Re: [IPsec] I-D Action: draft-ietf-ipsecme-qr-ikev2-11.txt
"Panos Kampanakis (pkampana)" <pkampana@cisco.com> Wed, 15 January 2020 05:25 UTC
Return-Path: <pkampana@cisco.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E9A2A12006B for <ipsec@ietfa.amsl.com>; Tue, 14 Jan 2020 21:25:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.502
X-Spam-Level:
X-Spam-Status: No, score=-14.502 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=WwJQ0cHq; dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=cisco.onmicrosoft.com header.b=U4YznOwZ
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SzzFT58XX4P8 for <ipsec@ietfa.amsl.com>; Tue, 14 Jan 2020 21:25:14 -0800 (PST)
Received: from alln-iport-7.cisco.com (alln-iport-7.cisco.com [173.37.142.94]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 49D7D120048 for <ipsec@ietf.org>; Tue, 14 Jan 2020 21:25:14 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=8329; q=dns/txt; s=iport; t=1579065914; x=1580275514; h=from:to:subject:date:message-id:references:in-reply-to: mime-version; bh=TLMw6AA0AqQ19q58dOHja21qgiCGRAraUVaagBaNUI0=; b=WwJQ0cHqWRd8xGIVL/DaY/PtEAVvl1meCpMZYlde2z14oZ0yp01zt0ep NTh7LhajvJ+gsChv/SN/2gC36N6dL79Tio26ELbInRuEppLFZkaoeDHB7 tjtmV9+aF6fLbhdM8gGKn2ReXScd+fUVUUJm1s5pWNxFcAHG1PS8Nbccs 0=;
X-Files: smime.p7s : 4024
IronPort-PHdr: 9a23:MfxdLBSCVEQDf197AcPlyGtUddpsv++ubAcI9poqja5Pea2//pPkeVbS/uhpkESXBNfA8/wRje3QvuigQmEG7Zub+FE6OJ1XH15g640NmhA4RsuMCEn1NvnvOjQ5FcFaXVls13q6KkNSXs35Yg6arw==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AmFAARoh5e/5BdJa1mhBVQBWwrLSAECyqHVQOLBk6CEZgOglIDVAIHAQEBCQMBARgLCgIBAYRAAoF+JDgTAgMNAQEEAQEBAgEFBG2FNwELhV4BAQEBAwEBEC4BASwMCwQCAQgRBAEBLwIlCx0IAgQTCAYUgwWBfU0DHw8BAgygGAKBOIhhgieCfgEBBYEzAg5BgxkYggUHCYE2gVODSYZ8GoFBP4ERR4JMPoJkAQECAQEYgUkVgyuCLI4IiSKYGAqCOINlgjiBH48Ngkd4hwuQJI5biFySHAIEAgQFAg4BAQWBaSKBWHAVGiGCbAlHGA2IEhKDUIUUhT90gSiLWgEB
X-IronPort-AV: E=Sophos;i="5.70,321,1574121600"; d="p7s'?scan'208";a="405192158"
Received: from rcdn-core-8.cisco.com ([173.37.93.144]) by alln-iport-7.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 15 Jan 2020 05:25:06 +0000
Received: from XCH-ALN-006.cisco.com (xch-aln-006.cisco.com [173.36.7.16]) by rcdn-core-8.cisco.com (8.15.2/8.15.2) with ESMTPS id 00F5P3Sm013674 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL) for <ipsec@ietf.org>; Wed, 15 Jan 2020 05:25:05 GMT
Received: from xhs-rcd-001.cisco.com (173.37.227.246) by XCH-ALN-006.cisco.com (173.36.7.16) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 14 Jan 2020 23:24:56 -0600
Received: from xhs-rcd-001.cisco.com (173.37.227.246) by xhs-rcd-001.cisco.com (173.37.227.246) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 14 Jan 2020 23:24:54 -0600
