From owner-svn-src-head@freebsd.org Fri May 24 01:13:02 2019 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D5BD11591DDE; Fri, 24 May 2019 01:13:01 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 6B7766C730; Fri, 24 May 2019 01:13:01 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from John-Baldwins-MacBook-Pro-3.local (ralph.baldwin.cx [66.234.199.215]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) (Authenticated sender: jhb) by smtp.freebsd.org (Postfix) with ESMTPSA id 7E1BD1E90; Fri, 24 May 2019 01:13:00 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Subject: Re: svn commit: r348205 - head/sys/netipsec To: rgrimes@freebsd.org Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org References: <201905240051.x4O0pSI3093116@gndrsh.dnsmgr.net> From: John Baldwin Openpgp: preference=signencrypt Autocrypt: addr=jhb@FreeBSD.org; keydata= mQGiBETQ+XcRBADMFybiq69u+fJRy/0wzqTNS8jFfWaBTs5/OfcV7wWezVmf9sgwn8TW0Dk0 c9MBl0pz+H01dA2ZSGZ5fXlmFIsee1WEzqeJzpiwd/pejPgSzXB9ijbLHZ2/E0jhGBcVy5Yo /Tw5+U/+laeYKu2xb0XPvM0zMNls1ah5OnP9a6Ql6wCgupaoMySb7DXm2LHD1Z9jTsHcAQMD /1jzh2BoHriy/Q2s4KzzjVp/mQO5DSm2z14BvbQRcXU48oAosHA1u3Wrov6LfPY+0U1tG47X 1BGfnQH+rNAaH0livoSBQ0IPI/8WfIW7ub4qV6HYwWKVqkDkqwcpmGNDbz3gfaDht6nsie5Z pcuCcul4M9CW7Md6zzyvktjnbz61BADGDCopfZC4of0Z3Ka0u8Wik6UJOuqShBt1WcFS8ya1 oB4rc4tXfSHyMF63aPUBMxHR5DXeH+EO2edoSwViDMqWk1jTnYza51rbGY+pebLQOVOxAY7k do5Ordl3wklBPMVEPWoZ61SdbcjhHVwaC5zfiskcxj5wwXd2E9qYlBqRg7QeSm9obiBCYWxk d2luIDxqaGJARnJlZUJTRC5vcmc+iGAEExECACAFAkTQ+awCGwMGCwkIBwMCBBUCCAMEFgID AQIeAQIXgAAKCRBy3lIGd+N/BI6RAJ9S97fvbME+3hxzE3JUyUZ6vTewDACdE1stFuSfqMvM jomvZdYxIYyTUpC5Ag0ERND5ghAIAPwsO0B7BL+bz8sLlLoQktGxXwXQfS5cInvL17Dsgnr3 1AKa94j9EnXQyPEj7u0d+LmEe6CGEGDh1OcGFTMVrof2ZzkSy4+FkZwMKJpTiqeaShMh+Goj XlwIMDxyADYvBIg3eN5YdFKaPQpfgSqhT+7El7w+wSZZD8pPQuLAnie5iz9C8iKy4/cMSOrH YUK/tO+Nhw8Jjlw94Ik0T80iEhI2t+XBVjwdfjbq3HrJ0ehqdBwukyeJRYKmbn298KOFQVHO EVbHA4rF/37jzaMadK43FgJ0SAhPPF5l4l89z5oPu0b/+5e2inA3b8J3iGZxywjM+Csq1tqz hltEc7Q+E08AAwUIAL+15XH8bPbjNJdVyg2CMl10JNW2wWg2Q6qdljeaRqeR6zFus7EZTwtX sNzs5bP8y51PSUDJbeiy2RNCNKWFMndM22TZnk3GNG45nQd4OwYK0RZVrikalmJY5Q6m7Z16 4yrZgIXFdKj2t8F+x613/SJW1lIr9/bDp4U9tw0V1g3l2dFtD3p3ZrQ3hpoDtoK70ioIAjjH aIXIAcm3FGZFXy503DOA0KaTWwvOVdYCFLm3zWuSOmrX/GsEc7ovasOWwjPn878qVjbUKWwx Q4QkF4OhUV9zPtf9tDSAZ3x7QSwoKbCoRCZ/xbyTUPyQ1VvNy/mYrBcYlzHodsaqUDjHuW+I SQQYEQIACQUCRND5ggIbDAAKCRBy3lIGd+N/BCO8AJ9j1dWVQWxw/YdTbEyrRKOY8YZNwwCf afMAg8QvmOWnHx3wl8WslCaXaE8= Message-ID: <2ccc4dd0-19d4-981e-82cb-c6fcab355eda@FreeBSD.org> Date: Thu, 23 May 2019 18:12:59 -0700 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:60.0) Gecko/20100101 Thunderbird/60.6.1 MIME-Version: 1.0 In-Reply-To: <201905240051.x4O0pSI3093116@gndrsh.dnsmgr.net> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 6B7766C730 X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-6.96 