Tero and Yoav, Could we have a 10-minute slot at the IETF120 IPsecME session to present https://datatracker.ietf.org/doc/draft-dunbar-secdispatch-ligthtweight-authenticate/ ?
The discussion on the mailing list has convinced us of the benefits of describing the background and the proposed mechanism, as well as obtaining more valuable feedback. Thanks, Linda -----Original Message----- From: Linda Dunbar Sent: Wednesday, July 10, 2024 3:39 PM To: Scott Fluhrer (sfluhrer) <sfluh...@cisco.com>; Paul Wouters <p...@nohats.ca> Cc: ipsec@ietf.org Subject: RE: [IPsec] Re: Are there any issues of reusing IPsec key for generating Authentication Code? Scott, Our draft (https://datatracker.ietf.org/doc/draft-dunbar-secdispatch-ligthtweight-authenticate/ describes lightweight authentication methods to prevent malicious actors from tampering with IP encapsulation headers or the metadata carried by the UDP Option Header. The IP encapsulation header is for steering encrypted payloads through the Cloud backbone without requiring the Cloud Gateway to decrypt or re-encrypt the payload as outlined in the https://datatracker.ietf.org/doc/draft-ietf-rtgwg-multisegment-sdwan/ . The email discussion was triggered by a comment that our draft didn't describe how the Authentication keys are distributed. Thanks, Linda -----Original Message----- From: Scott Fluhrer (sfluhrer) <sfluh...@cisco.com> Sent: Wednesday, July 10, 2024 2:41 PM To: Linda Dunbar <linda.dun...@futurewei.com>; Paul Wouters <p...@nohats.ca> Cc: ipsec@ietf.org Subject: RE: [IPsec] Re: Are there any issues of reusing IPsec key for generating Authentication Code? Might I ask "what problem are you attempting to solve"? While what you're suggesting *might* be safe, I can't help but feel that there's a cleaner solution out there... > -----Original Message----- > From: Linda Dunbar <linda.dun...@futurewei.com> > Sent: Wednesday, July 10, 2024 5:35 PM > To: Paul Wouters <p...@nohats.ca> > Cc: ipsec@ietf.org > Subject: [IPsec] Re: Are there any issues of reusing IPsec key for > generating Authentication Code? > > Paul, > > Thank you very much for the comment. > Is it acceptable to use the existing IPsec keys as input to a key > derivation function (KDF)? The KDF generates unique authentication > keys that are cryptographically linked to the IPsec keys but not directly > exposed. > > Linda > > > > -----Original Message----- > From: Paul Wouters <p...@nohats.ca> > Sent: Wednesday, July 10, 2024 8:59 AM > To: Linda Dunbar <linda.dun...@futurewei.com> > Cc: ipsec@ietf.org > Subject: Re: [IPsec] Are there any issues of reusing IPsec key for > generating Authentication Code? > > On Tue, 9 Jul 2024, Linda Dunbar wrote: > > > 1. The IPsec tunnel itself provides a secure channel for > > transmitting the > authentication keys. This ensures that the keys > > are protected from eavesdropping or tampering during distribution. > > 2. Reuse the existing IPsec keys as input to a key derivation function > > (KDF). > The KDF generates unique authentication keys > > that are cryptographically linked to the IPsec keys but not > > directly > exposed. This adds a layer of protection, even if > > the IPsec keys are compromised. > > Re-using keys for different purposes is not recommend on principle. > Some certifications (eg FIPS) also forbid dual use of the same key(pair). > > Paul > > _______________________________________________ > IPsec mailing list -- ipsec@ietf.org > To unsubscribe send an email to ipsec-le...@ietf.org _______________________________________________ IPsec mailing list -- ipsec@ietf.org To unsubscribe send an email to ipsec-le...@ietf.org
