Re: [IPsec] Comments on draft-smyslov-ipsecme-ikev2-auth-announce

Tue, 09 Nov 2021 01:39:20 -0800 

Paul Wouters writes:
> On Mon, 8 Nov 2021, Tero Kivinen wrote:
> 
> >> Does the AuthMethod apply to the algorithms within the certificate
> >> as well? The RFC should clarify this.
> >
> > The reason for this notify is that if the peer has multiple key pairs
> > (i.e., private keys) it needs to pick one private key to sign the AUTH
> > payload with. If one of those private keys is using EC and another is
> > using RSA, then without this notification there is no way of knowing
> > which one to pick (except perhaps by prior configuration or by
> > heuristics based on the CERTREQ etc).
> 
> What will be in the notification then? Since the authenticaion method
> for both is "RFC 7425 Digital Signatures" as per existing IANA registry
> for IKEv2 Authentication Methods.

>From the draft:

----------------------------------------------------------------------
   The following format is currently used only with the "Digital
   Signature" (14) authentication method.

                       1                   2                   3
   0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |  Length (>3)  |  Auth Method  |   Cert Link   |               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+               +
   |                                                               |
   ~                AlgorithmIdentifier ASN.1 object               ~
   |                                                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
----------------------------------------------------------------------

I.e., for RFC7425 Digital Signatures, there is also the ASN.1
algorithm identifier to tell which algorithm(s) is/are supported.

> We would still need a new registry or we need to identify auth algorithms
> by their SPKI similar to how we can signature supported hash algorithms.
> But we would prob end up with seeing lots of duplicate entries with
> slightly different SPKI prefixes.

If the Cert Link is zero then the algorithms can be used with any CA,
otherwise they are only to specific CA listed in the CERTREQ, so in
most cases you simply list method 14 few times with the
AlgorithmIdentifiers you support. 

> The RSS-v1.5 vs RSS-PSS is a major pain right now, and implementations
> using 7425 and specifying RSA-v1.5 SHA1 are a double pain as the RFCs
> clearly doesn't allow that. We run into frequent interop issues with
> these.

My understanding is that the one of the reasons for this draft is to
try to solve that issue...
-- 
kivi...@iki.fi

_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec

Reply via email to