At 1:32 PM +0300 10/9/07, <Pasi.Eronen@xxxxxxxxx> wrote:
1) Section 1 says: "Sixteen additional groups subsequently have been defined and assigned values by IANA for use with IKE (v1 and v2). All of these additional groups are optional in the IKE context. Of the twenty-one groups defined so far, eight are MODP groups (exponentiation groups modulo a prime), ten are EC2N groups (elliptic curve groups over GF[2^N]) and three are ECP groups (elliptic curve groups over GF[P]). This is not totally correct. As of this writing, no EC2N groups have been assigned values for use with IKEv2. Also, eight of the ten EC2N groups for IKEv1 are not documented in any RFC. (And yes, I'm aware of draft-ietf-ipsec-ike-ecc-groups -- but that hasn't been approved yet, and requires changes before approval.)
draft-lepinski-dh-groups needs to track draft-ietf-ipsec-ike-ecc-groups very carefully. If there is any mis-match, we will have interoperability problems in the future.
2) For IKEv1/IKEv2, the document should explicitly specify how ECC points are converted to octet strings (for KE payloads and resulting shared secret value). Currently, there are at least three incompatible options (RFC 4753, RFC 2409, and draft-ietf-ipsec-ike-ecc-groups-10 drafts). I'd suggest just saying "the same way as in RFC 4753".
This bodes really poorly for interoperability. draft-lepinski-dh-groups needs to be revised to specify one of the methods, and that needs to be discussed on the IPsec mailing list. I would not assume that implementers would prefer RFC 4753 over draft-ietf-ipsec-ike-ecc-groups.
--Paul Hoffman, Director --VPN Consortium _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf