Hi, Mark > On 3 Jul 2016, at 9:08 PM, Mark McFadden <[email protected]> wrote:
<snip /> > 3) The Internet Draft Currently under consideration is not the best starting > point as it assumes that post-quantum pre-shared keys are the preferred > solution for quantum resistance. This is not obviously the case; there are a > number of drawbacks with the suggested system: I think this misstates the problem that the draft is trying to solve. The draft is not a solution to the problem of authenticating peers in a world where adversaries have quantum computers. The draft is a solution to the problem of authenticating peers *using pre-shared keys* in such a world. There may be different solutions for authenticating peers with other credentials. In general, someone deploying an IKE/IPsec solution can choose what credentials to deploy. So the system administrator for the Elbonian foreign office may decide to deploy NTRU keys to each embassy. Or ECDSA keys. Or pre-shared secrets. Or short passwords. As implementers, we don’t get to decide this. Our implementations are required to support whatever credentials the users either already have or wish to deploy. If quantum resistance becomes a requirement, implementers like me will need to support pre-shared keys in a quantum safe way, and it is up to this working group to provide a method of doing just that. Of course, I as an implementer may decide that I don’t want to solve this because maybe I think quantum resistance is not an important requirement, or because I don’t believe people are actually using pre-shared keys. Similarly, the WG may decide that solving the quantum resistant PSK method is not important enough to work on. Or that this particular solution to this problem is not the right one. However, with my vendor hat on, I know that PSKs are used extensively (and nobody’s asking me whether this is a good idea or not), and I have heard that some users are beginning to ask questions about quantum resistance.So I believe that there is a problem to solve here. Yoav _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
