Re: [IPsec] draft-ietf-ipsecme-ikev2-multiple-ke new
"Kampanakis, Panos" <kpanos@amazon.com> Tue, 11 April 2023 14:29 UTC
Return-Path: <prvs=458b9f636=kpanos@amazon.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EB141C14CF09; Tue, 11 Apr 2023 07:29:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.597
X-Spam-Level:
X-Spam-Status: No, score=-14.597 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazon.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IZWaorTYJHut; Tue, 11 Apr 2023 07:29:00 -0700 (PDT)
Received: from smtp-fw-80006.amazon.com (smtp-fw-80006.amazon.com [99.78.197.217]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2FC6BC1522AA; Tue, 11 Apr 2023 07:29:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209; t=1681223340; x=1712759340; h=from:to:cc:date:message-id:references:in-reply-to: mime-version:subject; bh=sgmBISJRWg3UxmLV9ClgBPctWelNo/gaypknskqmM8A=; b=rgBrJ00x6PGeyThKGxQSx9p/supR7Y7nd2wcjXG/Hr5jNHeBlfgSXQ1V bfFMle6Yjw8rzb4GWaONg7XYvhXchlnyml34h6LjuQbRTtEP+p04OtMmg lgwWX5hvxHmsOzT3nyfpyf1CBH0jVwHVUpedX4wFn9kp20ybn1FzLmzf4 A=;
X-IronPort-AV: E=Sophos;i="5.98,336,1673913600"; d="scan'208,217";a="203220358"
Thread-Topic: draft-ietf-ipsecme-ikev2-multiple-ke new
Received: from pdx4-co-svc-p1-lb2-vlan2.amazon.com (HELO email-inbound-relay-iad-1d-m6i4x-d7759ebe.us-east-1.amazon.com) ([10.25.36.210]) by smtp-border-fw-80006.pdx80.corp.amazon.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Apr 2023 14:28:43 +0000
Received: from EX19MTAUWB002.ant.amazon.com (iad12-ws-svc-p26-lb9-vlan2.iad.amazon.com [10.40.163.34]) by email-inbound-relay-iad-1d-m6i4x-d7759ebe.us-east-1.amazon.com (Postfix) with ESMTPS id 21D854510C; Tue, 11 Apr 2023 14:28:42 +0000 (UTC)
Received: from EX19D001ANA001.ant.amazon.com (10.37.240.156) by EX19MTAUWB002.ant.amazon.com (10.250.64.231) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.25; Tue, 11 Apr 2023 14:28:39 +0000
Received: from EX19D001ANA001.ant.amazon.com (10.37.240.156) by EX19D001ANA001.ant.amazon.com (10.37.240.156) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.2.1118.26; Tue, 11 Apr 2023 14:28:38 +0000
Received: from EX19D001ANA001.ant.amazon.com ([fe80::4f78:75cd:3117:8055]) by EX19D001ANA001.ant.amazon.com ([fe80::4f78:75cd:3117:8055%5]) with mapi id 15.02.1118.026; Tue, 11 Apr 2023 14:28:38 +0000
From: "Kampanakis, Panos" <kpanos@amazon.com>
To: Valery Smyslov <svan@elvis.ru>, "draft-ietf-ipsecme-ikev2-multiple-ke@ietf.org" <draft-ietf-ipsecme-ikev2-multiple-ke@ietf.org>
CC: "ipsec@ietf.org" <ipsec@ietf.org>
Thread-Index: AdlsFtw9/aftvn2IRmW5dacJUmRq9AAK2V2AAA/AMaA=
Date: Tue, 11 Apr 2023 14:28:38 +0000
Message-ID: <3972849df01f42568601db68778e3849@amazon.com>
References: <8c260d5fc73e44aebfc5dfda6e5baf94@amazon.com> <010a01d96c42$41cd5f80$c5681e80$@elvis.ru>
In-Reply-To: <010a01d96c42$41cd5f80$c5681e80$@elvis.ru>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.37.240.200]
Content-Type: multipart/alternative; boundary="_000_3972849df01f42568601db68778e3849amazoncom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/bC_2sUOktEPi9zIMIVAUooctZ4g>
Subject: Re: [IPsec] draft-ietf-ipsecme-ikev2-multiple-ke new
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Apr 2023 14:29:04 -0000
Thanks Valery. Makes sense. > This may be a very short document referencing generic Kyber specification and clarifying implementation details for IKEv2 (e.g. the format of the public key etc.). Would that be a draft towards ratification in IPSECME or something like https://datatracker.ietf.org/doc/html/draft-tls-westerbaan-xyber768d00 which does not need to be ratified and can just serve as the "Specification Required" for the TLS 1.3 IANA registry? From: Valery Smyslov <svan@elvis.ru> Sent: Tuesday, April 11, 2023 2:53 AM To: Kampanakis, Panos <kpanos@amazon.com>; draft-ietf-ipsecme-ikev2-multiple-ke@ietf.org Cc: ipsec@ietf.org Subject: RE: [EXTERNAL]draft-ietf-ipsecme-ikev2-multiple-ke new CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe. Hi Panos, Hi draft-ietf-ipsecme-ikev2-multiple-ke authors, ipsecme WG, We have seen attempts to get early codepoints allocated for PQ-hybrid key exchanges in TLS 1.3 and HPKE in other IETF WGs. These, I think, are are good steps. Note for these IANA registries the requirement is "Specification Required". How about new PQ Transform Type 4 identifiers in IKEv2? Currently the draft-ietf-ipsecme-ikev2-multiple-ke draft says It is assumed that new Transform Type 4 identifiers will be assigned later for various post-quantum key exchanges [IKEV2TYPE4ID<https://datatracker.ietf.org/doc/html/draft-ietf-ipsecme-ikev2-multiple-ke-12>]. So, if draft-ietf-ipsecme-ikev2-multiple-ke will not assign new identifiers for Kyber-768 in https://www.iana.org/assignments/ikev2-parameters/ikev2-parameters.xhtml#ikev2-parameters-8, should we be asking the Experts (Tero, Valery) consider a new allocation? Yes, that's correct. However, while it is possible to ask IANA for new allocation without any referencing document, as designated expert I would be much more comfortable if some document (even I-D) exists describing how to use Kyber-768 in specific environment of IKEv2. This may be a very short document referencing generic Kyber specification and clarifying implementation details for IKEv2 (e.g. the format of the public key etc.). Regards, Valery. Thx, Panos
- [IPsec] draft-ietf-ipsecme-ikev2-multiple-ke new Kampanakis, Panos
- Re: [IPsec] draft-ietf-ipsecme-ikev2-multiple-ke … Valery Smyslov
- Re: [IPsec] draft-ietf-ipsecme-ikev2-multiple-ke … Kampanakis, Panos
- Re: [IPsec] draft-ietf-ipsecme-ikev2-multiple-ke … Valery Smyslov