[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: JFK Algorithm Choice

To: Eric Rescorla <ekr@rtfm.com>
Subject: Re: JFK Algorithm Choice
From: "Angelos D. Keromytis" <angelos@cs.columbia.edu>
Date: Wed, 06 Mar 2002 13:09:28 -0500
Cc: ipsec@lists.tislabs.com
In-reply-to: Your message of "Mon, 04 Mar 2002 14:58:35 PST." <200203042258.g24MwZN71393@romeo.rtfm.com>
Sender: owner-ipsec@lists.tislabs.com


In message <200203042258.g24MwZN71393@romeo.rtfm.com>, Eric Rescorla writes:
 >I just finished reading the new JFK draft at VPNC and I'm still 
 >unclear on how algorithm choice is supposed to work. 
 >
 >As I understand it, there are actually two different sets of
 >algorithms: those used for protecting MSG 3 and MSG 4 (JFK
 >algorithms) and those used in the SA being established (SA algorithms).

Correct.

 >(1) JFK Algorithm Choice
 >I think I understand this one, but I'd like to be sure. The
 >responder provides his choice of algorithms in GRPINFOr in
 >MSG 2. This includes the digest algorithm, the symmetric
 >encryption algorithm and one or more DH groups. The initiator
 >can take them or leave them.

Yes.

 >(2) SA Algorithm Choice
 >My general understanding of how this works (based on S 2.2) is as
 >follows: 
 >
 >(1) The	initiator offers some set of algorithms in the SA 
 >    payload of MSG 3.
 >(2) The responder chooses one and sends it in the SA' payload
 >    in MSG 4.
 >
 >Is this more or less correct?

Yes. In MSG 4, the responder may include additional information (e.g., the
SPI for the SA in that direction), as needed.

 >Questions:
 >(1) What exactly are the contents of the SA payload. Section
 >2.1 says:
 >
 >   sa: Defines the cryptographic and other properties of the Security
 >       Association (SA) the Initiator wants to establish.  It contains
 >       a Domain-of-Interpretation, which JFK understands, and an
 >       application-specific bitstring.
 >
 >Is the idea here that this is the Security Association payload
 >described in S 4.6.1 of RFC 2407 (possibly profiled down)?  If so,
 >this appears to be inconsistent with the claim in S 5 that:
 >
 >   the
 >   acceptable combinations are denoted by 16-bit, unstructured
 >   integers.
 >
 >Since this isn't how things are done in 2407, as I understand it.

Correct -- it's not RFC 2407. Basically, the SA payload is a TLV with a 32-bit
DoI (value 0x00000001 allocated for IPsec), followed by a list of 16-bit
algorithm choices, followed by two SPD elements.

 >(2) You list algorithms that "must be supported". Does this mean
 >that they must be enabled or merely implemented?

It means that a complying JFK implementation should understand these choices.
The IPsec layer itself might not support some of these --- there's nothing
JFK can do about that :-)

 >(3) How does the responder indicate that the initiator hasn't
 >offered any algorithms that it supports? Is there some way to
 >give a hint?

Section 2.5, rejection messages (not discussed in great length).
-Angelos

References:
- JFK Algorithm Choice
  - From: Eric Rescorla <ekr@rtfm.com>

Prev by Date: Re: JFK ID payload
Next by Date: RE: NAT Traversal
Prev by thread: JFK Algorithm Choice
Next by thread: ikev2 DOS protection mechanisms
Index(es):
- Date
- Thread