Re: SOI QUESTION: 5.1 SA creation style: Cryptographic agreement

[Ari Huttunen <Ari.Huttunen@f-secure.com>]

It might be good if IKE used ANSI X9.31, instead of PKCS#1.
"There are three FIPS-approved algorithms for generating and verifying 
digital signatures: Digital Signature Algorithm (DSA), RSA (as specified in ANSI
X9.31), and Elliptic Curve DSA (ECDSA; as specified in ANSI X9.62)."
From:
  http://csrc.nist.gov/cryptval/dss.htm

As to the negotiation of algorithms, I'd vote for specifying each algorithm
separately, but specifying in some RFC that some specific combinations
of algorithms must be supported. For example, an RFC might specify that
"AES-128 in CBC mode, SHA-1 and group 5 MUST be supported by all implementations
for both SOI and IPsec SAs". (Yes, I know about Orman's draft.)

I see no practical problem in specifying algorithms in pretty much the same
way as in IKEv1. The problems come from many manufacturers supporting different
algorithms. Like some support LZS and others DEFLATE. Since I don't see why
everybody would need to pay the license for LZS, I'd like to make DEFLATE
support be must/should for ESP.

I think the beef is what algorithms are used, and not so much how they
are negotiated, although some flexibility to negotiate proprietary algorithms
would be good.

Ari

Theodore Ts'o wrote:
> 
> After taking a few days off for the July 4th holidays, I'm restarting
> sending out SOI Questions.  There only a couple more for us to tackle!
> 
> Please discuss and answer this question:
> 
> 5. SA creation style
> 
> 5.1 Cryptographic agreement
> 
> 5.1.A)Is negotiation for the algorithm suite required or not?
> 
> 5.1.B) Is there ever a case when you want the initiator to have the "last
> word"?
> 
> Implications from the scenarios:
> 
> [none]

-- 

Ari Huttunen                   phone: +358 9 2520 0700
Software Architect             fax  : +358 9 2520 5001

F-Secure Corporation       http://www.F-Secure.com 

F(ully)-Secure products: Securing the Mobile Enterprise