Capwap Mailing List: Re: crypto algorithms for DTLS

[Abhijit Choudhury (achoudhu) (achoudhu]

Okay. I'm fine with defering this. Let's not delay the current spec.


I'd suggest the following changes:

1. In order to ensure that CAPWAP track DTLS better, we should 
    change the text in section 2.4.4.1 from

"Note that only block ciphers are currently recommended for use with
DTLS.  
To understand the reasoning behind this, see [DTLS-DESIGN]."

To

"CAPWAP implementations only use cipher suites that are recommended for
use with DTLS." 

2. Change the existing ciphers using DH to DHE.


Thanks,
Abhijit
 
 

-----Original Message-----
From: Pat Calhoun (pacalhou) 
Sent: Thursday, July 10, 2008 9:28 AM
To: Scott Kelly; Abhijit Choudhury (achoudhu);
Dorothy.Gellert [at] nokia.com; Joseph Salowey (jsalowey)
Cc: capwap [at] frascone.com
Subject: RE: [Capwap] crypto algorithms for DTLS

Ok, given this debate, and being short on time, I will submit the
documents without the GCM ciphers, and therefore will not be making
changes from TLS/DTLS1.1 to TLS/DTLS1.2. We can deal with this in a
separate document. I would recommend adding the following sentence after
the list of supported ciphers in both the certificate and pre-shared
key:

   Additional ciphers MAY be defined in follow on CAPWAP specifications.

Ok?

PatC 

-----Original Message-----
From: Scott Kelly [mailto:skelly [at] arubanetworks.com]
Sent: Thursday, July 10, 2008 9:14 AM
To: Abhijit Choudhury (achoudhu); Pat Calhoun (pacalhou);
Dorothy.Gellert [at] nokia.com; Joseph Salowey (jsalowey)
Cc: capwap [at] frascone.com
Subject: RE: [Capwap] crypto algorithms for DTLS

Hi Abhijit, 

> My understanding is that DTLS1.2 will use the ciphers specified in 
> TLS1.2, which has already been approved.
> The DTLS1.2 spec will not have new ciphers, but will possibly have 
> details on how to use these ciphers in DTLS.
> Please correct me if I'm wrong here.
> 
> So, we should be okay adding these approved TLS ciphers to the 
> OPTIONAL list, although it's true that they will not be used until
> DTLS1.2 is finalized. But the list is only OPTIONAL and there are 
> other optional ciphers as well.
> If we take this path, we don't have to touch this spec later to add 
> these ciphers.

I think there's a flaw in this logic. The currently optional ciphers are
supported in DTLS1.0 -- you are asking to add ciphers which are not
supported in DTLS1.0, meaning a compliant CAPWAP implementation (i.e.
one implementing DTLS1.0) will not be able to interoperate with one
using these ciphers.

> If we go the other route, how do we see it being done ?
> Will we need a draft to specify just the deltas in using DTLS1.2 for 
> CAPWAP ?  The concern I have is that it's not clear if the CAPWAP WG 
> will be active at that point to take up this new work item.
> 
> Thoughts ?

Yes, I think a new, brief document specifying the deltas is exactly what
will be required. I also think speculation on the potential
(non)existence of the capwap working group should not be the driver
here. It isn't very relevant one way or the other. For example, we've
published a number of ammendments to IPsec since the wg dissolved, and
the ADs willingly sponsored/shepherded these documents through. If for
some odd reason (despite the fact that we've just started mib work) the
capwap wg dissolves, this should present no impediment to publishing an
updated DTLS binding document.

It's rarely a good idea to rush such initiatives. 

--Scott