Re: [IPsec] I-D Action: draft-ietf-ipsecme-ikev1-algo-to-historic-08.txt
Tero Kivinen <kivinen@iki.fi> Wed, 23 November 2022 12:11 UTC
Return-Path: <kivinen@iki.fi>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 496F8C14CE27 for <ipsec@ietfa.amsl.com>; Wed, 23 Nov 2022 04:11:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.1
X-Spam-Level:
X-Spam-Status: No, score=-7.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iki.fi
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XCiofgqgegaC for <ipsec@ietfa.amsl.com>; Wed, 23 Nov 2022 04:10:55 -0800 (PST)
Received: from lahtoruutu.iki.fi (lahtoruutu.iki.fi [IPv6:2a0b:5c81:1c1::37]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3F8D4C14CEE4 for <ipsec@ietf.org>; Wed, 23 Nov 2022 04:10:53 -0800 (PST)
Received: from fireball.acr.fi (fireball.acr.fi [83.145.195.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: kivinen@iki.fi) by lahtoruutu.iki.fi (Postfix) with ESMTPSA id B933B1B000EF; Wed, 23 Nov 2022 14:10:47 +0200 (EET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=iki.fi; s=lahtoruutu; t=1669205448; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=flITP/Wyh+R8Go/vy+0tPXqiP9FnCDChl8UY4jp/Tqk=; b=GszUjpLPbdnERdhSgeHVcSobEk8kklRTY2pmTs1Mq1SGO+tBoBLPRmqedcWqwYjAczyame xFjbRSLFqWp9mbYJnj6O6kLzwzTfWrweFl6B4G7o0gwFjgKHday7/5rQq4l7mAGZO02WCg eiobMeat/9GURRw1/j5Pxy+aypeOBnTz+PzC54ykcmqcYxHRp3vB329pHMZ8RwziFyrM8T Cy0YPScfYpJdomqo6+DqhnTovDjWtA+y7RtcuhwLxIjZQQx/wj3OtUXrJVkrUo9JGlwGVQ JvKa17ORiqc5iCZ515068xUmrDGAru0c3Y19/JB9DicVKdoRRo6amAl+9MNKtg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=iki.fi; s=lahtoruutu; t=1669205448; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=flITP/Wyh+R8Go/vy+0tPXqiP9FnCDChl8UY4jp/Tqk=; b=wAvr7xRqJ++rcfLD3zK1KSNZShl+z/gF9he9AW/rZ/+qgkYmT5fjAFp60i5if2b8q4eE59 ewbSmjbhfba5UXQH4qTl68bBXBNkbTUkNIdYR+bWP042NP6UnKOBvMrjChIjjldmnfjClj GRNExINEv2Bb/CjmoBM2hHM2pBwK7scQpFj8Z0egMfxrdGKzMkivwN56XKKkbGV0WFR8i7 GcC+9HG8xRJ8AN8ffNfgZdVP4PLN88F2L6RftnoopoxxIYQHBqjrIe3OkDFLq+5f1fr4ht MiIc2TeO52uAKafEZo5XcPGDlJbE3+uKg3BLAtHKI+4P0e8kQVefZoc61mZsUw==
ARC-Authentication-Results: i=1; ORIGINATING; auth=pass smtp.auth=kivinen@iki.fi smtp.mailfrom=kivinen@iki.fi
ARC-Seal: i=1; s=lahtoruutu; d=iki.fi; t=1669205448; a=rsa-sha256; cv=none; b=trR9eTL2Qr/NZKUIlis9DdFAIfsaVAGrwfUhIyNZgEzFFxQ0mDkzirTHp7UD9lsFwCElZ3 606DbuadHgXQbQFW+Thi43LVtpyQiAdh1vKNfvHF+SuODf9RE2RYliNBjerjfizoIQ/787 FLHKvosAke/MDR9uNm8M+Rc/M4HJjx+gXmqs0EIaba2ITd6djUGVxRo9EwNQZzujHOe5+Y /s4HMj/zTZdbsAA9+UjTyMv67wiVzmQMxRA06HYjXUu8kNFzxx3aEYr5BPGSVaN6jO2yFw ScyelF2qJHDzOrpmLFdG6DZMJsUVHnviI0Q4DZd78HjeS6Dq20ghM1a6oOZuDg==
Received: by fireball.acr.fi (Postfix, from userid 15204) id 22C9E25C12F9; Wed, 23 Nov 2022 14:10:47 +0200 (EET)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <25470.3527.51755.35718@fireball.acr.fi>
Date: Wed, 23 Nov 2022 14:10:47 +0200
From: Tero Kivinen <kivinen@iki.fi>
To: Paul Wouters <paul@nohats.ca>
Cc: ipsec@ietf.org
