[Swan] authentication method: IKEv2_AUTH_ECDSA_P384 not supported in I2 Auth Payload

Manfred mx2927 at gmail.com
Fri Dec 11 18:16:00 UTC 2020 

Hi Paul,

Thank you very much for the answer.
About "much better" I see in RFC 7427 that its main purpose is to 
generalize the IKEv2 authentication method for ECDSA:
"The current version only includes support for three Elliptic Curve 
groups, and there is a fixed hash algorithm tied to each group. This 
document generalizes..."

That is to say that the "old" methods (9, 10, 11) don't seem to be 
deemed cryptographically weak or obsolete, do I understand this right?

The other end I need to connect to is Windows 10 which indeed appears to 
use methods 9, 10, and 11 in combination with ECDSA certificates.
More specifically, if e.g. DH ECP384 is set (via 
Set-VpnConnectionIPsecConfiguration) then only an ECDSA certificate with 
the P-384 curve is allowed (others are rejected with error 13806)

Reason I mention this is that methods 9, 10 11 could be an 
interoperability consideration, that is /iif/ they are cryptographically 
sound, if not I'd like to know.
(if EC ciphers can't be used the best it can be done with Windows and 
libreswan seems to be MODP2048)

Thanks again,
Manfred


On 12/11/2020 5:19 PM, Paul Wouters wrote:
> On Fri, 11 Dec 2020, Manfred wrote:
> 
>> Subject: [Swan] authentication method: IKEv2_AUTH_ECDSA_P384 not 
>> supported in
>>     I2 Auth Payload
> 
>> I'm trying to configure a connection to use IKEv2 + ECDSA 
>> certificates, but pluto barks the message above. I'm running libreswan 
>> 3.29.
>> I see that it should support ECDSA since 3.26, and the only conf item 
>> I could find is authby=ecdsa (or possibly authby=ecdsa-sha2_384), both 
>> of which are accepted but not described in the man page.
>>
>> Any pointers to where to find info about this configuration, or hints 
>> on what am I missing?
> 
> See 
> https://www.iana.org/assignments/ikev2-parameters/ikev2-parameters.xhtml#ikev2-parameters-12 
> 
> 
> We support ECDSA methods only via Digital Signature (RFC 7427) method,
> not via the old methods of valie 9,10 and 11.
> 
> In the past, each new digital signature format required its own
> Authentication Method value. That's why "digital signature" (value 14,
> RFC 7427) was written. All new methods are basically going to be supportd
> via value 14. See the RFC for why this is much better.
> 
> Perhaps the other end has a way to use ECDSA via the new method?
> 
> Paul

More information about the Swan mailing list