Hi, this version addresses comments received during IESG evaluation of the draft.
Regards, Valery. > -----Original Message----- > From: [email protected] <[email protected]> > Sent: Friday, May 23, 2025 11:42 AM > To: [email protected] > Cc: [email protected] > Subject: [IPsec] I-D Action: draft-ietf-ipsecme-ikev2-qr-alt-09.txt > > Internet-Draft draft-ietf-ipsecme-ikev2-qr-alt-09.txt is now available. It is > a work item of the IP Security Maintenance and Extensions (IPSECME) WG of the > IETF. > > Title: Mixing Preshared Keys in the IKE_INTERMEDIATE and in the > CREATE_CHILD_SA Exchanges of IKEv2 for Post-quantum Security > Author: Valery Smyslov > Name: draft-ietf-ipsecme-ikev2-qr-alt-09.txt > Pages: 14 > Dates: 2025-05-23 > > Abstract: > > An Internet Key Exchange protocol version 2 (IKEv2) extension defined > in RFC8784 allows IPsec traffic to be protected against someone > storing VPN communications today and decrypting them later, when (and > if) a Cryptographically Relevant Quantum Computer (CRQC) is > available. The protection is achieved by means of a Post-quantum > Preshared Key (PPK) which is mixed into the session keys calculation. > However, this protection does not cover an initial IKEv2 Security > Association (SA), which might be unacceptable in some scenarios. > This specification defines an alternative way to provide protection > against quantum computers, which is similar to the solution defined > in RFC8784, but also protects the initial IKEv2 SA. > > RFC8784 assumes that PPKs are static and thus they are only used when > an initial IKEv2 SA is created. If a fresh PPK is available before > the IKE SA expired, then the only way to use it is to delete the > current IKE SA and create a new one from scratch, which is > inefficient. This specification defines a way to use PPKs in active > IKEv2 SAs for creating additional IPsec SAs and rekey operations. > > The IETF datatracker status page for this Internet-Draft is: > https://datatracker.ietf.org/doc/draft-ietf-ipsecme-ikev2-qr-alt/ > > There is also an HTMLized version available at: > https://datatracker.ietf.org/doc/html/draft-ietf-ipsecme-ikev2-qr-alt-09 > > A diff from the previous version is available at: > https://author-tools.ietf.org/iddiff?url2=draft-ietf-ipsecme-ikev2-qr-alt-09 > > Internet-Drafts are also available by rsync at: > rsync.ietf.org::internet-drafts > > > _______________________________________________ > IPsec mailing list -- [email protected] > To unsubscribe send an email to [email protected] _______________________________________________ IPsec mailing list -- [email protected] To unsubscribe send an email to [email protected]
