> -----Original Message----- > From: IPsec [mailto:[email protected]] On Behalf Of Tommy Pauly > Sent: Wednesday, July 20, 2016 12:25 PM > To: Valery Smyslov > Cc: [email protected]; Tero Kivinen > Subject: Re: [IPsec] New charter proposal > > > > On Jul 20, 2016, at 5:12 PM, Valery Smyslov <[email protected]> wrote: > > > > Hi, > >> - Add Quantum Resistance for IKEv2 as new work item with milestone as > >> Feb 2017 for IETF LC. > > > > This milestone looks a bit optimistic for me. Otherwise the updated chapter > looks good. > > The issue seems fairly urgent in people’s minds right now, and the initial > goal > was expressed to be a fairly minimal level of changes to get basic QR > properties (add support for a PPK to protect ESP traffic). The goal is > optimistic, but hopefully achievable!
How quickly achievable it is would depend on the requirements that the WG agrees upon. If we assume minimal requirements (such as "we need to protect only IPsec traffic from a QC" and "a static shared secret (PPK) is sufficient"), then it's straightforward (the current draft is overkill for those requirements; IIRC, Tero outlined one such solution a while back). If we insist on maximal requirements (such as "we need complete anonymity, even if the attacker has a QC", and "we need a complete PPK management solution"), well, Feb 2017 would be a bit on the optimistic side. > There will probably be more ongoing QR > work after that time. I would certainly hope so; the current work assumes that there is some out-of-band quantum resistant mechanism for distributing (possibly static) secrets to the IKE endpoints; that's an acceptable solution in some situations, but not in others. Eventually, we'll need a replacement that'll work everywhere; it's just that currently the crypto technology isn’t there quite yet (as McEliece has impractically large public keys, NTRU isn't universally trusted, and everything else is too new to bet the farm on...) > > Tommy > > > > > Regards, > > Valery. > > > > _______________________________________________ > > IPsec mailing list > > [email protected] > > https://www.ietf.org/mailman/listinfo/ipsec > > _______________________________________________ > IPsec mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/ipsec _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
