The IESG has received a request from the IP Security Maintenance and Extensions WG (ipsecme) to consider the following document: - 'Signature Authentication in the Internet Key Exchange Version 2 (IKEv2) using PQC' <draft-ietf-ipsecme-ikev2-pqc-auth-09.txt> as Proposed Standard
The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the [email protected] mailing lists by 2026-07-31. Exceptionally, comments may be sent to [email protected] instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract Signature-based authentication methods are utilized in the Internet Key Exchange Version 2 (IKEv2). The current version of the IKEv2 protocol, specified in RFC 7296, supports traditional digital signatures. This document specifies a generic mechanism for integrating post- quantum cryptographic (PQC) digital signature algorithms into the IKEv2 protocol. The approach allows for seamless inclusion of any PQC signature scheme within the existing authentication framework of IKEv2. Additionally, it outlines how Module-Lattice-Based Digital Signatures (ML-DSA) and Stateless Hash-Based Digital Signatures (SLH- DSA), can be employed as authentication methods within the IKEv2 protocol, as they have been standardized by US NIST. The file can be obtained via https://datatracker.ietf.org/doc/draft-ietf-ipsecme-ikev2-pqc-auth/ No IPR declarations have been submitted directly on this I-D. _______________________________________________ IETF-Announce mailing list -- [email protected] To unsubscribe send an email to [email protected]
