| < draft-ietf-ipsecme-rfc4307bis-11.txt | draft-ietf-ipsecme-rfc4307bis-12.txt > | |||
|---|---|---|---|---|
| Network Working Group Y. Nir | Network Working Group Y. Nir | |||
| Internet-Draft Check Point | Internet-Draft Check Point | |||
| Obsoletes: 4307 (if approved) T. Kivinen | Obsoletes: 4307 (if approved) T. Kivinen | |||
| Updates: 7296 (if approved) INSIDE Secure | Updates: 7296 (if approved) INSIDE Secure | |||
| Intended status: Standards Track P. Wouters | Intended status: Standards Track P. Wouters | |||
| Expires: March 5, 2017 Red Hat | Expires: March 13, 2017 Red Hat | |||
| D. Migault | D. Migault | |||
| Ericsson | Ericsson | |||
| September 1, 2016 | September 9, 2016 | |||
| Algorithm Implementation Requirements and Usage Guidance for IKEv2 | Algorithm Implementation Requirements and Usage Guidance for IKEv2 | |||
| draft-ietf-ipsecme-rfc4307bis-11 | draft-ietf-ipsecme-rfc4307bis-12 | |||
| Abstract | Abstract | |||
| The IPsec series of protocols makes use of various cryptographic | The IPsec series of protocols makes use of various cryptographic | |||
| algorithms in order to provide security services. The Internet Key | algorithms in order to provide security services. The Internet Key | |||
| Exchange (IKE) protocol is used to negotiate the IPsec Security | Exchange (IKE) protocol is used to negotiate the IPsec Security | |||
| Association (IPsec SA) parameters, such as which algorithms should be | Association (IPsec SA) parameters, such as which algorithms should be | |||
| used. To ensure interoperability between different implementations, | used. To ensure interoperability between different implementations, | |||
| it is necessary to specify a set of algorithm implementation | it is necessary to specify a set of algorithm implementation | |||
| requirements and usage guidance to ensure that there is at least one | requirements and usage guidance to ensure that there is at least one | |||
| skipping to change at page 1, line 46 ¶ | skipping to change at page 1, line 46 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on March 5, 2017. | This Internet-Draft will expire on March 13, 2017. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2016 IETF Trust and the persons identified as the | Copyright (c) 2016 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 2, line 33 ¶ | skipping to change at page 2, line 33 ¶ | |||
| 1.1. Updating Algorithm Implementation Requirements and Usage | 1.1. Updating Algorithm Implementation Requirements and Usage | |||
| Guidance . . . . . . . . . . . . . . . . . . . . . . . . 3 | Guidance . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 1.2. Updating Algorithm Requirement Levels . . . . . . . . . . 3 | 1.2. Updating Algorithm Requirement Levels . . . . . . . . . . 3 | |||
| 1.3. Document Audience . . . . . . . . . . . . . . . . . . . . 4 | 1.3. Document Audience . . . . . . . . . . . . . . . . . . . . 4 | |||
| 2. Conventions Used in This Document . . . . . . . . . . . . . . 5 | 2. Conventions Used in This Document . . . . . . . . . . . . . . 5 | |||
| 3. Algorithm Selection . . . . . . . . . . . . . . . . . . . . . 5 | 3. Algorithm Selection . . . . . . . . . . . . . . . . . . . . . 5 | |||
| 3.1. Type 1 - IKEv2 Encryption Algorithm Transforms . . . . . 5 | 3.1. Type 1 - IKEv2 Encryption Algorithm Transforms . . . . . 5 | |||
| 3.2. Type 2 - IKEv2 Pseudo-random Function Transforms . . . . 7 | 3.2. Type 2 - IKEv2 Pseudo-random Function Transforms . . . . 7 | |||
| 3.3. Type 3 - IKEv2 Integrity Algorithm Transforms . . . . . . 8 | 3.3. Type 3 - IKEv2 Integrity Algorithm Transforms . . . . . . 8 | |||
| 3.4. Type 4 - IKEv2 Diffie-Hellman Group Transforms . . . . . 9 | 3.4. Type 4 - IKEv2 Diffie-Hellman Group Transforms . . . . . 9 | |||
| 4. IKEv2 Authentication . . . . . . . . . . . . . . . . . . . . 10 | 3.5. Summary of Changes from RFC 4307 . . . . . . . . . . . . 10 | |||
| 4.1. IKEv2 Authentication Method . . . . . . . . . . . . . . . 10 | 4. IKEv2 Authentication . . . . . . . . . . . . . . . . . . . . 11 | |||
| 4.1.1. Recommendations for RSA key length . . . . . . . . . 11 | 4.1. IKEv2 Authentication Method . . . . . . . . . . . . . . . 11 | |||
| 4.1.1. Recommendations for RSA key length . . . . . . . . . 12 | ||||
| 4.2. Digital Signature Recommendations . . . . . . . . . . . . 12 | 4.2. Digital Signature Recommendations . . . . . . . . . . . . 12 | |||
| 5. Algorithms for Internet of Things . . . . . . . . . . . . . . 12 | 5. Algorithms for Internet of Things . . . . . . . . . . . . . . 13 | |||
| 6. Security Considerations . . . . . . . . . . . . . . . . . . . 13 | 6. Security Considerations . . . . . . . . . . . . . . . . . . . 14 | |||
| 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 14 | 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 15 | |||
| 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 15 | 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 15 | |||
