> -----Original Message----- > From: Tero Kivinen [mailto:[email protected]] > Sent: Monday, October 31, 2016 11:20 AM > To: Michael Richardson > Cc: Scott Fluhrer (sfluhrer); IPsecme WG ([email protected]) > Subject: Re: [IPsec] FW: Quantum Resistance Requirements > > Michael Richardson writes: > > > - Authentication; if someone with a Quantum Computer can break the > DH > > > in real time, do we care if he can act as a man-in-the-middle? Scott > > > Fluhrer: not important Michael Richardson: important, provided that > we > > > don't run into the same issues that IKEv1 PSKs ran into Tommy Pauly: > > > not important Valery Smylsov: this would be nice to have Oscar > > > Garcia-Morchon: this would be nice to have > > > > I'm very concerned that we don't wind up with insecure Group PSKs as > > we had with IKEv1. > > As this document is written (or how I think it is written, as I have not yet > had > time to read the latest version), the PPK used to provide to quantum > resistance is not used in the authentication, there is still normal IKEv2 > authentication step using normal IKEv2 shared secret, or certificates. So even > if the people would be using group PPK, that would not allow similar issues > than what happend with IKEv1.
That is correct; we do not replace the existing privacy and authentication features; instead, we supplement them by adding the PPK; this PPK is designed to add Quantum Resistance; however at the worse (e.g. you use the 'MakeMeTastyGoat' PPK), you still have the privacy/authentication security found that IKE provides. _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
