IETF Logo Mail Archive

[IPsec] Assessing Support for draft-smyslov-ipsecme-ikev2-qr-alt

Rebecca Guthrie <rmguthr@uwe.nsa.gov> Mon, 19 December 2022 17:52 UTC

Return-Path: <rmguthr@uwe.nsa.gov>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F2BEAC1526EA for <ipsec@ietfa.amsl.com>; Mon, 19 Dec 2022 09:52:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.757
X-Spam-Level:
X-Spam-Status: No, score=-2.757 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FROM_GOV_DKIM_AU=-0.759, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=uwe.nsa.gov
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IJHSBMXmO1uA for <ipsec@ietfa.amsl.com>; Mon, 19 Dec 2022 09:52:39 -0800 (PST)
Received: from GCC02-BL0-obe.outbound.protection.outlook.com (mail-bl0gcc02on2061.outbound.protection.outlook.com [40.107.89.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 051ABC1526E9 for <ipsec@ietf.org>; Mon, 19 Dec 2022 09:52:38 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=DHmhpgjiPLx+JyeRC6s7wFlSZgaMh75MX7UmY2fD7yJSi6TiBcIDrYOk5rULRKJhaRPuf529Ta8+Fhuy3OGxIYWFHRZmVU7lS9RIoKHmY7VKTLJb5fvW8CWhV4L4lsXq3MY/EUHXDDjnz+RVvHy2HdOT10stBLcXhhxo0ZYGDCB7Ug7dKC3adk66Gh6VwfHP8ey4VfCyASv7KlszI2VUYPac0o+f0bj775PbY8/3JG2R4W+OzGd0Z8WmZFQbz2tz3sC+3lHP3bq2sMz5M1rQOw9UUH/pkc14tf4QQLy1ZMQubhO+L8n3f0qU6Gih3uoexeOjpgvteEC5THj48C1Kiw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=PJ7l/TLgQWAn6s9ry/aJ7RAYZrvFpfu/3g58q6XNNjk=; b=mIo6d6mpvsYD0d/etoWnxAtS/Np/PViXykmBAG8djZpV6hlTzOd5/qKIzL4GEGDLc3JCE3SFByalatTAwSUMF35mR3zsqPSMP+8KLa34BfH12bLkPeSmtQyxCddw/rwuVp4RO05fYSxX0WxDzhEnGVgMxKBQE9AE9mhPJulSz5q5pkHBsGjMaac87nQzLPed3eYlyQy+RuUOns0fkyLAEYadbvb5EZkBxfCRQp5CQOt2eE++cNR3+CNT7e8/w+/Z9WYMG3Zf5/gODbIDLHiKWt5PEax4oVWQE8FItMCkcxCwo70wBnj/e0s5UdkEQV05rgfuDmCP8LLg+aJm1w6ezg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=uwe.nsa.gov; dmarc=pass action=none header.from=uwe.nsa.gov; dkim=pass header.d=uwe.nsa.gov; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=uwe.nsa.gov; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=PJ7l/TLgQWAn6s9ry/aJ7RAYZrvFpfu/3g58q6XNNjk=; b=Je1rSqgNGvdedmacGv4F6pqsvizGAQdOvhn2blFISuEPJX9Y36SMdpDlwGnrRk/mM8Bu4F9j8rnCI0oC/ALztmUOD5+SacLv29TVGRLPI9pOL5gEgwMIhmsvASdWeYdd61idVKZDkBD8IMCQ6ogE0d8l+GQmsKbGvJxZqo2p38CIQH7DQTwNo+C0io1586oLtS267+LWYHMq8qN3UE9nUhCQ50jp3QQtHt1U4XBW7Rh3r0dHbhmjH0m3EOMw5rKpo5Zfst9ka5q0zD33KVxjifyIyMwOBXquo29NcWOx2Un5CFKn//dQV5DKMER5sRFoIlsb0Bxah7gOEpxidLBRiw==
Received: from PH8PR09MB9294.namprd09.prod.outlook.com (2603:10b6:510:18b::16) by MN2PR09MB4955.namprd09.prod.outlook.com (2603:10b6:208:223::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5924.16; Mon, 19 Dec 2022 17:52:33 +0000
