Re: [IPsec] WGLC for draft-ietf-ipsecme-ikev2-multiple-ke
CJ Tjhai <cjt@post-quantum.com> Tue, 10 August 2021 13:52 UTC
Return-Path: <cjt@post-quantum.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CD2FD3A0B86 for <ipsec@ietfa.amsl.com>; Tue, 10 Aug 2021 06:52:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=post-quantum-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tcHN0OXzHp2d for <ipsec@ietfa.amsl.com>; Tue, 10 Aug 2021 06:52:38 -0700 (PDT)
Received: from mail-yb1-xb32.google.com (mail-yb1-xb32.google.com [IPv6:2607:f8b0:4864:20::b32]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4B9F03A0B84 for <ipsec@ietf.org>; Tue, 10 Aug 2021 06:52:38 -0700 (PDT)
Received: by mail-yb1-xb32.google.com with SMTP id l3so3877030ybt.7 for <ipsec@ietf.org>; Tue, 10 Aug 2021 06:52:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=post-quantum-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=XS2B4Z0uISq4QKdDVQ8UHX48BhxmEcR05TrL/reFJkk=; b=Ja7YuXANokIinm0nz2xaHFGB3bkNuq0xYYFXubMnNb/w15UHAM1vLx1dP0c7bPNBqk MsVxlKI1+bi79uRcHQ5eO3PvW1wHDxaEDyYD+nBL/2gDwfqbU8VtoVWDd84CtRzZ8vDH 54EdoZZ8nasGuLFb26bhJKFNtpo22h7b4etzBOXcaztGXX6P7dCbKsVqvMClfuKxoYg3 SdEOetIZEDXinIaEYIRrDVoylS2FrGurbtJad7Qc5NZhbEGADLzLAYAX2PUSyFicnXMD IzOSnG6PX3Q1odH1Ud3UCO2HJeRwQsWJoUF475piLZ1IJtBGzKBivLpoBbhOhkY+z5eF plrw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=XS2B4Z0uISq4QKdDVQ8UHX48BhxmEcR05TrL/reFJkk=; b=mUBrbmkA52JQq5n0V8WHWmIxLTfehOgUH5a9xpn5zJr+m567X/Pvyba/wJTKV79Hjz dNegWyYF8poPa1KKg89vKrmeEkiosr12K1PjFRU871H3wKTrq3rhlCWkB97bxRoLVk2K r5eQ+qZ+QdiVmj+4RqcDXmgEa/w2h/G6iNjQDHMbhN8rL/Z7QFS/OtjDKMK8JaZMcCqY BZcrFVsSwqZVK+c3eNppkPdYWQfBmNj/QEQQ4Pzp5ejycv2KoyWAvyZezN7M7e9uYDsW tNguneUgi+f4bD4FBfuFtS/ZICLluw0uJu5mmZ8dUU13yfPsTYSyKeiJy0tlGm+LT5GU tYSg==
X-Gm-Message-State: AOAM530NHeLOFnZBUeDTnxotVqK7scRFF0b27DRAQ0ILeE0H42KiaMSe Lo1f7qRrISa9aWAloyji84p/kmb2XcgMGqfp56ikqDcRljXBJNsw3EfHeJy4S6ChM7RqZ6Kpocg 5XVg9X8xVM0MHaqkHIVyND49dgg==
X-Google-Smtp-Source: ABdhPJz+wpQzzhQGisBZEF2ysKEOAEE79HKBFhuiFh7tgINRw4/tppM9dH9Jue5I1UaU2Uw4tk91Q56Ca1rrCHYGKaE=
X-Received: by 2002:a25:814f:: with SMTP id j15mr37721946ybm.358.1628603555560; Tue, 10 Aug 2021 06:52:35 -0700 (PDT)
MIME-Version: 1.0
References: <BLAPR09MB72493A82600FAA04CC41B844FCF69@BLAPR09MB7249.namprd09.prod.outlook.com>
In-Reply-To: <BLAPR09MB72493A82600FAA04CC41B844FCF69@BLAPR09MB7249.namprd09.prod.outlook.com>
From: CJ Tjhai <cjt@post-quantum.com>
Date: Tue, 10 Aug 2021 14:52:24 +0100
Message-ID: <CANs=h-WKmcxtwzQ4fVkCimjxYnSmjmA3j_meUnPxV9KNhm0FOA@mail.gmail.com>
To: "rmguthr@uwe.nsa.gov" <rmguthr=40uwe.nsa.gov@dmarc.ietf.org>
Cc: "ipsec@ietf.org" <ipsec@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000068d4f705c934d095"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/r28E71qmtdliznqlN9FgvaUBZcs>
Subject: Re: [IPsec] WGLC for draft-ietf-ipsecme-ikev2-multiple-ke
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Aug 2021 13:52:45 -0000
