idnits 2.17.1 draft-ietf-ipsec-ikev2-ecc-groups-01.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** It looks like you're using RFC 3978 boilerplate. You should update this to the boilerplate described in the IETF Trust License Policy document (see https://trustee.ietf.org/license-info), which is required now. -- Found old boilerplate from RFC 3978, Section 5.1 on line 13. -- Found old boilerplate from RFC 3978, Section 5.5 on line 243. ** This document has an original RFC 3978 Section 5.4 Copyright Line, instead of the newer IETF Trust Copyright according to RFC 4748. ** This document has an original RFC 3978 Section 5.5 Disclaimer, instead of the newer disclaimer which includes the IETF Trust according to RFC 4748. ** The document seems to lack an RFC 3979 Section 5, para. 1 IPR Disclosure Acknowledgement. ** The document seems to lack an RFC 3979 Section 5, para. 2 IPR Disclosure Acknowledgement. ** The document seems to lack an RFC 3979 Section 5, para. 3 IPR Disclosure Invitation. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == No 'Intended status' indicated for this document; assuming Proposed Standard == It seems as if not all pages are separated by form feeds - found 0 form feeds but 6 pages Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack a both a reference to RFC 2119 and the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. RFC 2119 keyword, line 77: '... implementations SHOULD support the fo...' Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (May 27, 2005) is 6899 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Possible downref: Non-RFC (?) normative reference: ref. 'IKEv2' == Outdated reference: A later version (-03) exists of draft-ietf-ipsec-ike-ecp-groups-01 ** Downref: Normative reference to an Informational draft: draft-ietf-ipsec-ike-ecp-groups (ref. 'IKE-ECP') -- Obsolete informational reference (is this intentional?): RFC 2409 (ref. 'IKE') (Obsoleted by RFC 4306) Summary: 8 errors (**), 0 flaws (~~), 4 warnings (==), 6 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 IPSec Working Group J. Solinas, NSA 2 INTERNET-DRAFT 3 Expires November 27, 2005 May 27, 2005 5 ECC Groups For IKEv2 6 8 Status of this Memo 10 By submitting this Internet-Draft, each author represents that any 11 applicable patent or other IPR claims of which he or she is aware 12 have been or will be disclosed, and any of which he or she becomes 13 aware will be disclosed, in accordance with Section 6 of BCP 79. 15 Internet-Drafts are working documents of the Internet Engineering 16 Task Force (IETF), its areas, and its working groups. Note that other 17 groups may also distribute working documents as Internet-Drafts. 19 Internet-Drafts are draft documents valid for a maximum of six months 20 and may be updated, replaced, or obsoleted by other documents at any 21 time. It is inappropriate to use Internet-Drafts as reference 22 material or to cite them other than as "work in progress." 24 The list of current Internet-Drafts can be accessed at 25 http://www.ietf.org/1id-abstracts.html 27 The list of Internet-Draft Shadow Directories can be accessed at 28 http://www.ietf.org/shadow.html 30 Abstract 32 This document describes ECC groups for use as Diffie-Hellman groups 33 in the Internet Key Exchange version 2 (IKEv2) protocol. These new 34 groups are defined to align IKEv2 with other standards, particularly 35 NIST standards, and with and to provide more efficient implementation 36 than in previously defined groups. 38 1. Introduction 40 This document describes default groups for use in elliptic curve 41 Diffie-Hellman in IKEv2 in addition to the groups already so defined. 43 The IKEv2 document [IKEv2] defines Diffie-Hellman groups 1 and 2 44 from [IKE] for use in IKEv2. The IKEv2 algorithms document [ALGS] 45 defines group 2 as well as group 14 from [RFC-3526] for IKEv2. 46 (The numbering of the groups is as in [IANA].) All three of these 47 groups are MODP modular exponentiation groups. 49 This document defines ECP type elliptic curve groups for use in 50 IKEv2. This is done for four reasons: 52 1. To enable IKEv2 to be implemented in a way that enjoys the 53 computational and bandwidth advantages of elliptic curves over 54 modular exponentiation groups. 56 2. To align IKEv2 with existing ECC standards, particularly 57 those of NIST. 59 3. To provide a common elliptic curve environment for users of 60 IKE and IKEv2. 62 4. The groups proposed are capable of providing security consistent 63 with the new Advanced Encryption Standard. 65 In addition, it is anticipated that the availability of standardized 66 groups will result in optimizations for a particular curve and field 67 size as well as allowing precomputation that could result in faster 68 implementations. 70 In summary, due to the performance advantages of elliptic curve 71 groups in IKEv2 implementations and the need for further alignment 72 with other standards, this document defines three elliptic curves for 73 IKEv2. 75 2. ECC Groups 77 IKEv2 implementations SHOULD support the following three 78 Diffie-Hellman groups. 80 Group Number Group Type Bit Length Defined 82 19 ECP 256 [IKE-ECP] 83 20 ECP 384 [IKE-ECP] 84 21 ECP 521 [IKE-ECP] 86 The details of the three groups are given in [IKE-ECP], in which 87 they are defined for use in the original version of IKE. The group 88 numbers correspond to the anticipated IANA identifiers. For a full 89 list of Diffie-Hellman groups, see [IANA] or {ECG5]. 91 3. Alignment with Other Standards 93 The following table summarizes the appearance of these three elliptic 94 curve groups in other standards. 