Received: from PH8PR09MB9294.namprd09.prod.outlook.com ([fe80::d59:5d69:3e9f:ab16]) by PH8PR09MB9294.namprd09.prod.outlook.com ([fe80::d59:5d69:3e9f:ab16%8]) with mapi id 15.20.5924.016; Mon, 19 Dec 2022 17:52:32 +0000
From: Rebecca Guthrie <rmguthr@uwe.nsa.gov>
To: "ipsec@ietf.org" <ipsec@ietf.org>
Thread-Topic: Assessing Support for draft-smyslov-ipsecme-ikev2-qr-alt
Thread-Index: AdkT0mbquZNd9141Qiqb/OXi/P8fxA==
Date: Mon, 19 Dec 2022 17:52:32 +0000
Message-ID: <PH8PR09MB92945586C20D2611674B3410FCE59@PH8PR09MB9294.namprd09.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=uwe.nsa.gov;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: PH8PR09MB9294:EE_|MN2PR09MB4955:EE_
x-ms-office365-filtering-correlation-id: 99781174-752a-485e-4685-08dae1e9ce0b
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 8PpDKrRF0qQi9asifkcTpwGcQQ7T9EPAzvxvPToTW3zatnh48hgCXs2lTChV78NlucOdHHHPk1TS7kxAfA2MIu6QrejPV9OVt3NVbikBYMHw6l3ETWKEOZ83ZO9S7U1GrGwzEdYI/6g8OMNPru5UNxHjcjHLGEPQoUdYQIEMYBJFMejkUaeqG+RDi/1VqvLJB4Wm+zrL0oX8s9IDq9OMHZi7fmH3Ywiss2BTym3lLv+vf2ZFTQd49rI94/I5OeIkdMSMPzCwMRZvbm9dztNDEA5PYb8g532sF0/vx4NbmqUpe7lUUV/cTezWVZ9P3rFaPGEb8KpthnREocyEYdktV6uFjCE2wUfY8Z8sSpDTi3o8YqnLfn+JFESOrXO5a5+is1d30e7CP2W8M6QNq6wFwqs3eawSGucj5MIvR1TMi2lwR+xLwvSw1evuaxUuUD2e0HEHW4dyueHaHZpYEZbC5hYe5lL/BwlmxbhTX8rMoVmddoOcgN7oNgoAcj3NEUnr147A6eHYcVIykQvyg8h7p+EDWC6V5PXhKXMfIdMGzwxitM1ccG7bqye9aKd8GNgvI3awHc80pSd7nTK9HWjlR4hZE6DtEGDIIPE15W5OZcfqU8CaiyuIGcEYLHGZL4rVWnHUZIsElfYxMbzUDtv+kb22OUHW/1UshiOBjwbeJZsOpp66RB8gD6nOSQKsYwpcg9sS1Su5EkHQApCWGJw3Zw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PH8PR09MB9294.namprd09.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(4636009)(136003)(39830400003)(396003)(366004)(451199015)(5660300002)(8676002)(86362001)(186003)(122000001)(9686003)(33656002)(26005)(6916009)(41320700001)(82960400001)(38070700005)(76116006)(66556008)(64756008)(66476007)(66946007)(66446008)(508600001)(6506007)(7696005)(38100700002)(8936002)(83380400001)(52536014)(71200400001)(41300700001)(2906002)(55016003); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: uIxjoSft7v7DbpVsaJITmD68x3tAZ+GKdKjIsSeMiEsEPgisyX+lXFeDgqQrNEVDc6qkmTt8pjaGcT1bdxdItU0FnrM9pT0oUmDZeAiWUdt9KqcBbhfu54MDxA/zrSu5mU2TZTZmfTMUXCSg4pRTYRW8sJbKTwiZ3fqI/3uYL2CqHg7qy24hHtdWWRQkUe5TDSZcXIcgg7QZc9sgeRdB/rtvxMaN9WsqmlPk3H1nEdF7XAVUnOoRt0rfkuwAFlHM7h6Mr3OY3+d6jxeTIgiucOonp9/oNBH1aZ3iCt5DSLgLjqsYrMUjKUzdX6+seDO8vzlUm+6p1jyuTlcOXl8k2uCOENkab3x51A1VDlnNP3hacGDT/ZA2WDm6WeJaLiUMBL3Q0DEQnu7SdeM7yeaT8ioSkXEABgDRsl5gwKxF9Yy8+vAdtmpPxwVXpdhOiG/+6REL1ihekvb7zGkfDpRlqHvNM4YMVessSI/uglGBbo1bl+4krfLg9F3WiRBBHbmXDRoXEFxsNvRjDyXczMr13GzptaGvkhKJs25HREhZT/izsImRuJOdwKh/me2q7m3z/JIrx3+iTg62RIghuJdN4D3ZKtMUwFAOoUGoQ4m5QjscJ0YhbG2yQeRjzRbmV98UvSAnp88OJ0ZLJfH/uNSHw/twxEjaSk405WVG1K8pt/hTUclvHRyYs70bOkV6rUBrHblIMTFBMBCVfvWM9WgmTXWTKrplxR