On Sat, July 21, 2012 10:50 am, Yoav Nir wrote: > > On Jul 21, 2012, at 7:28 PM, Dan Harkins wrote: > >> On Sat, July 21, 2012 8:56 am, Tero Kivinen wrote: [snip] >>> I think the way forward is to take this WG and as whether WG would be >>> willing to recharter and add new items to its charter: >>> >>> 1) Add Brainpool curves to the IKEv2 IANA registry (this can also be >>> done as individual draft, and does not need to be WG item, but if >>> we are doing the rest in WG then I think this should also be WG >>> item too). >>> 2) Define a way to use Brainpool curves in ECDSA (and perhaps ECGDSA) >>> in the IKEv2. This may require new standard track RFC defining new >>> generic ECDSA method, and might also need solutions how hash >>> function is selected for each group. >> >> If we're gonna recharter, maybe we should just work on an IKEv3 because >> the problems in IKEv2 are becoming apparent. This "new authentication >> mode" >> suggestion, or the need for a "generic ECDSA" algorithm are just hacks >> that >> should not be necessary for a properly defined protocol. In addition, >> the >> issues with the incorrect definition of representation of the result of >> an >> ECDH (it's the x-coordinate, not the concatenation of the x- and >> y-coordinates) that's lead to interoperability issues, and the inability >> to >> handle point compression all lead one to the conclusion that this stuff >> should all be fixed once and for all and fixed cleanly. > > In 6 years IKEv2 has gained very little traction. All major vendors offer > it, but it's still not the default setting for any of them. It would be as > bad as saying that IPv6 has problems, so we should begin work on IPv8.
We've been through nearly 40 revisions of this protocol (18 for IKEv2, another 10 to "clarify" how to use it and then another 11 to do IKEv2v2) and it still needs hacks to add some new elliptic curves-- either N new authentication modes for N curves, or a new unified and general ECDSA in addition to the existing 3 for ECDSA (!!!)-- and even still there will be interoperability issues because some people represent an ECDH shared secret as x||y and others represent it as x. Notice how the Notify payload is becoming the overloaded payload of choice to "fix" everything? It's hacked for EAP-only, it's hacked for secure passwords, and it's the method of choice to hack in new curves. Yuck. It's not apparent to me that the reasons for lack of deployment of IKEv2 are in any way similar to those of IPv6 (and, frankly, I would tend to doubt there is any relationship). It may be "bad" to say that we have a problem, but it's worse to deny that the problem exists. The first step to actually addressing one's problems of dysfunction is admitting to them. Let me begin: "Hello! My name is Dan. We have a problem." Dan. _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
