Re: [IPsec] Last Call: <draft-ietf-ipsecme-qr-ikev2-09.txt> (Postquantum Preshared Keys for IKEv2) to Proposed Standard

Valery Smyslov <svan@elvis.ru> Wed, 11 December 2019 18:26 UTC

Return-Path: <svan@elvis.ru>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7665B120089; Wed, 11 Dec 2019 10:26:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GQcHU902ZDUA; Wed, 11 Dec 2019 10:26:05 -0800 (PST)
Received: from akmail.elvis.ru (akmail.elvis.ru [82.138.51.97]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2D6EB12002E; Wed, 11 Dec 2019 10:26:05 -0800 (PST)
Received: from kmail2.elvis.ru ([93.188.44.210]) by akmail.elvis.ru with esmtp (Exim 4.89) (envelope-from <svan@elvis.ru>) id 1if6gS-0005wv-9z; Wed, 11 Dec 2019 21:26:00 +0300
Received: from mail16.office.elvis.ru ([10.111.1.29] helo=mail.office.elvis.ru) by kmail2.elvis.ru with esmtp (Exim 4.89) (envelope-from <svan@elvis.ru>) id 1if6gR-0005vn-Q5; Wed, 11 Dec 2019 21:26:00 +0300
Received: from MAIL16.office.elvis.ru (10.111.1.29) by MAIL16.office.elvis.ru (10.111.1.29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1779.2; Wed, 11 Dec 2019 21:25:59 +0300
Received: from chichi (10.100.100.20) by MAIL16.office.elvis.ru (10.111.1.29) with Microsoft SMTP Server id 15.1.1779.2 via Frontend Transport; Wed, 11 Dec 2019 21:25:55 +0300
From: Valery Smyslov <svan@elvis.ru>
To: "'Salz, Rich'" <rsalz@akamai.com>, "'Scott Fluhrer (sfluhrer)'" <sfluhrer@cisco.com>, last-call@ietf.org
CC: ipsec@ietf.org, ipsecme-chairs@ietf.org, david.waltermire@nist.gov, draft-ietf-ipsecme-qr-ikev2@ietf.org, kenny.paterson@rhul.ac.uk
References: <157607548927.11531.316316195814237240.idtracker@ietfa.amsl.com> <A4AC9EAC-7BAB-489D-81BA-9BF11BFED59F@akamai.com> <BN8PR11MB3666ECEE1DF004E1F29168D4C15A0@BN8PR11MB3666.namprd11.prod.outlook.com> <ADABC075-B6B2-4C1B-BEEC-C38ED20562DF@akamai.com>
In-Reply-To: <ADABC075-B6B2-4C1B-BEEC-C38ED20562DF@akamai.com>
Date: Wed, 11 Dec 2019 21:25:01 +0300
Message-ID: <005a01d5b050$4d078b70$e716a250$@elvis.ru>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQGM9Z3ExXRmfdXrGr3pQvUqcx7OgQFaQgbjAUPLUxMCDF9MuKghYKKg
Content-Language: ru
X-CrossPremisesHeadersFilteredBySendConnector: MAIL16.office.elvis.ru
X-OrganizationHeadersPreserved: MAIL16.office.elvis.ru
X-Spam-Scanner: Rspamd work in kmail2.elvis.ru, WHITELIST
X-KLMS-Rule-ID: 1
X-KLMS-Message-Action: clean
X-KLMS-AntiSpam-Status: not scanned, disabled by settings
X-KLMS-AntiPhishing: Clean, bases: 2019/12/11 18:05:00
X-KLMS-AntiVirus: Kaspersky Security for Linux Mail Server, version 8.0.3.30, bases: 2019/12/11 16:38:00 #14775872
X-KLMS-AntiVirus-Status: Clean, skipped
X-Spam-Scanner: Rspamd work in akmail.elvis.ru, WHITELIST
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/6Ilo8pnB1pPmVX8iLVT75JYjjrA>
Subject: Re: [IPsec] Last Call: <draft-ietf-ipsecme-qr-ikev2-09.txt> (Postquantum Preshared Keys for IKEv2) to Proposed Standard
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Dec 2019 18:26:07 -0000

Hi Rich,

I think that Kenny's slides only support the idea, that the draft should be Standards Track.
In particular, the slide "The Coming Crypt-Apocalypse?" has a bullet:

	* And traffic captured now could be broken later, so it’s a problem *today* if you
	have data that needs to be kept secure for decades.

That's the problem the draft solves.

Regards,
Valery.

> Slides: https://datatracker.ietf.org/meeting/99/materials/slides-99-saag-
> post-quantum-cryptography
> 
> Video: https://www.youtube.com/watch?v=abmd1n5WUvc&t=1451s
> 
> 
> On 12/11/19, 11:36 AM, "Scott Fluhrer (sfluhrer)" <sfluhrer@cisco.com>
> wrote:
> 
>     Did Kenny make this statement in the context of postquantum
> cryptography (that is, public key algorithms that are believed to be secure
> even if the adversary has a quantum computer)?
> 
>     That would certainly be a reasonable statement (as most postquantum
> algorithms are fairly new, and are still being cryptographically vetted).
> 
>     On the other hand, this specific draft doesn't involve any postquantum
> algorithms; it relies only on currently accepted algorithms, and so Kenny's
> caution would not apply.
> 
>     > -----Original Message-----
>     > From: Salz, Rich <rsalz@akamai.com>
>     > Sent: Wednesday, December 11, 2019 11:23 AM
>     > To: last-call@ietf.org
>     > Cc: ipsec@ietf.org; ipsecme-chairs@ietf.org;
> david.waltermire@nist.gov;
>     > draft-ietf-ipsecme-qr-ikev2@ietf.org
>     > Subject: Re: Last Call: <draft-ietf-ipsecme-qr-ikev2-09.txt> (Postquantum
>     > Preshared Keys for IKEv2) to Proposed Standard
>     >
>     > We are seeing a flurry of these kind of “post quantum protection”
> things.
>     > This is premature. The co-chair of the CFRG, Kenny Paterson, said so
> awhile
>     > back.
>     >
>     > At best, this should be EXPERIMENTAL.
>     >
>     > I would like to see an IESG policy that makes all drafts on this topic be
>     > EXPERIMENTAL.
>     >
> 
>