--- 1/draft-ietf-ipsecme-dh-checks-02.txt	2013-05-08 11:48:01.463146667 +0100
+++ 2/draft-ietf-ipsecme-dh-checks-03.txt	2013-05-08 11:48:01.543148483 +0100
@@ -1,19 +1,19 @@
 
 ipsecme                                                       Y. Sheffer
 Internet-Draft                                                  Porticor
 Updates: 5996 (if approved)                                   S. Fluhrer
 Intended status: Standards Track                                   Cisco
-Expires: October 22, 2013                                 April 20, 2013
+Expires: October 24, 2013                                 April 22, 2013
 
                Additional Diffie-Hellman Tests for IKEv2
-                    draft-ietf-ipsecme-dh-checks-02
+                    draft-ietf-ipsecme-dh-checks-03
 
 Abstract
 
    This document adds a small number of mandatory tests required for the
    secure operation of IKEv2 with elliptic curve groups.  No change is
    required to IKE implementations that use modular exponential groups,
    other than a few rarely used so-called DSA groups.  This document
    updates the IKEv2 protocol, RFC 5996.
 
 Status of this Memo
@@ -24,21 +24,21 @@
    Internet-Drafts are working documents of the Internet Engineering
    Task Force (IETF).  Note that other groups may also distribute
    working documents as Internet-Drafts.  The list of current Internet-
    Drafts is at http://datatracker.ietf.org/drafts/current/.
 
    Internet-Drafts are draft documents valid for a maximum of six months
    and may be updated, replaced, or obsoleted by other documents at any
    time.  It is inappropriate to use Internet-Drafts as reference
    material or to cite them other than as "work in progress."
 
-   This Internet-Draft will expire on October 22, 2013.
+   This Internet-Draft will expire on October 24, 2013.
 
 Copyright Notice
 
    Copyright (c) 2013 IETF Trust and the persons identified as the
    document authors.  All rights reserved.
 
    This document is subject to BCP 78 and the IETF Trust's Legal
    Provisions Relating to IETF Documents
    (http://trustee.ietf.org/license-info) in effect on the date of
    publication of this document.  Please review these documents
@@ -63,23 +63,24 @@
    4.1.        DH Key Reuse and Multiple Peers  . . . . . . . . . . .  6
    4.2.        DH Key Reuse: Variants . . . . . . . . . . . . . . . .  7
    4.3.        Groups not covered by this RFC . . . . . . . . . . . .  7
    4.4.        Behavior Upon Test Failure . . . . . . . . . . . . . .  7
    5.          IANA Considerations  . . . . . . . . . . . . . . . . .  8
    6.          Acknowledgements . . . . . . . . . . . . . . . . . . .  8
    7.          References . . . . . . . . . . . . . . . . . . . . . .  9
    7.1.        Normative References . . . . . . . . . . . . . . . . .  9
    7.2.        Informative References . . . . . . . . . . . . . . . .  9
    Appendix A. Appendix: Change Log . . . . . . . . . . . . . . . . . 10
-   A.1.        -02  . . . . . . . . . . . . . . . . . . . . . . . . . 10
-   A.2.        -01  . . . . . . . . . . . . . . . . . . . . . . . . . 10
-   A.3.        -00  . . . . . . . . . . . . . . . . . . . . . . . . . 10
+   A.1.        -03  . . . . . . . . . . . . . . . . . . . . . . . . . 10
+   A.2.        -02  . . . . . . . . . . . . . . . . . . . . . . . . . 10
+   A.3.        -01  . . . . . . . . . . . . . . . . . . . . . . . . . 10
+   A.4.        -00  . . . . . . . . . . . . . . . . . . . . . . . . . 10
                Authors' Addresses . . . . . . . . . . . . . . . . . . 10
 
 1.  Introduction
 
    IKEv2 [RFC5996] consists of the establishment of a shared secret
    using the Diffie-Hellman (DH) protocol, followed by authentication of
    the two peers.  Existing implementations typically use modular
    exponential (MODP) DH groups, such as those defined in [RFC3526].
 
