Tero Kivinen writes: > Thom Wiggers writes: > > Hi all, > > > > I was going through the security considerations of RFC 8784 and I > > saw the following:
Ups, the RFC 8784 was the Mixing Preshared keys in the IKEv2, not the algorithm implementation requirements for ESP and AH (RFC8221) or for IKEv2 (RFC8247), which I assummed it to be. Thats why it is very bad idea to only include RFC number, it is always better to refer documents with their titles, and include RFC number only as extra information... Anyways for that yes, submitting errata is fine. > > […] > > > > In addition, the policy SHOULD be set to negotiate only > > quantum-secure symmetric algorithms; while this RFC doesn't claim to > > give advice as to what algorithms are secure (as that may change > > based on future cryptographical results), below is a list of defined > > IKEv2 and IPsec algorithms that should not be used, as they are > > known to provide less than 128 bits of post-quantum security: > > > > • Any IKEv2 encryption algorithm, PRF, or integrity algorithm with > > a key size less than 256 bits. > > • Any ESP transform with a key size less than 256 bits. > > • PRF_AES128_XCBC and PRF_AES128_CBC: even though they can use as > > input a key of arbitrary size, such input keys > > are converted into a 128-bit key for internal use. > > > > […] > > > > By our now more nuanced understanding of Grover’s algorithm (in > > particular how expensive and poorly parallelizable it is), this > > recommendation is entirely no longer necessary. For example, NIST > > also write that using 128-bit keys is just fine. > > I agree. The text in RFC was the current understanding while the > document was published. > > > I’m just not sure if this warrants submitting an erratum. Should I > > submit one? > > No need. We are already planning to update the RFC soon, mostly after > we have finished enough the post quantum algorithm work, that we can > add them to the document, so when we are doing that we can update this > section to match current understanding of the Grover's algorithm (and > include some proper references to it). > -- > [email protected] > > _______________________________________________ > IPsec mailing list -- [email protected] > To unsubscribe send an email to [email protected] -- [email protected] _______________________________________________ IPsec mailing list -- [email protected] To unsubscribe send an email to [email protected]
