On Mon, 8 Nov 2021, Tero Kivinen wrote:
Does the AuthMethod apply to the algorithms within the certificate
as well? The RFC should clarify this.
The reason for this notify is that if the peer has multiple key pairs
(i.e., private keys) it needs to pick one private key to sign the AUTH
payload with. If one of those private keys is using EC and another is
using RSA, then without this notification there is no way of knowing
which one to pick (except perhaps by prior configuration or by
heuristics based on the CERTREQ etc).
What will be in the notification then? Since the authenticaion method
for both is "RFC 7425 Digital Signatures" as per existing IANA registry
for IKEv2 Authentication Methods.
We would still need a new registry or we need to identify auth algorithms
by their SPKI similar to how we can signature supported hash algorithms.
But we would prob end up with seeing lots of duplicate entries with
slightly different SPKI prefixes.
The RSS-v1.5 vs RSS-PSS is a major pain right now, and implementations
using 7425 and specifying RSA-v1.5 SHA1 are a double pain as the RFCs
clearly doesn't allow that. We run into frequent interop issues with
these.
Paul
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
