[Swan-dev] Fwd: RFC-7457 : Need Clarifications :)

[Paul Wouters]

Sahana is working on implementing RFC-7457 and has some interesting questions.

It would be useful to have that discussion here with a larger audience (I will also reply later myself with my thoughts)



Begin forwarded message:

> 
> Hello,
> 
> 1.  'authby' in ipsec.conf 
> In the ipsec.conf file, is the authby value going to be changed?
>     authby=rsasig (currently for libreswan)
>   
> authby will take values like 'dsssig' , 'ecdsa' ( if these are implemented in libreswan in future)
> 
> or is the operator going to specify authby = digsig (digital signature = 14) - I hope not.
> 
> I ask this because , with RFC 7427 , authtype will always be 'Digital Signature =14' and as initiator libreswan will always send a Hash algorithm Notification. And this will be the default behaviour.
> 
> If it does not receive a Hash algorithm Notification , then we know that the receiver does not support RFC 7427 and we fall back to the older method and send authtype as rsasig=1.
> 
> Also can authby have multiple values?
> 
> I'd like to know this because , if libreswan supported both RSA and ECDSA (in future) , then will the operator always specify auth type as  'RSA|ECDSA' or  just 'RSA' or just  'ECDSA' ? 
> 
> {In the below link  i saw a possibility of sharedkey|rsasig for authby , so just wondered if it could ever be rsasig|ecdsa 
> https://libreswan.org/man/ipsec.conf.5.html }
> 
> 
> 
> 2. How do we decide what to send in Hash Algorithm Notification?
> 
> It should be  based on the 'authtype' configured by the operator in the ipsec.conf.
> so i'll look at c->policy and decide.
> 
> If it is RSA then send only SHA1 (because the rest is not supported currently by libreswan)
> 
> If libreswan supports ECDSA in future , then SHA2-256 , SHA2-384 , SHA2-512 should be sent.
> 
> Let us assume for a moment that Libreswan supports both RSA and ECDSA (this is likely to happen in future).
> Should I already send SHA1 , SHA2-256 , SHA2-384 , SHA2-512 ? (Because I know for sure that libreswan supports all these 4)
> Or Should I check the authtype and send only SHA1 if it is RSA and SHA2-256 , SHA2-384 , SHA2-512 if it is ECDSA ?
> 
> I would prefer the former method , since it give more flexibility.
> 
> If the responder says he supports only SHA1 , I can set up a connection with RSA keys.
> If the responder says he supports only SHA2-384 , I can set up a connection with ECDSA keys.
> 
> (But this again depends on the answer to question one. Does the operator set the authtype to "rsasig/ecdsa" or just "rsasig" or just "ecdsa" )
> 
> 3. Would libreswan plan to add support for RSA with SHA2-256 , SHA2-384 and SHA2-512 ?
> 
> I know this is less likely  to happen as ECDSA with the above mentioned Hash algorithms is stronger anyway.
> But I continue to ask this because RFC has sha256WithRSAEncryption , sha384WithRSAEncryption and sha512WithRSAEncryption as Identifiers.
> 
> So should our code comply to it?
> 
> And if SHA2-256 is received from the Responder in the Hash algorithm Notification  both  sha256WithRSAEncryption and ecdsa-with-sha256 would be valid algorithm Identifiers to be sent in the in AUTH request .
> 
> (Again depends on the answer to question 1 )
> 
> 4. How do we handle a case of more than 1  Hash algorithms being received by the responder?
> 
> directly take the first one or choose the stronger one.
> (Discussed this with Paul already , and we decided to take the first one for now)
> 
> 
> Sorry for the long email.
> The more number of times I read the RFC , the more number of questions and doubts :) Or am I overthinking? :)
> 
> Thank you for your patience and time in advance.
> 
> 
> Regards,
> Sahana Prasad
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan-dev/attachments/20170617/5dc38d5d/attachment.html>