Dear Panos, Thanks a lot for the info about the two documents, which are really helpful.
They took some time for me to understand the contents. In particular, I once thought that ADDKE1 to ADDKE7 are for 7 PQC algorithms, or 7 categories of PQC algorithms. But, they are actually up to 7 layers of algorithms. This seems a simple and effective way to express the initiator's requirements and collect the responder's selection. Also, up to 7 layers should be enough for practical applications. Best regards, Guilin ________________________________ Wang Guilin Mobile: +65-86920345 Email: [email protected] From:Kampanakis, Panos <[email protected]> To:Wang Guilin <[email protected]>;ipsec <[email protected]> Cc:Wang Guilin <[email protected]> Date:2023-12-09 00:40:26 Subject:RE: [IPsec] Supporting PQ-KEM algorithms for Multiple Key Exchanges in IKEv2 (RFC9370) Hi Guilin, 1) Yes, it is the very fresh https://datatracker.ietf.org/doc/draft-kampanakis-ml-kem-ikev2 which has not been discussed in the WG yet and introduces ML-KEM (to be standardized by NIST in 2024) to IKEv2 by using RFC 9370. 2) No. https://datatracker.ietf.org/doc/draft-kampanakis-ml-kem-ikev2/ has TBD35 and TBD36 identifiers for ML-KEM-768 and ML-KEM-1024 as placeholders right now. -----Original Message----- From: IPsec <[email protected]> On Behalf Of Wang Guilin Sent: Thursday, December 7, 2023 10:44 PM To: [email protected] Cc: Wang Guilin <[email protected]> Subject: [EXTERNAL] [IPsec] Supporting PQ-KEM algorithms for Multiple Key Exchanges in IKEv2 (RFC9370) CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe. Dear all, Newly published RFC 9370 describes how to extend IKEv2 to allow multiple key exchanges for IPSec. https://datatracker.ietf.org/doc/rfc9370/ Naturally, this is a very important step for the PQ migration of IKEv2 and IPSec. The documents also abstractly defines 6 PQ-KEM algorithms that can be used for the purpose above. Namely, +-- Transform ADDKE2 ( ID = PQ_KEM_1 ) | +-- Transform ADDKE2 ( ID = PQ_KEM_2 ) | +-- Transform ADDKE3 ( ID = PQ_KEM_1 ) | +-- Transform ADDKE3 ( ID = PQ_KEM_2 ) | +-- Transform ADDKE5 ( ID = PQ_KEM_3 ) | +-- Transform ADDKE5 ( ID = NONE ) My questions here are: 1) Is there any available standard draft that defines those PQ-KEM algorithms concretely? 2) Also, has any algorithm IDs have been reserved for future PQ-KEM due to cryptographic agility consideration? Best regards, Guilin _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
_______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
