ipsec October 2009 archive
Main Archive Page > Month Archives  > ipsec archives
ipsec: Re: [IPsec] [ipsecme] #111: Can IKEv1 negotiate combined

Re: [IPsec] [ipsecme] #111: Can IKEv1 negotiate combined algorithms to be used by IPsec-v3?

From: Tero Kivinen <kivinen_at_nospam>
Date: Wed Oct 28 2009 - 11:58:36 GMT
To: "Frankel, Sheila E." <sheila.frankel@nist.gov>

Frankel, Sheila E. writes:
> #111: Can IKEv1 negotiate combined algorithms to be used by IPsec-v3?
> Proposed changes to Roadmap doc:
> 1) Add text to section 5.4 (Combined Mode Algorithms)
> Additional text:
> Some IKEv1 implementations have added the capability to negotiate
> combined mode algorithms for use in IPsec SAs; these implementations
> do not include the capability to use combined mode algorithms to protect
> IKE SAs. Since combined mode algorithms are not a feature of IPsec-v2,
> these IKEv1 implementations are used in conjunction with IPsec-v3. IANA
> numbers for combined mode algorithms have been added to the IKEv1 registry.

That text seems ok.

> 2) Change IKEv2 and IPsec-v2 requirement levels
> Requirements levels for AES-GMAC:
> old IKEv2 - optional
> new IKEv2 - optional (integrity-protection algorithm)
> N/A (combined mode algorithm with NULL encryption)

IKEv2 SA cannot be used with NULL encryption, so using AES-GMAC requires some other encryption algorithm when used in IKEv2. AES-GMAC requires IV and some other encryption algorithm used with it also requires IV, which means we require two IVs or they require sharing the IV, which might not be possible as there IV generation rules (and lengths) might be different.

I do not think it is possible to use AES-GMAC at all to protect IKEv2 traffic, and also it does not make any sense to use AES-GMAC as it says that it is to be used when no confidentiality is desired, and as in IKEv2 that is required then AES-GCM should be used instead.

>From RFC5282:

3. The Use of AES-GMAC in ESP

         If confidentiality is desired, then    GCM ESP [RFC4106] SHOULD be used instead.

So I think the correct change is

                       IKEv2 - N/A (IKEv2 requires encryption). -- kivinen@iki.fi _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec