| < draft-merkle-ikev2-ke-brainpool-05.txt | draft-merkle-ikev2-ke-brainpool-06.txt > | |||
|---|---|---|---|---|
| Network Working Group J. Merkle | Network Working Group J. Merkle | |||
| Internet-Draft secunet Security Networks | Internet-Draft secunet Security Networks | |||
| Intended status: Informational M. Lochter | Intended status: Informational M. Lochter | |||
| Expires: October 25, 2013 Bundesamt fuer Sicherheit in der | Expires: October 25, 2013 Bundesamt fuer Sicherheit in der | |||
| Informationstechnik (BSI) | Informationstechnik (BSI) | |||
| April 23, 2013 | April 23, 2013 | |||
| Using the ECC Brainpool Curves for IKEv2 Key Exchange | Using the ECC Brainpool Curves for IKEv2 Key Exchange | |||
| draft-merkle-ikev2-ke-brainpool-05 | draft-merkle-ikev2-ke-brainpool-06 | |||
| Abstract | Abstract | |||
| This document specifies the use of ECC Brainpool elliptic curve | This document specifies the use of ECC Brainpool elliptic curve | |||
| groups for key exchange in the Internet Key Exchange version 2 | groups for key exchange in the Internet Key Exchange version 2 | |||
| (IKEv2) protocol. | (IKEv2) protocol. | |||
| Status of This Memo | Status of This Memo | |||
| This Internet-Draft is submitted in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
| skipping to change at page 6, line 11 ¶ | skipping to change at page 6, line 11 ¶ | |||
| coordinate of the Diffie-Hellman common value using the FieldElement- | coordinate of the Diffie-Hellman common value using the FieldElement- | |||
| to-OctetString conversion method specified in [SEC1] and MUST have | to-OctetString conversion method specified in [SEC1] and MUST have | |||
| bit length as indicated in the Table 2. | bit length as indicated in the Table 2. | |||
| 3. Security Considerations | 3. Security Considerations | |||
| The security considerations of [RFC5996] apply accordingly. | The security considerations of [RFC5996] apply accordingly. | |||
| In order to thwart certain active attacks, the validity of the other | In order to thwart certain active attacks, the validity of the other | |||
| peer's public Diffie-Hellmann value (x,y) recovered from the received | peer's public Diffie-Hellmann value (x,y) recovered from the received | |||
| key exchange payload needs to be verified. In particular, it must be | key exchange payload needs to be verified. In particular, it MUST be | |||
| verified that the coordinates x and y of the public value satisfy the | verified that the coordinates x and y of the public value satisfy the | |||
| curve equation. | curve equation. For additional information we refer to [IKE_DH_Req]. | |||
| The confidentiality, authenticity and integrity of a secure | The confidentiality, authenticity and integrity of a secure | |||
| communication based on IKEv2 is limited by the weakest cryptographic | communication based on IKEv2 is limited by the weakest cryptographic | |||
| primitive applied. In order to achieve a maximum security level when | primitive applied. In order to achieve a maximum security level when | |||
| using one of the elliptic curves from Table 1 for key exchange, the | using one of the elliptic curves from Table 1 for key exchange, the | |||
| key derivation function, the algorithms and key lengths of symmetric | key derivation function, the algorithms and key lengths of symmetric | |||
| encryption and message authentication as well as the algorithm, bit | encryption and message authentication as well as the algorithm, bit | |||
| length and hash function used for signature generation should be | length and hash function used for signature generation should be | |||
| chosen according to the recommendations of [NIST800-57] and | chosen according to the recommendations of [NIST800-57] and | |||
| [RFC5639]. Furthermore, the private Diffie-Hellman keys should be | [RFC5639]. Furthermore, the private Diffie-Hellman keys should be | |||
| skipping to change at page 8, line 47 ¶ | skipping to change at page 8, line 47 ¶ | |||
| Attack Resistance of Elliptic Curve Implementations", | Attack Resistance of Elliptic Curve Implementations", | |||
| July 2011. | July 2011. | |||
| [FIPS] National Institute of Standards and Technology, | [FIPS] National Institute of Standards and Technology, | |||
| "Digital Signature Standard (DSS)", FIPS PUB 186-2, | "Digital Signature Standard (DSS)", FIPS PUB 186-2, | |||
| December 1998. | December 1998. | |||
| [HMV] Hankerson, D., Menezes, A., and S. Vanstone, "Guide to | [HMV] Hankerson, D., Menezes, A., and S. Vanstone, "Guide to | |||
| Elliptic Curve Cryptography", Springer Verlag, 2004. | Elliptic Curve Cryptography", Springer Verlag, 2004. | |||
| [IKE_DH_Req] Sheffer, Y. and S. Fluhrer, "Additional Diffie-Hellman | ||||
| Tests for IKEv2 (work in progress)", | ||||
| draft-ietf-ipsecme-dh-checks-00 (work in progress), | ||||
| January 2013. | ||||
| [ISO1] International Organization for Standardization, | [ISO1] International Organization for Standardization, | |||
| "Information Technology - Security Techniques - Digital | "Information Technology - Security Techniques - Digital | |||
| Signatures with Appendix - Part 3: Discrete Logarithm | Signatures with Appendix - Part 3: Discrete Logarithm | |||
| Based Mechanisms", ISO/IEC 14888-3, 2006. | Based Mechanisms", ISO/IEC 14888-3, 2006. | |||
| [ISO2] International Organization for Standardization, | [ISO2] International Organization for Standardization, | |||
| "Information Technology - Security Techniques - | "Information Technology - Security Techniques - | |||
| Cryptographic Techniques Based on Elliptic Curves - | Cryptographic Techniques Based on Elliptic Curves - | |||
| Part 2: Digital signatures", ISO/IEC 15946-2, 2002. | Part 2: Digital signatures", ISO/IEC 15946-2, 2002. | |||
| End of changes. 4 change blocks. | ||||
| 3 lines changed or deleted | 8 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||