Additional Diffie-Hellman Tests for the Internet Key Exchange Protocol Version 2 (IKEv2)
draft-ietf-ipsecme-dh-checks-05
Revision differences
Document history
Date | Rev. | By | Action |
---|---|---|---|
2013-07-22
|
05 | (System) | RFC Editor state changed to AUTH48-DONE from AUTH48 |
2013-07-12
|
05 | (System) | RFC Editor state changed to AUTH48 from RFC-EDITOR |
2013-06-28
|
05 | (System) | RFC Editor state changed to RFC-EDITOR from EDIT |
2013-06-12
|
05 | (System) | IANA Action state changed to RFC-Ed-Ack from Waiting on RFC Editor |
2013-06-12
|
05 | (System) | IANA Action state changed to Waiting on RFC Editor from Waiting on Authors |
2013-06-11
|
05 | (System) | IANA Action state changed to Waiting on Authors from In Progress |
2013-06-06
|
05 | Amy Vezza | State changed to RFC Ed Queue from Approved-announcement sent |
2013-06-06
|
05 | (System) | RFC Editor state changed to EDIT |
2013-06-06
|
05 | (System) | Announcement was received by RFC Editor |
2013-06-05
|
05 | (System) | IANA Action state changed to In Progress |
2013-06-05
|
05 | Amy Vezza | State changed to Approved-announcement sent from Approved-announcement to be sent |
2013-06-05
|
05 | Amy Vezza | IESG has approved the document |
2013-06-05
|
05 | Amy Vezza | Closed "Approve" ballot |
2013-06-05
|
05 | Amy Vezza | Ballot approval text was generated |
2013-06-05
|
05 | Amy Vezza | Ballot writeup was changed |
2013-06-05
|
05 | Amy Vezza | State changed to Approved-announcement to be sent from IESG Evaluation::AD Followup |
2013-06-04
|
05 | Yaron Sheffer | IANA Review state changed to Version Changed - Review Needed from IANA OK - Actions Needed |
2013-06-04
|
05 | Yaron Sheffer | New version available: draft-ietf-ipsecme-dh-checks-05.txt |
2013-05-30
|
04 | Cindy Morgan | State changed to IESG Evaluation::AD Followup from IESG Evaluation |
2013-05-30
|
04 | Stephen Farrell | [Ballot comment] - 2.4: code "MAY be modified" - even for me, that's a 2119 bogosity. - 2.4: I'm curious (and haven't read the references:-). … [Ballot comment] - 2.4: code "MAY be modified" - even for me, that's a 2119 bogosity. - 2.4: I'm curious (and haven't read the references:-). Why do MODP implementations that re-use DH private values not need to be updated because of 2.2? - 2.5@ "INVALID_SYNTAX" ? Yuk. This is not syntactical. Is there no better error message to pick? - terminology nit: sometimes you say secret DH key and sometimes (maybe only 4.2?) yoy say private DH keys. My prefernce is to talk about public and private DH values, but whatever. - 4.3 the MUST here seems bogus and somewhat optimistic |
2013-05-30
|
04 | Stephen Farrell | [Ballot Position Update] Position for Stephen Farrell has been changed to No Objection from Discuss |
2013-05-30
|
04 | Gonzalo Camarillo | [Ballot Position Update] New position, No Objection, has been recorded for Gonzalo Camarillo |
2013-05-30
|
04 | Ted Lemon | [Ballot comment] +1 to Stephen Farrell's DISCUSS Barry commented on the text I quote below, saying that it didn't seem like protocol behavior. It makes … [Ballot comment] +1 to Stephen Farrell's DISCUSS Barry commented on the text I quote below, saying that it didn't seem like protocol behavior. It makes sense to me as protocol behavior, but I see why it might have raised a question: The recipient of a DH public key that fails one of the above tests can assume that the sender is either truly malicious or else it has a bug in its implementation. It would probably be more clearly a protocol behavior if it said "must assume" rather than "can assume." I assume that it doesn't say must because must could be taken as normative, but I think that's okay. You could also say "assumes." You should take out the second comma in this sentence, because the extra comma softens the connection between "is secure" and "in the sense," which is the opposite of what I think you are trying to convey: On the other hand, the error notification is secure, in the sense that no secret information is leaked. I'm really happy to see this work being done—thanks for doing it! |
2013-05-30
|
04 | Ted Lemon | [Ballot Position Update] New position, Yes, has been recorded for Ted Lemon |
2013-05-30
|
