Hi IPSECME,

We've published a new version of our draft specifying use of SHA-3 in IKEv2 and 
IPsec. The main change since the previous version is that we've removed support 
for HMAC-SHA2 at the WG's suggestion, so it now just specifies KMAC as PRF and 
integrity transforms, and SHA3/SHAKE for use in the Digital Signature 
authentication method.

Any comments or suggestions are welcome! Chairs, we'd like to request some time 
in Madrid to talk about this draft.

Thanks,
Ben, Adam, and Jonathan

-----Original Message-----
From: internet-dra...@ietf.org <internet-dra...@ietf.org>
Sent: 03 July 2025 09:47
To: Adam R <ada...@ncsc.gov.uk>; Adam R <ada...@ncsc.gov.uk>; Ben S3 
<ben...@ncsc.gov.uk>; Ben S3 <ben...@ncsc.gov.uk>; Jonathan C 
<jonatha...@ncsc.gov.uk>; Jonathan C <jonatha...@ncsc.gov.uk>
Subject: New Version Notification for draft-salter-ipsecme-sha3-01.txt

A new version of Internet-Draft draft-salter-ipsecme-sha3-01.txt has been 
successfully submitted by Ben S and posted to the IETF repository.

Name:     draft-salter-ipsecme-sha3
Revision: 01
Title:    Use of SHA-3 in the Internet Key Exchange Protocol Version 2 (IKEv2) 
and IPsec
Date:     2025-07-03
Group:    Individual Submission
Pages:    31
URL:      https://www.ietf.org/archive/id/draft-salter-ipsecme-sha3-01.txt
Status:   https://datatracker.ietf.org/doc/draft-salter-ipsecme-sha3/
HTMLized: https://datatracker.ietf.org/doc/html/draft-salter-ipsecme-sha3
Diff:     https://author-tools.ietf.org/iddiff?url2=draft-salter-ipsecme-sha3-01

Abstract:

   This document specifies the use of KMAC128 and KMAC256 within the
   Internet Key Exchange Version 2 (IKEv2), Encapsulating Security
   Payload (ESP), and Authentication Header (AH) protocols.  These
   algorithms can be used as integrity protection algorithms for ESP, AH
   and IKEv2, and as Pseudo-Random Functions (PRFs) for IKEv2.
   Requirements for supporting signature algorithms in IKEv2 that use
   SHA3-256, SHA3-384, SHA3-512, SHAKE128 and SHAKE256 are also
   specified.



The IETF Secretariat


_______________________________________________
IPsec mailing list -- ipsec@ietf.org
To unsubscribe send an email to ipsec-le...@ietf.org

Reply via email to