Using GOST Ciphers in the Encapsulating Security Payload (ESP) and Internet Key Exchange Version 2 (IKEv2) Protocols
draft-smyslov-esp-gost-14

(Via drafts-eval@iana.org): IESG/Authors/ISE:

The IANA Functions Operator has completed its review of draft-smyslov-esp-gost-12. If any part of this review is inaccurate, please let us know.

We understand that when this document is sent to us for processing, we will perform one registry action:

In the Transform Type 1 - Encryption Algorithm Transform IDs registry under the heading "Internet Key Exchange Version 2 (IKEv2) Parameters," we will update the references for the following existing registrations to point to the latest version of this document:

  Number  Name                          ESP Reference  IKEv2 Reference
  ---------------------------------------------------------------------
    32    ENCR_KUZNYECHIK_MGM_KTREE      [RFCXXXX]      [RFCXXXX]
    33    ENCR_MAGMA_MGM_KTREE            [RFCXXXX]      [RFCXXXX]
    34    ENCR_KUZNYECHIK_MGM_MAC_KTREE  [RFCXXXX]      Not allowed
    35    ENCR_MAGMA_MGM_MAC_KTREE        [RFCXXXX]      Not allowed

Thank you,

Amanda Baber
IANA Operations Manager

draft-smyslov-esp-gost has been presented to the ISE for publication as
an Informational RFC on the Independent Stream.

==Purpose==

This document defines a set of encryption transforms for use in the
Encapsulating Security Payload (ESP) and in the Internet Key Exchange
version 2 (IKEv2) protocols.  The transforms are based on the GOST R
34.12-2015 block ciphers (which are named "Magma" and "Kuznyechik").

Thus, it forms one of a series of documents clarifying how to use the
Russian GOST algorithms with IETF protocols.

The document is presented to facilitate implementations that wish to
support the GOST algorithms.

== History==

This document has not seen any discussion in the IETF.

The document was first brought to the ISE in April 2021 at version -05.
Since then it has been revised several times to address review comments.

==Non-IETF Work==

The document contains a clear statement in the Abstract and Introduction
that no implication of IETF approval of the algorithms discussed should
be assumed.

==Security Considerations==

The whole document is about security. However, there is also a Security
Considerations section to call out specific issues with respect to the
use of the different algorithms.

==IANA==

IANA has already made assignments from the IKEv2 Transform Type 1
registry
https://www.iana.org/assignments/ikev2-parameters/ikev2-parameters.xhtml#ikev2-parameters-5
using this draft as the reference.

The registry is "Expert review" with the DEs being the author of this
document and Tero Kivinen.

On publication, IANA is requested to update the registry to point to
the resulting RFC.

==Discussion==

There has been some discussion about the advisability of 64 bit block
ciphers (because Magma is one such). The author points out that Magma is
in use as described in this document and saying "don't do that" will not
change what is out there.

However, after some debate we believe we have added some words
explaining that there are risks and pointing to NIST's work (for DES).
Furthermore, the document makes some clear statements of advice about
the use of Magma.

==Reviews==

As well as reviewing the document himself, the ISE commissioned reviews
from Russ Housley, Yaron Sheffer, and Stanislav Smyshlyaev.

The reviews caught a considerable number of issues of clarification and
led to a several updates to fully address the issues raised.

Details of the reviews can be retrieved on request.

draft-smyslov-esp-gost has been presented to the ISE for publication as
an Informational RFC on the Independent Stream.

==Purpose==

This document defines a set of encryption transforms for use in the
Encapsulating Security Payload (ESP) and in the Internet Key Exchange
version 2 (IKEv2) protocols.  The transforms are based on the GOST R
34.12-2015 block ciphers (which are named "Magma" and "Kuznyechik").

Thus, it forms one of a series of documents clarifying how to use the
Russian GOST algorithms with IETF protocols.

The document is presented to facilitate implementations that wish to
support the GOST algorithms.

== History==

This document has not seen any discussion in the IETF.

The document was first brought to the ISE in Apri 2021 at version -05.
Since then it has been revised several times to address review comments.

==Non-IETF Work==

The document contains a clear statement in the Abstract and Introduction
that no implication of IETF approval of the alorithms discussed should
be assumed.

==Security Considerations==

The whole document is about security. However, there is also a Security
Considerations section to call out specific issues with respect to the
use of the different algorithms.

==IANA==

IANA has already made assignments from the IKEv2 Transform Type 1
registry
https://www.iana.org/assignments/ikev2-parameters/ikev2-parameters.xhtml#ikev2-parameters-5
using this draft as the reference.

The registry is "Expert review" with the DEs being the author of this
document and Tero Kivinen.

On publication, IANA is requested to update the registry to point to
the resulting RFC.

==Discussion==

There has been some discussion about the advisability of 64 bit block
ciphers (because Magma is one such). The author points out that Magma is
in use as described in this document and saying "don't do that" will not
change what is out there.

However, after some debate we believe we have added some words
explaining that there are risks and pointing to NIST's work (for DES).
Furthermore, the document makes some clear statements of advice about
the use of Magma.

==Reviews==

As well as reviewing the document himself, the ISE commissioned reviews
from Russ Housley, Yaron Sheffer, and Stanislav Smyshlyaev.

The reviews caught a considerable number of issues of clarification and
led to a several updates to fully address the issues raised.

Details of the reviews can be retrieved on request.