The RFC4301 requires support for manual keys (section 4.5), but I hope nobody really uses them. The rfc7321bis provides mandatory to implement algorithms for the IKEv2 use, and does not really specifically cover manual keys cases, but it does not really say that manual keyed SAs are out of scope either (like it does say for IKEv1).
The issue is that some of the conformance logo documents actually do require manual keys, and to gain those logos implementors need to add support for manual keyed SAs even when nobody is really going to use them (i.e., adding support for manual keys for android VPN client seems little stupid). On the other hand if you use the rfc7321bis requirements for also manual keys, there is only one suggested cipher that can be used, namely ENCR_AES_CBC. None of the counter mode ciphers are safe to use with manual keys, and for example RFC4106 (AES-GCM) requires using automated key management. The RFC4309 (AES-CCM) says that it "should not be used with statically configured keys", and that "MUST use fress keys". RFC7634 (Chacha20-poly1305) does not explictly say anything about manual keys, but says it gets bitstring called KEYMAT from IKE... If we assume rfc7431bis can be used with manual keys too, we need to add some more text saying these ciphers cannot be used with manual keys. Anyways, I think it should be time to mark manual keys as SHOULD NOT. We had it in 4301 as MUST to implement as we assumed that it could be used to fill in keying material from other source than IKE to the IPsec architecture. I do not think that is really happening, I think those other automated key management systems will also generate dynamic keys, and are feeding them in using similar APIs we have for IKEv2. Also manual keys were useful when doing initial IPsec testing in interops, but I have not used them for that purposes in last decade or so... Perhaps we should add note to the rfc7431bis that manual keys SHOULD NOT be used, and mark it as updating RFC4301? Or should we have separate RFC stating that? I do not want to change it to MUST NOT as that would require people to remove parts of their implementations to stay complient, but on the other hand I do not want people to wasting their time to implenting interface to configure manual keys when nobody is going to use them. -- [email protected] _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
