Re: [IPsec] John Scudder's No Objection on draft-ietf-ipsecme-ikev2-multiple-ke-10: (with COMMENT)
CJ Tjhai <cjt@post-quantum.com> Wed, 30 November 2022 23:19 UTC
Return-Path: <cjt@post-quantum.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C80A8C15A74D for <ipsec@ietfa.amsl.com>; Wed, 30 Nov 2022 15:19:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=post-quantum-com.20210112.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ofBdMKmrKLfW for <ipsec@ietfa.amsl.com>; Wed, 30 Nov 2022 15:19:02 -0800 (PST)
Received: from mail-pf1-x436.google.com (mail-pf1-x436.google.com [IPv6:2607:f8b0:4864:20::436]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CDB90C0D7C20 for <ipsec@ietf.org>; Wed, 30 Nov 2022 15:18:59 -0800 (PST)
Received: by mail-pf1-x436.google.com with SMTP id 21so238015pfw.4 for <ipsec@ietf.org>; Wed, 30 Nov 2022 15:18:59 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=post-quantum-com.20210112.gappssmtp.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=/OEjBo7VQmAycz0+Y8gFQqMyV2ivWdFTDgMTPcbaooo=; b=O00KE4tvpSWHthzFhYGsgNq2TCCeZN3YxAMAe4lGfFpLfXpa8iC129xXbg4tP1EXn9 sTnOBCNVFFkIjyfvP5IdjFIOLwFoMKOAd8NwwExnpjwsIbdHjMcrfsY9ov4rAPH+X0aW 4qBg6gNqKNx2fnrsdQ05gMdsfSPSOz8pDvqkRl5aGOOJn37WG9CYx5ZS0QC4XcjvlmZG 2fSH9lDS6s1n6CBa8rnJVWz3HtGq5J4/SKQwLeDxu9Z6K00uotwYbJ36SK65lfbrHv6v nRr6jeT80k/yzW3O8GPqlaK79uiAV40I1k/gJVKAk2hp7LOSRBfEqR9bn2TUMKRqU57m VOYQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=/OEjBo7VQmAycz0+Y8gFQqMyV2ivWdFTDgMTPcbaooo=; b=mmzc133wae0LTrc9KyxFX5BXpNLuc+uuYH/cVeUYlMxVHndRi+9lSADl9VXpKNLD2c z87iECMuH4pLk5JOvCwINKIRkEnGJNm/RL6fEOQXmhHxnHn7fjSCQzQd9BxG5GHXmnKm lBzR91XOA1KOpulJ7svUZP2ly1X/+4eWM+Pc0t/u4BMnSl4aNa0pzwB5losTg5B8zDT2 i6ULGI4A7FM+5jLLxZRRL94Tz36l0IhdZN8o2ZNUn3D+8nOPs6mNkoIquZKaCxTcXq+e tHhZYkcwAk/aopbZGYNRqTtJ3Hs22w0KlvrxoZpfcAnmpQuGmlKvMpUqvUwvul15pjl1 ctBQ==
X-Gm-Message-State: ANoB5pn1c/Zhrwe6lqtoLWirKRYVgKuGq6CM/4PzrFB/UOlMMByWa955 eXz+H56MEt6pc5lBpKlpGsuztyv5Iszrxs/SSGQowGhWNGPPkakrea8xsxKcvlnuYq/vTKpVD7v Bbda7f9AFFCXhqVY=
X-Google-Smtp-Source: AA0mqf4zZV1V/rUDxksaS+G+TM9DgsYn0LMpCmPrPYaSRKUtK21lsXvIjICHt7klt6sggxdneGt2RJH2LGvNcD+Xr3Q=
X-Received: by 2002:a63:1c66:0:b0:476:c782:e5d1 with SMTP id c38-20020a631c66000000b00476c782e5d1mr37631805pgm.261.1669850339178; Wed, 30 Nov 2022 15:18:59 -0800 (PST)
MIME-Version: 1.0
References: <166984180574.51822.3552394396097010007@ietfa.amsl.com> <CANs=h-W8Ayo8CZODhqGtVJ6HVvBg2cS1Z95_THgwvJLi74iBVA@mail.gmail.com>
In-Reply-To: <CANs=h-W8Ayo8CZODhqGtVJ6HVvBg2cS1Z95_THgwvJLi74iBVA@mail.gmail.com>
From: CJ Tjhai <cjt@post-quantum.com>
Date: Wed, 30 Nov 2022 23:18:48 +0000
Message-ID: <CANs=h-UwwymvY0yzFtpgWGx-nxPD_H59Bg=STGe3rVc+nRLM0w@mail.gmail.com>
To: John Scudder <jgs@juniper.net>
Cc: The IESG <iesg@ietf.org>, draft-ietf-ipsecme-ikev2-multiple-ke@ietf.org, ipsecme-chairs@ietf.org, ipsec@ietf.org, kivinen@iki.fi
Content-Type: multipart/alternative; boundary="0000000000004b9f4f05eeb8547f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/Psi_Czl2yF77Of3ocOcEnicuWj4>
Subject: Re: [IPsec] John Scudder's No Objection on draft-ietf-ipsecme-ikev2-multiple-ke-10: (with COMMENT)
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Nov 2022 23:19:06 -0000
