Hi Scott, > I've been pondering another question, and I think I'll bring it up before > finalizing the next version of the > draft. > > After the WG meeting, we (Tero and myself) met in the hallway and had a > little chat. One of the things > that I took away from it (and please correct me if I was wrong) was that you > thought that it was important > that the PPK itself was potentially equidistributed; for example, if it was > 256 bits long, then all possible 256 > bit values were representable; after all, we are handling it the PRF as a > key. On this basis, you suggested > that the PPK be encoded in Base64 (and converted into binary by each > endpoint). > > Now, for the specific PRFs standardized in IKE, it's not actually that > important that all bit patterns be > possible. Currently, the PRFs defined are HMAC of various hash functions, > and XCBC/CMAC (which aren't > quantum safe). The HMAC PRFs do not actually need to make the assumption > that the key is > equidistributed; it is sufficient that there are at least 2**256 possible > PPKs (which can be ensured by > simply allowing the PPK to be long enough). > > It would certainly be simpler to say "take the PPK as an ASCII string, and > hand it off to the PRF as the key", > and skip the Base64 conversion; we might want to suggest a limit on the > alphabet of the PPK (as not all > implementation like things with, say, spaces, in them), however that's not a > serious suggestion. > > On the other hand, it does rather assume that any future PRF will also work > well with a non-evenly > distributed key. > > Thoughts?
I've been thinking that the protocol must not prescribe PPK format (as well as PSK format). For the protocol it is a binary string. How it is represented in GUI and in which form it is transferred from peer to peer (base64, hex, even ASCII etc.) is not a protocol's matter. E.g. I can have a hardware tokens fabricated in pairs containing the same random PPK, that is never exported from the tokens. The end user never see the PPK value. Distribution is made by physically handing over the tokens. All crypto operations with PPK are done inside token. What base 64 we are talking about in this case? Where to apply it? Regards, Valery. _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
