--- 1/draft-ietf-ipsecme-eddsa-02.txt 2017-04-15 13:13:11.595545513 -0700 +++ 2/draft-ietf-ipsecme-eddsa-03.txt 2017-04-15 13:13:11.607545797 -0700 @@ -1,19 +1,19 @@ IPSecME Working Group Y. Nir Internet-Draft Check Point -Intended status: Standards Track April 5, 2017 -Expires: October 7, 2017 +Intended status: Standards Track April 15, 2017 +Expires: October 17, 2017 Using Edwards-curve Digital Signature Algorithm (EdDSA) in the Internet Key Exchange (IKEv2) - draft-ietf-ipsecme-eddsa-02 + draft-ietf-ipsecme-eddsa-03 Abstract This document describes the use of the Edwards-curve digital signature algorithm in the IKEv2 protocol. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. @@ -21,21 +21,21 @@ Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." - This Internet-Draft will expire on October 7, 2017. + This Internet-Draft will expire on October 17, 2017. Copyright Notice Copyright (c) 2017 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents @@ -107,27 +107,28 @@ NOT be sent to a receiver that has not indicated support for the "Identity" hash. The pre-hashed versions of Ed25519 and Ed448 (Ed25519ph and Ed448ph respectively) SHOULD NOT be used in IKE. 3. Security Considerations The new "Identity" value is needed only for signature algorithms that accept an arbitrary-sized input. It MUST NOT be used if none of the - supported algorithms has this property. On the other hand there is - no good reason to pre-hash the inputs where the signature algorithm - either does not require it or performs a hash internally. For this - reason implementations SHOULD have the "Identity" value in the - SIGNATURE_HASH_ALGORITHMS notification when they support EdDSA. - Implementations SHOULD NOT have other hash algorithms in the - notification if all signature algorithms have this property. + supported and configured algorithms have this property. On the other + hand there is no good reason to pre-hash the inputs where the + signature algorithm has that property. For this reason + implementations MUST have the "Identity" value in the + SIGNATURE_HASH_ALGORITHMS notification when EdDSA is supported and + configured. Implementations SHOULD NOT have other hash algorithms in + the notification if all supported and configured signature algorithms + have this property. 4. IANA Considerations IANA has assigned the value 5 for the algorithm with the name "Identity" in the "IKEv2 Hash Algorithms" registry with this draft as reference. Upon publication of this document IANA is requested to update the entry with this document as reference. @@ -150,22 +151,22 @@ [RFC8032] Josefsson, S. and I. Liusvaara, "Edwards-Curve Digital Signature Algorithm (EdDSA)", RFC 8032, DOI 10.17487/RFC8032, January 2017, . [I.D-curdle-pkix] Josefsson, S. and J. Schaad, "Algorithm Identifiers for Ed25519, Ed25519ph, Ed448, Ed448ph, X25519 and X448 for use in the Internet X.509 Public Key Infrastructure", - November 2016, . + March 2017, . Appendix A. ASN.1 Objects The normative reference for the ASN.1 objects for Ed25519 and Ed448 is in [I.D-curdle-pkix]. They are repeated below for convenience. A.1. ASN.1 Object for Ed25519 id-Ed25519 OBJECT IDENTIFIER ::= { 1.3.101.112 }