Paul Wouters writes: > On Fri, 16 Feb 2018, Tero Kivinen wrote: > > > The IPsec suite of protocols includes IKEv1 (RFC 2409 and associated > > RFCs, IKEv1 is now obsoleted), IKEv2 (RFC 7296), and the IPsec > > security architecture (RFC 4301). IPsec is widely deployed in VPN > > gateways, VPN remote access clients, and as a substrate for > > host-to-host, host-to-network, and network-to-network security. > > Can we add "mesh" to this, eg: > > and as a substrate for host-to-host, host-to-network, > network-to-network and mesh security.
We could, but I think mesh is just host to host between lots of hosts pairs. I do not think we currently have anything that would really be directed for mesh security. > > Postquantum cryptography for IKEv2 (new) > > > > Postquantum Cryptography brings new key exchange methods. Most of > > these methods that are known to date have much larger public keys > > then conventional Diffie-Hellman public keys. Direct using these > > methods in IKEv2 might lead to a number of problems due to the > > increased size of initial IKEv2 messages. The working group will > > analyze the possible problems and develop a solution, that will > > make adding Postquantum key exchange methods more easy. The > > solution will allow post quantum key exchange to be performed in > > parallel with (or instead of) the existing Diffie-Hellman key > > exchange. > > I think "develop a solution" is a bit too strong here. We are developing solution to make adding postquantum key exchange methods easier. That does not necessarely mean we are solving the whole issue. > I think we are really "developing experiments to gain operational > experience" and in a latter stage "focus on providing a single > solution". Do you have proposed new text or actual changes for this item? -- [email protected] _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
