IETF Logo Mail Archive

Re: [IPsec] Proposed method to achieve quantum resistant IKEv2

Cen Jung Tjhai <CJT@post-quantum.com> Wed, 09 August 2017 18:59 UTC

Return-Path: <CJT@post-quantum.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3E973132359 for <ipsec@ietfa.amsl.com>; Wed, 9 Aug 2017 11:59:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fol-rbuUz9eS for <ipsec@ietfa.amsl.com>; Wed, 9 Aug 2017 11:59:41 -0700 (PDT)
Received: from relay.ezis.com (relay.ezis.com [5.153.73.19]) by ietfa.amsl.com (Postfix) with ESMTP id CABD3132193 for <ipsec@ietf.org>; Wed, 9 Aug 2017 11:59:40 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="5.41,348,1498518000"; d="scan'208";a="2210816"
Received: from unknown (HELO pqex01.post-quantum.com) ([192.168.142.3]) by ironport.ezis.com with ESMTP; 09 Aug 2017 19:59:39 +0100
Received: from PQEX02.post-quantum.com (192.168.142.18) by PQEX01.post-quantum.com (192.168.142.3) with Microsoft SMTP Server (TLS) id 15.0.1178.4; Wed, 9 Aug 2017 19:59:38 +0100
Received: from PQEX02.post-quantum.com (192.168.142.18) by PQEX02.post-quantum.com (192.168.142.18) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Wed, 9 Aug 2017 19:59:37 +0100
Received: from PQEX02.post-quantum.com ([fe80::f470:9812:e4eb:5bd3]) by PQEX02.post-quantum.com ([fe80::f470:9812:e4eb:5bd3%13]) with mapi id 15.00.1320.000; Wed, 9 Aug 2017 19:59:37 +0100
From: Cen Jung Tjhai <CJT@post-quantum.com>
To: Tero Kivinen <kivinen@iki.fi>, Valery Smyslov <svanru@gmail.com>
CC: "ipsec@ietf.org" <ipsec@ietf.org>
Thread-Topic: [IPsec] Proposed method to achieve quantum resistant IKEv2
Thread-Index: AQHTDE+mPH5PNqQgTkK9LOvm4SvL2qJ0GbUAgAekgoCAAKx1AA==
Date: Wed, 09 Aug 2017 18:59:37 +0000
Message-ID: <E8A3B50A-62D1-4211-B39F-932C9C959AF1@post-quantum.com>
References: <BBEB2C9C-9B96-4C6C-BB9B-4415F096FAE1@cisco.com> <041b01d30d21$8d33f230$a79bd690$@gmail.com> <22922.55551.190123.31763@fireball.acr.fi>
In-Reply-To: <22922.55551.190123.31763@fireball.acr.fi>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.3.255.7]
Content-Type: text/plain; charset="utf-8"
Content-ID: <66D3DE74ED4A724A973134F053A34FEF@post-quantum.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/6KKKecgAfFdy9uNafNWLFGgS6EQ>
Subject: Re: [IPsec] Proposed method to achieve quantum resistant IKEv2
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Aug 2017 18:59:43 -0000

    >>> The only reason that comes to my mind is that you don’t fully trust
    >>> QSKE. Are there any other reasons?
    
    >>I think that is one of the main reasons. Especially as we do not know
    >>which QSKE we are talking about.

Another reason for not removing KE is potentially due to FIPS requirement. According to NIST (http://csrc.nist.gov/groups/ST/post-quantum-crypto/faq.html#Q1), if we have a hybrid key exchange, i.e. KE + post-quantum KE, the KE part can still go through FIPS validation and can still be FIPS-certified (until FIPS covers post-quantum algorithms).

While draft-00 makes some references to a few post-quantum algorithms, we think one should think of the draft as providing a framework on how to exchange post-quantum blobs. We are currently updating the draft to remove references to these algorithms in the main text.

It’s best to let standardization bodies to come up with standards for post-quantum algorithms.

v2.23.0 | Report a Bug | By Email