[IPsec] New Version Notification for draft-kampanakis-ml-kem-ikev2-00.txt
"Kampanakis, Panos" <kpanos@amazon.com> Mon, 13 November 2023 02:22 UTC
Return-Path: <prvs=6743b93df=kpanos@amazon.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 98265C17DBFC for <ipsec@ietfa.amsl.com>; Sun, 12 Nov 2023 18:22:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.103
X-Spam-Level:
X-Spam-Status: No, score=-7.103 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, UNPARSEABLE_RELAY=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazon.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BGThT345jxte for <ipsec@ietfa.amsl.com>; Sun, 12 Nov 2023 18:22:15 -0800 (PST)
Received: from smtp-fw-80006.amazon.com (smtp-fw-80006.amazon.com [99.78.197.217]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B583DC1519B1 for <ipsec@ietf.org>; Sun, 12 Nov 2023 18:22:15 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209; t=1699842136; x=1731378136; h=from:to:cc:subject:date:message-id: content-transfer-encoding:mime-version; bh=Uab7cRkIcpjQ9rIhVvBBqhXQjbcuJHfmVeXbN17VP4s=; b=RmNBOjFUbQ/Dg1zo9RW9SZpHZtf3gt6TOzYK+6+DiRQR7qID8jr32ShJ NBMjUtdkZY5aBiCGRMESLOtUIqZ/4c7xl0rh2YMfUeUHlCqUHbfULhm1C szGuoaTxmZs8KLh9UNpExQkBA0TcpR1yqmdj5lxc3CxnuLhvWSz/b/wQL Y=;
X-IronPort-AV: E=Sophos;i="6.03,298,1694736000"; d="scan'208";a="251877405"
Received: from pdx4-co-svc-p1-lb2-vlan3.amazon.com (HELO email-inbound-relay-pdx-2b-m6i4x-0ec33b60.us-west-2.amazon.com) ([10.25.36.214]) by smtp-border-fw-80006.pdx80.corp.amazon.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 13 Nov 2023 02:22:12 +0000
Received: from smtpout.prod.us-east-1.prod.farcaster.email.amazon.dev (pdx2-ws-svc-p26-lb5-vlan2.pdx.amazon.com [10.39.38.66]) by email-inbound-relay-pdx-2b-m6i4x-0ec33b60.us-west-2.amazon.com (Postfix) with ESMTPS id EF224A0B57 for <ipsec@ietf.org>; Mon, 13 Nov 2023 02:22:11 +0000 (UTC)
Received: from EX19MTAUEC001.ant.amazon.com [10.0.44.209:63485] by smtpin.naws.us-east-1.prod.farcaster.email.amazon.dev [10.0.38.206:2525] with esmtp (Farcaster) id 6ad9db99-75ee-4db7-ae26-80e4fc1d518d; Mon, 13 Nov 2023 02:22:11 +0000 (UTC)
X-Farcaster-Flow-ID: 6ad9db99-75ee-4db7-ae26-80e4fc1d518d
Received: from EX19D012UEA003.ant.amazon.com (10.252.134.84) by EX19MTAUEC001.ant.amazon.com (10.252.135.222) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.39; Mon, 13 Nov 2023 02:22:11 +0000
Received: from EX19D001ANA001.ant.amazon.com (10.37.240.156) by EX19D012UEA003.ant.amazon.com (10.252.134.84) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.2.1118.39; Mon, 13 Nov 2023 02:22:10 +0000
Received: from EX19D001ANA001.ant.amazon.com ([fe80::4f78:75cd:3117:8055]) by EX19D001ANA001.ant.amazon.com ([fe80::4f78:75cd:3117:8055%5]) with mapi id 15.02.1118.039; Mon, 13 Nov 2023 02:22:08 +0000
From: "Kampanakis, Panos" <kpanos@amazon.com>
To: IPsecME WG <ipsec@ietf.org>
CC: "Ravago, Gerardo" <gcr@amazon.com>
Thread-Topic: New Version Notification for draft-kampanakis-ml-kem-ikev2-00.txt
Thread-Index: AdoV2DEatnwaqH0lRluk3MJn/eiLLQ==
Date: Mon, 13 Nov 2023 02:22:08 +0000
Message-ID: <a7235519ec6f4a4a93574108390c8095@amazon.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.37.240.172]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/jB1VeyzjHRTwP9cSJJLslF2i8do>
Subject: [IPsec] New Version Notification for draft-kampanakis-ml-kem-ikev2-00.txt
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Nov 2023 02:22:19 -0000
Hi all, https://datatracker.ietf.org/doc/draft-kampanakis-ml-kem-ikev2/ This new draft brings ML-KEM to IKEv2 by using RFC 9370. It basically says how ML-KEM will be negotiated as an additional Key Exchange and requests codepoints for ML-KEM. The intention is not to get temporary codepoints like we did with Kyber in TLS. We are close to the final specs, so codepoints next year would suffice. It could be a standards track draft given that ML-KEM will see a lot of adoption, an AD sponsored draft, or even an individual stable draft which gets codepoints from Expert Review. The approach is to be decided by the IPSECME WG. Feedback is welcome. Thx, Panos ~~~ A new version of Internet-Draft draft-kampanakis-ml-kem-ikev2-00.txt has been successfully submitted by Panos Kampanakis and posted to the IETF repository. Name: draft-kampanakis-ml-kem-ikev2 Revision: 00 Title: Post-quantum Hybrid Key Exchange with ML-KEM in the Internet Key Exchange Protocol Version 2 (IKEv2) Date: 2023-11-12 Group: Individual Submission Pages: 11 URL: https://www.ietf.org/archive/id/draft-kampanakis-ml-kem-ikev2-00.txt Status: https://datatracker.ietf.org/doc/draft-kampanakis-ml-kem-ikev2/ HTML: https://www.ietf.org/archive/id/draft-kampanakis-ml-kem-ikev2-00.html HTMLized: https://datatracker.ietf.org/doc/html/draft-kampanakis-ml-kem-ikev2 Abstract: [EDNOTE: The intention of this draft is to get IANA KE codepoints for ML-KEM. It could be a standards track draft given that ML-KEM will see a lot of adoption, an AD sponsored draft, or even a individual stable draft which gets codepoints from Expert Review. The approach is to be decided by the IPSECME WG. ] NIST recently standardized ML-KEM, a new key encapsulation mechanism, which can be used for quantum-resistant key establishment. This draft specifies how to use ML-KEM as an additionall key exchange mechanism in IKEv2 along with traditional (Elliptic Curve) Diffie- Hellman. This hybrid approach allows for negotiating IKE and Child SA keys which are safe against cryptanalytically-relevant quantum computers and theoretical weaknesses in ML-KEM as it is relatively new. The IETF Secretariat
- [IPsec] New Version Notification for draft-kampan… Kampanakis, Panos
- Re: [IPsec] New Version Notification for draft-ka… Valery Smyslov
- Re: [IPsec] New Version Notification for draft-ka… Kampanakis, Panos
- Re: [IPsec] New Version Notification for draft-ka… Ben S3
- Re: [IPsec] New Version Notification for draft-ka… Kampanakis, Panos
- Re: [IPsec] New Version Notification for draft-ka… Kampanakis, Panos
- Re: [IPsec] New Version Notification for draft-ka… Ben S3
- Re: [IPsec] New Version Notification for draft-ka… Kampanakis, Panos