[IPsec] IPsec with QKD

Rodney Van Meter <rdv@sfc.wide.ad.jp> Mon, 27 October 2014 18:13 UTC

Return-Path: <rdv@sfc.wide.ad.jp>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0409B1A038C for <ipsec@ietfa.amsl.com>; Mon, 27 Oct 2014 11:13:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -96.701
X-Spam-Level:
X-Spam-Status: No, score=-96.701 tagged_above=-999 required=5 tests=[BAYES_50=0.8, HELO_EQ_JP=1.244, HOST_EQ_JP=1.265, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_WHITELIST=-100] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YKqDHvx_pKRc for <ipsec@ietfa.amsl.com>; Mon, 27 Oct 2014 11:13:12 -0700 (PDT)
Received: from mail.sfc.wide.ad.jp (shonan.sfc.wide.ad.jp [IPv6:2001:200:0:8803::53]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2A1D41A0194 for <ipsec@ietf.org>; Mon, 27 Oct 2014 11:13:11 -0700 (PDT)
Received: from [192.168.0.2] (cpe-066-057-017-031.nc.res.rr.com [66.57.17.31]) by mail.sfc.wide.ad.jp (Postfix) with ESMTPSA id C452B27817F; Tue, 28 Oct 2014 03:13:07 +0900 (JST)
From: Rodney Van Meter <rdv@sfc.wide.ad.jp>
Content-Type: multipart/alternative; boundary="Apple-Mail=_02E19B68-5D97-4A3C-8DD6-14B9FB78F098"
Date: Mon, 27 Oct 2014 14:13:06 -0400
Message-Id: <9FA67F6A-A730-46FC-925E-F16A1B686D73@sfc.wide.ad.jp>
To: ipsec <ipsec@ietf.org>
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
X-Mailer: Apple Mail (2.1878.6)
Archived-At: http://mailarchive.ietf.org/arch/msg/ipsec/0L8wbPRoL8sV593tl-8m7bFn5Is
Cc: Rodney Van Meter <rdv@sfc.wide.ad.jp>, Shota Nagayama <kurosagi@sfc.wide.ad.jp>, Shigeya Suzuki <shigeya@wide.ad.jp>
Subject: [IPsec] IPsec with QKD
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Oct 2014 18:13:15 -0000

Those of you with long-ish memories will recall that about three years ago, Shota Nagayama and I wrote an I-D on the (relatively minor) modifications to IKEv2 necessary to use key material generated by quantum key distribution (QKD) devices.  At the time, it generated a bit of controversy, both because not everyone in the WG agrees on the value of QKD itself (a position I understand, though happen to disagree with) and because there were concerns about whether it is within charter for ipsecme.  So, it more or less got set aside.  We have since talked to a number of people who are supportive of having a documented means of coupling IPsec to QKD, without necessarily taking a strong position on whether QKD will ultimately hold a large place in the security market.  Being one who hates leaving loose ends lying around, I would like to finish this up and get it published as an RFC, presumably Experimental.

The basic argument in favor of doing so:

* several commercial and near-commercial implementations of QKD exist (along with numerous experimental ones);
* each implementation uses the generated key material in a different way, some at L2, some with IPsec;
* ETSI began standardizing some of the low-level technologies, including physical signals and timing and framing;
* experimental deployments are continuing to grow, and those deployments may include IPsec; and
* given that IPsec and IKE are products of the IETF, any necessary changes should be documented and controlled through IETF rather than another organization.

That last point is, I think, critical.

Current status:

* We have just uploaded an -01 of the I-D we wrote, incorporating feedback from several people, including Sean Turner, Sheila Frankel and Alan Mink.
  http://datatracker.ietf.org/doc/draft-nagayama-ipsecme-ipsec-with-qkd/?include_text=1
* An open source software implementation of the -00 version exists, built off of raccoon2.  We will be updating this to match the -01 draft.

Shota and I (and Shigeya Suzuki, who is not an author on the draft but is familiar with our work) will be in Honolulu.  I will arrive Monday evening, leaving Thursday evening.  We hope to meet with folks who are interested in this topic.  Happy to answer questions via email, as well.

Regards,

			—Rod

Rodney Van Meter
associate professor, Faculty of Environment and Information Studies, Keio University, Japan
rdv@sfc.wide.ad.jp
personal: http://web.sfc.keio.ac.jp/~rdv/
AQUA Group: http://aqua.sfc.wide.ad.jp/
Murai Lab: http://www.sfc.wide.ad.jp/IRL/
GIGA: http://ic.sfc.keio.ac.jp/
Quantum Networking: http://www.wiley.com/WileyCDA/WileyTitle/productCd-1848215371.html
http://discourse.quantumnetworks.org/