Sahana is working on implementing RFC-7457 and has some interesting questions.
It would be useful to have that discussion here with a larger audience (I will
also reply later myself with my thoughts)
Begin forwarded message:
>
> Hello,
>
> 1. 'authby' in ipsec.conf
> In the ipsec.conf file, is the authby value going to be changed?
> authby=rsasig (currently for libreswan)
>
> authby will take values like 'dsssig' , 'ecdsa' ( if these are implemented in
> libreswan in future)
>
> or is the operator going to specify authby = digsig (digital signature = 14)
> - I hope not.
>
> I ask this because , with RFC 7427 , authtype will always be 'Digital
> Signature =14' and as initiator libreswan will always send a Hash algorithm
> Notification. And this will be the default behaviour.
>
> If it does not receive a Hash algorithm Notification , then we know that the
> receiver does not support RFC 7427 and we fall back to the older method and
> send authtype as rsasig=1.
>
> Also can authby have multiple values?
>
> I'd like to know this because , if libreswan supported both RSA and ECDSA (in
> future) , then will the operator always specify auth type as 'RSA|ECDSA' or
> just 'RSA' or just 'ECDSA' ?
>
> {In the below link i saw a possibility of sharedkey|rsasig for authby , so
> just wondered if it could ever be rsasig|ecdsa
> https://libreswan.org/man/ipsec.conf.5.html }
>
>
>
> 2. How do we decide what to send in Hash Algorithm Notification?
>
> It should be based on the 'authtype' configured by the operator in the
> ipsec.conf.
> so i'll look at c->policy and decide.
>
> If it is RSA then send only SHA1 (because the rest is not supported currently
> by libreswan)
>
> If libreswan supports ECDSA in future , then SHA2-256 , SHA2-384 , SHA2-512
> should be sent.
>
> Let us assume for a moment that Libreswan supports both RSA and ECDSA (this
> is likely to happen in future).
> Should I already send SHA1 , SHA2-256 , SHA2-384 , SHA2-512 ? (Because I know
> for sure that libreswan supports all these 4)
> Or Should I check the authtype and send only SHA1 if it is RSA and SHA2-256 ,
> SHA2-384 , SHA2-512 if it is ECDSA ?
>
> I would prefer the former method , since it give more flexibility.
>
> If the responder says he supports only SHA1 , I can set up a connection with
> RSA keys.
> If the responder says he supports only SHA2-384 , I can set up a connection
> with ECDSA keys.
>
> (But this again depends on the answer to question one. Does the operator set
> the authtype to "rsasig/ecdsa" or just "rsasig" or just "ecdsa" )
>
> 3. Would libreswan plan to add support for RSA with SHA2-256 , SHA2-384 and
> SHA2-512 ?
>
> I know this is less likely to happen as ECDSA with the above mentioned Hash
> algorithms is stronger anyway.
> But I continue to ask this because RFC has sha256WithRSAEncryption ,
> sha384WithRSAEncryption and sha512WithRSAEncryption as Identifiers.
>
> So should our code comply to it?
>
> And if SHA2-256 is received from the Responder in the Hash algorithm
> Notification both sha256WithRSAEncryption and ecdsa-with-sha256 would be
> valid algorithm Identifiers to be sent in the in AUTH request .
>
> (Again depends on the answer to question 1 )
>
> 4. How do we handle a case of more than 1 Hash algorithms being received by
> the responder?
>
> directly take the first one or choose the stronger one.
> (Discussed this with Paul already , and we decided to take the first one for
> now)
>
>
> Sorry for the long email.
> The more number of times I read the RFC , the more number of questions and
> doubts :) Or am I overthinking? :)
>
> Thank you for your patience and time in advance.
>
>
> Regards,
> Sahana Prasad
>
>
>
>
>
>
>
>
>
>
>
>
>
_______________________________________________
Swan-dev mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-dev