| 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 15 | 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 16 | |||
| 9.1. Normative References . . . . . . . . . . . . . . . . . . 15 | 9.1. Normative References . . . . . . . . . . . . . . . . . . 16 | |||
| 9.2. Informative References . . . . . . . . . . . . . . . . . 15 | 9.2. Informative References . . . . . . . . . . . . . . . . . 16 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 16 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 17 | |||
| 1. Introduction | 1. Introduction | |||
| The Internet Key Exchange (IKE) protocol [RFC7296] is used to | The Internet Key Exchange (IKE) protocol [RFC7296] is used to | |||
| negotiate the parameters of the IPsec SA, such as the encryption and | negotiate the parameters of the IPsec SA, such as the encryption and | |||
| authentication algorithms and the keys for the protected | authentication algorithms and the keys for the protected | |||
| communications between the two endpoints. The IKE protocol itself is | communications between the two endpoints. The IKE protocol itself is | |||
| also protected by cryptographic algorithms which are negotiated | also protected by cryptographic algorithms which are negotiated | |||
| between the two endpoints using IKE. Different implementations of | between the two endpoints using IKE. Different implementations of | |||
| IKE may negotiate different algorithms based on their individual | IKE may negotiate different algorithms based on their individual | |||
| skipping to change at page 10, line 36 ¶ | skipping to change at page 10, line 36 ¶ | |||
| MODP Group with 224-bit and 256-bit Prime Order Subgroup have small | MODP Group with 224-bit and 256-bit Prime Order Subgroup have small | |||
| subgroups, which means that checks specified in the "Additional | subgroups, which means that checks specified in the "Additional | |||
| Diffie-Hellman Test for the IKEv2" [RFC6989] section 2.2 first bullet | Diffie-Hellman Test for the IKEv2" [RFC6989] section 2.2 first bullet | |||
| point MUST be done when these groups are used. These groups are also | point MUST be done when these groups are used. These groups are also | |||
| not safe-primes. The seeds for these groups have not been publicly | not safe-primes. The seeds for these groups have not been publicly | |||
| released, resulting in reduced trust in these groups. These groups | released, resulting in reduced trust in these groups. These groups | |||
| were proposed as alternatives for group 2 and 14 but never saw wide | were proposed as alternatives for group 2 and 14 but never saw wide | |||
| deployment. It is expected in the near future to be further | deployment. It is expected in the near future to be further | |||
| downgraded to MUST NOT. | downgraded to MUST NOT. | |||
| 3.5. Summary of Changes from RFC 4307 | ||||
| The following table summarizes the changes from RFC 4307. | ||||
| RFC EDITOR: PLEASE REMOVE THIS PARAGRAPH AND REPLACE XXXX IN THE | ||||
| TABLE BELOW WITH THE NUMBER OF THIS RFC | ||||
| +---------------------+------------------+------------+ | ||||
| | Algorithm | RFC 4307 | RFC XXXX | | ||||
| +---------------------+------------------+------------+ | ||||
| | ENCR_3DES | MUST- | MAY | | ||||
| | ENCR_NULL | MUST NOT[errata] | (*) | | ||||
| | ENCR_AES_CBC | SHOULD+ | MUST | | ||||
| | ENCR_AES_CTR | SHOULD | (*) | | ||||
| | PRF_HMAC_MD5 | MAY | MUST NOT | | ||||
| | PRF_HMAC_SHA1 | MUST | MUST- | | ||||
| | PRF_AES128_XCBC | SHOULD+ | SHOULD | | ||||
| | AUTH_HMAC_MD5_96 | MAY | MUST NOT | | ||||
| | AUTH_HMAC_SHA1_96 | MUST | MUST- | | ||||
| | AUTH_AES_XCBC_96 | SHOULD+ | SHOULD | | ||||
| | Group 2 (1024-bit) | MUST- | SHOULD NOT | | ||||
| | Group 14 (2048-bit) | SHOULD+ | MUST | | ||||
| +---------------------+------------------+------------+ | ||||
| (*) These algorithms are not mentioned in the above sections, so they | ||||
| default to MAY. | ||||
| 4. IKEv2 Authentication | 4. IKEv2 Authentication | |||
| IKEv2 authentication may involve a signatures verification. | IKEv2 authentication may involve a signatures verification. | |||
| Signatures may be used to validate a certificate or to check the | Signatures may be used to validate a certificate or to check the | |||
| signature of the AUTH value. Cryptographic recommendations regarding | signature of the AUTH value. Cryptographic recommendations regarding | |||
| certificate validation are out of scope of this document. What is | certificate validation are out of scope of this document. What is | |||
| mandatory to implement is provided by the PKIX Community. This | mandatory to implement is provided by the PKIX Community. This | |||
| document is mostly concerned on signature verification and generation | document is mostly concerned on signature verification and generation | |||
| for the authentication. | for the authentication. | |||
| End of changes. 8 change blocks. | ||||
| 14 lines changed or deleted | 41 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||