On Tue, 25 Aug 2015, riyaz talikoti wrote:
I have a basic doubt with IKEv2, IKE SA rekey with PFS configured.
I have configured as below IKE proposal DH Group 14 IPSEC Proposal PFS DH Group 2
During INIT EXCHANGE DH Group 14 will be used to calculate KE payload value. and For IPSEC SA's (CHILD SA established as part of CREATE_CHILD_SA EXCHANGE) will use DH 2. and also IPSEC SA REKEY will also use DH2. Now During IKE SA REKEY (CREATE_CHILD_SA EXCHANGE) What DH Group MUST be used? DH14 or DH 2?
It has been brought up before, you can probably find something in the archives. Basically, having a different group for IKE and IPSEC makes no sense in IKEv2. The initial exchange results in both an IKE SA and an IPsec SA. So your configuration doesn not really make sense anymore. Which group should be used for the initial exchange? I think most implementations use the IKE group for the initial exchange (which results in an IPsec SA too!) and the IPsec group for the rekey using the create_child exchange. And also for IKEv1 it did not make much sense either. If the DH of the IPsec SA is broken, you've lost and they can see your traffic. If the DH of the IKE SA is broken, they can create a new IPsec SA of which they will know the KEYMAT, so you still lose and they can see the traffic. So if you break any DH, you win. So whatever is the weakest DH will be attacked. If you think group 2 can be broken, use group 14. If you think group 2 cannot be broken, why use group 14? Paul _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
