Re: [IPsec] I-D Action: draft-ietf-ipsecme-qr-ikev2-05.txt

2019-01-07 Thread Hammell, Jonathan F 
Classification: UNCLASSIFIED

Thanks Valery.  This update addresses my WGLC comments.

Best regards,
Jonathan

-Original Message-
Date: Tue, 25 Dec 2018 18:18:49 +0300
From: "Valery Smyslov" 
To: ,   
Cc: "'Scott Fluhrer'" , "'David McGrew'"
, "'Panos Kampanakis'" ,

Subject: Re: [IPsec] I-D Action: draft-ietf-ipsecme-qr-ikev2-05.txt
Message-ID: <004601d49c65$23561120$6a023360$@gmail.com>
Content-Type: text/plain;   charset="us-ascii"

Hi,

a new (-05) version of the "Postquantum Preshared Keys for IKEv2" draft has 
been posted. The draft contains minor text improvements that addresses comments 
received during WGLC.

Regards,
Valery (for the authors).

P.S. Merry Christmas (a bit late) and Happy New Year (a bit early)!


> A New Internet-Draft is available from the on-line Internet-Drafts 
> directories.
> This draft is a work item of the IP Security Maintenance and Extensions WG of 
> the IETF.
> 
> Title   : Postquantum Preshared Keys for IKEv2
> Authors : Scott Fluhrer
>   David McGrew
>   Panos Kampanakis
>   Valery Smyslov
>   Filename: draft-ietf-ipsecme-qr-ikev2-05.txt
>   Pages   : 18
>   Date: 2018-12-25
> 
> Abstract:
>The possibility of Quantum Computers pose a serious challenge to
>cryptography algorithms deployed widely today.  IKEv2 is one example
>of a cryptosystem that could be broken; someone storing VPN
>communications today could decrypt them at a later time when a
>Quantum Computer is available.  It is anticipated that IKEv2 will be
>extended to support quantum secure key exchange algorithms; however
>that is not likely to happen in the near term.  To address this
>problem before then, this document describes an extension of IKEv2 to
>allow it to be resistant to a Quantum Computer, by using preshared
>keys.
> 
> 
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-ietf-ipsecme-qr-ikev2/
> 
> There are also htmlized versions available at:
> https://tools.ietf.org/html/draft-ietf-ipsecme-qr-ikev2-05
> https://datatracker.ietf.org/doc/html/draft-ietf-ipsecme-qr-ikev2-05
> 
> A diff from the previous version is available at:
> https://www.ietf.org/rfcdiff?url2=draft-ietf-ipsecme-qr-ikev2-05
> 
> 
> Please note that it may take a couple of minutes from the time of 
> submission until the htmlized version and diff are available at 
> tools.ietf.org.
> 
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
> 
> ___
> IPsec mailing list
> IPsec@ietf.org
> https://www.ietf.org/mailman/listinfo/ipsec



___
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec

Re: [IPsec] WGLC on draft-ietf-ipsecme-qr-ikev2-04

2018-12-13 Thread Hammell, Jonathan F 
Classification: UNCLASSIFIED

The Canadian Centre for Cyber Security has reviewed 
draft-ietf-ipsecme-qr-ikev2-04 and recommends the authors address the following 
comments before proceeding to IESG.

1. The table on Page 8 refers to the term 'HAVE PPK' - this term is not used 
elsewhere in the document. To understand the table the reader is left to 
surmise its meaning.  We understand the term as the Responder being configured 
with a PPK for the Initiator (identified by the PPK_ID).   We recommend either 
defining what is meant by 'HAVE PPK' or changing the term from 'HAVE PPK' to 
'Configured with PPK for the initiator' which is how it is described in the 
Upgrade procedure or more simply as 'Configured with PPK' .

2. Section Upgrade procedure - We recommend changing the statement "As an 
optional second step, after all nodes have been upgraded, the administrator may 
then go back ... and mark the use of PPK as mandatory." to "After all nodes 
have been upgraded, the administrator SHOULD go back ...".

3. IKEv2 with EAP authentication -the EAP-ikev2 protocol description in the 
draft is different from that in the EAP-IKEv2 RFC 5106 beyond what we expect 
because of PPK use (i.e Initiator does not send an AUTH payload in the first 
EAP-Req message). 

a. Firstly, none of the message types from RFC 5106 are used in the draft: 
EAP-Req, EAP-Res and EAP-Success for example. We recommend using the same 
notation as in the RFC to describe EAP with PPK.
b. The draft uses the term "EAP" whose meaning is unclear but assumed to mean 
an EAP type message.
c. The biggest difference appears to be the fact that it is the Responder who 
sends the EAP-success message. This may be done because an extra IKE_AUTH 
exchange will be performed, but an explanation could be useful.

We highlight two messages below (**) from the draft that appear to not fit 
the RFC's description. Also it is not clear what is meant by the term EAP in 
the messages, we assume that it stands for EAP-Req or EAP-Res.

 The portion of the description in the draft (without the IKE_SA_INIT and 
IKE_AUTH exchanges) is

   Initiator Responder
  
  HDR, SK {IDi, [CERTREQ,]
  [IDr,] SAi2,
  TSi, TSr}  -->
   <--  HDR, SK {IDr, [CERT,] AUTH,
EAP}
**HDR, SK {EAP}  -->
   <--  HDR, SK {EAP (success)}   **


Compared with the protocol described in RFC 5106 without the initial 
exchanges

   5. R<-I: EAP-Req (HDR, SK{IDi, [CERT], [CERTREQ], [NFID], AUTH})
   6. R->I: EAP-Res (HDR, SK{IDr, [CERT], AUTH})
* 7. R<-I: EAP-Success

  Figure 1: EAP-IKEv2 Full, Successful Protocol Run


Best regards,
Jonathan

On Fri, 30 Nov 2018, Waltermire, David A. (Fed) wrote:

> This message starts a working group last call (WGLC) on 
> draft-ietf-ipsecme-qr-ikev2-04, which will conclude on December 14, 2018 at 
> UTC 23:59. Please review and provide feedback on the -04 version 
> (https://datatracker.ietf.org/doc/draft-ietf-ipsecme-qr-ikev2/). Please 
> indicate if you believe this draft is ready for publication or if you have 
> comments that must be addressed before the draft progresses to the IESG.

___
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec