Hi all,
first, I think that the draft is very important for interoperability.
But I also think, that in its current form it is insufficient
in some situations and could have been made better.
The problem, that the draft is not solving, is the situation,
when one of the peers has more than one private key, each
for different signature algorithm. This may happen if in deployed
VPN there is a need to move from one signature alg
to another (for any reason, for example when old algorithm
is found to be broken or obsoleted by authorities). As the
transition cannot be done at once, there will be a period when
some of the hosts will have only a single key, while the others
will have more than one. In general, host with multiple keys
cannot decide which of them to use with different peers,
so there is a possibility, that IKE will fail, when it could have
completed. CERTREQ payloads may help in some cases,
but not in all (single CA may issue both certificates signed
with one trusted root) and they are optional anyway.
The solution to the problem would be if host be able to
explicitely indicate, which signature algorithms
it supports. Currently draft includes ability to indicate
to the peer which hash algorithms it supports.
I suggest to change this as following. Instead of
adding IKE registry, listing hash algorithms,
add registry listing combinations of hash&signature
algorithms, as listed in Appendix A.
So, the registry would look like:
RESERVED 0
sha1WithRSAEncryption 1
sha256WithRSAEncryption 2
sha384WithRSAEncryption 3
sha512WithRSAEncryption 4
dsa-with-sha1 5
dsa-with-sha256 6
ecdsa-with-sha1 7
ecdsa-with-sha256 8
ecdsa-with-sha384 9
ecdsa-with-sha512 10
RSASSA-PSS-default 11
And to include values from this registry into
SIGNATURE_HASH_ALGORITHMS notification.
This will allow peer indicate not only hash alg,
but the particular pairs signature-hash which it supports.
Regards,
Valery Smyslov.
P.S. One small typo in the draft.
in Appendix A last sentence of first para:
"These values are taken form the New
ASN.1 Modules..."
s/form/from
Hi, this is to start a 3-week working group last call on the IKE
Signature Authentication document, ending Nov. 13.
The draft is at:
http://tools.ietf.org/html/draft-kivinen-ipsecme-signature-auth-02.
<http://tools.ietf.org/html/draft-kivinen-ipsecme-signature-auth-02> The
document is a product of a design team that was started for this
purpose, but should now be treated like any WG document.
Please read this draft and send any comments to the WG mailing list,
even if the comments are "I see no problems". Comments such as "I do not
understand this part" or "this part could be explained better in this
way" are particularly useful at this point.
Thanks,
Paul and Yaron
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