04 | Stephen Farrell | [Ballot discuss] I'd be happy to ballot yes, but have a question about the IPR declaration, which is RAND with possible royalty/fee. The write-up says … [Ballot discuss] I'd be happy to ballot yes, but have a question about the IPR declaration, which is RAND with possible royalty/fee. The write-up says " There was no WG discussion about any IPR disclosures regarding this document." That's a bit surprising and potentially the IPR might not e.g. apply to the MODP groups, so shouldn't the WG have considered whether or not they want to split that out or not? The IPR declaration is also later than the write-up so its possible that the WG have considered this since the above quote was written. |
2013-05-30
|
04 | Stephen Farrell | [Ballot comment] - 2.4: code "MAY be modified" - even for me, that's a 2119 bogosity. - 2.4: I'm curious (and haven't read the references:-). … [Ballot comment] - 2.4: code "MAY be modified" - even for me, that's a 2119 bogosity. - 2.4: I'm curious (and haven't read the references:-). Why do MODP implementations that re-use DH private values not need to be updated because of 2.2? - 2.5@ "INVALID_SYNTAX" ? Yuk. This is not syntactical. Is there no better error message to pick? - terminology nit: sometimes you say secret DH key and sometimes (maybe only 4.2?) yoy say private DH keys. My prefernce is to talk about public and private DH values, but whatever. - 4.3 the MUST here seems bogus and somewhat optimistic |
2013-05-30
|
04 | Stephen Farrell | [Ballot Position Update] New position, Discuss, has been recorded for Stephen Farrell |
2013-05-29
|
04 | Pete Resnick | [Ballot Position Update] New position, No Objection, has been recorded for Pete Resnick |
2013-05-29
|
04 | Joel Jaeggli | [Ballot Position Update] New position, No Objection, has been recorded for Joel Jaeggli |
2013-05-29
|
04 | Richard Barnes | [Ballot Position Update] New position, No Objection, has been recorded for Richard Barnes |
2013-05-29
|
04 | Stewart Bryant | [Ballot Position Update] New position, No Objection, has been recorded for Stewart Bryant |
2013-05-28
|
04 | Spencer Dawkins | [Ballot Position Update] New position, No Objection, has been recorded for Spencer Dawkins |
2013-05-27
|
04 | Jari Arkko | [Ballot Position Update] New position, No Objection, has been recorded for Jari Arkko |
2013-05-27
|
04 | Martin Stiemerling | [Ballot comment] all cleared. Thanks! |
2013-05-27
|
04 | Martin Stiemerling | [Ballot Position Update] Position for Martin Stiemerling has been changed to No Objection from Discuss |
2013-05-27
|
04 | Sean Turner | This draft does include text from RFC 2412. To avoid the pre-5378 boilerplate the author of RF 2412 was consulted and she was willing … |
2013-05-27
|
04 | Martin Stiemerling | [Ballot discuss] I have no general objection to the publication of this draft, but one issue that can be easily solved. The draft says "This … [Ballot discuss] I have no general objection to the publication of this draft, but one issue that can be easily solved. The draft says "This additional material is taken from [RFC2412]". RFC 2412 pre-dates 10 November 2008 (pub date of RFC 5378) and therefore if text material out of RFC 2412 is reused, the draft has to use the pre-RFC 5378 boiler plate. Does this draft re-use text out of RFC 2412? |
2013-05-27
|
04 | Martin Stiemerling | [Ballot Position Update] New position, Discuss, has been recorded for Martin Stiemerling |
2013-05-26
|
04 | Adrian Farrel | [Ballot Position Update] New position, No Objection, has been recorded for Adrian Farrel |
2013-05-24
|
04 | Benoît Claise | [Ballot Position Update] New position, No Objection, has been recorded for Benoit Claise |
2013-05-23
|
04 | Barry Leiba | [Ballot comment] -- Section 2.5 -- The recipient of a DH public key that fails one of the above tests can assume that … [Ballot comment] -- Section 2.5 -- The recipient of a DH public key that fails one of the above tests can assume that the sender is either truly malicious or else it has a bug in its implementation. How is this "protocol behavior"? How is the statement even helpful? -- Section 7.2 -- In the reference for IANA-DH-Registry, IANA's preferred URL to publish omits the "xml" part. Please use this: http://www.iana.org/assignments/ikev2-parameters/#ikev2-parameters-8 |
2013-05-23
|
