Re: [IPsec] New Version Notification for draft-tjhai-ipsecme-hybrid-qske-ikev2-03.txt
"Bruckert, Leonie" <Leonie.Bruckert@secunet.com> Fri, 15 February 2019 09:26 UTC
Return-Path: <Leonie.Bruckert@secunet.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B8E76130F28; Fri, 15 Feb 2019 01:26:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eQH47mxYF-6a; Fri, 15 Feb 2019 01:26:08 -0800 (PST)
Received: from a.mx.secunet.com (a.mx.secunet.com [62.96.220.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8870F130F5F; Fri, 15 Feb 2019 01:26:08 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by a.mx.secunet.com (Postfix) with ESMTP id 5CBF42025C; Fri, 15 Feb 2019 10:26:06 +0100 (CET)
X-Virus-Scanned: by secunet
Received: from a.mx.secunet.com ([127.0.0.1]) by localhost (a.mx.secunet.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BPy90gbyYmmj; Fri, 15 Feb 2019 10:26:04 +0100 (CET)
Received: from mail-essen-02.secunet.de (mail-essen-02.secunet.de [10.53.40.205]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by a.mx.secunet.com (Postfix) with ESMTPS id 1D0BD201AE; Fri, 15 Feb 2019 10:26:04 +0100 (CET)
Received: from MAIL-ESSEN-01.secunet.de ([fe80::1c79:38b7:821e:46b4]) by mail-essen-02.secunet.de ([fe80::4431:e661:14d0:41ce%16]) with mapi id 14.03.0435.000; Fri, 15 Feb 2019 10:26:03 +0100
From: "Bruckert, Leonie" <Leonie.Bruckert@secunet.com>
To: IPsecME WG <ipsec@ietf.org>
CC: "draft-tjhai-ipsecme-hybrid-qske-ikev2@ietf.org" <draft-tjhai-ipsecme-hybrid-qske-ikev2@ietf.org>
Thread-Topic: [IPsec] New Version Notification for draft-tjhai-ipsecme-hybrid-qske-ikev2-03.txt
Thread-Index: AQHua0po1SQdv3p8eF/bRngBUmtvn6V9+0SAgC9OHDA=
Date: Fri, 15 Feb 2019 09:26:03 +0000
Message-ID: <DE8E4C1F24911E469CC24DD4819274AA4CBCE9F7@mail-essen-01.secunet.de>
References: <154748799416.9552.17299073748247797491.idtracker@ietfa.amsl.com> <000101d4ad6b$4a790ca0$df6b25e0$@gmail.com>
In-Reply-To: <000101d4ad6b$4a790ca0$df6b25e0$@gmail.com>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-g-data-mailsecurity-for-exchange-state: 0
x-g-data-mailsecurity-for-exchange-error: 0
x-g-data-mailsecurity-for-exchange-sender: 23
x-g-data-mailsecurity-for-exchange-server: cbe3d3f7-b9e3-4256-b890-f24c4306a01c
x-exclaimer-md-config: 2c86f778-e09b-4440-8b15-867914633a10
x-g-data-mailsecurity-for-exchange-guid: 819A69B7-B2DA-4243-A1B3-09EC8CC35D3B
x-g-data-mailsecurity-for-exchange-processedonrouted: True
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/YlEbcP_Dw_RLIoBlKhPRUNqm8sw>
Subject: Re: [IPsec] New Version Notification for draft-tjhai-ipsecme-hybrid-qske-ikev2-03.txt
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Feb 2019 09:26:12 -0000
Hi, The draft specifies how to use additional key exchanges for Child SAs. It states that if several key exchanges are negotiated in CREATE_CHILD_SA, key shares are transmitted in a series of INFORMATIONAL exchanges. So I was wondering if keys are updated after each INFORMATIONAL exchange, similar as its done with the INTERMEDIATE exchange? Besides, has anybody experiences with fragmenting INFORMATIONAL exchange? I’m not aware that INFORMATIONAL exchange has been used to transmit such large payloads before. Regards, Leonie > -----Ursprüngliche Nachricht----- > Von: IPsec [mailto:ipsec-bounces@ietf.org] Im Auftrag von Valery Smyslov > Gesendet: Mittwoch, 16. Januar 2019 08:16 > An: IPsecME WG > Cc: draft-tjhai-ipsecme-hybrid-qske-ikev2@ietf.org > Betreff: Re: [IPsec] New Version Notification for draft-tjhai-ipsecme-hybrid- > qske-ikev2-03.txt > > Hi, > > a new version (-03) of the QSKE draft is published. It contains quite a lot of > changes from the -02 version: > > 1. Negotiation method is changed to standard (via new Transform Types in > SA payload) > 2. Using multiple key exchanges in the CREATE_CHILD_SA exchange is > addressed > 3. "IKE_AUX" is changed to "INTERMEDIATE" (to align with the draft-smyslov- > ipsecme-ikev2-aux-02) > 4. IANA considerations section is added > 5. Temporary IDs for PQ KE methods (using VendorID) are removed > > Please, review the draft. Some issues have already been discussed and the > changes reflect the WG consensus, > some are new and the text reflects only the authors' current opinion. > > Regards, > Valery (for the authors) > > > A new version of I-D, draft-tjhai-ipsecme-hybrid-qske-ikev2-03.txt > > has been successfully submitted by C. Tjhai and posted to the > > IETF repository. > > > > Name: draft-tjhai-ipsecme-hybrid-qske-ikev2 > > Revision: 03 > > Title: Framework to Integrate Post-quantum Key Exchanges into > Internet Key Exchange Protocol > > Version 2 (IKEv2) > > Document date: 2019-01-14 > > Group: Individual Submission > > Pages: 19 > > URL: https://www.ietf.org/internet-drafts/draft-tjhai-ipsecme- > hybrid-qske-ikev2-03.txt > > Status: https://datatracker.ietf.org/doc/draft-tjhai-ipsecme-hybrid- > qske-ikev2/ > > Htmlized: https://tools.ietf.org/html/draft-tjhai-ipsecme-hybrid-qske- > ikev2-03 > > Htmlized: https://datatracker.ietf.org/doc/html/draft-tjhai-ipsecme- > hybrid-qske-ikev2 > > Diff: https://www.ietf.org/rfcdiff?url2=draft-tjhai-ipsecme-hybrid- > qske-ikev2-03 > > > > Abstract: > > This document describes how to extend Internet Key Exchange Protocol > > Version 2 (IKEv2) so that the shared secret exchanged between peers > > has resistance against quantum computer attacks. The basic idea is > > to exchange one or more post-quantum key exchange payloads in > > conjunction with the existing (Elliptic Curve) Diffie-Hellman > > payload. > > > > > > > > > > Please note that it may take a couple of minutes from the time of > submission > > until the htmlized version and diff are available at tools.ietf.org. > > > > The IETF Secretariat > > _______________________________________________ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec
- Re: [IPsec] New Version Notification for draft-tj… Vukasin Karadzic
- Re: [IPsec] New Version Notification for draft-tj… stefan
- Re: [IPsec] New Version Notification for draft-tj… Valery Smyslov
- Re: [IPsec] New Version Notification for draft-tj… Tobias Guggemos
- Re: [IPsec] New Version Notification for draft-tj… Valery Smyslov
- Re: [IPsec] New Version Notification for draft-tj… Valery Smyslov
- Re: [IPsec] New Version Notification for draft-tj… Bruckert, Leonie
- Re: [IPsec] New Version Notification for draft-tj… Valery Smyslov
- Re: [IPsec] New Version Notification for draft-tj… Panos Kampanakis (pkampana)
- Re: [IPsec] New Version Notification for draft-tj… Tobias Heider
- Re: [IPsec] New Version Notification for draft-tj… Panos Kampanakis (pkampana)
- Re: [IPsec] New Version Notification for draft-tj… Tobias Heider
- Re: [IPsec] New Version Notification for draft-tj… Tobias Heider
- Re: [IPsec] New Version Notification for draft-tj… Valery Smyslov