Re: [IPsec] New Version Notification for draft-tjhai-ipsecme-hybrid-qske-ikev2-03.txt
Vukasin Karadzic <vukasin.karadzic@gmail.com> Thu, 28 March 2019 12:17 UTC
Return-Path: <vukasin.karadzic@gmail.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8630B120463 for <ipsec@ietfa.amsl.com>; Thu, 28 Mar 2019 05:17:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6Stmx6fsMfzY for <ipsec@ietfa.amsl.com>; Thu, 28 Mar 2019 05:17:18 -0700 (PDT)
Received: from mail-ot1-x32a.google.com (mail-ot1-x32a.google.com [IPv6:2607:f8b0:4864:20::32a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5A8731204A2 for <ipsec@ietf.org>; Thu, 28 Mar 2019 05:17:18 -0700 (PDT)
Received: by mail-ot1-x32a.google.com with SMTP id e80so18090391ote.5 for <ipsec@ietf.org>; Thu, 28 Mar 2019 05:17:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=lz5xy8oCxF5QmfeX832v11aUT81DrrAhXJOuMpOha+g=; b=A0bMSq0TTMsj9y8z6gepTbzU1x7tt1cEaf5bamRdd0BJAm9sq5Ku3FbWDu1xfO8fFY 9w5ywwoRTILcUuj7kIZplUbci9nWRgndoV+Oq3q/5hH0vavNuUzreYfX8ZhmBtlnaH5e cMCgiY3lBsiiCRxkh6eS5GUfQB9vCqrFP3B6fNIM3nJCMegFWLi0VKIqSSdeyXd4n1Js K5FMvyW5/o6CCUotWhAxwu6D5n8/MVb4GNuHvlohTeIe3+PEzeRs7hLiL0n+D+xEpgPc 4s6+uIg6qHNHEwSDaRPlRYzHzCfsLYkyM1u+1b0oC0yg8Q6Frl/TjhkCrRKHLVnlEwqH dnig==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=lz5xy8oCxF5QmfeX832v11aUT81DrrAhXJOuMpOha+g=; b=IYkLfbmTxMqRKMZ4UR38OOJlF/F78HB2tOYCBMDjVIna7PYZyWnQm98dE5Jf2eaqG/ tFyB7ujJXzH1NVxWDuEY25CPE05S6vk7iNfgRsxde+QiiOQhipCxRw31OnM2BBoFFRZd wn7mFsVH0c5rXSS5SsKd7hy8gtYyQ6xnT5fX9myq/TXuipGnUCfhooazTb7Jwzciiz5H i8EhNuhzB/ipnqw6J0PLqvRtZDEHXZT8MsLgQ2ai+O8Uoj/UUf1d4iqSTiKTZp453d+0 g+dzTx96xnQCG1QqqZIV9ImcU/eCZIQC6ie22U9cZB9i38Xp3Qt12Wb9NS4UV2GmuSKT igWw==
X-Gm-Message-State: APjAAAU6+Nij/CwPB+gtanlFbxuXsJYp0mLZFTh6TNrjnHU2z0BAGf9u tRVghIoBTRJDOFOyprQx2YZMpYaWWF8bK7A5iAxp74itdP4=
X-Google-Smtp-Source: APXvYqxflnP0OOc7VylJwQGS/lyge7Q4NQxEE4QHGT3g9o+Llj8j2eZ/VNZDPS8CdC8LR8OgEAnjnSkI88fkgyUFtnY=
X-Received: by 2002:a05:6830:15d0:: with SMTP id j16mr3005777otr.286.1553775437697; Thu, 28 Mar 2019 05:17:17 -0700 (PDT)
MIME-Version: 1.0
References: <154748799416.9552.17299073748247797491.idtracker@ietfa.amsl.com> <000101d4ad6b$4a790ca0$df6b25e0$@gmail.com> <13654392-83f1-6995-6ca5-f72b2b0be7eb@nm.ifi.lmu.de> <f1510df032fb4588be527ee0f0871d35@XCH-ALN-010.cisco.com> <001501d4e541$6b1af230$4150d690$@nm.ifi.lmu.de> <20190328095125.Horde.okViqVm7l8J7BQ4Jt1gimg1@webmail.df.eu>
In-Reply-To: <20190328095125.Horde.okViqVm7l8J7BQ4Jt1gimg1@webmail.df.eu>
From: Vukasin Karadzic <vukasin.karadzic@gmail.com>
Date: Thu, 28 Mar 2019 13:16:51 +0100
Message-ID: <CAEQ8ZZfLX-Dq+eEzQawq_Z5FXa5GAqSSg5L5fZefpPqxea0XTQ@mail.gmail.com>
To: stefan@gazdag.de
Cc: ipsec@ietf.org
Content-Type: multipart/alternative; boundary="00000000000006584505852689fe"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/7itvMgx_o9xpTSMv2N2UklhK7n4>
