They don't mention IKEv2. I don't know IKEv2 well enough to know whether there are any symmetric PSK authentication schemes, but if not, perhaps there should be. The point they're making is that the ECC-based authentication methods become insecure when quantum computers of sufficient power become available, and in light of recent progress in the field the indications are that they will become available in a reasonably short timeframe. (And they should know that timeframe better than just about anybody else.) I view this as an indication that they believe there may be viable QCs of that capability in the five to ten years timeframe.
Mike -----Original Message----- From: IPsec [mailto:[email protected]] On Behalf Of Michael Richardson Sent: Wednesday, August 19, 2015 13:17 To: Dan Harkins <[email protected]> Cc: IPsecME WG <[email protected]> Subject: Re: [IPsec] PSK mode Dan Harkins <[email protected]> wrote: > https://www.nsa.gov/ia/programs/suiteb_cryptography/index.shtml > "CSfC deployments involving an IKE/IPsec layer may use RFC > 2409-conformant implementations of the IKE standard (IKEv1) > together with large, high-entropy, pre-shared keys and the > AES-256 encryption algorithm. RFC 2409 is the only version > of the IKE standard that leverages symmetric pre-shared keys > in a manner that may achieve quantum resistant confidentiality." So, all of IKEv2 is out, according to them? Or they just didn't consider it yet? -- Michael Richardson <[email protected]>, Sandelman Software Works -= IPv6 IoT consulting =- _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
