Re: [IPsec] Quantum Resistant IKEv2

> On 8 Dec 2016, at 1:43, Michael Richardson wrote: > > > Scott Fluhrer (sfluhrer) wrote: >> o There is the option listed in the draft, where we modify both the >> KEYMAT and SKEYSEED computations; stirring it into the KEYMAT implies > > I read

Re: [IPsec] RFC4301, rfc7321bis and Manual keys

Russ Housley wrote: > I can see that manual keys are helpful for debugging, but otherwise I > think they SHOULD NOT be used. Exactly. I would like to have a SHOULD provide an interface (without which, I can't determine why I can't interoperate with product FOO),

Re: [IPsec] RFC4301, rfc7321bis and Manual keys

On Dec 7, 2016, at 5:00 PM, Timothy Carlin > wrote: Hello All, I have some comments inline. On Wed, Dec 7, 2016 at 4:41 PM, Paul Wouters > wrote: ... Are people actually deploying this? The NIST USGv6

Re: [IPsec] Quantum Resistant IKEv2

Scott Fluhrer (sfluhrer) wrote: > o There is the option listed in the draft, where we modify both the > KEYMAT and SKEYSEED computations; stirring it into the KEYMAT implies I read through the three options, and I have difficulty picking. ... > o Valery Smyslov

Re: [IPsec] draft-ietf-ipsecme-tcp-encaps-04.txt

Thanks for confirming! I appreciate all of your help in cleaning this part up! Tommy > On Dec 7, 2016, at 11:52 AM, Hu, Jun (Nokia - US) wrote: > > Looks good to me > >> -Original Message- >> From: IPsec [mailto:ipsec-boun...@ietf.org] On Behalf Of Tommy Pauly >>

Re: [IPsec] RFC4301, rfc7321bis and Manual keys

> -Original Message- > From: Paul Wouters [mailto:p...@nohats.ca] > Sent: Wednesday, December 07, 2016 1:42 PM > To: Hu, Jun (Nokia - US) > Cc: Tero Kivinen ; ipsec@ietf.org > Subject: Re: [IPsec] RFC4301, rfc7321bis and Manual keys > > On Wed, 7 Dec

Re: [IPsec] RFC4301, rfc7321bis and Manual keys

Hello All, I have some comments inline. On Wed, Dec 7, 2016 at 4:41 PM, Paul Wouters wrote: > On Wed, 7 Dec 2016, Hu, Jun (Nokia - US) wrote: > > OSPFv3 authentication (RFC4552) mandate to use manual key, the reason is >> OSPFv3 uses multicast. >> So I could see manual key

Re: [IPsec] RFC4301, rfc7321bis and Manual keys

On Wed, 7 Dec 2016, Hu, Jun (Nokia - US) wrote: OSPFv3 authentication (RFC4552) mandate to use manual key, the reason is OSPFv3 uses multicast. So I could see manual key IPsec could be needed in any multicast applications since group key management is not widely available For above reason, I

Re: [IPsec] draft-ietf-ipsecme-tcp-encaps-04.txt

Looks good to me > -Original Message- > From: IPsec [mailto:ipsec-boun...@ietf.org] On Behalf Of Tommy Pauly > Sent: Sunday, December 04, 2016 3:07 PM > To: IPsecME WG > Subject: [IPsec] draft-ietf-ipsecme-tcp-encaps-04.txt > > Hello all, > > I've updated the TCP

Re: [IPsec] RFC4301, rfc7321bis and Manual keys

OSPFv3 authentication (RFC4552) mandate to use manual key, the reason is OSPFv3 uses multicast. So I could see manual key IPsec could be needed in any multicast applications since group key management is not widely available For above reason, I think it should be "MAY" instead of "SHOULD NOT"

Re: [IPsec] RFC4301, rfc7321bis and Manual keys

I can see that manual keys are helpful for debugging, but otherwise I think they SHOULD NOT be used. Russ On Dec 7, 2016, at 11:11 AM, Tero Kivinen wrote: > The RFC4301 requires support for manual keys (section 4.5), but I hope > nobody really uses them. The rfc7321bis

[IPsec] RFC4301, rfc7321bis and Manual keys

The RFC4301 requires support for manual keys (section 4.5), but I hope nobody really uses them. The rfc7321bis provides mandatory to implement algorithms for the IKEv2 use, and does not really specifically cover manual keys cases, but it does not really say that manual keyed SAs are out of scope