I support adoption, because I think it will be useful in some use cases. But I’m wary of implicit IVs being generally used with counter mode ciphers.
The Security Considerations needs to provide some intense warnings against the reuse of counters. As Section 4 says, "With the algorithms listed in Section 2, the 8 byte nonce MUST NOT repeat.” But if an implementation is not careful, there are at least two ways in which an implementation can do this, perhaps unwittingly. (1) When the sequence number generation logic is outside of the same crypto boundary as the cipher processing, then there is the risk that cipher can be fooled into nonce reuse by an attacker who sets the sequence number to a smaller value. (2) There may be management operations allowing the setting or re-setting the sequence number for an SA, which for an SA with an implicit IV will also cause the counter mode to reuse values when it is set to a smaller value. In both of these cases, the cipher code itself will no longer be able to guarantee that that the nonce is not reused. This is a serious real-world issue. Thanks, Brian On Mar 31, 2017, at 9:47 AM, Tommy Pauly <[email protected]<mailto:[email protected]>> wrote: +1 supporting adoption —Tommy On Mar 30, 2017, at 11:23 AM, Tobias Guggemos <[email protected]<mailto:[email protected]>> wrote: Hy, We’ve started implementing the Implicit IV draft as a part of a minimal implementation of ESP for the RIOT operating system [1]. We’re also planning on an implementation for Linux. For that reason (and because I’m also co-author ;-) ) I support adoption! Regards Tobias [1] http://riot-os.org/ Von: IPsec [mailto:[email protected]] Im Auftrag von Daniel Migault Gesendet: Donnerstag, 30. März 2017 02:22 An: David Schinazi <[email protected]<mailto:[email protected]>> Cc: IPsecme WG ([email protected]<mailto:[email protected]>) <[email protected]<mailto:[email protected]>>; Tero Kivinen <[email protected]<mailto:[email protected]>>; Yoav Nir <[email protected]<mailto:[email protected]>> Betreff: Re: [IPsec] Starting two week working group adoptation call for draft-mglt-ipsecme-implicit-iv Hi, I am also supporting the draft as a co-author. Yours, Daniel On Wed, Mar 29, 2017 at 5:03 PM, David Schinazi <[email protected]<mailto:[email protected]>> wrote: Hello all, I strongly support adoption of this document. I have read it and implemented it. The document reads well, and allows independent implementations. I personally think Implicit IV is a great step forward for IKEv2/IPsec, even outside of IoT. Regards, David Schinazi > On Mar 29, 2017, at 16:58, Yoav Nir > <[email protected]<mailto:[email protected]>> wrote: > > Not surprising (me being a co-author) but I support adoption. > >> On 29 Mar 2017, at 16:44, Tero Kivinen >> <[email protected]<mailto:[email protected]>> wrote: >> >> As discussed in the meeting, we are starting two week working group >> adoptation call for the draft-mglt-ipsecme-implicit-iv. >> >> Please read the draft and send your comments to this list, and also >> tell if you support adoptation of this draft as WG draft. >> >> The document is available at >> https://datatracker.ietf.org/doc/draft-mglt-ipsecme-implicit-iv/ >> -- >> [email protected]<mailto:[email protected]> >> >> _______________________________________________ >> IPsec mailing list >> [email protected]<mailto:[email protected]> >> https://www.ietf.org/mailman/listinfo/ipsec > > _______________________________________________ > IPsec mailing list > [email protected]<mailto:[email protected]> > https://www.ietf.org/mailman/listinfo/ipsec _______________________________________________ IPsec mailing list [email protected]<mailto:[email protected]> https://www.ietf.org/mailman/listinfo/ipsec _______________________________________________ IPsec mailing list [email protected]<mailto:[email protected]> https://www.ietf.org/mailman/listinfo/ipsec _______________________________________________ IPsec mailing list [email protected]<mailto:[email protected]> https://www.ietf.org/mailman/listinfo/ipsec -- Brian Weis Security, CSG, Cisco Systems Telephone: +1 408 526 4796 Email: [email protected]<mailto:[email protected]>
_______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
