Re: [Cfrg] IKEv1 and 800-56A

To: Andreasyan Ashot-C23793 <ashot at motorola.com>

Subject: Re: [Cfrg] IKEv1 and 800-56A

From: David McGrew <mcgrew at cisco.com>

Date: Thu, 30 Jul 2009 13:10:17 -0700

Authentication-results: sj-dkim-2; header.From=mcgrew at cisco.com; dkim=pass ( sig from cisco.com/sjdkim2002 verified; );

Cc: cfrg at irtf.org

Delivered-to: cfrg at core3.amsl.com

Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; l=6053; t=1248984620; x=1249848620; c=relaxed/simple; s=sjdkim2002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=mcgrew at cisco.com; z=From:=20David=20McGrew=20<mcgrew at cisco.com> |Subject:=20Re=3A=20[Cfrg]=20IKEv1=20and=20800-56A |Sender:=20; bh=qKkPBkv7FSuJpjgWseBJ+J2laIwSxyhzM9z4OzG+gFI=; b=JvWOcHasEc1aUu94NlwWU+2O70Ri3cMhDOdunNS4x07wbLiEwiHZCa1Fy2 06MhUEls/ztKSdcCH4QTm2Bp9aRQmg2Tp+7p2DOVRmso5IyRPORD8vwEokAv hqhGIRjfqc;

In-reply-to: <E9E08A116A0B4340BEB79EBFEC3D70F30C5E1B69 at ct11exm60.ds.mot.com>

List-archive: <http://www.irtf.org/mail-archive/web/cfrg>

List-help: <mailto:cfrg-request@irtf.org?subject=help>

List-id: Crypto Forum Research Group <cfrg.irtf.org>

List-post: <mailto:cfrg@irtf.org>

List-subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>

List-unsubscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>

References: <E9E08A116A0B4340BEB79EBFEC3D70F30C5E1B69 at ct11exm60.ds.mot.com>

Hi Ashot,

On Jul 28, 2009, at 1:31 PM, Andreasyan Ashot-C23793 wrote:

Hi All,

Recently NIST published "Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography"

http://csrc.nist.gov/publications/nistpubs/800-56A/SP800-56A_Revision1_Mar08-2007.pdf

How does this this document is going to interconnect with IKEv1?

that's a good question. The Diffe-Hellman protocols in the NIST key management documents are based on ANSI and IEEE standards that were developed concurrently with ISAKMP/OAKLEY/IKE. They are functionally equivalent in some ways, but they are different and incompatible in other ways.

Personally, I would like to see these standards be reconciled, with preference going towards what they industry is actually implementing and using whenever it is reasonably secure. I would expect this reconciliation to be a long term project. Other opinions are welcome.

If you are interested in the NIST key management documents, you might want to review the NIST White Paper on transitioning algorithms and key sizes, see http://csrc.nist.gov/groups/ST/key_mgmt/ Note that the review period closes on August 3.

David

Thanks,

Ashot

_______________________________________________
Cfrg mailing list
Cfrg at irtf.org
http://www.irtf.org/mailman/listinfo/cfrg

Follow-Ups:

Re: [Cfrg] IKEv1 and 800-56A
- From: Andreasyan Ashot-C23793

References:

[Cfrg] IKEv1 and 800-56A
- From: Andreasyan Ashot-C23793