[Swan] authentication method: IKEv2_AUTH_ECDSA_P384 not supported in I2 Auth Payload
Manfred
mx2927 at gmail.com
Fri Dec 11 18:16:00 UTC 2020
Hi Paul,
Thank you very much for the answer.
About "much better" I see in RFC 7427 that its main purpose is to
generalize the IKEv2 authentication method for ECDSA:
"The current version only includes support for three Elliptic Curve
groups, and there is a fixed hash algorithm tied to each group. This
document generalizes..."
That is to say that the "old" methods (9, 10, 11) don't seem to be
deemed cryptographically weak or obsolete, do I understand this right?
The other end I need to connect to is Windows 10 which indeed appears to
use methods 9, 10, and 11 in combination with ECDSA certificates.
More specifically, if e.g. DH ECP384 is set (via
Set-VpnConnectionIPsecConfiguration) then only an ECDSA certificate with
the P-384 curve is allowed (others are rejected with error 13806)
Reason I mention this is that methods 9, 10 11 could be an
interoperability consideration, that is /iif/ they are cryptographically
sound, if not I'd like to know.
(if EC ciphers can't be used the best it can be done with Windows and
libreswan seems to be MODP2048)
Thanks again,
Manfred
On 12/11/2020 5:19 PM, Paul Wouters wrote:
> On Fri, 11 Dec 2020, Manfred wrote:
>
>> Subject: [Swan] authentication method: IKEv2_AUTH_ECDSA_P384 not
>> supported in
>> I2 Auth Payload
>
>> I'm trying to configure a connection to use IKEv2 + ECDSA
>> certificates, but pluto barks the message above. I'm running libreswan
>> 3.29.
>> I see that it should support ECDSA since 3.26, and the only conf item
>> I could find is authby=ecdsa (or possibly authby=ecdsa-sha2_384), both
>> of which are accepted but not described in the man page.
>>
>> Any pointers to where to find info about this configuration, or hints
>> on what am I missing?
>
> See
> https://www.iana.org/assignments/ikev2-parameters/ikev2-parameters.xhtml#ikev2-parameters-12
>
>
> We support ECDSA methods only via Digital Signature (RFC 7427) method,
> not via the old methods of valie 9,10 and 11.
>
> In the past, each new digital signature format required its own
> Authentication Method value. That's why "digital signature" (value 14,
> RFC 7427) was written. All new methods are basically going to be supportd
> via value 14. See the RFC for why this is much better.
>
> Perhaps the other end has a way to use ECDSA via the new method?
>
> Paul
More information about the Swan
mailing list