Hi John, I've just realised that Paul Wouters has also commented on the same sentence and he has suggested the following: A hybrid post-quantum algorithm to be introduced along with the well-established primitives addresses this concern, since the overall security is at least as strong as each individual primitive. This has been committed into our latest PR. Hope this works with you. Cheers, CJ On Wed, 30 Nov 2022 at 23:11, CJ Tjhai <cjt@post-quantum.com> wrote: > Hi John, > > Many thanks for your review. Please see the response inline below. > > Best wishes, > CJ > > > On Wed, 30 Nov 2022 at 20:56, John Scudder via Datatracker < > noreply@ietf.org> wrote: > >> John Scudder has entered the following ballot position for >> draft-ietf-ipsecme-ikev2-multiple-ke-10: No Objection >> >> >> > [snipped] > > ---------------------------------------------------------------------- >> COMMENT: >> ---------------------------------------------------------------------- >> >> Thanks for this. I have just one comment, about what's probably just a >> typographical error but it interfered with my understanding of the point >> in >> question so it seemed worth mentioning. >> >> ### Section 2, (2) is missing a verb, but what verb? >> >> ``` >> Hybrid. Currently, there does not exist a post-quantum key exchange that >> is >> trusted at the level that (EC)DH is trusted against conventional >> (non-quantum) >> adversaries. A hybrid post-quantum algorithm to be introduced next to >> well-established primitives, since the overall security is at least as >> strong >> as each individual primitive. ``` >> >> The second sentence seems, at minimum, to be missing a verb. For instance >> you >> could interpolate "needs" between "algorithm" and "to be", but I'm not >> sure if >> that properly captures your intended meaning. >> > > I see your point, perhaps we should rephrase the sentence to the following: > > Combining a post-quantum algorithm next to well-established primitives > in a hybrid arrangement, would alleviate this concern since the overall > security > is at least as strong as each individual primitive. > > Would this work with you? > -- PQ Solutions Limited (trading as ‘Post-Quantum’) is a private limited company incorporated in England and Wales with registered number 06808505. This email is meant only for the intended recipient. If you have received this email in error, any review, use, dissemination, distribution, or copying of this email is strictly prohibited. Please notify us immediately of the error by return email and please delete this message from your system. Thank you in advance for your cooperation. For more information about Post-Quantum, please visit www.post-quantum.com <http://www.post-quantum.com>. In the course of our business relationship, we may collect, store and transfer information about you. Please see our privacy notice at www.post-quantum.com/privacy-policy/ <http://www.post-quantum.com/privacy-policy/> to learn about how we use this information.
- [IPsec] John Scudder's No Objection on draft-ietf… John Scudder via Datatracker
- Re: [IPsec] John Scudder's No Objection on draft-… CJ Tjhai
- Re: [IPsec] John Scudder's No Objection on draft-… CJ Tjhai
- Re: [IPsec] John Scudder's No Objection on draft-… John Scudder