Dear all,
Newly published RFC 9370 describes how to extend IKEv2 to allow multiple key
exchanges for IPSec. https://datatracker.ietf.org/doc/rfc9370/
Naturally, this is a very important step for the PQ migration of IKEv2 and
IPSec.
The documents also abstractly defines 6 PQ-KEM algorithms that can be used for
the purpose above. Namely,
+-- Transform ADDKE2 ( ID = PQ_KEM_1 )
|
+-- Transform ADDKE2 ( ID = PQ_KEM_2 )
|
+-- Transform ADDKE3 ( ID = PQ_KEM_1 )
|
+-- Transform ADDKE3 ( ID = PQ_KEM_2 )
|
+-- Transform ADDKE5 ( ID = PQ_KEM_3 )
|
+-- Transform ADDKE5 ( ID = NONE )
My questions here are:
1) Is there any available standard draft that defines those PQ-KEM algorithms
concretely?
2) Also, has any algorithm IDs have been reserved for future PQ-KEM due to
cryptographic agility consideration?
Best regards,
Guilin
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
