> On Jun 30, 2016, at 6:17 PM, Paul Wouters <[email protected]> wrote:
>
> On Thu, 30 Jun 2016, Rodney Van Meter wrote:
>
>> Neither Shota nor I have sat down and reviewed this in detail, so I can’t
>> really comment yet, but I’m happy to support whatever results in the best
>> standard, whether it’s starting from
>> fluhrer or from
>> https://tools.ietf.org/html/draft-nagayama-ipsecme-ipsec-with-qkd-01
>>
>
> Good.
Sounds like agreement that we should work on _something_.
>
>
>> One of the biggest technical issues, and one that hit us, was what to do
>> when the key generation channel is disrupted. We proposed a set of fallback
>> options in that draft, which
>> generated significant controversy.
>
> I think those should not be in the document itself. It could be in a
> separate document.
Could be.
>
>> I *don’t* think it’s yet appropriate to work on one-time pad, as I think
>> that results in more complex changes to IPsec than is reasonable to bite off.
>
> But onetime pads is how implementations without access to quantum
> computers would want to test their implementation.
Not sure we’re talking about the same thing here, might be that I’m sloppy in
writing or reading.
Our I-D and Fluhrer both are talking about changes to IKEv2. I’m happy to see a
one-time-use stream of such key material; that’s effectively our goal with any
OOB keying mechanism. I’m not in favor of attempting to change the IPsec bulk
data encryption protocol to use these OOB keys as a OTP. I think it’s too much
to standardize, implement and test. Of course, I’m not the one who will be
doing the bulk of the work, so if there’s somebody willing to take it on, I
won’t stand in their way. It certainly is a useful long-term goal for the
evolution of they keying, IMO.
—Rod
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