04 | Barry Leiba | [Ballot Position Update] New position, No Objection, has been recorded for Barry Leiba |
2013-05-23
|
04 | (System) | IANA Review state changed to IANA OK - Actions Needed from IANA - Review Needed |
2013-05-23
|
04 | (System) | IANA Review state changed to IANA - Review Needed from IANA OK - Actions Needed |
2013-05-23
|
04 | Brian Haberman | [Ballot Position Update] New position, No Objection, has been recorded for Brian Haberman |
2013-05-22
|
04 | Sean Turner | Ballot has been issued |
2013-05-22
|
04 | Sean Turner | [Ballot Position Update] New position, Yes, has been recorded for Sean Turner |
2013-05-22
|
04 | Sean Turner | Created "Approve" ballot |
2013-05-22
|
04 | Sean Turner | Ballot writeup was changed |
2013-05-22
|
04 | Sean Turner | Placed on agenda for telechat - 2013-05-30 |
2013-05-22
|
04 | Sean Turner | State changed to IESG Evaluation from Waiting for AD Go-Ahead |
2013-05-20
|
04 | (System) | State changed to Waiting for AD Go-Ahead from In Last Call |
2013-05-16
|
04 | Tero Kivinen | Request for Last Call review by SECDIR Completed: Ready. Reviewer: Leif Johansson. |
2013-05-15
|
04 | Amanda Baber | IESG/Authors/WG Chairs: IANA has reviewed draft-ietf-ipsecme-dh-checks-04.txt. Authors should review the comments and/or questions below. Please report any inaccuracies and respond to any questions as soon … IESG/Authors/WG Chairs: IANA has reviewed draft-ietf-ipsecme-dh-checks-04.txt. Authors should review the comments and/or questions below. Please report any inaccuracies and respond to any questions as soon as possible. Upon approval of this document, IANA understands that there is a single IANA action that needs to be completed. In the IKEv2 Transform Type 4 - Diffie Hellman Group Transform IDs subregistry of the Internet Key Exchange Version 2 registry located at: http://www.iana.org/assignments/ikev2-parameters/ikev2-parameters.xml a new column will be added to the subregistry called "Recipient Tests." IANA understands that all future registrations in this subregistry will require this field to be populated. For existing registrations in this subregistry, the column will be populated as follows: Number Recipient Tests -------+----------------------------------- 1 [ RFC-to-be ], Section 2.1 2 [ RFC-to-be ], Section 2.1 5 [ RFC-to-be ], Section 2.1 14 [ RFC-to-be ], Section 2.1 15 [ RFC-to-be ], Section 2.1 16 [ RFC-to-be ], Section 2.1 17 [ RFC-to-be ], Section 2.1 18 [ RFC-to-be ], Section 2.1 19 [ RFC-to-be ], Section 2.3 20 [ RFC-to-be ], Section 2.3 21 [ RFC-to-be ], Section 2.3 22 [ RFC-to-be ], Section 2.2 23 [ RFC-to-be ], Section 2.2 24 [ RFC-to-be ], Section 2.2 25 [ RFC-to-be ], Section 2.3 26 [ RFC-to-be ], Section 2.3 IANA NOTE: We understand that the registry expert is aware of this modification. IANA understand that this is the only action required to be completed upon approval of this document. Note: The actions requested in this document will not be completed until the document has been approved for publication as an RFC. This message is only to confirm what actions will be performed. |
2013-05-15
|
04 | (System) | IANA Review state changed to IANA OK - Actions Needed from IANA - Review Needed |
2013-05-13
|
04 | Dan Romascanu | Request for Last Call review by GENART Completed: Ready. Reviewer: Dan Romascanu. |
2013-05-09
|
04 | Jean Mahoney | Request for Last Call review by GENART is assigned to Dan Romascanu |
2013-05-09
|
04 | Jean Mahoney | Request for Last Call review by GENART is assigned to Dan Romascanu |
2013-05-09
|
(System) | Posted related IPR disclosure: Certicom Corporation's Statement about IPR related to draft-ietf-ipsecme-dh-checks-04 | |
2013-05-07
|
04 | Tero Kivinen | Request for Last Call review by SECDIR is assigned to Leif Johansson |
2013-05-07
|
04 | Tero Kivinen | Request for Last Call review by SECDIR is assigned to Leif Johansson |
2013-05-06
|
04 | Amy Vezza | IANA Review state changed to IANA - Review Needed |
2013-05-06
|
