IETF Logo Mail Archive

I-D Action: draft-ietf-ipsecme-ikev2-qr-alt-00.txt

internet-drafts@ietf.org Tue, 16 April 2024 18:49 UTC

Return-Path: <internet-drafts@ietf.org>
X-Original-To: i-d-announce@ietf.org
Delivered-To: i-d-announce@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id C8BD2C14CE54; Tue, 16 Apr 2024 11:49:29 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: internet-drafts@ietf.org
To: i-d-announce@ietf.org
Cc: ipsec@ietf.org
Subject: I-D Action: draft-ietf-ipsecme-ikev2-qr-alt-00.txt
X-Test-IDTracker: no
X-IETF-IDTracker: 12.10.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: ipsec@ietf.org
Message-ID: <171329336980.31691.2917559094404708950@ietfa.amsl.com>
Date: Tue, 16 Apr 2024 11:49:29 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/i-d-announce/w8z9Us8-lh3weXhFR3793yUwiP4>
X-BeenThere: i-d-announce@ietf.org
X-Mailman-Version: 2.1.39
List-Id: Internet Draft Announcements only <i-d-announce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i-d-announce>, <mailto:i-d-announce-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i-d-announce/>
List-Post: <mailto:i-d-announce@ietf.org>
List-Help: <mailto:i-d-announce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i-d-announce>, <mailto:i-d-announce-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Apr 2024 18:49:29 -0000

Internet-Draft draft-ietf-ipsecme-ikev2-qr-alt-00.txt is now available. It is
a work item of the IP Security Maintenance and Extensions (IPSECME) WG of the
IETF.

   Title:   Alternative Approach for Mixing Preshared Keys in IKEv2 for Post-quantum Security
   Author:  Valery Smyslov
   Name:    draft-ietf-ipsecme-ikev2-qr-alt-00.txt
   Pages:   11
   Dates:   2024-04-12

Abstract:

   An Internet Key Exchange protocol version 2 (IKEv2) extension defined
   in RFC8784 allows IPsec traffic to be protected against someone
   storing VPN communications today and decrypting it later, when (and
   if) cryptographically relevant quantum computers are available.  The
   protection is achieved by means of Post-quantum Preshared Key (PPK)
   which is mixed into the session keys calculation.  However, this
   protection doesn't cover an initial IKEv2 SA, which might be
   unacceptable in some scenarios.  This specification defines an
   alternative way to get protection against quantum computers, which is
   similar to the solution defined in RFC8784, but protects the initial
   IKEv2 SA too.

   Besides, RFC8784 assumes that PPKs are static and thus they are only
   used when an initial IKEv2 Security Association (SA) is created.  If
   a fresh PPK is available before the IKE SA is expired, then the only
   way to use it is to delete the current IKE SA and create a new one
   from scratch, which is inefficient.  This specification also defines
   a way to use PPKs in active IKEv2 SA for creating additional IPsec
   SAs and for rekeys operations.

The IETF datatracker status page for this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-ietf-ipsecme-ikev2-qr-alt/

There is also an HTMLized version available at:
https://datatracker.ietf.org/doc/html/draft-ietf-ipsecme-ikev2-qr-alt-00

Internet-Drafts are also available by rsync at:
rsync.ietf.org::internet-drafts

v2.23.0 | Report a Bug | By Email