IETF Logo Mail Archive

[IPsec] Re: FW: New Version Notification for draft-sfluhrer-ipsecme-ikev2-mldsa-00.txt

Loganaden Velvindron <loganaden@gmail.com> Sat, 01 February 2025 04:43 UTC

Return-Path: <loganaden@gmail.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A5669C1D5C69 for <ipsec@ietfa.amsl.com>; Fri, 31 Jan 2025 20:43:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xQv75zZoqrDE for <ipsec@ietfa.amsl.com>; Fri, 31 Jan 2025 20:43:03 -0800 (PST)
Received: from mail-ot1-x32f.google.com (mail-ot1-x32f.google.com [IPv6:2607:f8b0:4864:20::32f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D2440C1D52F8 for <ipsec@ietf.org>; Fri, 31 Jan 2025 20:43:03 -0800 (PST)
Received: by mail-ot1-x32f.google.com with SMTP id 46e09a7af769-71e181fb288so1507702a34.2 for <ipsec@ietf.org>; Fri, 31 Jan 2025 20:43:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1738384983; x=1738989783; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=8ozhC3l9K/qJnxc0+8TyPpPnix/oztWgNiVkk6gPK5w=; b=LLm9Qr5oqEBZr/hwfjBX3wVEkI9cLVBrGLogOcA+ktVnoSF3KBPS0HQfxUESUyD7uS 6qGBCH87VfXEEb6iCKSTqIblISZRqCJddkXIjtbtBIaexLE/UWn5pE+cIe7xFPVL++XZ zLycsPiJscBUu1U0v/mCOcX89iuIRTyS2YferpVN2Uk+ovcKqIHQfxD/+9I4H1r5JGMs Zrn/gCk9g2xhue8bQl8EDJKrRUCKERihNSw12589/vNl/688MiHKgsZlJhKkU8igaL12 ALJPgBJfze25m4PIke+vp9Y8q1WqkGjemdfLSS74c96z23eYTd7m69DI6iQtjkxrHhj2 NQnQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1738384983; x=1738989783; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=8ozhC3l9K/qJnxc0+8TyPpPnix/oztWgNiVkk6gPK5w=; b=d7VwIPGwF0zUe3wg6yiCmLjT665YGj0xb4Q2Lwkym8rQMG8TcAzhimqzHHqVBBFGuA E8+UVQaoP9QCB3j4DVHoZ/9rQDBI5f3Xtvnf2T95kxMoLrvWMBtx3FPiUyRPnQgP5BQL 5WqnHvnapcQvWYufxXeEImMjzMccvJrkX7C1w4+3DOwDqa56H11x/LzSFIMSf2JEv2Gf rs9XUveCVHPpWcAjEIdn/4VkI65JjvP14j9F5hAhZcFcv2KT6qNQv8NFBCVdac2BbQJD nkNVHSpF3nT6mAlke/uqO3KHRvoSxyn2S+urbd2LOky5FEpHBnrwrS+BNnkHM1Cy2T7y xKrA==
X-Gm-Message-State: AOJu0YyMl34mlPVCWVzFBjrAFgPrKGPyxP1zRAH/M5VJDe+iGc+vSLhf STFn5xeXGQwkUIVU8LSyhEZf53sy+JIm/j2rgDHu+VdZ5+xlbLIIdpgczFWQOU+zNDdVMalYeeJ Yu67Nph7Og0qFf7+xv1/A8A1qfDdDKC5BLdE=
X-Gm-Gg: ASbGncv6qsXmK1e1WOCxhRS5NJtyFqsWuGsOoHN7rUezQ9pRq1NNMQ/2Gexur4dJ3ff wdca74FF6Me2kB99uhYqMlDSFBwoQcsTMibnIVTpGMg2koooW/weg1wOitQ+YoRodwRZ6jFnMxw ==
X-Google-Smtp-Source: AGHT+IEKCWEPoCGsNJvxURI13rjAWv52Wpm5ZMux5Q+sHXvBoOTXvlpgFH7uhApeAVKiWmALF1bK9sscakGGLvXnVUM=
X-Received: by 2002:a05:6830:6213:b0:71e:171c:ddb9 with SMTP id 46e09a7af769-726567582f9mr8448297a34.2.1738384982897; Fri, 31 Jan 2025 20:43:02 -0800 (PST)
MIME-Version: 1.0
References: <173835008260.58904.3312254574955629084@dt-datatracker-6f7f8bdd64-4ngzm> <CH0PR11MB5444CA907AA74178925254C7C1E82@CH0PR11MB5444.namprd11.prod.outlook.com>
In-Reply-To: <CH0PR11MB5444CA907AA74178925254C7C1E82@CH0PR11MB5444.namprd11.prod.outlook.com>
From: Loganaden Velvindron <loganaden@gmail.com>
Date: Sat, 01 Feb 2025 08:42:51 +0400
X-Gm-Features: AWEUYZkN4sJtv7gbbrP-Wlv3UPEdWAfwW-dBbPzyGfrS6xdlJaTP2PZ6E2BW8bE
Message-ID: <CAOp4FwTVm3UeTOj7-m_Z=rFx+WW5o41iKha=nsqzva7Av77cPw@mail.gmail.com>
To: "Scott Fluhrer (sfluhrer)" <sfluhrer=40cisco.com@dmarc.ietf.org>
Content-Type: text/plain; charset="UTF-8"
Message-ID-Hash: VXP5SXFAJTWOQSPY6YTRGOWKOV7ANQDL
X-Message-ID-Hash: VXP5SXFAJTWOQSPY6YTRGOWKOV7ANQDL
X-MailFrom: loganaden@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-ipsec.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "ipsec@ietf.org" <ipsec@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [IPsec] Re: FW: New Version Notification for draft-sfluhrer-ipsecme-ikev2-mldsa-00.txt
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/AiEmMoVaCOExaBxHKBFka2D9XfA>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Owner: <mailto:ipsec-owner@ietf.org>
List-Post: <mailto:ipsec@ietf.org>
List-Subscribe: <mailto:ipsec-join@ietf.org>
List-Unsubscribe: <mailto:ipsec-leave@ietf.org>

