Re: [IPsec] Comment on draft-kampanakis-ml-kem-ikev2

"Bruckert, Leonie" <Leonie.Bruckert@secunet.com> Tue, 20 February 2024 14:46 UTC

Return-Path: <Leonie.Bruckert@secunet.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3DCD5C14F693 for <ipsec@ietfa.amsl.com>; Tue, 20 Feb 2024 06:46:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.106
X-Spam-Level:
X-Spam-Status: No, score=-7.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=secunet.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XlExrZsPQNRU for <ipsec@ietfa.amsl.com>; Tue, 20 Feb 2024 06:46:03 -0800 (PST)
Received: from a.mx.secunet.com (a.mx.secunet.com [62.96.220.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6F8AAC14F6BC for <ipsec@ietf.org>; Tue, 20 Feb 2024 06:46:01 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by a.mx.secunet.com (Postfix) with ESMTP id DB36B2083B; Tue, 20 Feb 2024 15:45:58 +0100 (CET)
X-Virus-Scanned: by secunet
Received: from a.mx.secunet.com ([127.0.0.1]) by localhost (a.mx.secunet.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1dO0B8_3AeKQ; Tue, 20 Feb 2024 15:45:58 +0100 (CET)
Received: from mailout1.secunet.com (mailout1.secunet.com [62.96.220.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by a.mx.secunet.com (Postfix) with ESMTPS id F19A020799; Tue, 20 Feb 2024 15:45:57 +0100 (CET)
DKIM-Filter: OpenDKIM Filter v2.11.0 a.mx.secunet.com F19A020799
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secunet.com; s=202301; t=1708440358; bh=+AGTcuugHlgrwKZ0ck7OzvRBkVlCWk8YvsgdNQBPpXY=; h=From:To:CC:Subject:Date:References:In-Reply-To:From; b=RPFCfbJupB1thC2QKbeaMfnh9w6LmhgDUR/YxOuGP4Xq7bPy7UxqI5DDKvxQ+0Kz9 9kNWhLpzEnw960gRCQzZJS73vINntRuaLgHIJLlJQXWrn9XE5dRg1GFwuLJ8yuJV75 jscL+q4DRdzYk2r3likBBh9Y6jFcTo/FclrdrzoRkf6oFzc0KkY3DEHGLFEWKJGy7P S7i6Wz8FGnI+Cg6WcFPSGlpfTTT/+/w1OnD+ngPeKoibf2raqFr5WPCjiPMuQl8Vd9 HEx/S51vA6hOVYGCNolN6DNnvYll7ssdtH5yEj/UpFYdP1lZKqh+NIwbl1LfUcKVaz hTDaWpekqtXHQ==
Received: from cas-essen-01.secunet.de (unknown [10.53.40.201]) by mailout1.secunet.com (Postfix) with ESMTP id E30F580004A; Tue, 20 Feb 2024 15:45:57 +0100 (CET)
Received: from mbx-essen-01.secunet.de (10.53.40.197) by cas-essen-01.secunet.de (10.53.40.201) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Tue, 20 Feb 2024 15:45:57 +0100
Received: from mbx-essen-02.secunet.de (10.53.40.198) by mbx-essen-01.secunet.de (10.53.40.197) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Tue, 20 Feb 2024 15:45:57 +0100
Received: from mbx-essen-02.secunet.de ([fe80::fcaf:ee74:71ad:4eff]) by mbx-essen-02.secunet.de ([fe80::fcaf:ee74:71ad:4eff%8]) with mapi id 15.01.2507.035; Tue, 20 Feb 2024 15:45:57 +0100
From: "Bruckert, Leonie" <Leonie.Bruckert@secunet.com>
To: "Kampanakis, Panos" <kpanos@amazon.com>, "ipsec@ietf.org" <ipsec@ietf.org>
CC: "Ravago, Gerardo" <gcr@amazon.com>
Thread-Topic: [IPsec] Comment on draft-kampanakis-ml-kem-ikev2
Thread-Index: AdpTbguY61E/A+nBR8OJo8KotVdreQN70r7AAKpjqZA=
Date: Tue, 20 Feb 2024 14:45:57 +0000
Message-ID: <4e755d5ea62e44e8a693e8c1e2728a38@secunet.com>
References: <652d3010673246d7846fb6042e44d4d9@secunet.com> <06388b41ec254b299cf878c7bad37090@amazon.com>
In-Reply-To: <06388b41ec254b299cf878c7bad37090@amazon.com>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Content-Type: multipart/alternative; boundary="_000_4e755d5ea62e44e8a693e8c1e2728a38secunetcom_"
MIME-Version: 1.0
X-EXCLAIMER-MD-CONFIG: 2c86f778-e09b-4440-8b15-867914633a10
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/9a6yg2OUnDifz3UM1hQcoCHHbTI>
Subject: Re: [IPsec] Comment on draft-kampanakis-ml-kem-ikev2
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Feb 2024 14:46:08 -0000

Hi Panos,

thanks for addressing my comment. It looks good.

One nit. In the introduction, first paragraph, the last sentence seems to be broken:
“This includes Internet Key Exchange Protocol Version 2 (IKEv2, which the security is based on using the (EC)DH key exchange in the IKE_SA_INIT messages”

By the way, I’m fine with not adding ML-KEM-512 to the document, but I won’t object either.

Leonie


Von: Kampanakis, Panos <kpanos@amazon.com>
Gesendet: Dienstag, 20. Februar 2024 05:25
An: Bruckert, Leonie <Leonie.Bruckert@secunet.com>; ipsec@ietf.org
Cc: Ravago, Gerardo <gcr@amazon.com>
Betreff: RE: [IPsec] Comment on draft-kampanakis-ml-kem-ikev2


Hi Leonie,

I am circling back. I updated the terminology in the just submitted the -02 version. https://datatracker.ietf.org/doc/html/draft-kampanakis-ml-kem-ikev2-02



Thank you for the suggestion about draft-ietf-pquip-pqt-hybrid-terminology.



Hopefully IPSECME will discuss this draft in Brisbane.



From: IPsec <ipsec-bounces@ietf.org<mailto:ipsec-bounces@ietf.org>> On Behalf Of Bruckert, Leonie
Sent: Tuesday, January 30, 2024 6:40 AM
To: ipsec@ietf.org<mailto:ipsec@ietf.org>
Subject: [EXTERNAL] [IPsec] Comment on draft-kampanakis-ml-kem-ikev2


CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe.


Thanks for setting up this draft!

Have you considered to align terminology with draft-ietf-pquip-pqt-hybrid-terminology? It defines a “PQ/T Hybrid Key Encapsulation Mechanism” as a “multi-algorithm KEM made up of two or more component KEM algorithms where at least one is a post-quantum algorithm and at least one is a traditional algorithm“. This definition may not perfectly match how a hybrid KEM is done in IKEv2 as it is a sequential approach. However, I think it would be good to have a reference to the terminology draft.

Leonie