most secure (no theoretical hash preimages).
From: Scott Fluhrer (sfluhrer)
Sent: Tuesday, September 23, 2025 9:08 AM
To: Valery Smyslov ; 'ipsec'
Subject: [EXTERNAL] [IPsec] Re: draft-ietf-ipsecme-ikev2-pqc-auth
CAUTION: This email originated from outside of the organization. Do
Hi Scott,
I believe that this draft is close to working group last call - it is mostly
"take the existing protocol, and replace the RSA
signature with an ML-DSA or SLH-DSA signature".
However, there is one point that is less trivial, and I would prefer that, if
someone has an opinion on thi
On Mon, 22 Sep 2025, Scott Fluhrer (sfluhrer) wrote:
[ Speaking as libreswan, an IKEv2 vendor ]
While this works, that is not the only possible option (and this is what I
would like to get people's opinion on). Here are two obvious alternative
options:
* ML-DSA and SLH-DSA also have a 'pr
