On Mon, 10 Oct 2016, Valery Smyslov wrote: Valery,
I forgot if we reached any consensus or ideas on the 7427 issue you brought up in Seoul. Sahana has started work on implementing 7427 for libreswan and during this process we came up with a few questions. Has there been any discussion about using a hash algorithm that is different from the one used to sign the CERT (if certificates are used) ? It seems to not make much sense and lead to false sense of security if the signature uses SHA2 but the CERT is trusted based on a SHA1 signature. So, in a way sending more then one hash algorithm seems to only make sense for raw public keys, not with certificates? Is it implied that when using SHA2, one twiches the RSA algorithm variant? If so, how does one know that the old variant is supported? (I guess that's the issue you brought up in the link below) Another issue we have in our implementation, is that we don't know which hash algorithms we allow when needing to send an IKE_INIT response. In theory, our server could have two connections loaded, one using RSA-SHA1 and one using ECDSA-SHA2. These connections can only be selected when we receive the IKE_AUTH packet. So our implementation picks one (sort of randomly) and when processing IKE_AUTH it can "switch" to the other connection. But we already have to commit to a hash algorithm in the IKE_INIT reply. And if we are sending ALL the hash algorithms that we support/implement, then we run the risk of the peer expecting to be able to use some hash algorithm, but we don't allow it per configuration for that specific connection (eg the SHA2 one on the RSA-SHA1 connection) and there is no way to signal that other then AUTHENTICATION_FAILED. Paul
Subject: Re: [IPsec] vendor support of RFC7427
Hi, we (ELVIS-PLUS) support RFC7427 for over a year and we are interoperable with Strongswan. However, see my message about some interoperability problems: https://www.ietf.org/mail-archive/web/ipsec/current/msg10840.html This issue is scheduled for discussion on ipsecme meeting in Seoul. Regards, Valery Smyslov.
_______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