Received: from NAM04-SN1-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-001.cisco.com (173.37.227.246) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Tue, 14 Jan 2020 23:24:54 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ZiXNduaMq50bu/2hYE+55yfnEWMBNpinUvNcU0+8jaitijaye0N75ESWf/mRznW+cEJ4VxXiCjxDDTKSNygpUEh45H1N6+NNAX6fxchgAd7Qk9yGCPSMRFtItUohgtAoIkheBdvJhyl3aFzQBE/XI0ypeUqB1HHmWb8V+AMy5pc5xihvsgCcWEcdNJ6YfsnI07Sf/wLeseYe7F5e/tZvpc6RFc9/PEByxu/WN+YZ/78DapLmzsf8mykcygp3C+UF/GZ8wfUddZf2HyiM5stvGMnsPQEd7yPkYRXTmU1KwrnS1OKlc+xdsK7URDQ9dAI/J5v10DQdn9AfBk1z5VtH/w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=mE0yKXciVIg4looiUnR3Tx6R5QHbRmDlKEvdAUi8Xp4=; b=Ntqjr5QgWVwwlPUpvFFYrYDcSApSJczRxaLDSwbNsumRjjznCofTzknWlGAHCxfQeeECx8p/EL1+1YJUXDE1253Y8akFszhpuriIM/ozFhurpA41HQjApzsbhr6Qe/YmJNBvR4KFG6hwtoj+FA/KOaGhTqqsL6cniRsDDJczsrUt3o8u6JDdsGlW+boGyZmtEw/aevpjbmPfiEG/DJZOWN6z4cHZR8cGdJezAKEBnHJmhJMerWw9I30XhaW+9DcWjgdfNqauqfAHaNZ/5DE2Fscdq0we8QtNl1IjA9YgqWkLkeRvZSsFDA2cnrVjyI1OUfmBuPbY4a2jtMMc4iw0mA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=mE0yKXciVIg4looiUnR3Tx6R5QHbRmDlKEvdAUi8Xp4=; b=U4YznOwZWVeoem/ZIfL2pioeTg7dQLqEM/zlqW7AcUSHpoym3im2U7qcDWs5noi5QMOXZIScARSG5oqSKYxNkR8vtDsIACusVOfHiKM5EmF24jbDQZy+e4UkA0GsKYID5X+XAATtwh1V8p6RXbUNiH6Lx0OeTxyC2AKWJ/Bh3sE=
Received: from BN7PR11MB2547.namprd11.prod.outlook.com (52.135.255.146) by BN7PR11MB2545.namprd11.prod.outlook.com (52.135.244.27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2623.13; Wed, 15 Jan 2020 05:24:53 +0000
Received: from BN7PR11MB2547.namprd11.prod.outlook.com ([fe80::e03c:e55a:c03f:5f4f]) by BN7PR11MB2547.namprd11.prod.outlook.com ([fe80::e03c:e55a:c03f:5f4f%7]) with mapi id 15.20.2623.018; Wed, 15 Jan 2020 05:24:53 +0000
From: "Panos Kampanakis (pkampana)" <pkampana@cisco.com>
To: "ipsec@ietf.org" <ipsec@ietf.org>
Thread-Topic: [IPsec] I-D Action: draft-ietf-ipsecme-qr-ikev2-11.txt
Thread-Index: AQHVy2M6oJu51FtC40OIkr5wZ0wV9KfrMCGg
Date: Wed, 15 Jan 2020 05:24:53 +0000
Message-ID: <BN7PR11MB25479BAB474B52F0C73AAD5AC9370@BN7PR11MB2547.namprd11.prod.outlook.com>
References: <157906540345.11743.14247555047270819801@ietfa.amsl.com>
In-Reply-To: <157906540345.11743.14247555047270819801@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=pkampana@cisco.com;
x-originating-ip: [2001:420:c0c4:1005::39c]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 65402d14-fce8-4685-584f-08d7997b4057
x-ms-traffictypediagnostic: BN7PR11MB2545:
x-microsoft-antispam-prvs: <BN7PR11MB2545FAB9798F3BDBE65769D4C9370@BN7PR11MB2545.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:7219;
x-forefront-prvs: 02830F0362
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(136003)(396003)(39860400002)(346002)(376002)(366004)(189003)(199004)(81166006)(6916009)(316002)(8676002)(33656002)(8936002)(81156014)(966005)(7696005)(2906002)(55016002)(86362001)(6506007)(53546011)(71200400001)(52536014)(9686003)(66574012)(5660300002)(66616009)(66476007)(64756008)(66446008)(478600001)(66556008)(66946007)(76116006)(186003); DIR:OUT; SFP:1101; SCL:1; SRVR:BN7PR11MB2545; H:BN7PR11MB2547.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: i6ydW0eG591QtP35o10Dq9fuZOripZ4p4FLD/r7vLWa/htKdMJfIPIZQTee60NQP4uCpGGv3Ow+xLjhrsFMBQDxkOI+nPiCiHa+O4YOjxBbSnGx1KMSPzqnbKAyFDfMYw4Le/6frsyJHSlxogkFSxaze8m6kCzk7c07ZcURq1Qm3uOqAEqjn3B2u16hpbZ+VywcNpSvUgDdMPpCuMGlW2Nn+FIV4ipdcx0OMBKNRI9Ooj3CLzTJ2TmXDJKo5dsE54zONokabvuNOUABaPfhNU7lC7+/mL55TSUE6Vb+t9zGrRHlDqaQWZLOZiQ72p/BHun3wsqCoY98f+6t7OTSubohecmKh47PYSjr+kZq4o49GNTcF6me1ZgYjh3aFIDrPhu3iQ8FmmXz3LeSv+weF2OCIiS4/T33300+YTNd6DeOF3wFdc/utQ6wBiSupx3XUsBhd+irPonVGY1J4bzoyibe0UYWfFfMyB8RY0Wld0PQ=
