IETF Logo Mail Archive

Re: [IPsec] [Last-Call] Last Call: <draft-ietf-ipsecme-qr-ikev2-09.txt> (Postquantum Preshared Keys for IKEv2) to Proposed Standard

"Paul Hoffman" <paul.hoffman@vpnc.org> Wed, 11 December 2019 18:03 UTC

Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B33A2120088; Wed, 11 Dec 2019 10:03:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.498
X-Spam-Level:
X-Spam-Status: No, score=-1.498 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, KHOP_HELO_FCRDNS=0.4, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0NNKSydY7gHl; Wed, 11 Dec 2019 10:03:52 -0800 (PST)
Received: from mail.proper.com (Opus1.Proper.COM [207.182.41.91]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1E97712002E; Wed, 11 Dec 2019 10:03:52 -0800 (PST)
Received: from [10.32.60.122] (76-209-242-70.lightspeed.mtryca.sbcglobal.net [76.209.242.70]) (authenticated bits=0) by mail.proper.com (8.15.2/8.15.2) with ESMTPSA id xBBI3lXe044749 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Wed, 11 Dec 2019 11:03:48 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
X-Authentication-Warning: mail.proper.com: Host 76-209-242-70.lightspeed.mtryca.sbcglobal.net [76.209.242.70] claimed to be [10.32.60.122]
From: Paul Hoffman <paul.hoffman@vpnc.org>
To: "Salz, Rich" <rsalz@akamai.com>
Cc: last-call@ietf.org, ipsec@ietf.org, Kenny Paterson <Kenny.Paterson@rhul.ac.uk>
Date: Wed, 11 Dec 2019 10:03:47 -0800
X-Mailer: MailMate (1.13.1r5671)
Message-ID: <ABD7EC9F-7412-4AFB-B9A4-AEB974CCDEFD@vpnc.org>
In-Reply-To: <A4AC9EAC-7BAB-489D-81BA-9BF11BFED59F@akamai.com>
References: <157607548927.11531.316316195814237240.idtracker@ietfa.amsl.com> <A4AC9EAC-7BAB-489D-81BA-9BF11BFED59F@akamai.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/eLkTUnpcFUq_YsnQNgJWmJABP5M>
Subject: Re: [IPsec] [Last-Call] Last Call: <draft-ietf-ipsecme-qr-ikev2-09.txt> (Postquantum Preshared Keys for IKEv2) to Proposed Standard
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Dec 2019 18:03:53 -0000

On 11 Dec 2019, at 8:23, Salz, Rich wrote:

> We are seeing a flurry of these kind of “post quantum protection” 
> things.

This is the only one I have seen that is a method, not a new key 
exchange algorithm. It is understandable that you could have missed this 
from the title which misstates the topic. A much better title would be 
"Mixing Preshared Keys in IKEv2 for Postquantum Resistance".

> This is premature.

Disagree. The method described in the document has been well-discussed 
in the IPsecME for years, getting good cryptographic review.

> The co-chair of the CFRG, Kenny Paterson, said so awhile back.

I don't think that's what he said in the slides you posted, but I've 
Cc'd him so he can reply. The slides are about picking new post-quantum 
algorithms; what is described in the draft is a method for mixing in 
preshared secrets with current algorithms.

--Paul Hoffman

v2.23.0 | Report a Bug | By Email