Hi Rebecca, The draft document aims to be as generic as possible, treating the KE payload as opaque. It should cater for cases such as: - multiple key exchanges involving more than one (EC)DH groups (perhaps due to policy requirements); - combinations of (EC)DH and KEM; - KEM only, either single or multiple key-exchanges; - or perhaps future post-quantum key-exchange that is analogous to DH key-exchange; I expect that, as in the case of RFC8031 describing how to use Curve25519 and Curve448 on IKEv2, there will be specific documents on how to use a post-quantum key-establishment algorithm that follows this draft. So if the algorithm is a KEM, I expect the detail of the KEi and KEr to be described there. Best regards, CJ On Mon, 9 Aug 2021 at 20:05, rmguthr@uwe.nsa.gov <rmguthr= 40uwe.nsa.gov@dmarc.ietf.org> wrote: > > > Good afternoon, > > > > Has there been any thought on whether to include more information on KEMs > specifically, with regard to the KeyGen, Encaps, and Decaps algorithms? It > is my understanding that a public key (pk) will be sent in the KEi payload > and that a ciphertext (ct) will be sent in the KEr payload. The hybrid > draft for TLS 1.3 does provide this info and gives a brief explanation of > how the KEM data maps to TLS, included below: > > > > "For the client's share, the "key_exchange" are the "pk" outputs of the > corresponding KEMs' "KeyGen" algorithms, if that algorithm corresponds to a > KEM; or the (EC)DH ephemeral key share, if that algorithm corresponds to an > (EC)DH group. For the server's share, the "key_exchange" values are the > "ct" outputs of the corresponding KEMs' "Encaps" algorithms, if that > algorithm corresponds to a KEM; or the (EC)DH ephemeral key share, if that > algorithm corresponds to an (EC)DH group." > > > > Thanks, > > > > Rebecca Guthrie > > NSA’s Center for Cybersecurity Standards > _______________________________________________ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec > -- PQ Solutions Limited (trading as ‘Post-Quantum’) is a private limited company incorporated in England and Wales with registered number 06808505. This email is meant only for the intended recipient. If you have received this email in error, any review, use, dissemination, distribution, or copying of this email is strictly prohibited. Please notify us immediately of the error by return email and please delete this message from your system. Thank you in advance for your cooperation. For more information about Post-Quantum, please visit www.post-quantum.com <http://www.post-quantum.com>. In the course of our business relationship, we may collect, store and transfer information about you. Please see our privacy notice at www.post-quantum.com/privacy-notice <http://www.post-quantum.com/privacy-notice> to learn about how we use this information.
- [IPsec] WGLC for draft-ietf-ipsecme-ikev2-multipl… Tero Kivinen
- Re: [IPsec] WGLC for draft-ietf-ipsecme-ikev2-mul… Paul Wouters
- Re: [IPsec] WGLC for draft-ietf-ipsecme-ikev2-mul… Tobias Brunner
- Re: [IPsec] WGLC for draft-ietf-ipsecme-ikev2-mul… Valery Smyslov
- Re: [IPsec] WGLC for draft-ietf-ipsecme-ikev2-mul… rmguthr@uwe.nsa.gov
- Re: [IPsec] WGLC for draft-ietf-ipsecme-ikev2-mul… CJ Tjhai
- [IPsec] WGLC for draft-ietf-ipsecme-ikev2-multipl… Tero Kivinen
- Re: [IPsec] WGLC for draft-ietf-ipsecme-ikev2-mul… Paul Wouters
- Re: [IPsec] WGLC for draft-ietf-ipsecme-ikev2-mul… CJ Tjhai
- Re: [IPsec] WGLC for draft-ietf-ipsecme-ikev2-mul… Valery Smyslov