Hi, I've posted a new version of "Postquantum Preshared Keys for IKEv2" draft.
This version addresses issues raised by AD review of the draft: https://mailarchive.ietf.org/arch/msg/ipsec/G1yO6oGFtfr-1EMjkT5cprDyMuU We believe that all the issues are resolved. One note regarding the following issue (as its resolution wasn't discussed on the list): > Section 5.2.1 > > I'm kind of confused by the PSKC reference, especially the implication > ("algorithm ("Algorithm=urn:ietf:params:xml:ns:keyprov:pskc:pin") as the > PIN") that a fixed string is to be used as a PIN. (I also think it's > better to discuss what it does as "key transport" than "key exchange", > noting that the latter string does not appear in RFC 6030.) I slightly changed the text, so that the text suggests to re-use "PIN" profile defined in Section 10.2 of RFC6030 with no implication of any fixed PIN. I believe it was the original intent. Regards, Valery. > -----Original Message----- > From: IPsec [mailto:[email protected]] On Behalf Of > [email protected] > Sent: Wednesday, November 27, 2019 11:40 AM > To: [email protected] > Cc: [email protected] > Subject: [IPsec] I-D Action: draft-ietf-ipsecme-qr-ikev2-09.txt > > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the IP Security Maintenance and Extensions WG of > the IETF. > > Title : Postquantum Preshared Keys for IKEv2 > Authors : Scott Fluhrer > David McGrew > Panos Kampanakis > Valery Smyslov > Filename : draft-ietf-ipsecme-qr-ikev2-09.txt > Pages : 19 > Date : 2019-11-27 > > Abstract: > The possibility of Quantum Computers poses a serious challenge to > cryptographic algorithms deployed widely today. IKEv2 is one example > of a cryptosystem that could be broken; someone storing VPN > communications today could decrypt them at a later time when a > Quantum Computer is available. It is anticipated that IKEv2 will be > extended to support quantum-secure key exchange algorithms; however > that is not likely to happen in the near term. To address this > problem before then, this document describes an extension of IKEv2 to > allow it to be resistant to a Quantum Computer, by using preshared > keys. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-ipsecme-qr-ikev2/ > > There are also htmlized versions available at: > https://tools.ietf.org/html/draft-ietf-ipsecme-qr-ikev2-09 > https://datatracker.ietf.org/doc/html/draft-ietf-ipsecme-qr-ikev2-09 > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-ietf-ipsecme-qr-ikev2-09 > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > _______________________________________________ > IPsec mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/ipsec _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
