[IPsec] IPsec with QKD
Rodney Van Meter <rdv@sfc.wide.ad.jp> Sun, 08 November 2009 04:17 UTC
Return-Path: <rdv@sfc.wide.ad.jp>
X-Original-To: ipsec@core3.amsl.com
Delivered-To: ipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3E8723A6837 for <ipsec@core3.amsl.com>; Sat, 7 Nov 2009 20:17:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.131
X-Spam-Level: *
X-Spam-Status: No, score=1.131 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_JP=1.244, HOST_EQ_JP=1.265, RELAY_IS_203=0.994, SARE_SUB_OBFU_Q1=0.227]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y-48ohrcq3VU for <ipsec@core3.amsl.com>; Sat, 7 Nov 2009 20:17:41 -0800 (PST)
Received: from mail.sfc.wide.ad.jp (mail.sfc.wide.ad.jp [203.178.142.146]) by core3.amsl.com (Postfix) with ESMTP id CD96E3A682B for <ipsec@ietf.org>; Sat, 7 Nov 2009 20:17:40 -0800 (PST)
Received: from host-17-84.meeting.ietf.org (host-17-84.meeting.ietf.org [133.93.17.84]) by mail.sfc.wide.ad.jp (Postfix) with ESMTPSA id 058CB4C5B2 for <ipsec@ietf.org>; Sun, 8 Nov 2009 13:17:59 +0900 (JST)
Message-Id: <30676E84-F190-4DDA-8785-E1880D8422D0@sfc.wide.ad.jp>
From: Rodney Van Meter <rdv@sfc.wide.ad.jp>
To: ipsec@ietf.org
Content-Type: multipart/signed; boundary="Apple-Mail-32-173730866"; micalg="sha1"; protocol="application/pkcs7-signature"
Mime-Version: 1.0 (Apple Message framework v936)
Date: Sun, 08 Nov 2009 13:16:44 +0900
X-Mailer: Apple Mail (2.936)
Subject: [IPsec] IPsec with QKD
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 08 Nov 2009 04:17:42 -0000
Shota Nagayama and I have been experimenting with using keys generated by quantum key distribution (QKD) devices to key IPsec tunnels. (The devices we used were borrowed from NEC, but we don't claim to represent them.) We have written an I-D on the protocol modifications necessary, and are here in Hiroshima to discuss it. https://datatracker.ietf.org/drafts/draft-nagayama-ipsecme-ipsec-with-qkd/ For those who are interested, we have created a mailing list, which you can join: https://aqua.sfc.wide.ad.jp/mailman/listinfo/ipsecwithqkd Products for QKD already exist, and various experiments are underway, including a large one called SECOQC in Europe; the Japanese and U.S. governments also have sunk a lot of money into QKD. The European effort, in particular, is committed to standardizing many parts of QKD through the ITU. Although the existing products do not yet support IKE/IPsec (to the best of my knowledge, though things change), at least two implementations already exist, ours and BBN's (as described in Chip Elliott's SIGCOMM 2003 paper), as well as a recent paper by Sheila Frankel and collaborators at NIST. Now seems to be the time to create at least an experimental RFC on the topic, to minimize confusion and incompatibility; IETF, rather than ITU, would definitely be the place to standardize the changes to IKE. Although our protocol is unfortunately incompatible with BBN's, Chip has encouraged us to pursue an RFC. At a protocol level, the changes are actually minimal; essentially, the addition of two types of Payload Headers. There may still be some corners in the contents of messages and assumptions required to guarantee security; we look forward to hashing some of those out in person. Please, track us down here in Hiroshima; Shota and I will both be here until after the IPSECME meeting on Thursday. --Rod Rodney Van Meter assistant professor, Faculty of Environment and Information Studies, Keio University, Japan rdv@sfc.wide.ad.jp http://web.sfc.keio.ac.jp/~rdv/ http://www.sfc.wide.ad.jp/IRL/
- [IPsec] IPsec with QKD Rodney Van Meter
- [IPsec] IPsec with QKD Rodney Van Meter
- Re: [IPsec] IPsec with QKD Rodney Van Meter
- Re: [IPsec] IPsec with QKD Paul_Koning
- Re: [IPsec] IPsec with QKD Rodney Van Meter
- Re: [IPsec] IPsec with QKD Paul_Koning
- Re: [IPsec] IPsec with QKD Rodney Van Meter
- Re: [IPsec] IPsec with QKD Rodney Van Meter
- Re: [IPsec] IPsec with QKD Greg Troxel
- Re: [IPsec] IPsec with QKD Tony Putman
- Re: [IPsec] IPsec with QKD Rodney Van Meter
- Re: [IPsec] IPsec with QKD Tony Putman
- Re: [IPsec] IPsec with QKD Paul_Koning