Re: [IPsec] Further thoughts on draft-flutter-qr-ikev2 as an IPsecME WG document

2016-07-05 Thread Tommy Pauly
I think we should definitely add a discussion around this to the Berlin agenda. >From our end, we definitely want to see some measures to add quantum >resistance into IKEv2 to promote the adoption of IKEv2 over IKEv1 for clients >that are concerned. I think draft-fluhrer-qr-ikev2 provides a

Re: [IPsec] Further thoughts on draft-flutter-qr-ikev2 as an IPsecME WG document

2016-07-04 Thread Paul Wouters
On Mon, 4 Jul 2016, Scott Fluhrer (sfluhrer) wrote: Actually, the draft is a bolt-on to existing authentication methods; You might object "how is this different from a having a possibly global authentication key"; Because of this, it wouldn't appear to be advisable to wait for the full

Re: [IPsec] Further thoughts on draft-flutter-qr-ikev2 as an IPsecME WG document

2016-07-04 Thread Scott Fluhrer (sfluhrer)
> -Original Message- > From: IPsec [mailto:ipsec-boun...@ietf.org] On Behalf Of Paul Wouters > Sent: Monday, July 04, 2016 5:44 AM > To: Yoav Nir > Cc: ipsec@ietf.org; Mark McFadden > Subject: Re: [IPsec] Further thoughts on draft-flutter-qr-ikev2 as an IPsecME > WG

Re: [IPsec] Further thoughts on draft-flutter-qr-ikev2 as an IPsecME WG document

2016-07-04 Thread Valery Smyslov
The draft provides postquantum protection to any SA, regardless of the authentication methods used. In other words, PPKs (as specified in the draft) don't replace preshred keys authentication in IKEv2, they augment any authentication method to provide postquantum security. The original title

Re: [IPsec] Further thoughts on draft-flutter-qr-ikev2 as an IPsecME WG document

2016-07-04 Thread Paul Wouters
On Mon, 4 Jul 2016, Valery Smyslov wrote: > Isn't this kinda off-topic for the thread? I though we were first > considering "create an IKEv2 extension that mixes in the PSK" as the > simplest way to get around the "go back to IKEv1" guidance. So that was not entire clear to me from the

Re: [IPsec] Further thoughts on draft-flutter-qr-ikev2 as an IPsecME WG document

2016-07-04 Thread Valery Smyslov
Hi Paul, Isn't this kinda off-topic for the thread? I though we were first considering "create an IKEv2 extension that mixes in the PSK" as the simplest way to get around the "go back to IKEv1" guidance. So that was not entire clear to me from the title, but it seems you are right. Perhaps

Re: [IPsec] Further thoughts on draft-flutter-qr-ikev2 as an IPsecME WG document

2016-07-04 Thread Yoav Nir
On 4 Jul 2016, at 12:44 PM, Paul Wouters wrote: > On Sun, 3 Jul 2016, Yoav Nir wrote: > >>> 3) The Internet Draft Currently under consideration is not the best >>> starting point as it assumes that post-quantum pre-shared keys are the >>> preferred solution for quantum

Re: [IPsec] Further thoughts on draft-flutter-qr-ikev2 as an IPsecME WG document

2016-07-04 Thread Paul Wouters
On Sun, 3 Jul 2016, Paul Hoffman wrote: On 3 Jul 2016, at 11:32, Paul Wouters wrote: > On Jul 3, 2016, at 21:08, Mark McFadden wrote: > > A number of quantum-resistant asymmetric public key algorithms have been > proposed, e.g. NTRU, NewHope, McEliece,

Re: [IPsec] Further thoughts on draft-flutter-qr-ikev2 as an IPsecME WG document

2016-07-04 Thread Paul Wouters
On Sun, 3 Jul 2016, Yoav Nir wrote: 3) The Internet Draft Currently under consideration is not the best starting point as it assumes that post-quantum pre-shared keys are the preferred solution for quantum resistance. This is not obviously the case; there are a number of drawbacks with the

Re: [IPsec] Further thoughts on draft-flutter-qr-ikev2 as an IPsecME WG document

2016-07-03 Thread Yoav Nir
Hi, Mark > On 3 Jul 2016, at 9:08 PM, Mark McFadden wrote: > 3) The Internet Draft Currently under consideration is not the best starting > point as it assumes that post-quantum pre-shared keys are the preferred > solution for quantum resistance. This is not

Re: [IPsec] Further thoughts on draft-flutter-qr-ikev2 as an IPsecME WG document

2016-07-03 Thread Paul Hoffman
On 3 Jul 2016, at 11:32, Paul Wouters wrote: On Jul 3, 2016, at 21:08, Mark McFadden wrote: A number of quantum-resistant asymmetric public key algorithms have been proposed, e.g. NTRU, NewHope, McEliece, Super-singular isogeny Diffie-Hellman. I thought NTRU was

Re: [IPsec] Further thoughts on draft-flutter-qr-ikev2 as an IPsecME WG document

2016-07-03 Thread Paul Wouters
> On Jul 3, 2016, at 21:08, Mark McFadden wrote: > > A number of quantum-resistant asymmetric public key algorithms have been > proposed, e.g. NTRU, NewHope, McEliece, Super-singular isogeny Diffie-Hellman. I thought NTRU was patent encumbered? Is that still the

[IPsec] Further thoughts on draft-flutter-qr-ikev2 as an IPsecME WG document

2016-07-03 Thread Mark McFadden
Considering: draft-fluhrer-qr-ikev2 For context and a reminder, another draft proposing the use of Quantum Key Distribution (QKD) in IPSec was previously rejected by the group: https://tools.ietf.org/html/draft-nagayama-ipsecme-ipsec-with-qkd-01 The draft under consideration was prompted by an