| < draft-ietf-ipsecme-rfc4307bis-14.txt | draft-ietf-ipsecme-rfc4307bis-15.txt > | |||
|---|---|---|---|---|
| Network Working Group Y. Nir | Network Working Group Y. Nir | |||
| Internet-Draft Check Point | Internet-Draft Check Point | |||
| Obsoletes: 4307 (if approved) T. Kivinen | Obsoletes: 4307 (if approved) T. Kivinen | |||
| Updates: 7296 (if approved) INSIDE Secure | Updates: 7296 (if approved) INSIDE Secure | |||
| Intended status: Standards Track P. Wouters | Intended status: Standards Track P. Wouters | |||
| Expires: March 26, 2017 Red Hat | Expires: April 23, 2017 Red Hat | |||
| D. Migault | D. Migault | |||
| Ericsson | Ericsson | |||
| September 22, 2016 | October 20, 2016 | |||
| Algorithm Implementation Requirements and Usage Guidance for IKEv2 | Algorithm Implementation Requirements and Usage Guidance for IKEv2 | |||
| draft-ietf-ipsecme-rfc4307bis-14 | draft-ietf-ipsecme-rfc4307bis-15 | |||
| Abstract | Abstract | |||
| The IPsec series of protocols makes use of various cryptographic | The IPsec series of protocols makes use of various cryptographic | |||
| algorithms in order to provide security services. The Internet Key | algorithms in order to provide security services. The Internet Key | |||
| Exchange (IKE) protocol is used to negotiate the IPsec Security | Exchange (IKE) protocol is used to negotiate the IPsec Security | |||
| Association (IPsec SA) parameters, such as which algorithms should be | Association (IPsec SA) parameters, such as which algorithms should be | |||
| used. To ensure interoperability between different implementations, | used. To ensure interoperability between different implementations, | |||
| it is necessary to specify a set of algorithm implementation | it is necessary to specify a set of algorithm implementation | |||
| requirements and usage guidance to ensure that there is at least one | requirements and usage guidance to ensure that there is at least one | |||
| skipping to change at page 1, line 47 ¶ | skipping to change at page 1, line 47 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on March 26, 2017. | This Internet-Draft will expire on April 23, 2017. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2016 IETF Trust and the persons identified as the | Copyright (c) 2016 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 9, line 38 ¶ | skipping to change at page 9, line 38 ¶ | |||
| must be performed online and in near real-time. | must be performed online and in near real-time. | |||
| +--------+---------------------------------------------+------------+ | +--------+---------------------------------------------+------------+ | |||
| | Number | Description | Status | | | Number | Description | Status | | |||
| +--------+---------------------------------------------+------------+ | +--------+---------------------------------------------+------------+ | |||
| | 14 | 2048-bit MODP Group | MUST | | | 14 | 2048-bit MODP Group | MUST | | |||
| | 19 | 256-bit random ECP group | SHOULD | | | 19 | 256-bit random ECP group | SHOULD | | |||
| | 5 | 1536-bit MODP Group | SHOULD NOT | | | 5 | 1536-bit MODP Group | SHOULD NOT | | |||
| | 2 | 1024-bit MODP Group | SHOULD NOT | | | 2 | 1024-bit MODP Group | SHOULD NOT | | |||
| | 1 | 768-bit MODP Group | MUST NOT | | | 1 | 768-bit MODP Group | MUST NOT | | |||
| | 22 | 1024-bit MODP Group with 160-bit Prime | SHOULD NOT | | | 22 | 1024-bit MODP Group with 160-bit Prime | MUST NOT | | |||
| | | Order Subgroup | | | | | Order Subgroup | | | |||
| | 23 | 2048-bit MODP Group with 224-bit Prime | SHOULD NOT | | | 23 | 2048-bit MODP Group with 224-bit Prime | SHOULD NOT | | |||
| | | Order Subgroup | | | | | Order Subgroup | | | |||
| | 24 | 2048-bit MODP Group with 256-bit Prime | SHOULD NOT | | | 24 | 2048-bit MODP Group with 256-bit Prime | SHOULD NOT | | |||
| | | Order Subgroup | | | | | Order Subgroup | | | |||
| +--------+---------------------------------------------+------------+ | +--------+---------------------------------------------+------------+ | |||
