ietf
[Top] [All Lists]

Re: Last call comments for draft-lepinski-dh-groups-01

2007-10-10 07:27:20
At 1:32 PM +0300 10/9/07, <Pasi(_dot_)Eronen(_at_)nokia(_dot_)com> wrote:
1) Section 1 says:

   "Sixteen additional groups subsequently have been defined and
   assigned values by IANA for use with IKE (v1 and v2).  All of
   these additional groups are optional in the IKE context.  Of
   the twenty-one groups defined so far, eight are MODP groups
   (exponentiation groups modulo a prime), ten are EC2N groups
   (elliptic curve groups over GF[2^N]) and three are ECP groups
   (elliptic curve groups over GF[P]).

This is not totally correct. As of this writing, no EC2N groups
have been assigned values for use with IKEv2.  Also, eight of the
ten EC2N groups for IKEv1 are not documented in any RFC. (And yes,
I'm aware of draft-ietf-ipsec-ike-ecc-groups -- but that hasn't
been approved yet, and requires changes before approval.)

draft-lepinski-dh-groups needs to track draft-ietf-ipsec-ike-ecc-groups very carefully. If there is any mis-match, we will have interoperability problems in the future.

2) For IKEv1/IKEv2, the document should explicitly specify how
ECC points are converted to octet strings (for KE payloads
and resulting shared secret value). Currently, there are at
least three incompatible options (RFC 4753, RFC 2409, and
draft-ietf-ipsec-ike-ecc-groups-10 drafts). I'd suggest just
saying "the same way as in RFC 4753".

This bodes really poorly for interoperability. draft-lepinski-dh-groups needs to be revised to specify one of the methods, and that needs to be discussed on the IPsec mailing list. I would not assume that implementers would prefer RFC 4753 over draft-ietf-ipsec-ike-ecc-groups.

--Paul Hoffman, Director
--VPN Consortium

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf