[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Last ditch proposal for crypto suites

To: "Hallam-Baker, Phillip" <pbaker@verisign.com>, Charlie_Kaufman@notesdev.ibm.com, ipsec@lists.tislabs.com
Subject: RE: Last ditch proposal for crypto suites
From: Alex Alten <Alten@attbi.com>
Date: Fri, 30 Aug 2002 07:22:12 -0700
In-Reply-To: <2F3EC696EAEED311BB2D009027C3F4F40DF2DCA2@vhqpostal.verisign.com>
Sender: owner-ipsec@lists.tislabs.com

This sounds reasonable.  Shouldn't we also spec the RSA key lengths?
And is 3DES-CBC doing EDE or EEE?  (I assume EDE is preferable?)

- Alex


At 06:45 AM 8/30/2002 -0700, Hallam-Baker, Phillip wrote:
>Actually following on from Radia's point I think we would have three suites:
>
>1: RSA/3DES-CBC/SHA-1 
>2: RSA/AES-CTR-128/SHA-2
>3: RSA/AES-CTR-256/SHA-2
>
>The argument for suite 3 being that if something catastrophic does happen in
>the processing world there is a last ditch fallback.
>
>I would limit the SHOULD suites to the DSA variants of the above but
>excluding 3DES since the demand for DSA is likely to be restricted to people
>who want NIST acredited crypto and 3DES ain't acredited.
>
>4: DSA/AES-CTR-128/SHA-2
>5: DSA/AES-CTR-256/SHA-2
>
>I don't want any other suites. I don't want EC variants, I don't want a
>different chaining mode for each day of the week.
>
>One thing that would be very useful for integration with specs in the Web
>Services space is if a unique URN was specified for each suite. EG
>urn:ietf:rfcxxx:cryptosuite-1
>
>This would then allow the suite specification to be specified in negotiation
>at the Web services level. So that a UDDI directory or WSDL could contain a
>policy statement that says 'this service requires the use of IPSEC
>cryptosuite 2 or 4'.
>
>Note that we have fewer suites in total than we had symmetric algs for IKE1.
>
>
>	Phill
>
>> -----Original Message-----
>> From: Alex Alten [mailto:Alten@attbi.com]
>> Sent: Friday, August 30, 2002 2:33 AM
>> To: Charlie_Kaufman@notesdev.ibm.com; ipsec@lists.tislabs.com
>> Subject: Re: Last ditch proposal for crypto suites
>> 
>> 
>> At 05:58 PM 8/29/2002 -0400, Charlie_Kaufman@notesdev.ibm.com wrote:
>> >
>> >I propose that we remove the text for a la carte negotiation 
>> from the IKEv2
>> >spec, 
>> ...
>> 
>> I'm amazed that after so many years the WG is still arguing 
>> over this issue
>> (or maybe I'm not).  As Steve B. pointed out interoperability 
>> and buggy code
>> are very important considerations.
>> 
>> We only need to spec two MUST have suites.  RSA/3DES-CBC/SHA-1 and 
>> RSA/AES-CTR-128/SHA-2.  Forget the rest, they are going into 
>> the dustbin
>> of history.  Details like PFS, HMAC should be the same across 
>> the suites. 
>> 
>> What I'll add, along with my vote to do suites, is that the 
>> receiver MUST
>> accept whatever suite the sender chooses to use.  This will 
>> make life a lot
>> easier and will not be a "security" problem. The difference 
>> between 3DES and 
>> AES-128 is minor.  What we are really after is to provide an 
>> upgrade path from
>> 3DES to AES, to gain the huge performance improvement and yet 
>> not screw our
>> existing customers.
>> 
>> Choose the mandatory suites wisely and sparingly.  Once the 
>> IKEv2 dust has 
>> settled there will be much more difficult fish to fry.
>> 
>> Good luck Charlie & Co.,
>> 
>> - Alex
>> 
>> --
>> 
>> Alex Alten
>> Alten@ATTBI.com
>> 
>
--

Alex Alten
Alten@ATTBI.com

Follow-Ups:
- Please remove me from your mailing lists.
  - From: "Ron Kiefer" <rjkiefer@sgsintl.com>
- RE: Last ditch proposal for crypto suites
  - From: Henry Spencer <henry@spsystems.net>

References:
- RE: Last ditch proposal for crypto suites
  - From: "Hallam-Baker, Phillip" <pbaker@verisign.com>

Prev by Date: Re: Last ditch proposal for crypto suites
Next by Date: Re: Last ditch proposal for crypto suites
Prev by thread: RE: Last ditch proposal for crypto suites
Next by thread: Please remove me from your mailing lists.
Index(es):
- Date
- Thread