Introducing quantum computer resistance in IKEv2 helps to avoid the 
implications of having sec admins that want to have quantum computer resistance 
revert back to IKEv1 with shared secrets. The draft adds quantum resistance 
using todays infrastructure. The qkd draft introduced a way to add quantum 
resistance, but it came with many different challenges of how practical it is 
and how costly it would be to introduce a QKD network. Instead, 
draft-fluhrer-qr-ikev2 uses a more practical approach that could be implemented 
and employed easily. Scott almost has a working PoC ready, I believe. There are 
details that need to be hashed out in the group, like what to do with identity 
hiding, but the draft is practical and can be introduced quickly and in a 
backwards compatible way to IKEv2.
 
Panos


-----Original Message-----
From: IPsec [mailto:[email protected]] On Behalf Of Paul Wouters
Sent: Wednesday, June 22, 2016 3:33 PM
To: Waltermire, David A. (Fed) <[email protected]>
Cc: IPsecME WG <[email protected]>
Subject: Re: [IPsec] Call for adoption on draft-fluhrer-qr-ikev2 as an IPSecME 
WG document

On Wed, 22 Jun 2016, Waltermire, David A. (Fed) wrote:

> At IETF 95 the chairs took an action to issue a call for adoption on 
> draft-fluhrer-qr-ikev2-01 based on WG interest in the concept described by 
> the draft. This call is long overdue.
>
> This is the official call for adoption of 
> https://datatracker.ietf.org/doc/draft-fluhrer-qr-ikev2/ as an IPSecME 
> working group (WG) document.

I still don't know if we should adopt this document or

https://tools.ietf.org/html/draft-nagayama-ipsecme-ipsec-with-qkd-01

The qkd document was rejected for adoption at the time for lack of interest.

I would like to better understand why draft-fluhrer-qr-ikev2 would be prefered 
over draft-nagayama-ipsecme-ipsec-with-qkd.

Paul

_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec

_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec

Reply via email to