On 12/11/2020 7:29 PM, Paul Wouters wrote:
On Dec 11, 2020, at 13:16, Manfred <[email protected]> wrote:
Hi Paul,
Thank you very much for the answer.
About "much better" I see in RFC 7427 that its main purpose is to generalize
the IKEv2 authentication method for ECDSA:
"The current version only includes support for three Elliptic Curve groups, and
there is a fixed hash algorithm tied to each group. This document generalizes..."
That is to say that the "old" methods (9, 10, 11) don't seem to be deemed
cryptographically weak or obsolete, do I understand this right?
Correct. It’s main goal is to support new authentication algorithms without
requiring an RFC per signature+hash combination.
The other end I need to connect to is Windows 10 which indeed appears to use
methods 9, 10, and 11 in combination with ECDSA certificates.
More specifically, if e.g. DH ECP384 is set (via
Set-VpnConnectionIPsecConfiguration) then only an ECDSA certificate with the
P-384 curve is allowed (others are rejected with error 13806)
That’s unfortunate. We were hoping to avoid having toads support for it.
Reason I mention this is that methods 9, 10 11 could be an interoperability
consideration, that is /iif/ they are cryptographically sound, if not I'd like
to know.
(if EC ciphers can't be used the best it can be done with Windows and libreswan
seems to be MODP2048)
I know Windows can do modp8192 and 4096, but the DH groups are a separate issue
from the authentication method we were talking about. Libreswan supports the
ECP DH groups (and curve25519 / curve448)
I know that DH and the authentication method are different things, but
apparently Windows hardcouples the auth method to the DH group selected.
See the last answer in:
https://social.technet.microsoft.com/Forums/ie/en-US/b1d8b473-b05d-413b-8afe-2eeab00d263a/ike-failed-to-find-valid-machine-certificate?forum=win10itprosecurity
I have verified that if an ECP DH group is selected, then only an ECDSA
certificate is accepted as machine certificate (with the same key bit
length), which leads to the original problem of my question.
(I have also seen that Libreswan supports the ECP DH groups, it shows up
clearly in the logs, that's why I was surprised by this auth failure)
BTW. How does Windows support modp8192 and 4096? I have seen that it can
use 4096-bit RSA certificates, is this what you mean, or otherwise how
would you select these stronger encryption ciphers (they don't appear in
Set-VpnConnectionIPsecConfiguration)?
Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
