IETF Logo Mail Archive

[IPsec] draft-ietf-ipsecme-ikev2-multiple-ke new

"Kampanakis, Panos" <kpanos@amazon.com> Tue, 11 April 2023 01:56 UTC

Return-Path: <prvs=458b9f636=kpanos@amazon.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4A286C151B16; Mon, 10 Apr 2023 18:56:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.597
X-Spam-Level:
X-Spam-Status: No, score=-9.597 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazon.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id znx1sJxuYyIH; Mon, 10 Apr 2023 18:56:55 -0700 (PDT)
Received: from smtp-fw-6002.amazon.com (smtp-fw-6002.amazon.com [52.95.49.90]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2AA9AC152A14; Mon, 10 Apr 2023 18:56:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209; t=1681178215; x=1712714215; h=from:to:cc:subject:date:message-id:mime-version; bh=tO1ajmovXDIzIE5li8JjL+qGFVtLbxGRhTzLxW5tt3Q=; b=IySFsjtqYRM9wP6deHAKd6gkjBHLJwpQIoUCfjavapVFllrPSilMN+4P mheWaKcbxOT0o3UPkzm/oFrQLKu3wkLbDfs7opUp60gmporYxAnUwjr+I c/1s/4ugx3eDZ0ErNYgzBtSJCo3gnWEf8IYyfmRO8WSfayfoH9Ae9jJ/y 0=;
X-IronPort-AV: E=Sophos;i="5.98,335,1673913600"; d="scan'208,217";a="316864195"
Received: from iad12-co-svc-p1-lb1-vlan3.amazon.com (HELO email-inbound-relay-pdx-2a-m6i4x-8a14c045.us-west-2.amazon.com) ([10.43.8.6]) by smtp-border-fw-6002.iad6.amazon.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Apr 2023 01:56:52 +0000
Received: from EX19MTAUWC001.ant.amazon.com (pdx1-ws-svc-p6-lb9-vlan3.pdx.amazon.com [10.236.137.198]) by email-inbound-relay-pdx-2a-m6i4x-8a14c045.us-west-2.amazon.com (Postfix) with ESMTPS id 412BB82D83; Tue, 11 Apr 2023 01:56:51 +0000 (UTC)
Received: from EX19D001ANA001.ant.amazon.com (10.37.240.156) by EX19MTAUWC001.ant.amazon.com (10.250.64.174) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.25; Tue, 11 Apr 2023 01:56:44 +0000
Received: from EX19D001ANA001.ant.amazon.com (10.37.240.156) by EX19D001ANA001.ant.amazon.com (10.37.240.156) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.2.1118.26; Tue, 11 Apr 2023 01:56:43 +0000
Received: from EX19D001ANA001.ant.amazon.com ([fe80::4f78:75cd:3117:8055]) by EX19D001ANA001.ant.amazon.com ([fe80::4f78:75cd:3117:8055%5]) with mapi id 15.02.1118.026; Tue, 11 Apr 2023 01:56:43 +0000
From: "Kampanakis, Panos" <kpanos@amazon.com>
To: "draft-ietf-ipsecme-ikev2-multiple-ke@ietf.org" <draft-ietf-ipsecme-ikev2-multiple-ke@ietf.org>
CC: "ipsec@ietf.org" <ipsec@ietf.org>
Thread-Topic: draft-ietf-ipsecme-ikev2-multiple-ke new
Thread-Index: AdlsFtw9/aftvn2IRmW5dacJUmRq9A==
Date: Tue, 11 Apr 2023 01:56:43 +0000
Message-ID: <8c260d5fc73e44aebfc5dfda6e5baf94@amazon.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.37.240.172]
Content-Type: multipart/alternative; boundary="_000_8c260d5fc73e44aebfc5dfda6e5baf94amazoncom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/XQ2fFs_Q6FE0WjEE5Q6rodmGTkI>
Subject: [IPsec] draft-ietf-ipsecme-ikev2-multiple-ke new
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Apr 2023 01:56:59 -0000

Hi draft-ietf-ipsecme-ikev2-multiple-ke authors, ipsecme WG,

We have seen attempts to get early codepoints allocated for PQ-hybrid key exchanges in TLS 1.3 and HPKE in other IETF WGs. These, I think, are are good steps. Note for these IANA registries the requirement is "Specification Required".

How about new PQ Transform Type 4 identifiers in IKEv2? Currently the draft-ietf-ipsecme-ikev2-multiple-ke draft says
     It is assumed that new Transform Type 4 identifiers will be assigned later for various post-quantum key exchanges [IKEV2TYPE4ID<https://datatracker.ietf.org/doc/html/draft-ietf-ipsecme-ikev2-multiple-ke-12>].

So, if draft-ietf-ipsecme-ikev2-multiple-ke will not assign new identifiers for Kyber-768 in https://www.iana.org/assignments/ikev2-parameters/ikev2-parameters.xhtml#ikev2-parameters-8, should we be asking the Experts (Tero, Valery) consider a new allocation?

Thx,
Panos

v2.23.0 | Report a Bug | By Email