5qK20L34WFVczggtCnAHbv1LDErSL9zIb9yKbhK5mPEHboLgpR/CQ1pnp0XsNrbAMC2196tTKUpNV4AEeyTHaEUmB4wZbUHWMZa1tl0LeVTkotBPMVPurOaspgdXrX5YL5iFICgX1kTKHblv1wr2Dubux2fonbQQLIAcuNIhhY//pTg4vPL2PCEqJCYUoq93lbP/nLjCQmF8VOzUuezYEvXGDvAQcClXZNzvCO9RnnZzBJ9NqIgcNB44w1UDDgUWWeR3jjJb74u3BjwjJw/WLUz+jj/3rAdQVXHxFWL0YP1pJMdiZ6k1JKApYXWoFRUr0zb3pZl6xtUzkVAiDZMBNLIb2VyYoLrXEQ4tuXaPabPBkZ00lXchT2Y2Kv4JuQrVDLh6zuUbCB7vxW1ZnjabyQUReesSxzQq6xJKhEY/TXCFp9UeEXnfMItHXWlH4B0yvl8sDgYQV+p+I+JAi5OBbo91fotwXOQRZYevFOztb8dX1mmfc7SSarhNvC90+8CfBVUlqfrGqW3v6MJC2wSWDjVh3LuKDcauhPW8DyQamaGU3zFlcIkofSTr6hETJCi+49hjOTvdsSBB5j1v2F2JoCCSRS2i7Txw/qQfFpRsyGLM46SnQBv32a66HnxqivhopL8xn9OYm5rWty6YPQ80J4l2n7ddGdDRPQ4Qzajg/eAWXcSBkPYQEGWA/4JO6zdrrn1iOgG/Qlp4v+0G5c2ELthrN6GMvPhuYD+1P+7V9rz9DoFmCBb8FLbq79L5AAdvI/VH+q72955M3WOpKk//XO7FjbnGscq66vas9FOy8PeR3ZrYGw1HzRCKNX6OKwasKupgOC+dnjO46t85bWBICquGruYZvQi1IJ
Content-Type: multipart/alternative; boundary="_000_PH8PR09MB92945586C20D2611674B3410FCE59PH8PR09MB9294namp_"
MIME-Version: 1.0
X-OriginatorOrg: uwe.nsa.gov
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PH8PR09MB9294.namprd09.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 99781174-752a-485e-4685-08dae1e9ce0b
X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Dec 2022 17:52:32.6665 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: d61e9a6f-fc16-4f84-8a3e-6eeff33e136b
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR09MB4955
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/g7LRACQ4g6DWt6_WEMdPLcMsb_g>
Subject: [IPsec] Assessing Support for draft-smyslov-ipsecme-ikev2-qr-alt
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Dec 2022 17:52:43 -0000

Greetings all,



DoD has customers who are interested in incorporating a PSK into the initial IKEv2 SA. While RFC 8784 already defines a PSK mechanism, the PSK is not rolled into the encryption until creation of the first Child SA. On the other hand, Alternative Approach for Mixing Preshared Keys in IKEv2 for Post-Quantum Security (draft-smyslov-ipsecme-ikev2-qr-alt) proposes a mechanism for incorporating a PSK that leverages RFC 9242's Intermediate Exchange in order to enable use of the PSK prior to IKE_AUTH. While RFC 8784 is useful as an immediate post-quantum solution, the proposed mechanism in draft-smyslov-ipsecme-ikev2-qr-alt provides PSK-fortified confidentiality earlier in the IKEv2 exchanges, and is simple to implement (given existing support for RFC 9242).



I support the adoption of this draft, and am willing to contribute as a reviewer. Would the WG be interested in adopting this draft?

Rebecca Guthrie
she/her
Center for Cybersecurity Standards (CCSS)
Cybersecurity Collaboration Center (CCC)
National Security Agency (NSA)

v2.23.0 | Report a Bug | By Email