agnosticism.
>
>    thanks for your comments!
>
>    Dan.
>
>> Tim
>>
>> ________________________________
>> From: secdir-bounces@ietf.org [secdir-bounces@ietf.org] On Behalf Of Yoav
>> Nir [ynir@checkpoint.com]
>> Sent: Tuesday, August 28, 2012 7:52 AM
>> To: Stephen Farrell
>> Cc: secdir@ietf.org
>> Subject: Re: [secdir] I-D Action:
>> draft-harkins-brainpool-ike-groups-00.txt
>>
>>
>> On Aug 28, 2012, at 2:31 PM, Stephen Farrell wrote:
>>
>>>
>>>
>>> On 28 Aug 2012, at 12:24, Sean Turner <turners@ieca.com> wrote:
>>>
>>>> BTW - Dan's submitted a draft about the topic we had in Vancouver.
>>>> Comments are welcome.
>>>
>>> I've one: I didn't realize Dan wanted 14 code points. That seems a lot.
>>
>> BTW: Johannes Merkle submitted
>> http://tools.ietf.org/html/draft-merkle-ikev2-ke-brainpool-00 that
>> requests points for the same curves for IKEv2.
>>
>> I'm wondering if we really need 7 different strengths as opposed to, say,
>> 3, and whether we need both a twisted and non-twisted variation for each.
>> Neither document discusses the why one would prefer the twisted to the
>> non-twisted variant, or the non-twisted to the twisted. RFC 5639 does not
>> give such considerations either, but documents that relate to protocols
>> should IMO.
>>
>> Yoav
>>
>> _______________________________________________
>> secdir mailing list
>> secdir@ietf.org
>> https://www.ietf.org/mailman/listinfo/secdir
>> wiki: http://tools.ietf.org/area/sec/trac/wiki/SecDirReview
>> _______________________________________________
>> secdir mailing list
>> secdir@ietf.org
>> https://www.ietf.org/mailman/listinfo/secdir
>> wiki: http://tools.ietf.org/area/sec/trac/wiki/SecDirReview
>>
>
>
> _______________________________________________
> secdir mailing list
> secdir@ietf.org
> https://www.ietf.org/mailman/listinfo/secdir
> wiki: http://tools.ietf.org/area/sec/trac/wiki/SecDirReview
>

v2.37.1 | Report a Bug | By Email | System Status