Valery Smyslov writes: > It is not clear for me (and I raised this concern in Prague) why do > you use QSKE as an additional Key Exchange mechanism instead of > replacing DH KE with it? We’ve been being told by cryptographers > that conventional public key cryptography won’t provide security in > presence of QC, so why bother with it?
For me the main reason is that we have been told that current protocol used in IKE is safe, and if we do not break it (i.e., remove it), but instead just add some more random data to SKEYSEED, I think it should be quite easy to proove that this new construct is also safe. I.e., us adding PPK/QSKE etc stuff to our calculations will not weaken the security of the IKEv2. > The only reason that comes to my mind is that you don’t fully trust > QSKE. Are there any other reasons? I think that is one of the main reasons. Especially as we do not know which QSKE we are talking about. -- kivi...@iki.fi _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec