IETF Logo Mail Archive

Re: [IPsec] IPsec with QKD

Rodney Van Meter <rdv@sfc.wide.ad.jp> Wed, 29 October 2014 15:34 UTC

Return-Path: <rdv@sfc.wide.ad.jp>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AC33B1A0179 for <ipsec@ietfa.amsl.com>; Wed, 29 Oct 2014 08:34:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -97.007
X-Spam-Level:
X-Spam-Status: No, score=-97.007 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, HELO_EQ_JP=1.244, HOST_EQ_JP=1.265, HTML_MESSAGE=0.001, RELAY_IS_203=0.994, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_WHITELIST=-100] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aA4a99I3v-zw for <ipsec@ietfa.amsl.com>; Wed, 29 Oct 2014 08:34:54 -0700 (PDT)
Received: from mail.sfc.wide.ad.jp (shonan.sfc.wide.ad.jp [203.178.142.130]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 31AFF1A016A for <ipsec@ietf.org>; Wed, 29 Oct 2014 08:34:53 -0700 (PDT)
Received: from vanmetedneysmbp.wireless.duke.local (west-4a-pat-1.oit.duke.edu [152.3.43.162]) by mail.sfc.wide.ad.jp (Postfix) with ESMTPSA id 8B5A52781AC; Thu, 30 Oct 2014 00:34:49 +0900 (JST)
Content-Type: multipart/alternative; boundary="Apple-Mail=_0A198B96-CF5B-4338-934F-C90E0B8014BB"
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
From: Rodney Van Meter <rdv@sfc.wide.ad.jp>
In-Reply-To: <264EF2D3-F00F-4D3C-9576-D61879AE9D44@dell.com>
Date: Wed, 29 Oct 2014 11:34:44 -0400
Message-Id: <7AA24002-0D95-4CD4-A379-7C242AA9B4C6@sfc.wide.ad.jp>
References: <9FA67F6A-A730-46FC-925E-F16A1B686D73@sfc.wide.ad.jp> <7134F6D8-587F-4EBA-8E23-C088D8F1EA25@dell.com> <264EF2D3-F00F-4D3C-9576-D61879AE9D44@dell.com>
To: Paul_Koning@Dell.com
X-Mailer: Apple Mail (2.1878.6)
Archived-At: http://mailarchive.ietf.org/arch/msg/ipsec/hziHOPU3-CSNH7B-8XFpWJDnlU4
Cc: Rodney Van Meter <rdv@sfc.wide.ad.jp>, ipsec@ietf.org, kurosagi@sfc.wide.ad.jp, shigeya@wide.ad.jp
Subject: Re: [IPsec] IPsec with QKD
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Oct 2014 15:34:56 -0000

Actually, we had considered that; the same adjustments to IKE can be used for any out-of-band, asynchronous but ongoing supplier of key material, with OTP keys via courier being the obvious example.  We decided when we started writing to focus on the QKD case, simply because we felt that the broader approach (a) was more likely to result in more discussion and a longer process within the WG, and (b) is less likely to be readily identified, picked up and used by QKD implementers.

When we initially began working on this, we also debated internally about the right level of information to share between IPsec gateways; it wasn’t initially obvious that we could/should do it without more QKD-specific support from IKE.  Managing QKD is itself a big challenge.  We knew right away that we didn’t want to get into any physical-level discussions in the WG or include such negotations in the protocol, but e.g. QKD depends on an authenticated classical channel as it operates, to avoid a man in the middle attack, and it seemed plausible that we might want to tie that channel to IPsec.  In the end, we decided that keeping things as separate as possible was probably wise, and in fact our implementation turned out to be easiest that way.

So, if there is interest within the WG in broadening the language, we can do that, BUT:

* We would need a decision about how to handle the Transform Type Values and Payload Type Values, which is an IANA-relevant discussion; should all out-of-band key agreement methods share a single identifier, or should each one request a separate value?
* Although we have succeeded in keeping a clean interface for this particular case, we didn’t feel like we knew enough about the range of possible OOB key generation methods to state categorically that _they_ would not need additional support within the protocol.

		—Rod

On Oct 29, 2014, at 11:03 AM, <Paul_Koning@Dell.com> <Paul_Koning@Dell.com> wrote:

> I wonder if this should be worded more generically.  This is really about an external key agreement mechanism.  QKD is one such mechanism, but it isn’t clear to me that the machinery depends on this.
> Suppose, for example, that you distributed copies of one-time pad CDROMs to both locations, and used the key ID as offset in the one-time-pad data.  This is a completely different key agreement scheme but it would seem to fit just as well.  The important point is that there is an external source of key material, which has the (assumed) property that the key material is known to the two endpoints of the IKE exchange, and to no other parties.
> 
> paul
> 
>> 
>> On Oct 27, 2014, at 2:13 PM, Rodney Van Meter <rdv@sfc.wide.ad.jp> wrote:
>> 
>>> ...
>>> * We have just uploaded an -01 of the I-D we wrote, incorporating feedback from several people, including Sean Turner, Sheila Frankel and Alan Mink.
>>>   http://datatracker.ietf.org/doc/draft-nagayama-ipsecme-ipsec-with-qkd/?include_text=1
>> 
>

v2.23.0 | Report a Bug | By Email