Subject: Re: [IPsec] New Version Notification for draft-tjhai-ipsecme-hybrid-qske-ikev2-03.txt
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Mar 2019 12:17:24 -0000
Hello all, I'd like to add a couple of remarks. 1. There is one more code-based proposal based on Goppa codes and somewhat on McEliece and that is NTS-KEM, I would suppose one of those two will be one of the final standardized algorithms. NTS-KEM has three sets of parameters, one for each of the security 'levels' that NIST proposed, and the first and second set of parameters (for Level 1 and Level 3 security) have significantly smaller keys (though they are still one of the biggest). There is even a document published by Classic McEliece team that compares all important aspects of the proposal ( https://classic.mceliece.org/nist/vsntskem-20180629.pdf) (there is also a response from NTS-KEM team addressing all points from that document). 2. All NIST proposals are K(ey)E(ncapsulation)M(echanism)s. I don't know if it's possible or if it makes sense, but in some use cases (eg. small client - server) it may be useful for a server to store public key from client, so that client doesn't need to each time (eg. for a rekey) calculate a new public key (and send it?), because key generation can be expensive, in case of Classic McEliece key generation in software takes billions (4-6) of cycles, about 2 seconds in ~6,000,000,000 case on a 'Intel Xeon E3-1220 v3 (Haswell) running at 3.10GHz with 32GB of RAM' platform. Maybe that point can be also addressed in the draft. One more remark regarding KEMs, in case of Classic McEliece/NTS-KEM, the initiator would send MBs (eg, 1357824 bytes) of KE payload, while in the other direction the responder would need to send only couple of hundred of bytes (240 bytes) which contain encapsulated secret key. Regards, Vukasin Karadzic
- Re: [IPsec] New Version Notification for draft-tj… Vukasin Karadzic
- Re: [IPsec] New Version Notification for draft-tj… stefan
- Re: [IPsec] New Version Notification for draft-tj… Valery Smyslov
- Re: [IPsec] New Version Notification for draft-tj… Tobias Guggemos
- Re: [IPsec] New Version Notification for draft-tj… Valery Smyslov
- Re: [IPsec] New Version Notification for draft-tj… Valery Smyslov
- Re: [IPsec] New Version Notification for draft-tj… Bruckert, Leonie
- Re: [IPsec] New Version Notification for draft-tj… Valery Smyslov
- Re: [IPsec] New Version Notification for draft-tj… Panos Kampanakis (pkampana)
- Re: [IPsec] New Version Notification for draft-tj… Tobias Heider
- Re: [IPsec] New Version Notification for draft-tj… Panos Kampanakis (pkampana)
- Re: [IPsec] New Version Notification for draft-tj… Tobias Heider
- Re: [IPsec] New Version Notification for draft-tj… Tobias Heider
- Re: [IPsec] New Version Notification for draft-tj… Valery Smyslov