New algorithm requirements for IKEv1

1
New algorithm requirements for IKEv1

• Paul Hoffman
• VPN Consortium

2
How we got here

• IPsec WG decided to deprecate DES many years ago
  but never acted on it
• Many people thought everyone knows not to use
  DES or DH Group 1
• Many people were wrong they appear in almost all
  implementations, usually as the first choice in
  the UI

3
draft-hoffman-ikev1-algorithms-01.txt

• Proposal to bring the MUSTs and SHOULDs from RFC
  2409 up to date for modern and future practice
• Only covers IKEv1, but agrees with what we agreed
  to in IKEv2
• Demotes some things (like DES and Tiger) to MAY

4
What is changing (1)
OLD NEW
DES MUST TripleDES SHOULD TripleDES MUST AES-128 SHOULD
MD5 and SHA1 MUST Tiger SHOULD SHA1 MUST AES-128 SHOULD
DH Group 1 (768) MUST DH Group 2 (1024) SHOULD DH Group 2 (1024) MUST DH Group 14 (2048) SHOULD
5
What is changing (2)
OLD NEW
DH Group 3 and 4 (elliptic curve) MAY/SHOULD
Pre-shared secrets MUST RSA signatures SHOULD DSA signatures SHOULD Pre-shared secrets MUST RSA signatures SHOULD
RSA encryption SHOULD
6
The new MAYs

• DES for encryption
• MD5 and Tiger for hashing
• Diffie-Hellman MODP group 1 (768)
• Diffie-Hellman MODP groups with elliptic curves
• DSA for authentication with signatures
• RSA for authentication with encryption

7
Status

• draft-hoffman-ikev1-algorithms-01.txt is in
  IETF-wide last call until Nov. 22
• To be followed by a companion document for IPsec
  algorithms
• Comments should be sent to the IPsec list and the
  IESG