| < draft-ietf-ipsecme-safecurves-02.txt | draft-ietf-ipsecme-safecurves-03.txt > | |||
|---|---|---|---|---|
| Network Working Group Y. Nir | Network Working Group Y. Nir | |||
| Internet-Draft Check Point | Internet-Draft Check Point | |||
| Intended status: Standards Track S. Josefsson | Intended status: Standards Track S. Josefsson | |||
| Expires: February 6, 2017 SJD | Expires: February 10, 2017 SJD | |||
| August 5, 2016 | August 9, 2016 | |||
| Curve25519 and Curve448 for IKEv2 Key Agreement | Curve25519 and Curve448 for IKEv2 Key Agreement | |||
| draft-ietf-ipsecme-safecurves-02 | draft-ietf-ipsecme-safecurves-03 | |||
| Abstract | Abstract | |||
| This document describes the use of Curve25519 and Curve448 for | This document describes the use of Curve25519 and Curve448 for | |||
| ephemeral key exchange in the Internet Key Exchange (IKEv2) protocol. | ephemeral key exchange in the Internet Key Exchange (IKEv2) protocol. | |||
| Status of This Memo | Status of This Memo | |||
| This Internet-Draft is submitted in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
| provisions of BCP 78 and BCP 79. | provisions of BCP 78 and BCP 79. | |||
| skipping to change at page 1, line 32 ¶ | skipping to change at page 1, line 32 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on February 6, 2017. | This Internet-Draft will expire on February 10, 2017. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2016 IETF Trust and the persons identified as the | Copyright (c) 2016 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 2, line 19 ¶ | skipping to change at page 2, line 19 ¶ | |||
| 2. Curve25519 & Curve448 . . . . . . . . . . . . . . . . . . . . 2 | 2. Curve25519 & Curve448 . . . . . . . . . . . . . . . . . . . . 2 | |||
| 3. Use and Negotiation in IKEv2 . . . . . . . . . . . . . . . . 3 | 3. Use and Negotiation in IKEv2 . . . . . . . . . . . . . . . . 3 | |||
| 3.1. Key Exchange Payload . . . . . . . . . . . . . . . . . . 3 | 3.1. Key Exchange Payload . . . . . . . . . . . . . . . . . . 3 | |||
| 3.2. Recipient Tests . . . . . . . . . . . . . . . . . . . . . 4 | 3.2. Recipient Tests . . . . . . . . . . . . . . . . . . . . . 4 | |||
| 4. Security Considerations . . . . . . . . . . . . . . . . . . . 4 | 4. Security Considerations . . . . . . . . . . . . . . . . . . . 4 | |||
| 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4 | 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4 | |||
| 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 5 | 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 5 | |||
| 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 5 | 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 5 | |||
| 7.1. Normative References . . . . . . . . . . . . . . . . . . 5 | 7.1. Normative References . . . . . . . . . . . . . . . . . . 5 | |||
| 7.2. Informative References . . . . . . . . . . . . . . . . . 5 | 7.2. Informative References . . . . . . . . . . . . . . . . . 5 | |||
| Appendix A. Numerical Example for Curve25519 . . . . . . . . . . 5 | Appendix A. Numerical Example for Curve25519 . . . . . . . . . . 6 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 6 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 7 | |||
| 1. Introduction | 1. Introduction | |||
| The "Elliptic Curves for Security" document [RFC7748] describes two | The "Elliptic Curves for Security" document [RFC7748] describes two | |||
| elliptic curves: Curve25519 and Curve448, as well as the X25519 and | elliptic curves: Curve25519 and Curve448, as well as the X25519 and | |||
| X448 functions for performing key agreement (Diffie-Hellman) | X448 functions for performing key agreement (Diffie-Hellman) | |||
| operations with these curves. The curves and functions are designed | operations with these curves. The curves and functions are designed | |||
| for both performance and security. | for both performance and security. | |||
| Almost ten years ago the "ECP Groups for IKE and IKEv2" document | Almost ten years ago the "ECP Groups for IKE and IKEv2" document | |||
| skipping to change at page 4, line 49 ¶ | skipping to change at page 4, line 49 ¶ | |||
| brainpoolP256 (group 28) is expected to provide a level of security | brainpoolP256 (group 28) is expected to provide a level of security | |||
| comparable to Curve25519 and NIST P-256. However, due to the use of | comparable to Curve25519 and NIST P-256. However, due to the use of | |||
| pseudo-random prime, it is significantly slower than NIST P-256, | pseudo-random prime, it is significantly slower than NIST P-256, | |||
| which is itself slower than Curve25519. | which is itself slower than Curve25519. | |||
| 5. IANA Considerations | 5. IANA Considerations | |||
| IANA is requested to assign two values from the IKEv2 "Transform Type | IANA is requested to assign two values from the IKEv2 "Transform Type | |||
| 4 - Diffie-Hellman Group Transform IDs" registry, with names | 4 - Diffie-Hellman Group Transform IDs" registry, with names | |||
| "Curve25519" and "Curve448" and this document as reference. The | "Curve25519" and "Curve448" and this document as reference. The | |||
| Recipient Tests field should also point to this document. | Recipient Tests field should also point to this document: | |||
| +--------+------------+---------------------+-----------+ | ||||
| | Number | Name | Recipient Tests | Reference | | ||||
| +--------+------------+---------------------+-----------+ | ||||
| | TBA1 | Curve25519 | RFCxxxx Section 3.2 | RFCxxxx | | ||||
| | TBA2 | Curve448 | RFCxxxx Section 3.2 | RFCxxxx | | ||||
| +--------+------------+---------------------+-----------+ | ||||
| Table 1: New Transform Type 4 Values | ||||
| 6. Acknowledgements | 6. Acknowledgements | |||
| Curve25519 was designed by D. J. Bernstein and the parameters for | Curve25519 was designed by D. J. Bernstein and the parameters for | |||
| Curve448 ("Goldilocks") is by Mike Hamburg. The specification of | Curve448 ("Goldilocks") is by Mike Hamburg. The specification of | |||
| algorithms, wire format and other considerations are in RFC 7748 by | algorithms, wire format and other considerations are in RFC 7748 by | |||
| Adam Langley, Mike Hamburg, and Sean Turner. | Adam Langley, Mike Hamburg, and Sean Turner. | |||
| The examples in Appendix A were calculated using the master version | The example in Appendix A was calculated using the master version of | |||
| of OpenSSL, retrieved on August 4th, 2016. | OpenSSL, retrieved on August 4th, 2016. | |||
| 7. References | 7. References | |||
| 7.1. Normative References | 7.1. Normative References | |||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, March 1997. | Requirement Levels", BCP 14, RFC 2119, March 1997. | |||
| [RFC7296] Kivinen, T., Kaufman, C., Hoffman, P., Nir, Y., and P. | [RFC7296] Kivinen, T., Kaufman, C., Hoffman, P., Nir, Y., and P. | |||
| Eronen, "Internet Key Exchange Protocol Version 2 | Eronen, "Internet Key Exchange Protocol Version 2 | |||
| End of changes. 6 change blocks. | ||||
| 9 lines changed or deleted | 18 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||