04 | Amy Vezza | The following Last Call announcement was sent out: From: The IESG To: IETF-Announce CC: Reply-To: ietf@ietf.org Sender: Subject: Last Call: (Additional Diffie-Hellman Tests for IKEv2) … The following Last Call announcement was sent out: From: The IESG To: IETF-Announce CC: Reply-To: ietf@ietf.org Sender: Subject: Last Call: (Additional Diffie-Hellman Tests for IKEv2) to Proposed Standard The IESG has received a request from the IP Security Maintenance and Extensions WG (ipsecme) to consider the following document: - 'Additional Diffie-Hellman Tests for IKEv2' as Proposed Standard The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@ietf.org mailing lists by 2013-05-20. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract This document adds a small number of mandatory tests required for the secure operation of IKEv2 with elliptic curve groups. No change is required to IKE implementations that use modular exponential groups, other than a few rarely used so-called DSA groups. This document updates the IKEv2 protocol, RFC 5996. The file can be obtained via http://datatracker.ietf.org/doc/draft-ietf-ipsecme-dh-checks/ IESG discussion can be tracked via http://datatracker.ietf.org/doc/draft-ietf-ipsecme-dh-checks/ballot/ No IPR declarations have been submitted directly on this I-D. |
2013-05-06
|
04 | Amy Vezza | State changed to In Last Call from Last Call Requested |
2013-05-06
|
04 | Amy Vezza | Last call announcement was generated |
2013-05-06
|
04 | Sean Turner | Last call was requested |
2013-05-06
|
04 | Sean Turner | Ballot approval text was generated |
2013-05-06
|
04 | Sean Turner | Ballot writeup was generated |
2013-05-06
|
04 | Sean Turner | State changed to Last Call Requested from AD Evaluation::AD Followup |
2013-05-05
|
04 | Sean Turner | Last call announcement was generated |
2013-05-04
|
04 | (System) | Sub state has been changed to AD Followup from Revised ID Needed |
2013-05-04
|
04 | Yaron Sheffer | New version available: draft-ietf-ipsecme-dh-checks-04.txt |
2013-04-30
|
03 | Sean Turner | Here's a link to my AD review: https://www.ietf.org/mail-archive/web/ipsec/current/msg08370.html |
2013-04-30
|
03 | Sean Turner | State changed to AD Evaluation::Revised I-D Needed from AD Evaluation |
2013-04-24
|
03 | Sean Turner | State changed to AD Evaluation from Publication Requested |
2013-04-24
|
03 | Sean Turner | Document shepherd changed to Paul Hoffman |
2013-04-24
|
03 | Sean Turner | Changed document writeup |
2013-04-22
|
03 | Cindy Morgan | 1. Summary This is a document writeup for draft-ietf-ipsecme-dh-checks-03, prepared by Paul Hoffman for Sean Turner. The document corrects a problem found well after … 1. Summary This is a document writeup for draft-ietf-ipsecme-dh-checks-03, prepared by Paul Hoffman for Sean Turner. The document corrects a problem found well after RFC 5996 was published. Implementations that support elliptic curves and DSA, and also reuse private keys, are vulnerable to some attacks that can be prevented by some simple checking. This document specifies the circumstances where the attack might happen and how to prevent them. This document is appropriate for Standards Track because, if the attack had been known and understood when RFC 5996 was written, it would certainly have been part of that document. 2. Review and Consensus The document was reviewed by enough active developers and cryptographically-inclined participants to be sufficient for Standards Track. There is definite consensus to publish. 3. Intellectual Property Both authors have stated that their direct, personal knowledge of any IPR related to this document has already been disclosed, in conformance with BCPs 78 and 79. There was no WG discussion about any IPR disclosures regarding this document. |
2013-04-22
|
03 | Cindy Morgan | Note added 'Paul Hoffman (paul.hoffman@vpnc.org) is the document shepherd.' |
2013-04-22
|
03 | Cindy Morgan | Intended Status changed to Proposed Standard |
2013-04-22
|
03 | Cindy Morgan | IESG process started in state Publication Requested |
2013-04-22
|
03 | (System) | Earlier history may be found in the Comment Log for draft-sheffer-ipsecme-dh-checks |
2013-04-22
|
03 | Yaron Sheffer | New version available: draft-ietf-ipsecme-dh-checks-03.txt |
2013-04-20
|
02 | Yaron Sheffer | New version available: draft-ietf-ipsecme-dh-checks-02.txt |
2013-04-01
|
01 | Yaron Sheffer | New version available: draft-ietf-ipsecme-dh-checks-01.txt |
2013-01-29
|
00 | Yaron Sheffer | New version available: draft-ietf-ipsecme-dh-checks-00.txt |