    IKEv2 does not require that any tests be performed by a peer
@@ -320,31 +321,34 @@
    case.
 
 5.  IANA Considerations
 
    This document requests that IANA should add a column named "Recipient
    Tests" to the IKEv2 DH Group Transform IDs Registry
    [IANA-DH-Registry].
 
    This column should initially be populated as per the following table.
 
-           +-----------------------------+---------------------+
+       +------------------------------------+---------------------+
            |            Number           |   Recipient Tests   |
-           +-----------------------------+---------------------+
+       +------------------------------------+---------------------+
            | 1, 2, 5, 14, 15, 16, 17, 18 | [current], Sec. 2.1 |
            |          22, 23, 24         | [current], Sec. 2.2 |
-           |      19, 20, 21, 25, 26     | [current], Sec. 2.3 |
-           +-----------------------------+---------------------+
+       | 19, 20, 21, 25, 26, 27, 28, 29, 30 | [current], Sec. 2.3 |
+       +------------------------------------+---------------------+
 
    Note to RFC Editor: please replace [current] by the RFC number
    assigned to this document.
 
+   Groups 27-30 have been recently defined in
+   [I-D.merkle-ikev2-ke-brainpool].
+
    Future documents that define new DH groups for IKEv2 are REQUIRED to
    provide this information for each new group, possibly by referring to
    the current document.
 
 6.  Acknowledgements
 
    We would like to thank Dan Harkins who initially raised this issue on
    the ipsec mailing list.  Thanks to Tero Kivinen and Rene Struik for
    their useful comments.
 
@@ -371,20 +375,26 @@
               RFC 3526, May 2003.
 
    [RFC5114]  Lepinski, M. and S. Kent, "Additional Diffie-Hellman
               Groups for Use with IETF Standards", RFC 5114,
               January 2008.
 
    [RFC5903]  Fu, D. and J. Solinas, "Elliptic Curve Groups modulo a
               Prime (ECP Groups) for IKE and IKEv2", RFC 5903,
               June 2010.
 
+   [I-D.merkle-ikev2-ke-brainpool]
+              Merkle, J. and M. Lochter, "Using the ECC Brainpool Curves
+              for IKEv2 Key Exchange",
+              draft-merkle-ikev2-ke-brainpool-04 (work in progress),
+              April 2013.
+
    [NIST-800-56A]
               National Institute of Standards and Technology (NIST),
               "Recommendation for Pair-Wise Key Establishment Schemes
               Using Discrete Logarithm Cryptography (Revised)", NIST PUB
               800-56A, March 2007.
 
    [Kocher]   Kocher, P., "Timing Attacks on Implementations of Diffie-
               Hellman, RSA, DSS, and Other Systems", December 1996,
               <http://www.cryptography.com/timingattack/paper.html>.
 
@@ -396,33 +406,37 @@
    [IANA-DH-Registry]
               IANA, "Internet Key Exchange Version 2 (IKEv2) Parameters,
               Transform Type 4 - Diffie-Hellman Group Transform IDs",
               Jan. 2005, <http://www.iana.org/assignments/
               ikev2-parameters/ikev2-parameters.xml#ikev2-parameters-8>.
 
 Appendix A.  Appendix: Change Log
 
    Note to RFC Editor: please remove this section before publication.
 
-A.1.  -02
+A.1.  -03
+
+   o  Added the Brainpool curves to the IANA registration table.
+
+A.2.  -02
 
    o  Based on Tero's review: Improved the protocol behavior, and
       mentioned that these checks apply to Create Child SA.  Added a
       discussion of DH timing attacks, stolen from RFC 2412.
 
-A.2.  -01
+A.3.  -01
 
    o  Corrected an author's name that was misspelled.
    o  Added recipient behavior if a test fails, and the related security
       considerations.
 
-A.3.  -00
+A.4.  -00
 
    o  First WG document.
    o  Clarified IANA actions.
    o  Discussion of potential future groups not covered here.
    o  Clarification re: practicality of recipient tests for DSA groups.
 
 Authors' Addresses
 
    Yaron Sheffer
    Porticor