>>> The only reason that comes to my mind is that you don’t fully trust
    >>> QSKE. Are there any other reasons?
    >>I think that is one of the main reasons. Especially as we do not know
    >>which QSKE we are talking about.

Another reason for not removing KE is potentially due to FIPS requirement. 
According to NIST 
(http://csrc.nist.gov/groups/ST/post-quantum-crypto/faq.html#Q1), if we have a 
hybrid key exchange, i.e. KE + post-quantum KE, the KE part can still go 
through FIPS validation and can still be FIPS-certified (until FIPS covers 
post-quantum algorithms).

While draft-00 makes some references to a few post-quantum algorithms, we think 
one should think of the draft as providing a framework on how to exchange 
post-quantum blobs. We are currently updating the draft to remove references to 
these algorithms in the main text.

It’s best to let standardization bodies to come up with standards for 
post-quantum algorithms.

IPsec mailing list

Reply via email to