[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Cfrg] IKEv1 and 800-56A

Hi David,
 
Thank you for your response.
 
I have already read that paper and it looks like they are OK for now with IKEv1 KDF but
you are right that consolidation is long term project and IETF needs to take care.
 
Ashot
From: David McGrew [mailto:mcgrew at cisco.com]
Sent: Thursday, July 30, 2009 1:10 PM
To: Andreasyan Ashot-C23793
Cc: cfrg at irtf.org
Subject: Re: [Cfrg] IKEv1 and 800-56A

Hi Ashot,

On Jul 28, 2009, at 1:31 PM, Andreasyan Ashot-C23793 wrote:

Hi All,
 
Recently NIST published "Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography"
 
How does this this document is going to interconnect with IKEv1?

that's a good question.  The Diffe-Hellman protocols in the NIST key management documents are based on ANSI and IEEE standards that were developed concurrently with ISAKMP/OAKLEY/IKE.  They are functionally equivalent in some ways, but they are different and incompatible in other ways.  

Personally, I would like to see these standards be reconciled, with preference going towards what they industry is actually implementing and using whenever it is reasonably secure.   I would expect this reconciliation to be a long term project.   Other opinions are welcome.

If you are interested in the NIST key management documents, you might want to review the NIST White Paper on transitioning algorithms and key sizes, see http://csrc.nist.gov/groups/ST/key_mgmt/    Note that the review period closes on August 3.

David

 
 
Thanks,
Ashot
 
_______________________________________________
Cfrg mailing list
Cfrg at irtf.org
http://www.irtf.org/mailman/listinfo/cfrg