Re: [tcpinc] Making ECDHE-Curve25519 the only MTI for tcpcrypt (RE: Last Call: <draft-ietf-tcpinc-tcpcrypt-07.txt> (Cryptographic protection of TCP Streams (tcpcrypt)) to Experimental RFC)

Paul Wouters <paul@nohats.ca> Wed, 18 October 2017 18:48 UTC

Return-Path: <paul@nohats.ca>
X-Original-To: tcpinc@ietfa.amsl.com
Delivered-To: tcpinc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 62BF113304D; Wed, 18 Oct 2017 11:48:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ysxmVrfnov85; Wed, 18 Oct 2017 11:48:36 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [193.110.157.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9EFC81321C9; Wed, 18 Oct 2017 11:48:36 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 3yHLg55N4pz312; Wed, 18 Oct 2017 20:48:33 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1508352513; bh=QfNsajfw7FDC3QYB9dfh77vN9gH7jrchFXBjBwlpSK4=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=B+LfUSEWQ8uOfBFyuNfbj6p4gZel1Py/8lG80HWIUi7wVrDG0YvBQJxvo3fTNcsob Yj3RHOb4YZp2+aaeoYKuW5Mb93G9CDylnz37mxU7aq/RMqu5yf4yWOTHe6B/Lhfg5a dcEfXxcTNkSD8twPIo5KZ3MSEczyyttrRPp48uHE=
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id TqC6Ya6WXi9x; Wed, 18 Oct 2017 20:48:32 +0200 (CEST)
Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Wed, 18 Oct 2017 20:48:31 +0200 (CEST)
Received: by bofh.nohats.ca (Postfix, from userid 1000) id 24C57393D64; Wed, 18 Oct 2017 14:48:31 -0400 (EDT)
DKIM-Filter: OpenDKIM Filter v2.11.0 bofh.nohats.ca 24C57393D64
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 1CC754095D00; Wed, 18 Oct 2017 14:48:31 -0400 (EDT)
Date: Wed, 18 Oct 2017 14:48:30 -0400 (EDT)
From: Paul Wouters <paul@nohats.ca>
To: Denis Ovsienko <denis@ovsienko.info>
cc: ietf@ietf.org, tcpinc <tcpinc@ietf.org>
In-Reply-To: <15f2f161d4c.da16f6be41750.5454868954682835384@ovsienko.info>
Message-ID: <alpine.LRH.2.21.1710181446400.15731@bofh.nohats.ca>
References: <CE03DB3D7B45C245BCA0D243277949362FCE3C59@MX307CL04.corp.emc.com> <15f2f161d4c.da16f6be41750.5454868954682835384@ovsienko.info>
User-Agent: Alpine 2.21 (LRH 202 2017-01-01)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII; format=flowed
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpinc/FU3GDJuwd9AhtjG0KVxgOXXLjP8>
Subject: Re: [tcpinc] Making ECDHE-Curve25519 the only MTI for tcpcrypt (RE: Last Call: <draft-ietf-tcpinc-tcpcrypt-07.txt> (Cryptographic protection of TCP Streams (tcpcrypt)) to Experimental RFC)
X-BeenThere: tcpinc@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Working group mailing list for TCP Increased Security \(tcpinc\)" <tcpinc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpinc/>
List-Post: <mailto:tcpinc@ietf.org>
List-Help: <mailto:tcpinc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Oct 2017 18:48:39 -0000

On Wed, 18 Oct 2017, Denis Ovsienko wrote:

> Let me suggest a couple documents.
>
> RFC 6709 (Design Considerations for Protocol Extensions) Section 4.5 (Cryptographic Agility) recommends having two algorithms of "distinct lineage" for a few reasons it explains.
>
> BCP 201 a.k.a. RFC 7696 (Guidelines for Cryptographic Algorithm Agility and Selecting Mandatory-to-Implement Algorithms) Section 3.1 (Picking One True Cipher Suite Can Be Harmful) further justifies the need for more than one algorithm. The document also makes other relevant points.
>
> Even if draft-ietf-tcpinc-tcpcrypt has nothing to do with the problems reviewed there (which is not so as far as it seems to me and may seem to other readers), it would help to make references and specifically clarify how the choices relate with the points made in those guidelines.


Let me suggest two other documents dealing with Mandatory To Implement
for IKE and ESP/AH as well as another example on how to specify these:

https://tools.ietf.org/html/rfc8221

https://tools.ietf.org/html/rfc8247

Paul