Scott Fluhrer (sfluhrer) <[email protected]> wrote:
>> Michael Richardson writes: > > - Authentication; if someone with a
>> Quantum Computer can break the DH > > in real time, do we care if he
>> can act as a man-in-the-middle? Scott > > Fluhrer: not important
>> Michael Richardson: important, provided that we > > don't run into the
>> same issues that IKEv1 PSKs ran into Tommy Pauly: > > not important
>> Valery Smylsov: this would be nice to have Oscar > > Garcia-Morchon:
>> this would be nice to have
>> >
>> > I'm very concerned that we don't wind up with insecure Group PSKs as
>> > we had with IKEv1.
>>
>> As this document is written (or how I think it is written, as I have
>> not yet had time to read the latest version), the PPK used to provide
>> to quantum resistance is not used in the authentication, there is
>> still normal IKEv2 authentication step using normal IKEv2 shared
>> secret, or certificates. So even if the people would be using group
>> PPK, that would not allow similar issues than what happend with IKEv1.
> That is correct; we do not replace the existing privacy and
> authentication features; instead, we supplement them by adding the PPK;
> this PPK is designed to add Quantum Resistance; however at the worse
> (e.g. you use the 'MakeMeTastyGoat' PPK), you still have the
> privacy/authentication security found that IKE provides.
Thank you for this clarification.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | network architect [
] [email protected] http://www.sandelman.ca/ | ruby on rails [
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