In-Reply-To: <d5250375-e220-6b1c-ca6f-357d6c12674a@nohats.ca>
References: <166878243717.63383.13722856524693664615@ietfa.amsl.com> <d5250375-e220-6b1c-ca6f-357d6c12674a@nohats.ca>
X-Mailer: VM 8.2.0b under 26.3 (x86_64--netbsd)
X-Edit-Time: 5 min
X-Total-Time: 5 min
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/r6XCmvXXbYhgd19CNxIpZbk3tU8>
Subject: Re: [IPsec] I-D Action: draft-ietf-ipsecme-ikev1-algo-to-historic-08.txt
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Nov 2022 12:11:01 -0000
Paul Wouters writes: > ps. Re-reading this draft, does anyone remember why we deprecated DH22 > (1024-bit MODP Group with 160-bit Prime Order Subgroup) but not DH2 > (also 1024 bit MODP) >From 8247: ... Group 2 or the 1024-bit MODP Group has been downgraded from MUST- in RFC 4307 to SHOULD NOT. It is known to be weak against sufficiently funded attackers using commercially available mass-computing resources, so its security margin is considered too narrow. It is expected in the near future to be downgraded to MUST NOT. ... Groups 22, 23, and 24 are MODP groups with Prime Order Subgroups that are not safe primes. The seeds for these groups have not been publicly released, resulting in reduced trust in these groups. These groups were proposed as alternatives for groups 2 and 14 but never saw wide deployment. It has been shown that group 22 with 1024-bit MODP is too weak and academia have the resources to generate malicious values at this size. This has resulted in group 22 to be demoted to MUST NOT. Groups 23 and 24 have been demoted to SHOULD NOT and are expected to be further downgraded in the near future to MUST NOT. Since groups 23 and 24 have small subgroups, the checks specified in the first bullet point of Section 2.2 of "Additional Diffie-Hellman Tests for the Internet Key Exchange Protocol Version 2 (IKEv2)" [RFC6989] MUST be done when these groups are used. ... I.e., the main reason being that group 2 was only MUST algorithm before, and moving it from MUST to MUST NOT while we do not have any oher algorithms as MUST was considered bad. Also the group is formed inin a deterministic way which should not make it possible that the group is created to be weak from the beginning. There were no such concerns for the group 22, and also as there is no way of knowing whether that group is generated as weak group that is even more reason to make it MUST NOT. -- kivinen@iki.fi
- [IPsec] I-D Action: draft-ietf-ipsecme-ikev1-algo… internet-drafts
- Re: [IPsec] I-D Action: draft-ietf-ipsecme-ikev1-… Paul Wouters
- Re: [IPsec] I-D Action: draft-ietf-ipsecme-ikev1-… Tero Kivinen
- Re: [IPsec] I-D Action: draft-ietf-ipsecme-ikev1-… John Mattsson
- Re: [IPsec] I-D Action: draft-ietf-ipsecme-ikev1-… Paul Wouters
- Re: [IPsec] I-D Action: draft-ietf-ipsecme-ikev1-… Tero Kivinen
- Re: [IPsec] I-D Action: draft-ietf-ipsecme-ikev1-… Paul Wouters
- Re: [IPsec] I-D Action: draft-ietf-ipsecme-ikev1-… Daniel Migault