x-ms-exchange-transport-forked: True
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="2.16.840.1.101.3.4.2.1"; boundary="----=_NextPart_000_003F_01D5CB3A.34333310"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 65402d14-fce8-4685-584f-08d7997b4057
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Jan 2020 05:24:53.3738 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 4nOTaNPrbfCFMDDaedSK8pKZgQoBU2uOXPfWyRq+AUNTL5bPLKdLOaAXTWIyZuv2RZg57RulT2NRLYGOPndwaQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN7PR11MB2545
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.16, xch-aln-006.cisco.com
X-Outbound-Node: rcdn-core-8.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/mrmHJdLG31mw3cQegUpPVHXLp9A>
Subject: Re: [IPsec] I-D Action: draft-ietf-ipsecme-qr-ikev2-11.txt
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Jan 2020 05:25:19 -0000
Hello, This iteration addresses all feedback received in the IESG Review. Thanks to Alissa, Adam, Barry, Alexey, Mijra, Roman, Martin and Eric for their reviews. Rgs, Panos -----Original Message----- From: IPsec <ipsec-bounces@ietf.org> On Behalf Of internet-drafts@ietf.org Sent: Wednesday, January 15, 2020 12:17 AM To: i-d-announce@ietf.org Cc: ipsec@ietf.org Subject: [IPsec] I-D Action: draft-ietf-ipsecme-qr-ikev2-11.txt A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the IP Security Maintenance and Extensions WG of the IETF. Title : Mixing Preshared Keys in IKEv2 for Post-quantum Security Authors : Scott Fluhrer Panos Kampanakis David McGrew Valery Smyslov Filename : draft-ietf-ipsecme-qr-ikev2-11.txt Pages : 20 Date : 2020-01-14 Abstract: The possibility of quantum computers poses a serious challenge to cryptographic algorithms deployed widely today. IKEv2 is one example of a cryptosystem that could be broken; someone storing VPN communications today could decrypt them at a later time when a quantum computer is available. It is anticipated that IKEv2 will be extended to support quantum-secure key exchange algorithms; however that is not likely to happen in the near term. To address this problem before then, this document describes an extension of IKEv2 to allow it to be resistant to a quantum computer, by using preshared keys. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-ipsecme-qr-ikev2/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-ipsecme-qr-ikev2-11 https://datatracker.ietf.org/doc/html/draft-ietf-ipsecme-qr-ikev2-11 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-ipsecme-qr-ikev2-11 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
- [IPsec] I-D Action: draft-ietf-ipsecme-qr-ikev2-1… internet-drafts
- Re: [IPsec] I-D Action: draft-ietf-ipsecme-qr-ike… Panos Kampanakis (pkampana)