Yoav Nir <[email protected]> wrote: > Second issue is about UI advice. Some implementations (yes, mine is > included) allow the user to configure encryption algorithm, MAC > algorithm, and D-H group. There is no setting for PRF since such UIs > date back to IKEv1. The PRF is usually just taken from the setting for > MAC algorithm. This works fine as long as all supported MAC algorithms > are HMAC, XCBC, and CMAC. AES-GCM would have the same issue, but RFC > 5282 makes no mention of this issue. I’m wondering if we should > recommend to pair this algorithm in IKE with PRF_HMAC_SHA2_256.
So, in this case, if you wanted to not change your UI, maybe you would tell
the user to configure
encryption-algorithm=Chacha20-Poly1305
MAC=HMAC-SHA2
DH=whatever
the MAC would not apply to IPsec at all?
I guess if we are deploying this algorithm with the concern that HMAC-SHA2/AES
might become weak, that it would seem odd to depend upon SHA2 as the PRF.
At least, users might not understand.
(noting that SHA2 != HMAC-SHA2, and also that the inputs to the PRF as not
very easily manipulated...)
--
Michael Richardson <[email protected]>, Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
