On 05/08/16 15:54, Scott Fluhrer (sfluhrer) wrote:
-----Original Message----- From: IPsec
[mailto:[email protected]] On Behalf Of Yaron Sheffer Sent:
Friday, August 05, 2016 3:49 AM To: [email protected] Subject: [IPsec]
Fwd: I-D Action: draft-fluhrer-qr-ikev2-02.txt
Scott et al.,
It's not great to include a list of algorithms in a particular
document, because it will quickly grow stale. I suggest to add
something like:
The preference of specific algorithms in IKE will likely change
over time. Please consult [rfc4307bis] or its follow-on document
for guidance on which algorithms are preferred and which need to be
avoided.
The point of listing algorithms here is to list which ones are
Quantum Safe, and which are not, as that may not be obvious to an
implementor. Pointing them to 4307bis isn't helpful, as it doesn't
mention which ones are Quantum Safe.
My point was that nominally QR-resistant algorithms might still get
broken and be deprecated in 4307bis or maybe the next "bis". I guess my
proposed text didn't make the point clearly enough.
Now, this draft is still fairly early (pending the discussion of
requirements); it is quite unlikely that it will be accepted as-is.
I agree that this might not be the ultimate right spot for it; we
might (say) amend 4307bis to explicitly state which algorithm is QR
or not (and also state that any RFC that defines future algorithms
will include their expected Quantum Resistance in the security
considerations). However, until we have a landing spot for such
information, I can't think of any place better than this draft.
The trick to that is to add a new column to the IANA table
https://www.iana.org/assignments/ikev2-parameters/ikev2-parameters.xhtml#ikev2-parameters-5
Thanks, Yaron
-------- Forwarded Message -------- Subject: [IPsec] I-D Action:
draft-fluhrer-qr-ikev2-02.txt Date: Thu, 04 Aug 2016 20:45:43
-0700 From: [email protected] To: [email protected] CC:
[email protected]
A New Internet-Draft is available from the on-line Internet-Drafts
directories. This draft is a work item of the IP Security
Maintenance and Extensions of the IETF.
Title : Postquantum Preshared Keys for IKEv2 Authors
: Scott Fluhrer David McGrew Panos Kampanakis Filename :
draft-fluhrer-qr-ikev2-02.txt Pages : 12 Date
: 2016-08-04
Abstract: This document describes an extension of IKEv2 to allow it
to be resistant to a Quantum Computer, by using preshared keys
The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-fluhrer-qr-ikev2/
There's also a htmlized version available at:
https://tools.ietf.org/html/draft-fluhrer-qr-ikev2-02
A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-fluhrer-qr-ikev2-02
Please note that it may take a couple of minutes from the time of
submission until the htmlized version and diff are available at
tools.ietf.org.
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
_______________________________________________ IPsec mailing list
[email protected] https://www.ietf.org/mailman/listinfo/ipsec
_______________________________________________ IPsec mailing list
[email protected] https://www.ietf.org/mailman/listinfo/ipsec
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
