IETF Logo Mail Archive

Re: [IPsec] Proposed method to achieve quantum resistant IKEv2

Cen Jung Tjhai <CJT@post-quantum.com> Sat, 05 August 2017 21:29 UTC

Return-Path: <CJT@post-quantum.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5F53C120720 for <ipsec@ietfa.amsl.com>; Sat, 5 Aug 2017 14:29:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LcWDmqmmVGi4 for <ipsec@ietfa.amsl.com>; Sat, 5 Aug 2017 14:29:33 -0700 (PDT)
Received: from relay.ezis.com (relay.ezis.com [5.153.73.19]) by ietfa.amsl.com (Postfix) with ESMTP id B8DEA1200F3 for <ipsec@ietf.org>; Sat, 5 Aug 2017 14:29:30 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="5.41,328,1498518000"; d="scan'208";a="2191515"
Received: from unknown (HELO pqex01.post-quantum.com) ([192.168.142.3]) by ironport.ezis.com with ESMTP; 05 Aug 2017 22:29:30 +0100
Received: from PQEX02.post-quantum.com (192.168.142.18) by PQEX01.post-quantum.com (192.168.142.3) with Microsoft SMTP Server (TLS) id 15.0.1178.4; Sat, 5 Aug 2017 22:29:28 +0100
Received: from PQEX02.post-quantum.com (192.168.142.18) by PQEX02.post-quantum.com (192.168.142.18) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Sat, 5 Aug 2017 22:29:26 +0100
Received: from PQEX02.post-quantum.com ([fe80::f470:9812:e4eb:5bd3]) by PQEX02.post-quantum.com ([fe80::f470:9812:e4eb:5bd3%13]) with mapi id 15.00.1320.000; Sat, 5 Aug 2017 22:29:26 +0100
From: Cen Jung Tjhai <CJT@post-quantum.com>
To: Valery Smyslov <svanru@gmail.com>
CC: "ipsec@ietf.org" <ipsec@ietf.org>
Thread-Topic: [IPsec] Proposed method to achieve quantum resistant IKEv2
Thread-Index: AQHTDE+mPH5PNqQgTkK9LOvm4SvL2qJ0GbUAgAIwNdU=
Date: Sat, 05 Aug 2017 21:29:26 +0000
Message-ID: <1501968567726.89885@post-quantum.com>
References: <BBEB2C9C-9B96-4C6C-BB9B-4415F096FAE1@cisco.com>, <041b01d30d21$8d33f230$a79bd690$@gmail.com>
In-Reply-To: <041b01d30d21$8d33f230$a79bd690$@gmail.com>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [90.200.167.13]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/ou75w12_RaI-aYtHeVVA0AaxoOM>
Subject: Re: [IPsec] Proposed method to achieve quantum resistant IKEv2
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 05 Aug 2017 21:29:34 -0000

​Hi Valery,
 
>>And I think if the IKE_SA_INIT messages grow too large with QSKE, then it’s better to develop
>>generic fragmentation mechanism for IKE_SA_INIT, rather than making it specific for fragmenting
>>QSKE blobs. Generic mechanism would allow to reuse it in case we’ll have to include
>>other large payloads in initial messages.
 
Yes, while a generic mechanism would allow it to be reused, it sounds like a different draft all together. It could result in a very complex change in the protocol. Furthermore, we would like to support QSKE blob that is larger than 64KB in size, hence we fragment it in that way.

Best regards,
CJ

v2.23.0 | Report a Bug | By Email