Re: [IPsec] Call for adoption on draft-fluhrer-qr-ikev2 as an IPSecME WG document

Hi, Not necessary. In particular, the current draft allows to detect OOB key mismatch and to act gracefully in this situation. And I don't think it is far too complicated. Current draft does, but there has been other proposals which did not. The current draft is also very costly and allows

Re: [IPsec] Call for adoption on draft-fluhrer-qr-ikev2 as an IPSecME WG document

[chair hat off] Valery Smyslov writes: > I think it is a bit early to discuss particular approaches, > before the WG makes a decision to adopt the document. Yes and no. It is too early to think about actual protocol decisions, but we need to know whether current draft is suitable for protocol

Re: [IPsec] Call for adoption on draft-fluhrer-qr-ikev2 as an IPSecME WG document

Hi, just to reiterate my position in light of this questionnaire: This has been a good discussion so far. There is work to be done to address the issues raised. Getting back to the call for adoption, I'd like to see feedback on the following questions to better understand where consensus is

Re: [IPsec] Call for adoption on draft-fluhrer-qr-ikev2 as an IPSecME WG document

Hi Tero, I think it is a bit early to discuss particular approaches, before the WG makes a decision to adopt the document. However, just for the record (see below). Earlier I have proposed very simple method where the IKE_SA_INIT contains just some kind of notification messages identifying

Re: [IPsec] Call for adoption on draft-fluhrer-qr-ikev2 as an IPSecME WG document

[This replies to emails other people also sent to list, but I just picked the last email to list some points, and I am talking here as an implementor not as a chair]. David McGrew writes: > Yes; that draft is a good starting point. The goal should be to > develop an RFC that updates RFC 7383 and

Re: [IPsec] Call for adoption on draft-fluhrer-qr-ikev2 as an IPSecME WG document

Hi Dave, > On Jun 28, 2016, at 2:12 PM, Waltermire, David A. (Fed) > wrote: > > This has been a good discussion so far. There is work to be done to address > the issues raised. > > Getting back to the call for adoption, I'd like to see feedback on the > following

Re: [IPsec] Call for adoption on draft-fluhrer-qr-ikev2 as an IPSecME WG document

Could multiple identifier aliases be used to provide different ids for the same key? This could help preserve anonymity until all id aliases are exhausted. By providing enough aliases, the same key can be reused multiple times until the aliases run out. Dave

Re: [IPsec] Call for adoption on draft-fluhrer-qr-ikev2 as an IPSecME WG document

On Thu, 30 Jun 2016, Rodney Van Meter wrote: I think it’s pretty clear that a mechanism for using keys created in some out-of-band fashion for keying symmetric encryption methods, such as AES, is valuable. Yes. Neither Shota nor I have sat down and reviewed this in detail, so I can’t

Re: [IPsec] Call for adoption on draft-fluhrer-qr-ikev2 as an IPSecME WG document

> On Jun 29, 2016, at 3:12 AM, Waltermire, David A. (Fed) > wrote: > > This has been a good discussion so far. There is work to be done to address > the issues raised. > > Getting back to the call for adoption, I'd like to see feedback on the > following questions

Re: [IPsec] Call for adoption on draft-fluhrer-qr-ikev2 as an IPSecME WG document

This has been a good discussion so far. There is work to be done to address the issues raised. Getting back to the call for adoption, I'd like to see feedback on the following questions to better understand where consensus is on this issue. 1) Previous WG discussions have indicated interest in

Re: [IPsec] Call for adoption on draft-fluhrer-qr-ikev2 as an IPSecME WG document

> On Jun 24, 2016, at 7:06 PM, David McGrew wrote: > > > Because QKD is not a practical system for Internet security. It has serious > security issues/challenges and operational limitations on bitrate, range, and > physical media. It requires a point to point optical

Re: [IPsec] Call for adoption on draft-fluhrer-qr-ikev2 as an IPSecME WG document

> -Original Message- > From: Paul Wouters [mailto:p...@nohats.ca] > Sent: Friday, June 24, 2016 9:43 AM > To: David McGrew (mcgrew) > Cc: Waltermire, David A. (Fed); IPsecME WG; Scott Fluhrer (sfluhrer); Panos > Kampanakis (pkampana) > Subject: Re: [IPsec] Call for adoption on

Re: [IPsec] Call for adoption on draft-fluhrer-qr-ikev2 as an IPSecME WG document

Comments below. > > In contrast, QR-IKEv2 can be used to add postquantum security between > any two points on the globe, without requiring dedicated fiber, and without > requiring physical layer security assumptions. It has *fewer* security > assumptions than

Re: [IPsec] Call for adoption on draft-fluhrer-qr-ikev2 as an IPSecME WG document

Hi Paul, > On Jun 24, 2016, at 9:43 AM, Paul Wouters wrote: > > On Fri, 24 Jun 2016, David McGrew wrote: > > Hi David, > >> Because QKD is not a practical system for Internet security. It has >> serious security issues/challenges and operational limitations on bitrate, >>

Re: [IPsec] Call for adoption on draft-fluhrer-qr-ikev2 as an IPSecME WG document

On Fri, 24 Jun 2016, Rodney Van Meter wrote: We were encouraged by the ADs and a few others to rework the draft to focus more on generic uses of out-of-band generated key material, but we haven’t managed to put together the right set of hours to get it done. At least one person said, “It may

Re: [IPsec] Call for adoption on draft-fluhrer-qr-ikev2 as an IPSecME WG document

On Fri, 24 Jun 2016, David McGrew wrote: Hi David, Because QKD is not a practical system for Internet security. It has serious security issues/challenges and operational limitations on bitrate, range, and physical media. It requires a point to point optical link, which is typically

Re: [IPsec] Call for adoption on draft-fluhrer-qr-ikev2 as an IPSecME WG document

> On Jun 24, 2016, at 7:06 PM, David McGrew wrote: > > Hi Paul, > >> On Jun 23, 2016, at 6:55 PM, Panos Kampanakis (pkampana) >> wrote: >> >> Introducing quantum computer resistance in IKEv2 helps to avoid the >> implications of having sec admins that

Re: [IPsec] Call for adoption on draft-fluhrer-qr-ikev2 as an IPSecME WG document

Hi Paul, > On Jun 23, 2016, at 6:55 PM, Panos Kampanakis (pkampana) > wrote: > > Introducing quantum computer resistance in IKEv2 helps to avoid the > implications of having sec admins that want to have quantum computer > resistance revert back to IKEv1 with shared

Re: [IPsec] Call for adoption on draft-fluhrer-qr-ikev2 as an IPSecME WG document

On Wed, 22 Jun 2016, Waltermire, David A. (Fed) wrote: At IETF 95 the chairs took an action to issue a call for adoption on draft-fluhrer-qr-ikev2-01 based on WG interest in the concept described by the draft. This call is long overdue. This is the official call for adoption of

[IPsec] Call for adoption on draft-fluhrer-qr-ikev2 as an IPSecME WG document

At IETF 95 the chairs took an action to issue a call for adoption on draft-fluhrer-qr-ikev2-01 based on WG interest in the concept described by the draft. This call is long overdue. This is the official call for adoption of https://datatracker.ietf.org/doc/draft-fluhrer-qr-ikev2/ as an IPSecME