Hi Tero: Thanks for your insight. Please see my comments inline.
> El 29 ene 2023, a las 16:32, Tero Kivinen <kivi...@iki.fi> escribió: > > Rafa Marín López writes: >> Hi John: >> - 2) Use PSK with ECDHE (similar to psk_dhe_ke in TLS) >> >> Let me also add here, as a reference, IKEv2. Basically, section 1.3.2 in RFC >> 7296 shows a 1-RTT exchange including DH exchange and nonces to regenerate >> the >> IKE security association. >> >> - 3) Use PSK with exchanged random values (similar to psk_ke in TLS) >> >> Curiously, when IKEv2 tries to generate key material for the IPsec security >> associations (and not for the IKEv2 SA) allows just sending nonces (see >> section 1.3.3 in RFC 7296), though there is also the possibility to include a >> DH exchange. I mention this because EDHOC can be used to regenerate OSCORE >> contexts. > > IKEv2 allows doing IPsec SA rekeys without Diffie-Hellman because > there might be thousands of those between two gateways, and doing > Diffie-Hellman for each of them would be too costly. I.e., it allows > per SA decision whether you need PFS or not. If you are rekeying SA > just because your traffic counters roll over, there is no need to do > PFS. Correct. For this reason (“would be too costly” or at least, more costly) I was mentioning the possibility of allowing or not PFS also in EDHOC for the rekey. > > Note, in this context the Diffie-Hellman secret to protect IKE SA is > considered as "long term secret", i.e., breaking that will allow you > to see the IKEv2 SA traffic, thus break all the IPsec SAs negotiated > over that IKE SA unless they did their own Diffie-Hellman. Doing IKE > SA rekey will redo that Diffie-Hellman, meaning attacker need to break > that new Diffie-Hellman secret again to allow it to break new IPsec > SAs created after rekey. Yes, correct. > > For IKE SA rekeys there was no point to do rekey without doing > Diffie-Hellman, so thats why doing Diffie-Hellman there is mandatory. Yes, it makes a lot of sense to perform DH in this case. Best Regards. > -- > kivi...@iki.fi > > -- > Lake mailing list > l...@ietf.org > https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/lake__;!!D9dNQwwGXtA!UhYj2QcUeH4tNRwjE44F-IOuNxnAwM5f6BKrQ1x-8wano2mdqsrTbsC7yVoyZ4gw94vlVIyZSQ$ > ------------------------------------------------------- Rafa Marin-Lopez, PhD Dept. Information and Communications Engineering (DIIC) Faculty of Computer Science-University of Murcia 30100 Murcia - Spain Telf: +34868888501 Fax: +34868884151 e-mail: r...@um.es -------------------------------------------------------
_______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
