[IPsec] [Errata Held for Document Update] RFC8784 (8775)
RFC Errata System <rfc-editor@rfc-editor.org> Thu, 07 May 2026 19:21 UTC
Return-Path: <wwwrun@rfcpa.rfc-editor.org>
X-Original-To: ipsec@ietf.org
Delivered-To: ipsec@mail2.ietf.org
Received: from rfcpa.rfc-editor.org (unknown [167.172.21.234]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 02EBDEAC91AB; Thu, 7 May 2026 12:21:00 -0700 (PDT)
Received: by rfcpa.rfc-editor.org (Postfix, from userid 461) id EFE632AD59A; Thu, 7 May 2026 12:20:59 -0700 (PDT)
To: thom@thomwiggers.nl, sfluhrer@cisco.com, pkampana@cisco.com, mcgrew@cisco.com, svan@elvis.ru
From: RFC Errata System <rfc-editor@rfc-editor.org>
Content-Type: text/plain; charset="UTF-8"
Message-Id: <20260507192059.EFE632AD59A@rfcpa.rfc-editor.org>
Date: Thu, 07 May 2026 12:20:59 -0700
Message-ID-Hash: LACFS7OV4GFXW4C3FZPIOIFYXPL5CCGX
X-Message-ID-Hash: LACFS7OV4GFXW4C3FZPIOIFYXPL5CCGX
X-MailFrom: wwwrun@rfcpa.rfc-editor.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-ipsec.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: debcooley1@gmail.com, iesg@ietf.org, ipsec@ietf.org, rfc-editor@rfc-editor.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [IPsec] [Errata Held for Document Update] RFC8784 (8775)
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/Pg5E9IiUYtKhi7yR8EimWQGSY0s>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Owner: <mailto:ipsec-owner@ietf.org>
List-Post: <mailto:ipsec@ietf.org>
List-Subscribe: <mailto:ipsec-join@ietf.org>
List-Unsubscribe: <mailto:ipsec-leave@ietf.org>
The following errata report has been held for document update for RFC8784, "Mixing Preshared Keys in the Internet Key Exchange Protocol Version 2 (IKEv2) for Post-quantum Security". -------------------------------------- You may review the report below and at: https://www.rfc-editor.org/errata/eid8775 -------------------------------------- Status: Held for Document Update Type: Technical Reported by: Thom Wiggers <thom@thomwiggers.nl> Date Reported: 2026-02-20 Held by: Deb Cooley (IESG) Section: 6 Original Text ------------- In addition, the policy SHOULD be set to negotiate only quantum- secure symmetric algorithms; while this RFC doesn't claim to give advice as to what algorithms are secure (as that may change based on future cryptographical results), below is a list of defined IKEv2 and IPsec algorithms that should not be used, as they are known to provide less than 128 bits of post-quantum security: * Any IKEv2 encryption algorithm, PRF, or integrity algorithm with a key size less than 256 bits. * Any ESP transform with a key size less than 256 bits. * PRF_AES128_XCBC and PRF_AES128_CBC: even though they can use as input a key of arbitrary size, such input keys are converted into a 128-bit key for internal use. Corrected Text -------------- In general, the discussion on Grover's algorithm in the security considerations needs to be revisited. Since the document was published, the cryptographic community has come to the wide agreement that Grover's algorithm has extremely large implementation cost which practically negates its theoretical advantage over classical computers. As such, using (good) 128-bit secure algorithms is just fine. Notes ----- This also transitively affects RFC 9867 which points to this RFC's security considerations. -------------------------------------- RFC8784 (draft-ietf-ipsecme-qr-ikev2-11) -------------------------------------- Title : Mixing Preshared Keys in the Internet Key Exchange Protocol Version 2 (IKEv2) for Post-quantum Security Publication Date : June 2020 Author(s) : S. Fluhrer, P. Kampanakis, D. McGrew, V. Smyslov Category : PROPOSED STANDARD Source : IP Security Maintenance and Extensions Stream : IETF Verifying Party : IESG
- [IPsec] [Errata Held for Document Update] RFC8784… RFC Errata System