On Fri, May 01, 2015 at 04:04:03PM -0700, Dino Farinacci wrote: > Folks, this draft contains the following changes: > > B.1. Changes to draft-ietf-lisp-crypto-01.txt > > o Posted May 2015. > > o Create cipher suites and encode them in the Security LCAF. > > o Add IV to beginning of packet header and ICV to end of packet. > > o AEAD procedures are now part of encryption process.
At least I can follow how the algorithms work. Remaining issues/notes: - It composes AEAD mode instaed of using ready-made one. The composed mode is if nothing else slow (SHA-1 is already slower than some ready-made AEAD modes). - Key derivation looks to be missing hashing in important parameters (like group and exchange keys) into secrets. - Some NIST-spec KDF? I think there are RFCs that describe KDFs. - 1024-bit DH is regarded as quite weak nowadays. - Two new ECDH functions from CFRG were recently annouced[1]. Should be faster than DH1024/DH2048 with way smaller keys. [1] The lower security one (Curve25519, as is): v^2 = u^3 + 486662u^2 + u (mod 2^255-19) Secret key size: 255 bits. Secret key masking: Bits 0, 1, 2 off, bit 254 on. Point encoding: u as 32-octet little-endian base-256 integer. Base point: u=9. The higher security one: v^2 = u^3 + 156326u^2 + u (mod 2^448-2^224-1) Secret key size: 448 bits. Secret key masking: Bits 0, 1 off, bit 447 on. Point encoding: u as 56-octet little-endian base-256 integer. Base point: u=5. _______________________________________________ lisp mailing list [email protected] https://www.ietf.org/mailman/listinfo/lisp
