Last call comments for draft-lepinski-dh-groups-01

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Two comments about the IPsec-related parts:

1) Section 1 says:

   "Sixteen additional groups subsequently have been defined and
   assigned values by IANA for use with IKE (v1 and v2).  All of
   these additional groups are optional in the IKE context.  Of
   the twenty-one groups defined so far, eight are MODP groups
   (exponentiation groups modulo a prime), ten are EC2N groups
   (elliptic curve groups over GF[2^N]) and three are ECP groups
   (elliptic curve groups over GF[P]).

This is not totally correct. As of this writing, no EC2N groups
have been assigned values for use with IKEv2.  Also, eight of the
ten EC2N groups for IKEv1 are not documented in any RFC. (And yes,
I'm aware of draft-ietf-ipsec-ike-ecc-groups -- but that hasn't
been approved yet, and requires changes before approval.)


2) For IKEv1/IKEv2, the document should explicitly specify how 
ECC points are converted to octet strings (for KE payloads 
and resulting shared secret value). Currently, there are at 
least three incompatible options (RFC 4753, RFC 2409, and 
draft-ietf-ipsec-ike-ecc-groups-10 drafts). I'd suggest just
saying "the same way as in RFC 4753".


Best regards,
Pasi

_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf


[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]