This draft incorporates some minor text fixes, nits, small updates and PPK_SUPPORT notification is changed to USE_PPK to better reflect its purpose.
It also includes two more important changes - Clarified using PPK in case of EAP authentication. It follow the same rational as IKE_AUTH in the last version of the draft. - prf is replaced with prf+ for the SK_d and SK_pi/r calculations. That is done to accommodate potential user cases where the prf output size is not equal to the preferred key size. We think this draft is ready for LC, after the two above changes are reviewed. Panos -----Original Message----- From: IPsec [mailto:[email protected]] On Behalf Of [email protected] Sent: Thursday, December 21, 2017 11:00 AM To: [email protected] Cc: [email protected] Subject: [IPsec] I-D Action: draft-ietf-ipsecme-qr-ikev2-01.txt A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the IP Security Maintenance and Extensions WG of the IETF. Title : Postquantum Preshared Keys for IKEv2 Authors : Scott Fluhrer David McGrew Panos Kampanakis Valery Smyslov Filename : draft-ietf-ipsecme-qr-ikev2-01.txt Pages : 18 Date : 2017-12-21 Abstract: The possibility of Quantum Computers pose a serious challenge to cryptography algorithms deployed widely today. IKEv2 is one example of a cryptosystem that could be broken; someone storing VPN communications today could decrypt them at a later time when a Quantum Computer is available. It is anticipated that IKEv2 will be extended to support quantum secure key exchange algorithms; however that is not likely to happen in the near term. To address this problem before then, this document describes an extension of IKEv2 to allow it to be resistant to a Quantum Computer, by using preshared keys. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-ipsecme-qr-ikev2/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-ipsecme-qr-ikev2-01 https://datatracker.ietf.org/doc/html/draft-ietf-ipsecme-qr-ikev2-01 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-ipsecme-qr-ikev2-01 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
