[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Terminology question: "suites" vs "set of cryptographic algorithms"
Paul Hoffman / VPNC <paul.hoffman@vpnc.org> wrote on 05/02/2003 07:40:30
PM:
> The term "suite" is used inconsistently in the current document. In
> some places, it means "the set of things chosen by the responder".
> However, there are exceptions. I have listed what I think are the
> main problems with the term "suite" in the current draft.
>
I've tried to use it to mean "a collection of algorithms used together
in an SA". The initiator proposes multiple suites (not as a list, but
as a Chinese menu (I hope that term has not become politically
incorrect)), and the responder selects one.
To clarify this, I changed the third paragraph of IKE Protocol Overview to
the following:
IKE performs mutual authentication between two parties and establishes
an IKE security association that includes shared secret information
that can be used
to efficiently establish SAs for ESP [RFC2406] and/or AH [RFC2402] and
a set of cryptographic algorithms to be used to protect the SAs.
In this document, the term "suite" or "cryptographic suite" refers to
a complete set of algorithms used to protect an SA. An initiator
proposes one or more suites by listing supported algorithms that can
be combined into suites in a mix and match fashion.
IKE can also negotiate use of IPcomp
[RFC2393] in connection with an ESP and/or AH SA.
We call the IKE SA an "IKE_SA". The SAs for ESP and/or AH
that get set up through that IKE_SA we call "CHILD_SA"s.
Does that help?
> The third paragraph of 2.7 says:
> This hierarchical structure was designed to be able to efficiently
> encode proposals for cryptographic suites when the number of
> supported suites is large because multiple values are acceptable for
> multiple transforms. The responder MUST choose a single suite, which
> MAY be any subset of the SA proposal following the rules below:
> This use of "suites" is talking about the proposals offered by the
> initiator, which is the "old" use of suites.
>
This seems clear to me. Do you have an alternate wording to propose?
> The last sentence in 2.7 says:
> Alice MUST again propose her full
> set of acceptable cryptographic suites because the rejection message
> was unauthenticated and otherwise an active attacker could trick
> Alice and Bob into negotiating a weaker suite than a stronger one
> that they both prefer.
> But Alice isn't proposing suites, she is proposing individual algorithms.
>
> In 3.10.1 it says:
> NO_PROPOSAL_CHOSEN 14
> None of the proposed crypto suites was acceptable.
> But no suites were proposed: algorithm choices were proposed.
>
Likewise, these seem clear to me; do you have an alternate wording.
> Section 6:
> Values of the Cryptographic Suite-ID define a set of cryptographic
> algorithms to be used in an IKE, ESP, or AH SA.
> We removed Suite-ID completely.
>
You're right on this one. It's an obsolete reference. I removed it.
> Appedix B:
> Future IANA-registered and private use Suite-IDs MAY use Diffie-
> Hellman groups that have modulus values and generators that are
> different than those in this document or in [ADDGROUP].
> Ditto.
>
This is also obsolete, and I removed it.
Was there ever a declared consensus on whether the algorithm definitions
(including all of Appendix B) should be removed so as not to duplicate
information in the algorithms document?
Barbara? Ted?
> --Paul Hoffman, Director
> --VPN Consortium
--Charlie