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-0.999,0]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; REPLY(-4.00)[]; NEURAL_HAM_SHORT(-0.96)[-0.965,0] X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 May 2019 01:13:02 -0000 On 5/23/19 5:51 PM, Rodney W. Grimes wrote: >> Author: jhb >> Date: Thu May 23 22:06:57 2019 >> New Revision: 348205 >> URL: https://svnweb.freebsd.org/changeset/base/348205 >> >> Log: >> Add deprecation warnings for IPsec algorithms deprecated in RFC 8221. >> >> All of these algorithms are either explicitly marked MUST NOT, or they >> are implicitly MUST NOTs by virtue of not being included in IETF's >> list of protocols at all despite having assignments from IANA. > > Can you provide me these specific ones and I'll investigate > the Ietf datatracker and IANA documents and see if I can > get the long story. Ie what IANA assignments are you refering > to that do not appear in RFC, it may simply be the case there > is a final RFC that says "new foo are assigned numbers by IANA > and no RFC is needed" That is how port numbers and other > such things just are, there is not a RFC for everything! I suggest you start by reading RFC 8221 to get an understanding for why the commit log uses the language it does. >> Specifically, this adds warnings for the following ciphers: >> - des-cbc >> - blowfish-cbc >> - cast128-cbc >> - des-deriv >> - des-32iv >> - camellia-cbc The RFC explicitly lists all DES variants and blowfish as MUST NOT in the table in section 5. As far as I can tell, the draft document for CAST expired in 1997: https://tools.ietf.org/html/draft-ietf-ipsec-esp-cast-128-cbc-00 As noted in the review comments, Camellia is the only one of these ciphers that might be worth retaining if there are actual users. It is in theory comparable to AES, but it is not widely used. In addition, whereas with AES we support AEAD modes such as AES-GCM and AES-CCM (though we do not currently support AES-CCM with IPsec), for Camellia we only support CBC. I believe there are specs for CCM and GCM modes for Camellia but no one has implemented them. In terms of algorithm diversity, it would be better to expend effort on supporting chacha20 + poly1035-hmac (as RFC 8221 suggests since these are now a SHOULD) rather than Camellia. >> Warnings for the following authentication algorithms are also added: >> - hmac-md5 >> - keyed-md5 >> - keyed-sha1 >> - hmac-ripemd160 hmac-md5 and keyed-md5 are both MUST NOT in 8221. The Internet (google) doesn't seem to think that keyed-sha1 even exists, so I wonder if it's a local invention in FreeBSD. sha1 is MUST- in 8221 so we probably should be removing it soon, but this change does not do that. ripemd160 is a more obscure hash that is more like sha1 than the sha2 variants. RFC 6071 states that you can't use ripemd with IKE due to no IANA number which would seem to preclude its use in any "real" deployments (and 6071 is already 8 years old). -- John Baldwin