| Group 14 or 2048-bit MODP Group is raised from SHOULD+ in RFC4307 as | Group 14 or 2048-bit MODP Group is raised from SHOULD+ in RFC4307 as | |||
| a replacement for 1024-bit MODP Group. Group 14 is widely | a replacement for 1024-bit MODP Group. Group 14 is widely | |||
| implemented and considered secure. | implemented and considered secure. | |||
| skipping to change at page 10, line 25 ¶ | skipping to change at page 10, line 25 ¶ | |||
| Group 2 or 1024-bit MODP Group has been downgraded from MUST- in | Group 2 or 1024-bit MODP Group has been downgraded from MUST- in | |||
| RFC4307 to SHOULD NOT. It is known to be weak against sufficiently | RFC4307 to SHOULD NOT. It is known to be weak against sufficiently | |||
| funded attackers using commercially available mass-computing | funded attackers using commercially available mass-computing | |||
| resources, so its security margin is considered too narrow. It is | resources, so its security margin is considered too narrow. It is | |||
| expected in the near future to be downgraded to MUST NOT. | expected in the near future to be downgraded to MUST NOT. | |||
| Group 1 or 768-bit MODP Group was not mentioned in RFC4307 and so its | Group 1 or 768-bit MODP Group was not mentioned in RFC4307 and so its | |||
| status was MAY. It can be broken within hours using cheap of-the- | status was MAY. It can be broken within hours using cheap of-the- | |||
| shelves hardware. It provides no security whatsoever. | shelves hardware. It provides no security whatsoever. | |||
| Group 22, 23 and 24 or 1024-bit MODP Group with 160-bit, and 2048-bit | Group 22, 23 and 24 are MODP Groups with Prime Order Subgroups thater | |||
| MODP Group with 224-bit and 256-bit Prime Order Subgroup have small | are not safe-primes. The seeds for these groups have not been | |||
| subgroups, which means that checks specified in the "Additional | publicly released, resulting in reduced trust in these groups. These | |||
| Diffie-Hellman Test for the IKEv2" [RFC6989] section 2.2 first bullet | groups were proposed as alternatives for group 2 and 14 but never saw | |||
| point MUST be done when these groups are used. These groups are also | wide deployment. It has been shown that Group 22 with 1024-bit MODP | |||
| not safe-primes. The seeds for these groups have not been publicly | is too weak and academia have the resources to generate malicious | |||
| released, resulting in reduced trust in these groups. These groups | values at this size. This has resulted in Group 22 to be demoted to | |||
| were proposed as alternatives for group 2 and 14 but never saw wide | MUST NOT. Group 23 and 24 have been demoted to SHOULD NOT and are | |||
| deployment. It is expected in the near future to be further | expected to be further downgraded in the near future to MUST NOT. | |||
| downgraded to MUST NOT. | Since Group 23 and 24 have small subgroups, the checks specified in | |||
| "Additional Diffie-Hellman Test for the IKEv2" [RFC6989] section 2.2 | ||||
| first bullet point MUST be done when these groups are used. | ||||
| 3.5. Summary of Changes from RFC 4307 | 3.5. Summary of Changes from RFC 4307 | |||
| The following table summarizes the changes from RFC 4307. | The following table summarizes the changes from RFC 4307. | |||
| RFC EDITOR: PLEASE REMOVE THIS PARAGRAPH AND REPLACE XXXX IN THE | RFC EDITOR: PLEASE REMOVE THIS PARAGRAPH AND REPLACE XXXX IN THE | |||
| TABLE BELOW WITH THE NUMBER OF THIS RFC | TABLE BELOW WITH THE NUMBER OF THIS RFC | |||
| +---------------------+------------------+------------+ | +---------------------+------------------+------------+ | |||
| | Algorithm | RFC 4307 | RFC XXXX | | | Algorithm | RFC 4307 | RFC XXXX | | |||
| +---------------------+------------------+------------+ | +---------------------+------------------+------------+ | |||
| End of changes. 6 change blocks. | ||||
| 15 lines changed or deleted | 17 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||