[IPsec] Re: WGLC of the draft-ietf-ipsecme-ikev2-qr-alt-03

Mon, 29 Jul 2024 00:52:22 -0700 

Hi,

> This will start two week WGLC for the draft-ietf-ipsecme-ikev2-qr-alt [1]. 
> This last
> call will end at 2024-08-11. If you have any comments about the draft send 
> them to
> the WG list.
> 
> This current draft uses different method of mixing the secret data to the IKE 
> SA
> state than the Multiple Key Exchanges RFC9370 [2], and this is one of the 
> items I
> would like to get confirmation from the WG.
> 
> The current draft uses:
> 
>   SKEYSEED' = prf+ (PPK, SK_d)
> 
>   {SK_d | SK_ai | SK_ar | SK_ei | SK_er | SK_pi | SK_pr}
>                        = prf+ (SKEYSEED', Ni | Nr | SPIi | SPIr )
> 
> When Multiple Key Exchanges RFC9370 uses:
> 
>   SKEYSEED(n) = prf(SK_d(n-1), SK(n) | Ni | Nr)
> 
>   {SK_d | SK_ai | SK_ar | SK_ei | SK_er | SK_pi | SK_pr}
>                        = prf+ (SKEYSEED', Ni | Nr | SPIi | SPIr )
> 
> (we could simply use that by saying that SK(n) = PPK in that calculation, and 
> if we
> have both multiple key exchanges and PPK, we would concatenate PPK and
> SK(n))
> 
> [1] https://datatracker.ietf.org/doc/draft-ietf-ipsecme-ikev2-qr-alt/
> [2] https://datatracker.ietf.org/doc/rfc9370/

The draft uses the method similar to RFC 8784:

    SK_d  = prf+ (PPK, SK_d')

with the replacement of SK_d with SKEYSEED.

The rationale for using the current form:
1. This is the most straightforward and conservative use of prf, when the first 
argument (PPK) is uniformly random key.
2. The first argument to prf is usually a key while the second is usually a 
(public) data, some API to crypto libraries may not
     allow use of a secret key as a data and may not allow export it, so the 
current use of PPK is generally easier to implement.
3. The draft can be seen as an successor to RFC 8784, and it is believed that 
these two will be implemented together,
    thus re-using the computation method from RFC 8784 makes sense. In 
contrast, the draft is completely independent from RFC 9370.

Regards,
Valery.

> --
> kivi...@iki.fi
> 
> _______________________________________________
> IPsec mailing list -- ipsec@ietf.org
> To unsubscribe send an email to ipsec-le...@ietf.org

_______________________________________________
IPsec mailing list -- ipsec@ietf.org
To unsubscribe send an email to ipsec-le...@ietf.org

Reply via email to