Hi Guilin, 1) Yes, it is the very fresh https://datatracker.ietf.org/doc/draft-kampanakis-ml-kem-ikev2 which has not been discussed in the WG yet and introduces ML-KEM (to be standardized by NIST in 2024) to IKEv2 by using RFC 9370. 2) No. https://datatracker.ietf.org/doc/draft-kampanakis-ml-kem-ikev2/ has TBD35 and TBD36 identifiers for ML-KEM-768 and ML-KEM-1024 as placeholders right now.
-----Original Message----- From: IPsec <[email protected]> On Behalf Of Wang Guilin Sent: Thursday, December 7, 2023 10:44 PM To: [email protected] Cc: Wang Guilin <[email protected]> Subject: [EXTERNAL] [IPsec] Supporting PQ-KEM algorithms for Multiple Key Exchanges in IKEv2 (RFC9370) CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe. Dear all, Newly published RFC 9370 describes how to extend IKEv2 to allow multiple key exchanges for IPSec. https://datatracker.ietf.org/doc/rfc9370/ Naturally, this is a very important step for the PQ migration of IKEv2 and IPSec. The documents also abstractly defines 6 PQ-KEM algorithms that can be used for the purpose above. Namely, +-- Transform ADDKE2 ( ID = PQ_KEM_1 ) | +-- Transform ADDKE2 ( ID = PQ_KEM_2 ) | +-- Transform ADDKE3 ( ID = PQ_KEM_1 ) | +-- Transform ADDKE3 ( ID = PQ_KEM_2 ) | +-- Transform ADDKE5 ( ID = PQ_KEM_3 ) | +-- Transform ADDKE5 ( ID = NONE ) My questions here are: 1) Is there any available standard draft that defines those PQ-KEM algorithms concretely? 2) Also, has any algorithm IDs have been reserved for future PQ-KEM due to cryptographic agility consideration? Best regards, Guilin _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
