[IPsec] FW: New Version Notification for draft-mglt-ipsecme-clone-ike-sa-05.txt

2015-08-24 Thread Daniel Migault
Hi, Please find a new version of the draft-mglt-ipsecme-clone-ike-sa-05. In this version, we added text to reflect the discussion of the load balancing IPsec VPNs [1]. Feel free to comment the current document. BR, Daniel [1]

Re: [IPsec] PSK mode

2015-08-24 Thread Paul Wouters
On Mon, 24 Aug 2015, Tero Kivinen wrote: I think we should continue pushing the draft-nagayama-ipsecme-ipsec-with-qkd forward, and specify it as generic method where out of band shared keys can be brought in to the SKEYSEED or KEYMAT. +1 Paul ___

Re: [IPsec] PSK mode

2015-08-24 Thread Tero Kivinen
Valery Smyslov writes: SKEYSEED = prf(Ni | Nr, g^ir) {SK_d | SK_ai | SK_ar | SK_ei | SK_er | SK_pi | SK_pr} = prf+ (SKEYSEED, Ni | Nr | SPIi | SPIr) This change was intentional, it was made by Hugo Krawczyk during work on IKEv2 due to complaints from the community that if IKEv1 PSK auth

Re: [IPsec] PSK mode

2015-08-24 Thread Yaron Sheffer
Even in a world where quantum computers are a risk that we need to consider in our crypto, QKD will still remain a niche. So to go back to the original question, NTRU+BLISS are a possible solution if we care about this problem. QKD is not. Thanks, Yaron On 08/24/2015 06:36 PM, Paul

Re: [IPsec] PSK mode

2015-08-24 Thread Michael Richardson
Andreas Steffen andreas.stef...@strongswan.org wrote: an NTRU Encryption-based IKEv2 key exchange is actually what the strongSwan open source VPN software has been offering with the ntru plugin for more than a year: https://wiki.strongswan.org/projects/strongswan/wiki/NTRU I

[IPsec] Call for adoption: draft-nir-ipsecme-curve25519 as a WG work item

2015-08-24 Thread Paul Hoffman
Greetings. There was some general interest in having a standard way to modern elliptic curves for ephemeral key exchange. Please respond in this thread whether or no you think this document is a good start on that work, and whether or not you think the WG should have this as a work item.

Re: [IPsec] Call for adoption: draft-nir-ipsecme-curve25519 as a WG work item

2015-08-24 Thread Tommy Pauly
I think this would be a good feature for the WG to work on, and that this document provides a good start. Thanks, Tommy Pauly On Aug 24, 2015, at 3:58 PM, Paul Hoffman paul.hoff...@vpnc.org wrote: Greetings. There was some general interest in having a standard way to modern elliptic

Re: [IPsec] Call for adoption: draft-nir-ipsecme-curve25519 as a WG work item

2015-08-24 Thread Paul Wouters
On Mon, 24 Aug 2015, Paul Hoffman wrote: Subject: [IPsec] Call for adoption: draft-nir-ipsecme-curve25519 as a WG work item Note that I tried looking at the document and pasted it into google and oddly got: https://tools.ietf.org/html/draft-nir-ipsecme-curve25519-00 which does NOT list