[Swan-dev] Fwd: RFC-7457 : Need Clarifications :)
Paul Wouters
paul at nohats.ca
Sun Jun 18 00:10:17 UTC 2017
Sahana is working on implementing RFC-7457 and has some interesting questions.
It would be useful to have that discussion here with a larger audience (I will also reply later myself with my thoughts)
Begin forwarded message:
>
> Hello,
>
> 1. 'authby' in ipsec.conf
> In the ipsec.conf file, is the authby value going to be changed?
> authby=rsasig (currently for libreswan)
>
> authby will take values like 'dsssig' , 'ecdsa' ( if these are implemented in libreswan in future)
>
> or is the operator going to specify authby = digsig (digital signature = 14) - I hope not.
>
> I ask this because , with RFC 7427 , authtype will always be 'Digital Signature =14' and as initiator libreswan will always send a Hash algorithm Notification. And this will be the default behaviour.
>
> If it does not receive a Hash algorithm Notification , then we know that the receiver does not support RFC 7427 and we fall back to the older method and send authtype as rsasig=1.
>
> Also can authby have multiple values?
>
> I'd like to know this because , if libreswan supported both RSA and ECDSA (in future) , then will the operator always specify auth type as 'RSA|ECDSA' or just 'RSA' or just 'ECDSA' ?
>
> {In the below link i saw a possibility of sharedkey|rsasig for authby , so just wondered if it could ever be rsasig|ecdsa
> https://libreswan.org/man/ipsec.conf.5.html }
>
>
>
> 2. How do we decide what to send in Hash Algorithm Notification?
>
> It should be based on the 'authtype' configured by the operator in the ipsec.conf.
> so i'll look at c->policy and decide.
>
> If it is RSA then send only SHA1 (because the rest is not supported currently by libreswan)
>
> If libreswan supports ECDSA in future , then SHA2-256 , SHA2-384 , SHA2-512 should be sent.
>
> Let us assume for a moment that Libreswan supports both RSA and ECDSA (this is likely to happen in future).
> Should I already send SHA1 , SHA2-256 , SHA2-384 , SHA2-512 ? (Because I know for sure that libreswan supports all these 4)
> Or Should I check the authtype and send only SHA1 if it is RSA and SHA2-256 , SHA2-384 , SHA2-512 if it is ECDSA ?
>
> I would prefer the former method , since it give more flexibility.
>
> If the responder says he supports only SHA1 , I can set up a connection with RSA keys.
> If the responder says he supports only SHA2-384 , I can set up a connection with ECDSA keys.
>
> (But this again depends on the answer to question one. Does the operator set the authtype to "rsasig/ecdsa" or just "rsasig" or just "ecdsa" )
>
> 3. Would libreswan plan to add support for RSA with SHA2-256 , SHA2-384 and SHA2-512 ?
>
> I know this is less likely to happen as ECDSA with the above mentioned Hash algorithms is stronger anyway.
> But I continue to ask this because RFC has sha256WithRSAEncryption , sha384WithRSAEncryption and sha512WithRSAEncryption as Identifiers.
>
> So should our code comply to it?
>
> And if SHA2-256 is received from the Responder in the Hash algorithm Notification both sha256WithRSAEncryption and ecdsa-with-sha256 would be valid algorithm Identifiers to be sent in the in AUTH request .
>
> (Again depends on the answer to question 1 )
>
> 4. How do we handle a case of more than 1 Hash algorithms being received by the responder?
>
> directly take the first one or choose the stronger one.
> (Discussed this with Paul already , and we decided to take the first one for now)
>
>
> Sorry for the long email.
> The more number of times I read the RFC , the more number of questions and doubts :) Or am I overthinking? :)
>
> Thank you for your patience and time in advance.
>
>
> Regards,
> Sahana Prasad
>
>
>
>
>
>
>
>
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan-dev/attachments/20170617/5dc38d5d/attachment.html>
More information about the Swan-dev
mailing list