>>> The only reason that comes to my mind is that you don’t fully trust
>>> QSKE. Are there any other reasons?
>>I think that is one of the main reasons. Especially as we do not know
>>which QSKE we are talking about.
Another reason for not removing KE is potentially due to FIPS requirement.
According to NIST
(http://csrc.nist.gov/groups/ST/post-quantum-crypto/faq.html#Q1), if we have a
hybrid key exchange, i.e. KE + post-quantum KE, the KE part can still go
through FIPS validation and can still be FIPS-certified (until FIPS covers
While draft-00 makes some references to a few post-quantum algorithms, we think
one should think of the draft as providing a framework on how to exchange
post-quantum blobs. We are currently updating the draft to remove references to
these algorithms in the main text.
It’s best to let standardization bodies to come up with standards for
IPsec mailing list