Re: [IPsec] Clarification on my comments during the WG about possible KE payloads > 64k

Mon, 26 Mar 2018 00:28:08 -0700 

Hi Yoav,

 

just for clarification:

 

That was me. When they started talking about about PQC a decade ago, they 
mentioned algorithms like McEliece with public keys around 1MB.  

 

Not that this is a deal-killer. If necessary, we would come up with an IKE 
extension to have “jumbo-sized payloads” that had 24-bit lengths. IKE over TCP 
(RFC 8229) can handle this easily.

 

          Actually, not so easily. Despite the fact that IKE Message header has 
a length field of 32 bits, 

          the message prefix in RFC 8229 is only 16 bits in size, so no single 
IKE message transferred

          over TCP can be greater than 64K. IKE fragmentation could help in 
this case,

              but RFC 8229 says that “implementation SHOULD NOT send fragments 
when going over a TCP”.

          However the good news is that “it MUST support receiving fragments.” 
So we just need to violate that SHOULD.

 

          Regards,

          Valery.

 

 

 

But anyway, since the current state of the art seems to not need such an 
extension, I guess there’s no point it bringing this up now.

 

Yoav





On 25 Mar 2018, at 20:36, Scott Fluhrer (sfluhrer) <sfluh...@cisco.com> wrote:

 

During the WG meeting in London, somebody (I forget who) asked me whether KE 
payloads larger than 64k.  I thought I ought to clarify matters (as they are 
more complex than the brief answer I gave indicated).

 

Of the proposed postquantum key exchange (and public key encryption algorithms, 
which can be used to transport keys) submitted to NIST, the majority of them 
have key shares (or public keys/ciphertexts) smaller than 64k; there are a 
handful that are larger.  Now, it is possible (albeit unlikely) that all the 
algorithms with key shares < 64k will be broken; unless this happens, it would 
be reasonable (IMHO) that we mandate that any algorithm he allow have a KE 
payload that fits within 64k.  Now, in the event that we feel the need to 
support larger key shares, there are possible ways to support that; I don’t 
feel that we need to talk about those options now.

_______________________________________________
IPsec mailing list
 <mailto:IPsec@ietf.org> IPsec@ietf.org
 <https://www.ietf.org/mailman/listinfo/ipsec> 
https://www.ietf.org/mailman/listinfo/ipsec

 


_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec

Reply via email to