Re: [IPsec] Re: Last call comments for draft-lepinski-dh-groups-01

To: Pasi.Eronen at nokia.com
Subject: Re: [IPsec] Re: Last call comments for draft-lepinski-dh-groups-01
From: Chinh Nguyen <cnguyen at certicom.com>
Date: Mon, 15 Oct 2007 09:54:28 -0400
Cc: ipsec at ietf.org, kent at bbn.com, paul.hoffman at vpnc.org, mlepinski at bbn.com, ietf at ietf.org
In-reply-to: <B356D8F434D20B40A8CEDAEC305A1F2404B3D28F@esebe105.NOE.Nokia.com>
List-help: <mailto:ietf-request@ietf.org?subject=help>
List-id: IETF-Discussion <ietf.ietf.org>
List-post: <mailto:ietf@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
References: <B356D8F434D20B40A8CEDAEC305A1F2404B0D8C5@esebe105.NOE.Nokia.com> <p06240800c3328f15570e@[10.20.30.249]> <B356D8F434D20B40A8CEDAEC305A1F2404B3D28F@esebe105.NOE.Nokia.com>
User-agent: Thunderbird 2.0.0.6 (Windows/20070728)

Pasi.Eronen at nokia.com wrote:

Paul Hoffman wrote:
2) For IKEv1/IKEv2, the document should explicitly specify how
ECC points are converted to octet strings (for KE payloads
and resulting shared secret value). Currently, there are at
least three incompatible options (RFC 4753, RFC 2409, and
draft-ietf-ipsec-ike-ecc-groups-10 drafts). I'd suggest just
saying "the same way as in RFC 4753".
This bodes really poorly for interoperability. draft-lepinski-dh-groups needs to be revised to specify one of the methods, and that needs to be discussed on the IPsec mailing list. I would not assume that implementers would prefer RFC 4753 over draft-ietf-ipsec-ike-ecc-groups.
I suggested "the same way as in RFC 4753" not because I particularly
prefer that point-to-octet-string conversion method, but because I
would prefer not having three different methods (two is bad enough).
(Note that the current ecc-groups-10 draft actually tries to modify the definitions of groups 19/20/21 from RFC 4753: it reuses the same numbers but with different point-to-octet-string conversion method.)

Note that interoperability issues involve more than the representation of the ECC point (KE payload in IKE). The shared secret is also different between RFC 4753 (x + y) and draft-ietf-ipsec-ike-ecc-groups (x only). This has implications for the generation of the symmetric keys.

I believe that the representation in draft-ietf-ipsec-ike-ecc-groups is more widely used including other standards such as SEC, FIPS 186-2, IEEE 1363, and ANSI X9.62.

D. Brown at Certicom is writing an update to draft-ietf-ipsec-ike-ecc-groups which attempts to resolve this interoperability issue. In a nutshell, both formats are supported. Practically speaking when it comes to IKE, the responder supports both format and chooses the format based on the one chosen by the initiator.

Regards,

Chinh

--
http://www.certicom.com

_______________________________________________
Ietf mailing list
Ietf at ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

References:
- Last call comments for draft-lepinski-dh-groups-01
  - From: Pasi.Eronen
- Re: Last call comments for draft-lepinski-dh-groups-01
  - From: Paul Hoffman
- RE: [IPsec] Re: Last call comments for draft-lepinski-dh-groups-01
  - From: Pasi.Eronen

Prev by Date: RE: Last Call: draft-levin-mmusic-xml-media-control (XML Schema for Media Control) to Informational RFC
Next by Date: Re: RFC3678: header incompatibility
Previous by thread: RE: [IPsec] Re: Last call comments for draft-lepinski-dh-groups-01
Next by thread: Re: Last Call: draft-levin-mmusic-xml-media-control (XML Schema for Media Control) to Informational RFC
Index(es):
- Date
- Thread

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.

Re: [IPsec] Re: Last call comments for draft-lepinski-dh-groups-01

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.