[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: IKEV2: Issue #2: Cipher suites

To: tytso@mit.edu, ipsec@lists.tislabs.com
Subject: RE: IKEV2: Issue #2: Cipher suites
From: Black_David@emc.com
Date: Thu, 13 Feb 2003 14:12:50 -0500
Sender: owner-ipsec@lists.tislabs.com

> It is also the case that IPSEC as applied to for VPN's will have very
> radically different cipher requirements than those already expressed
> for use by iSCSI.
> 
> For this reason, one potential solution (originally suggested by
> Steve Bellovin to the working group chairs) towards achieving closure
> on this issue would be to separate out into a separate document --- or
> more likely, documents --- the specifications of which ciphers are
> mandatory and which are merely optional.  Since which ciphers ought to
> be mandatory will likely change more frequently than the base document
> itself, combined with the need for different profiles for different
> applications, we propose that the IKEv2 document remain silent about
> which ciphers are required, and that separate documents, for VPN and
> iSCSI applications, be drafted that contain these requirements.  

The "iSCSI" cipher requirements actually apply to all of the IP
Storage (ips) protocols (iSCSI, FCIP, iFCP, iSNS).  They aren't
that radically different from the VPN requirements, and I think
that future implementers would benefit from a single requirements
document.  This would not be that difficult:

- 3DES-CBC and HMAC-SHA1 are MUSTs for both IP Storage and VPN.
- AES-CBC (w/HMAC-SHA1) is a SHOULD for VPN
- AES-CTR and AES-CBC-MAC w/XCBC are SHOULDs for IP Storage
- An implementation intended for both VPN and IP Storage
	SHOULD support all three AES modes (CBC, CTR, CBC MAC w/XCBC).

I note that the VPN requirements leave implementations that follow
the above SHOULDs exposed to a disastrous (but rather unlikely)
weakness discovery in HMAC-SHA1, as there is no alternate integrity
algorithm recommendation.

I strongly agree with Paul Hoffman's view that a separate requirements
document will be easier to update so that things like the current
DES and TIGER embarrassments can be avoided in the future.  This was
one of many reasons why the ips WG found it necessary to extensively
re-profile IPsec for our usage - a MUST for DES would only escape
the ips WG over my dead body ... 

Thanks,
--David (ips WG co-chair)
----------------------------------------------------
David L. Black, Senior Technologist
EMC Corporation, 176 South St., Hopkinton, MA  01748
+1 (508) 293-7953             FAX: +1 (508) 293-7786
black_david@emc.com        Mobile: +1 (978) 394-7754
----------------------------------------------------

Prev by Date: Re: Ready for IETF Last Call draft-ietf-ipsec-dpd-01.txt
Next by Date: IKEv2: Remaining Issues - ECNFIX
Prev by thread: Re: IKEV2: Issue #2: Cipher suites
Next by thread: IKEV2: Issue #3: DHCP vs. Configuration Payload
Index(es):
- Date
- Thread