Re: [IPsec] New Version Notification for draft-tjhai-ipsecme-hybrid-qske-ikev2-03.txt
stefan@gazdag.de Thu, 28 March 2019 08:51 UTC
Return-Path: <stefan@gazdag.de>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CC49712047C for <ipsec@ietfa.amsl.com>; Thu, 28 Mar 2019 01:51:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id So-yXyL4Rctw for <ipsec@ietfa.amsl.com>; Thu, 28 Mar 2019 01:51:29 -0700 (PDT)
Received: from smtprelay04.ispgateway.de (smtprelay04.ispgateway.de [80.67.18.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B4E6B120466 for <ipsec@ietf.org>; Thu, 28 Mar 2019 01:51:28 -0700 (PDT)
Received: from [134.119.228.1] (helo=webmailfront-cgn01.ispgateway.de) by smtprelay04.ispgateway.de with esmtpsa (TLSv1:ECDHE-RSA-AES256-SHA:256) (Exim 4.90_1) (envelope-from <stefan@gazdag.de>) id 1h9Qkv-0000oS-67 for ipsec@ietf.org; Thu, 28 Mar 2019 09:51:25 +0100
Received: from dhcp-8ae8.meeting.ietf.org (dhcp-8ae8.meeting.ietf.org [31.133.138.232]) by webmail.df.eu (Horde Framework) with HTTP; Thu, 28 Mar 2019 09:51:25 +0100
Date: Thu, 28 Mar 2019 09:51:25 +0100
Message-ID: <20190328095125.Horde.okViqVm7l8J7BQ4Jt1gimg1@webmail.df.eu>
From: stefan@gazdag.de
To: ipsec@ietf.org
References: <154748799416.9552.17299073748247797491.idtracker@ietfa.amsl.com> <000101d4ad6b$4a790ca0$df6b25e0$@gmail.com> <13654392-83f1-6995-6ca5-f72b2b0be7eb@nm.ifi.lmu.de> <f1510df032fb4588be527ee0f0871d35@XCH-ALN-010.cisco.com> <001501d4e541$6b1af230$4150d690$@nm.ifi.lmu.de>
In-Reply-To: <001501d4e541$6b1af230$4150d690$@nm.ifi.lmu.de>
User-Agent: Internet Messaging Program (IMP) H5 (6.0.4)
Content-Type: text/plain; charset="UTF-8"; format="flowed"; DelSp="Yes"
MIME-Version: 1.0
Content-Disposition: inline
X-Df-Sender: c3RlZmFuQGdhemRhZy5kZQ==
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/2JtrsoiIAUnC39BETwV5NVE09bg>
Subject: Re: [IPsec] New Version Notification for draft-tjhai-ipsecme-hybrid-qske-ikev2-03.txt
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Mar 2019 08:51:41 -0000
Hi everyone, Quoting Tobias Guggemos <guggemos@nm.ifi.lmu.de>: >> > #4 Big Keys (e.G. Classic McEliece) >> > In general there was consensus that we should find a way to >> enable the use of McEliece keys. >> > The problem is that McEliece keys are >1MB in size and thus can >> not fit into the KE payload >> > (which has a 16 bit size field). >> Exchanging such big keys would unnecessarily slow down IKEv2 to a >> crawl. There are multiple candidates in the NIST PQ Project that >> offer pk+ct sizes of a few kilobytes. It is likely that some will >> be standardized. Classic McEliece performance seems much slower >> than other candidates as well. >> Sorry I missed it, but why was it decided that supporting Classic >> McEliece is a must? > > There is no decision made on this, at the end this is a question to > be discussed and agreed on in the WG. > However, with McEliece being the proposal which is most trusted in > the crypto community, there will be people wanting to support it > (let it be governmental institutions with strict security > requirements). > We had "consensus" on: > 1) that the draft should support the possibility to exchange > McEliece keys without "breaking" the protocol again. > 2) we all hope that we won't need it! =) > > Correct me if I'm wrong. Nothing to be corrected here. I'd like to stress that some parties who participated in the discussion yesterday or in personal conversations have told about the demand for using a rather secure version even if it means more work on extending the protocol. Though there's a few quantum-resistant algorithms that I personally like still McEliece is the one cryptographers are most confident to be secure. There's several use cases relevant to companies and agencies where using McEliece (even this in combination with other algorithms) is the way to go and therefore this should definitely be considered for IKEv2. Kind Regards, Stefan Gazdag
- Re: [IPsec] New Version Notification for draft-tj… Vukasin Karadzic
- Re: [IPsec] New Version Notification for draft-tj… stefan
- Re: [IPsec] New Version Notification for draft-tj… Valery Smyslov
- Re: [IPsec] New Version Notification for draft-tj… Tobias Guggemos
- Re: [IPsec] New Version Notification for draft-tj… Valery Smyslov
- Re: [IPsec] New Version Notification for draft-tj… Valery Smyslov
- Re: [IPsec] New Version Notification for draft-tj… Bruckert, Leonie
- Re: [IPsec] New Version Notification for draft-tj… Valery Smyslov
- Re: [IPsec] New Version Notification for draft-tj… Panos Kampanakis (pkampana)
- Re: [IPsec] New Version Notification for draft-tj… Tobias Heider
- Re: [IPsec] New Version Notification for draft-tj… Panos Kampanakis (pkampana)
- Re: [IPsec] New Version Notification for draft-tj… Tobias Heider
- Re: [IPsec] New Version Notification for draft-tj… Tobias Heider
- Re: [IPsec] New Version Notification for draft-tj… Valery Smyslov