Hi Scott,

Small nit in abstract:
This document describes how to use ML-DSA with IKEv2 as an auhentication scheme.
auhentication -> authentication.

Overall, This I-D is useful and should move forward.


On Fri, 31 Jan 2025 at 23:41, Scott Fluhrer (sfluhrer)
<sfluhrer=40cisco.com@dmarc.ietf.org> wrote:
>
> I just noticed that IKE was missing a draft to how to support pure (ML-DSA only) PQ authentication, so I threw this together.
>
> Any comments are fine (and I expect them to range from "this is completely stupid" to "this is mostly stupid, but it might be salvageable")
>
> -----Original Message-----
> From: internet-drafts@ietf.org <internet-drafts@ietf.org>
> Sent: Friday, January 31, 2025 2:01 PM
> To: Scott Fluhrer (sfluhrer) <sfluhrer@cisco.com>
> Subject: New Version Notification for draft-sfluhrer-ipsecme-ikev2-mldsa-00.txt
>
> A new version of Internet-Draft draft-sfluhrer-ipsecme-ikev2-mldsa-00.txt has been successfully submitted by Scott Fluhrer and posted to the IETF repository.
>
> Name:     draft-sfluhrer-ipsecme-ikev2-mldsa
> Revision: 00
> Title:    IKEv2 Support of ML-DSA
> Date:     2025-01-31
> Group:    Individual Submission
> Pages:    8
> URL:      https://www.ietf.org/archive/id/draft-sfluhrer-ipsecme-ikev2-mldsa-00.txt
> Status:   https://datatracker.ietf.org/doc/draft-sfluhrer-ipsecme-ikev2-mldsa/
> HTML:     https://www.ietf.org/archive/id/draft-sfluhrer-ipsecme-ikev2-mldsa-00.html
> HTMLized: https://datatracker.ietf.org/doc/html/draft-sfluhrer-ipsecme-ikev2-mldsa
>
>
> Abstract:
>
>    One IPsec area that would be impacted by Cryptographically Relevant
>    Quantum Computer (CRQC) is IKEv2 authentication based on traditional
>    asymmetric cryptograph algorithms: e.g RSA, ECDSA; which are widely
>    deployed authentication options of IKEv2.  NIST has recently
>    standardized ML-DSA, which is a signature algorithm believed to be
>    secure against Quantum Computers.  This document describes how to use
>    ML-DSA with IKEv2 as an auhentication scheme.
>
>
>
> The IETF Secretariat
>
>
> _______________________________________________
> IPsec mailing list -- ipsec@ietf.org
> To unsubscribe send an email to ipsec-leave@ietf.org

v2.46.0 | Report a Bug | By Email | System Status