On Fri, 16 Feb 2018, Tero Kivinen wrote:
The IPsec suite of protocols includes IKEv1 (RFC 2409 and associated
RFCs, IKEv1 is now obsoleted), IKEv2 (RFC 7296), and the IPsec
security architecture (RFC 4301). IPsec is widely deployed in VPN
gateways, VPN remote access clients, and as a substrate for
host-to-host, host-to-network, and network-to-network security.
Can we add "mesh" to this, eg:
and as a substrate for host-to-host, host-to-network,
network-to-network and mesh security.
Postquantum cryptography for IKEv2 (new)
Postquantum Cryptography brings new key exchange methods. Most of
these methods that are known to date have much larger public keys
then conventional Diffie-Hellman public keys. Direct using these
methods in IKEv2 might lead to a number of problems due to the
increased size of initial IKEv2 messages. The working group will
analyze the possible problems and develop a solution, that will
make adding Postquantum key exchange methods more easy. The
solution will allow post quantum key exchange to be performed in
parallel with (or instead of) the existing Diffie-Hellman key
exchange.
I think "develop a solution" is a bit too strong here. I think we are
really "developing experiments to gain operational experience" and in
a latter stage "focus on providing a single solution".
I'm fine with all other charter items listed.
Paul
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
