Hi all, Following the last IETF meeting, we would like to take the following direction for our draft:
1. Negotiation: use KE payload as described in draft-tjhai-ipsecme-hybrid-qske-ikev2-01. The main reason is backward compatibility. Not all IKEv2 implementations out there are RFC7296-compliant, while it is theoretically possible to upgrade them, but we cannot guarantee that all of them would be upgraded. With the approach described in draft-tjhai-ipsecme-hybrid-qske-ikev2-01, there won't be any issues with backward compatibility. 2. There appeared to be a consensus in using an intermediary stage, i.e. IKE_AUX, to transport the post-quantum key exchange payload. 3. There was also a suggestion in using a new payload type, e.g. PQKE or QSKE, to carry the post-quantum key exchange payload. What do people of think of this approach? Thanks, CJ _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
