Hi IPSECME, We've published a new version of our draft specifying use of SHA-3 in IKEv2 and IPsec. The main change since the previous version is that we've removed support for HMAC-SHA2 at the WG's suggestion, so it now just specifies KMAC as PRF and integrity transforms, and SHA3/SHAKE for use in the Digital Signature authentication method.
Any comments or suggestions are welcome! Chairs, we'd like to request some time in Madrid to talk about this draft. Thanks, Ben, Adam, and Jonathan -----Original Message----- From: internet-dra...@ietf.org <internet-dra...@ietf.org> Sent: 03 July 2025 09:47 To: Adam R <ada...@ncsc.gov.uk>; Adam R <ada...@ncsc.gov.uk>; Ben S3 <ben...@ncsc.gov.uk>; Ben S3 <ben...@ncsc.gov.uk>; Jonathan C <jonatha...@ncsc.gov.uk>; Jonathan C <jonatha...@ncsc.gov.uk> Subject: New Version Notification for draft-salter-ipsecme-sha3-01.txt A new version of Internet-Draft draft-salter-ipsecme-sha3-01.txt has been successfully submitted by Ben S and posted to the IETF repository. Name: draft-salter-ipsecme-sha3 Revision: 01 Title: Use of SHA-3 in the Internet Key Exchange Protocol Version 2 (IKEv2) and IPsec Date: 2025-07-03 Group: Individual Submission Pages: 31 URL: https://www.ietf.org/archive/id/draft-salter-ipsecme-sha3-01.txt Status: https://datatracker.ietf.org/doc/draft-salter-ipsecme-sha3/ HTMLized: https://datatracker.ietf.org/doc/html/draft-salter-ipsecme-sha3 Diff: https://author-tools.ietf.org/iddiff?url2=draft-salter-ipsecme-sha3-01 Abstract: This document specifies the use of KMAC128 and KMAC256 within the Internet Key Exchange Version 2 (IKEv2), Encapsulating Security Payload (ESP), and Authentication Header (AH) protocols. These algorithms can be used as integrity protection algorithms for ESP, AH and IKEv2, and as Pseudo-Random Functions (PRFs) for IKEv2. Requirements for supporting signature algorithms in IKEv2 that use SHA3-256, SHA3-384, SHA3-512, SHAKE128 and SHAKE256 are also specified. The IETF Secretariat _______________________________________________ IPsec mailing list -- ipsec@ietf.org To unsubscribe send an email to ipsec-le...@ietf.org