96 Standard Group 19 Group 20 Group 21 98 NIST [DSS] P-256 P-384 P-521 100 ISO/IEC [ISO-15946-1] P-256 102 ISO/IEC [ISO-18031] P-256 P-384 P-521 104 ANSI [X9.62-1998] Sect. J.5.3, 105 Example 1 107 ANSI [X9.62-2003] Sect. J.6.5.3 Sect. J.6.6 Sect. J.6.7 109 ANSI [X9.63] Sect. J.5.4, Sect. J.5.5 Sect. J.5.6 110 Example 2 112 SECG [SEC2] secp256r1 secp384r1 secp521r1 114 See also [NIST], [ISO-14888-3], [ISO-15946-2], [ISO-15946-3], and 115 [ISO-15946-4]. 117 4. Security Considerations 119 Since this document proposes new groups for use within IKEv2, many 120 of the security considerations contained within [IKEv2] apply here 121 as well. 123 The groups proposed in this document correspond to the symmetric key 124 sizes 128 bits, 192 bits, and 256 bits. This allows the IKE key 125 exchange to offer security comparable with the AES algorithms [AES]. 127 5. IANA Considerations 129 This document has no actions for IANA. 131 6. References 133 6.1 Normative 135 [IKEv2] C. Kaufman, Internet Key Exchange (IKEv2) Protocol, 2004, 136 http://www.ietf.org/internet-drafts/draft-ietf-ipsec-ikev2-17.txt 138 [IKE-ECP] J. Solinas, ECP Groups For IKE, May 2005, 139 draft-ietf-ipsec-ike-ecp-groups-01.txt. 141 6.2 Informative 143 [AES] U.S. Department of Commerce/National Institute of Standards 144 and Technology, Advanced Encryption Standard (AES), FIPS PUB 197, 145 November 2001. (http://csrc.nist.gov/publications/fips/index.html) 147 [ALGS] J. Schiller, Cryptographic Algorithms for use in the Internet 148 Key Exchange Version 2, draft-ietf-ipsec-ikev2-algorithms-05.txt, 149 April 2004. 151 [DSS] U.S. Department of Commerce/National Institute of Standards 152 and Technology, Digital Signature Standard (DSS), FIPS PUB 186-2, 153 January 2000. (http://csrc.nist.gov/publications/fips/index.html) 155 [IANA] Internet Assigned Numbers Authority, Internet Key Exchange 156 (IKE) Attributes. (http://www.iana.org/assignments/ipsec-registry) 158 [IKE] D. Harkins and D. Carrel, The Internet Key Exchange, RFC 2409, 159 November 1998. 161 [ISO-14888-3] International Organization for Standardization and 162 International Electrotechnical Commission, ISO/IEC First 163 Committee Draft 14888-3 (2nd ed.), Information Technology: 164 Security Techniques: Digital Signatures with Appendix: Part 3 - 165 Discrete Logarithm Based Mechanisms. 167 [ISO-15946-1] International Organization for Standardization and 168 International Electrotechnical Commission, ISO/IEC 15946-1: 169 2002-12-01, Information Technology: Security Techniques: 170 Cryptographic Techniques based on Elliptic Curves: Part 1 - 171 General. 173 [ISO-15946-2] International Organization for Standardization and 174 International Electrotechnical Commission, ISO/IEC 15946-2: 175 2002-12-01, Information Technology: Security Techniques: 176 Cryptographic Techniques based on Elliptic Curves: Part 2 - 177 Digital Signatures. 179 [ISO-15946-3] International Organization for Standardization and 180 International Electrotechnical Commission, ISO/IEC 15946-3: 181 2002-12-01, Information Technology: Security Techniques: 182 Cryptographic Techniques based on Elliptic Curves: Part 3 - 183 Key Establishment. 185 [ISO-15946-4] International Organization for Standardization and 186 International Electrotechnical Commission, ISO/IEC 15946-4: 187 2004-10-01, Information Technology: Security Techniques: 188 Cryptographic Techniques based on Elliptic Curves: Part 4 - 189 Digital Signatures giving Message Recovery. 191 [ISO-18031] International Organization for Standardization and 192 International Electrotechnical Commission, ISO/IEC Final 193 Committee Draft 18031, Information Technology: Security 194 Techniques: Random Bit Generation, October 2004. 196 [NIST] U.S. Department of Commerce/National Institute of Standards 197 and Technology. Recommendation for Key Establishment Schemes 198 Using Discrete Logarithm Cryptography, NIST Special Publication 199 800-56. (http://csrc.nist.gov/CryptoToolkit/KeyMgmt.html) 201 [RFC-3526] T. Kivinen and M. Kojo, More Modular Exponential (MODP) 202 Diffie-Hellman groups for Internet Key Exchange (IKE), RFC 203 3526, May 2003. 205 [SEC2] Standards for Efficient Cryptography Group. SEC 2 - 206 Recommended Elliptic Curve Domain Parameters, v. 1.0, 2000. 207 (http://www.secg.org) 209 [X9.62-1998] American National Standards Institute, ANS X9.62-1998: 210 Public Key Cryptography for the Financial Services Industry: The 211 Elliptic Curve Digital Signature Algorithm. January 1999. 213 [X9.62-2003] American National Standards Institute, ANS X9.62-1998: 214 Public Key Cryptography for the Financial Services Industry: The 215 Elliptic Curve Digital Signature Algorithm, 216 Revised-Draft-2003-02-26, February 2003. 218 [X9.63] American National Standards Institute. ANSI X9.63-2001, 219 Public Key Cryptography for the Financial Services Industry: Key 220 Agreement and Key Transport using Elliptic Curve Cryptography. 221 November 2001. 223 7. Author's Address 225 Jerome A. Solinas 226 National Security Agency 227 jasolin@orion.ncsc.mil 229 Comments are solicited and should be addressed to the author. 231 Copyright (C) The Internet Society (2005). 233 This document is subject to the rights, licenses and restrictions 234 contained in BCP 78, and except as set forth therein, the authors 235 retain all their rights. 237 This document and the information contained herein are provided on an 238 "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS 239 OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET 240 ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, 241 INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE 242 INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED 243 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 245 Expires November 27, 2005