Re: [IPsec] Privacy attack vectors against IKEv2 and Postquantum

On Mon, 14 Aug 2017, David Schinazi wrote: [DS] I think "showing ID" is exactly what we're avoiding here. You can think of this in terms of the Socialist Millionaire Problem - we want to be able to assert identity without anyone disclosing anything first. And the proposed solution is to send

[IPsec] draft-fluhrer-qr-ikev2 AUTH issue

Hi, Vukasin Karadzic is working on implementing draft-fluhrer-qr-ikev2 for libreswan and stumbled upon a problem. The relevant text: When the initiator receives this reply, it checks whether the responder included the PPK_SUPPORT notify. If the responder did not, then the initiator

Re: [IPsec] Privacy attack vectors against IKEv2 and Postquantum

On Wed, Aug 16, 2017 at 9:34 AM, Paul Wouters wrote: > On Mon, 14 Aug 2017, David Schinazi wrote: > >> [DS] I think "showing ID" is exactly what we're avoiding here. You can >> think of this in terms of the Socialist Millionaire Problem - we want to be >> able to assert identity

Re: [IPsec] Privacy attack vectors against IKEv2 and Postquantum

Paul, I understand your concerns, and I do agree with them. However, the proposal isn't meant to solve all issues - the idea is that if we're building a PPK infrastructure already, I believe this is an incremental improvement to it that solves a few more attack vectors without compromising

Re: [IPsec] Proposed method to achieve quantum resistant IKEv2

Tero Kivinen wrote: > Daniel Van Geest writes: >> 1) QS SA Negotiation >> >> When negotiating a QS SA, it’s not enough to negotiate QS key >> agreement algorithm(s), one also has to ensure that the algorithms >> selected by the other transform types are