Yoav Nir <ynir.i...@gmail.com> wrote:
> Second issue is about UI advice. Some implementations (yes, mine is
> included) allow the user to configure encryption algorithm, MAC
> algorithm, and D-H group. There is no setting for PRF since such UIs
> date back to IKEv1. The PRF is usually just taken from the setting for
> MAC algorithm. This works fine as long as all supported MAC algorithms
> are HMAC, XCBC, and CMAC. AES-GCM would have the same issue, but RFC
> 5282 makes no mention of this issue. I’m wondering if we should
> recommend to pair this algorithm in IKE with PRF_HMAC_SHA2_256.
So, in this case, if you wanted to not change your UI, maybe you would tell
the user to configure
encryption-algorithm=Chacha20-Poly1305
MAC=HMAC-SHA2
DH=whatever
the MAC would not apply to IPsec at all?
I guess if we are deploying this algorithm with the concern that HMAC-SHA2/AES
might become weak, that it would seem odd to depend upon SHA2 as the PRF.
At least, users might not understand.
(noting that SHA2 != HMAC-SHA2, and also that the inputs to the PRF as not
very easily manipulated...)
--
Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
