IETF Logo Mail Archive

Re: [Hipsec] rfc5201-bis issue 29: Use different RSA mode OAEP/PSS

"Henderson, Thomas R" <thomas.r.henderson@boeing.com> Wed, 27 June 2012 05:10 UTC

Return-Path: <thomas.r.henderson@boeing.com>
X-Original-To: hipsec@ietfa.amsl.com
Delivered-To: hipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A40B711E8104 for <hipsec@ietfa.amsl.com>; Tue, 26 Jun 2012 22:10:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.524
X-Spam-Level:
X-Spam-Status: No, score=-102.524 tagged_above=-999 required=5 tests=[AWL=0.075, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wRvejwNQk9Zm for <hipsec@ietfa.amsl.com>; Tue, 26 Jun 2012 22:10:26 -0700 (PDT)
Received: from slb-mbsout-02.boeing.com (slb-mbsout-02.boeing.com [130.76.64.129]) by ietfa.amsl.com (Postfix) with ESMTP id ACD8F11E8102 for <hipsec@ietf.org>; Tue, 26 Jun 2012 22:10:26 -0700 (PDT)
Received: from slb-mbsout-02.boeing.com (localhost.localdomain [127.0.0.1]) by slb-mbsout-02.boeing.com (8.14.4/8.14.4/DOWNSTREAM_MBSOUT) with ESMTP id q5R5AP9H024439 for <hipsec@ietf.org>; Tue, 26 Jun 2012 22:10:25 -0700
Received: from slb-av-01.boeing.com (slb-av-01.boeing.com [129.172.128.218]) by slb-mbsout-02.boeing.com (8.14.4/8.14.4/UPSTREAM_MBSOUT) with ESMTP id q5R5AOl6024436 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL) for <hipsec@ietf.org>; Tue, 26 Jun 2012 22:10:25 -0700
Received: from slb-av-01.boeing.com (localhost.localdomain [127.0.0.1]) by slb-av-01.boeing.com (8.14.4/8.14.4/DOWNSTREAM_RELAY) with ESMTP id q5R5APA6008470 for <hipsec@ietf.org>; Tue, 26 Jun 2012 22:10:25 -0700
Received: from XCH-NWHT-04.nw.nos.boeing.com (xch-nwht-04.nw.nos.boeing.com [130.247.64.250]) by slb-av-01.boeing.com (8.14.4/8.14.4/UPSTREAM_RELAY) with ESMTP id q5R5AOeO008459 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=OK) for <hipsec@ietf.org>; Tue, 26 Jun 2012 22:10:25 -0700
Received: from XCH-NW-16V.nw.nos.boeing.com ([130.247.25.238]) by XCH-NWHT-04.nw.nos.boeing.com ([130.247.64.250]) with mapi; Tue, 26 Jun 2012 22:10:24 -0700
From: "Henderson, Thomas R" <thomas.r.henderson@boeing.com>
To: HIP <hipsec@ietf.org>
Date: Tue, 26 Jun 2012 22:10:24 -0700
Thread-Topic: [Hipsec] rfc5201-bis issue 29: Use different RSA mode OAEP/PSS
Thread-Index: Ac0cao7fKg4vLJIcTbG2IB7VXw9SoQAtCW8gDDCVBjABj7+r8A==
Message-ID: <758141CC3D829043A8C3164DD3D593EA1BD324E11C@XCH-NW-16V.nw.nos.boeing.com>
References: <758141CC3D829043A8C3164DD3D593EA1BCC77C4D3@XCH-NW-16V.nw.nos.boeing.com> <E00800EE-59B4-46CE-9C38-D5994BC2FB1F@cs.rwth-aachen.de> <758141CC3D829043A8C3164DD3D593EA1BD24C86A9@XCH-NW-16V.nw.nos.boeing.com> <758141CC3D829043A8C3164DD3D593EA1BD324E0A6@XCH-NW-16V.nw.nos.boeing.com>
In-Reply-To: <758141CC3D829043A8C3164DD3D593EA1BD324E0A6@XCH-NW-16V.nw.nos.boeing.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-TM-AS-MML: No
Subject: Re: [Hipsec] rfc5201-bis issue 29: Use different RSA mode OAEP/PSS
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hipsec>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Jun 2012 05:10:27 -0000

Regarding this open issue, which I posted about on June 18 [*], I propose the following changes to the RFC 5201-bis text:

1) Section 3

OLD TEXT:

   HIP implementations MUST support the Rivest Shamir Adelman (RSA)
   [RFC3110] public key algorithm, and SHOULD support the Digital
   Signature Algorithm (DSA) [RFC2536] algorithms, and Elliptic Curve
   Digital Signature Algorithm (ECDSA) for generating the HI as defined
   in Section 5.2.9.  Additional algorithms MAY be supported.

NEW TEXT:

   HIP implementations MUST support the Rivest Shamir Adelman (RSA)
   [RFC3110] public key algorithm and Elliptic Curve
   Digital Signature Algorithm (ECDSA) for generating the HI as defined
   in Section 5.2.9.  Additional algorithms MAY be supported.

2) Section 5.2.8, HIP cipher

OLD TEXT:

   The following Cipher IDs are defined:

        Suite ID           Value

        RESERVED           0
        NULL-ENCRYPT       1     ([RFC2410])
        AES-128-CBC        2     ([RFC3602])
        3DES-CBC           3     ([RFC2451])
        AES-256-CBC        4     ([RFC3602])

NEW TEXT:

   The following Cipher IDs are defined:

        Suite ID           Value

        RESERVED           0
        NULL-ENCRYPT       1     ([RFC2410])
        AES-128-CBC        2     ([RFC3602])
        DEPRECATED         3     
        AES-256-CBC        4     ([RFC3602])


3) Section 5.2.9, Host Id:

OLD TEXT:  

   The following HI Algorithms have been defined:

        Algorithm
        profiles         Values

        RESERVED         0
        DSA              3 [RFC2536] (RECOMMENDED)
        RSA              5 [RFC3110] (REQUIRED)
        ECDSA            7 [RFC4754] (RECOMMENDED)
        ECDSA_LOW        9 [SECG]    (RECOMMENDED)

NEW TEXT:

   The following HI Algorithms have been defined:

        Algorithm
        profiles         Values

        RESERVED         0
        DSA              3 [FIPS 186-3] (OPTIONAL)
        RSA              5 [RFC3447]    (REQUIRED)
        ECDSA            7 [RFC4754]    (REQUIRED)
        ECDSA_LOW        9 [SECG]       (RECOMMENDED)

  For DSA, RSA, and ECDSA key types, profiles containing at least 112
  bits of security strength (as defined by [NIST SP 800-131A]) should
  be used.  For RSA signature padding, the PSS method of padding
  [RFC3447] MUST be used.

------------

Note, I decided not to bother with adding OEAP or ECIES to the cipher list, since we already have symmetric keys available and the ENCRYPTED parameter is lightly used.  If someone would like to support it in addition to AES-CBC, please propose a specific text proposal.

- Tom

[*] http://www.ietf.org/mail-archive/web/hipsec/current/msg03551.html

v2.23.0 | Report a Bug | By Email