On Mon, 4 Jul 2016, Valery Smyslov wrote:
> Isn't this kinda off-topic for the thread? I though we were first
> considering "create an IKEv2 extension that mixes in the PSK" as the
> simplest way to get around the "go back to IKEv1" guidance.
So that was not entire clear to me from the title, but it seems you are
right.
Perhaps we can change the title from:
Postquantum Preshared Keys for IKEv2
to:
Postquantum protection for IKEv2 Preshared Keys SA's
That's incorrect title. The original title is correct.
The draft provides postquantum protection to any SA, regardless
of the authentication methods used. In other words, PPKs (as specified in the
draft)
don't replace preshred keys authentication in IKEv2, they augment
any authentication method to provide postquantum security.
The original title to me reads like a "new feature" instead of like a
"fix for old feature".
But then PaulH is wrong and this draft is a lot more then fixing just
IKEv2 PSK for postquantum.
Paul
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
