Hi,
Not necessary. In particular, the current draft allows to detect
OOB key mismatch and to act gracefully in this situation.
And I don't think it is far too complicated.
Current draft does, but there has been other proposals which did not.
The current draft is also very costly and allows
[chair hat off]
Valery Smyslov writes:
> I think it is a bit early to discuss particular approaches,
> before the WG makes a decision to adopt the document.
Yes and no.
It is too early to think about actual protocol decisions, but we need
to know whether current draft is suitable for protocol
Hi,
just to reiterate my position in light of this questionnaire:
This has been a good discussion so far. There is work to be done to address the
issues raised.
Getting back to the call for adoption, I'd like to see feedback on the following questions to better understand where
consensus is
Hi Tero,
I think it is a bit early to discuss particular approaches,
before the WG makes a decision to adopt the document.
However, just for the record (see below).
Earlier I have proposed very simple method where the IKE_SA_INIT
contains just some kind of notification messages identifying
[This replies to emails other people also sent to list, but I just
picked the last email to list some points, and I am talking here as an
implementor not as a chair].
David McGrew writes:
> Yes; that draft is a good starting point. The goal should be to
> develop an RFC that updates RFC 7383 and
Hi Dave,
> On Jun 28, 2016, at 2:12 PM, Waltermire, David A. (Fed)
> wrote:
>
> This has been a good discussion so far. There is work to be done to address
> the issues raised.
>
> Getting back to the call for adoption, I'd like to see feedback on the
> following
Could multiple identifier aliases be used to provide different ids for the same
key? This could help preserve anonymity until all id aliases are exhausted. By
providing enough aliases, the same key can be reused multiple times until the
aliases run out.
Dave
On Thu, 30 Jun 2016, Rodney Van Meter wrote:
I think it’s pretty clear that a mechanism for using keys created in some
out-of-band fashion for keying symmetric encryption methods, such as AES, is
valuable.
Yes.
Neither Shota nor I have sat down and reviewed this in detail, so I can’t
> On Jun 29, 2016, at 3:12 AM, Waltermire, David A. (Fed)
> wrote:
>
> This has been a good discussion so far. There is work to be done to address
> the issues raised.
>
> Getting back to the call for adoption, I'd like to see feedback on the
> following questions
This has been a good discussion so far. There is work to be done to address the
issues raised.
Getting back to the call for adoption, I'd like to see feedback on the
following questions to better understand where consensus is on this issue.
1) Previous WG discussions have indicated interest in
> On Jun 24, 2016, at 7:06 PM, David McGrew wrote:
>
>
> Because QKD is not a practical system for Internet security. It has serious
> security issues/challenges and operational limitations on bitrate, range, and
> physical media. It requires a point to point optical
> -Original Message-
> From: Paul Wouters [mailto:p...@nohats.ca]
> Sent: Friday, June 24, 2016 9:43 AM
> To: David McGrew (mcgrew)
> Cc: Waltermire, David A. (Fed); IPsecME WG; Scott Fluhrer (sfluhrer); Panos
> Kampanakis (pkampana)
> Subject: Re: [IPsec] Call for adoption on
Comments below.
> > In contrast, QR-IKEv2 can be used to add postquantum security between
> any two points on the globe, without requiring dedicated fiber, and without
> requiring physical layer security assumptions. It has *fewer* security
> assumptions than
Hi Paul,
> On Jun 24, 2016, at 9:43 AM, Paul Wouters wrote:
>
> On Fri, 24 Jun 2016, David McGrew wrote:
>
> Hi David,
>
>> Because QKD is not a practical system for Internet security. It has
>> serious security issues/challenges and operational limitations on bitrate,
>>
On Fri, 24 Jun 2016, Rodney Van Meter wrote:
We were encouraged by the ADs and a few others to rework the draft to focus
more on generic uses of out-of-band generated key material,
but we haven’t managed to put together the right set of hours to get it done.
At least one person said, “It may
On Fri, 24 Jun 2016, David McGrew wrote:
Hi David,
Because QKD is not a practical system for Internet security. It has serious
security issues/challenges and operational limitations on bitrate, range, and
physical media. It requires a point to point optical link, which is typically
> On Jun 24, 2016, at 7:06 PM, David McGrew wrote:
>
> Hi Paul,
>
>> On Jun 23, 2016, at 6:55 PM, Panos Kampanakis (pkampana)
>> wrote:
>>
>> Introducing quantum computer resistance in IKEv2 helps to avoid the
>> implications of having sec admins that
Hi Paul,
> On Jun 23, 2016, at 6:55 PM, Panos Kampanakis (pkampana)
> wrote:
>
> Introducing quantum computer resistance in IKEv2 helps to avoid the
> implications of having sec admins that want to have quantum computer
> resistance revert back to IKEv1 with shared
On Wed, 22 Jun 2016, Waltermire, David A. (Fed) wrote:
At IETF 95 the chairs took an action to issue a call for adoption on
draft-fluhrer-qr-ikev2-01 based on WG interest in the concept described by the
draft. This call is long overdue.
This is the official call for adoption of
At IETF 95 the chairs took an action to issue a call for adoption on
draft-fluhrer-qr-ikev2-01 based on WG interest in the concept described by the
draft. This call is long overdue.
This is the official call for adoption of
https://datatracker.ietf.org/doc/draft-fluhrer-qr-ikev2/ as an IPSecME
20 matches
Mail list logo