Re: [IPsec] WGLC for draft-ietf-ipsecme-ikev2-multiple-ke

CJ Tjhai <cjt@post-quantum.com> Tue, 10 August 2021 13:52 UTC

Return-Path: <cjt@post-quantum.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CD2FD3A0B86 for <ipsec@ietfa.amsl.com>; Tue, 10 Aug 2021 06:52:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=post-quantum-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tcHN0OXzHp2d for <ipsec@ietfa.amsl.com>; Tue, 10 Aug 2021 06:52:38 -0700 (PDT)
Received: from mail-yb1-xb32.google.com (mail-yb1-xb32.google.com [IPv6:2607:f8b0:4864:20::b32]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4B9F03A0B84 for <ipsec@ietf.org>; Tue, 10 Aug 2021 06:52:38 -0700 (PDT)
Received: by mail-yb1-xb32.google.com with SMTP id l3so3877030ybt.7 for <ipsec@ietf.org>; Tue, 10 Aug 2021 06:52:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=post-quantum-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=XS2B4Z0uISq4QKdDVQ8UHX48BhxmEcR05TrL/reFJkk=; b=Ja7YuXANokIinm0nz2xaHFGB3bkNuq0xYYFXubMnNb/w15UHAM1vLx1dP0c7bPNBqk MsVxlKI1+bi79uRcHQ5eO3PvW1wHDxaEDyYD+nBL/2gDwfqbU8VtoVWDd84CtRzZ8vDH 54EdoZZ8nasGuLFb26bhJKFNtpo22h7b4etzBOXcaztGXX6P7dCbKsVqvMClfuKxoYg3 SdEOetIZEDXinIaEYIRrDVoylS2FrGurbtJad7Qc5NZhbEGADLzLAYAX2PUSyFicnXMD IzOSnG6PX3Q1odH1Ud3UCO2HJeRwQsWJoUF475piLZ1IJtBGzKBivLpoBbhOhkY+z5eF plrw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=XS2B4Z0uISq4QKdDVQ8UHX48BhxmEcR05TrL/reFJkk=; b=mUBrbmkA52JQq5n0V8WHWmIxLTfehOgUH5a9xpn5zJr+m567X/Pvyba/wJTKV79Hjz dNegWyYF8poPa1KKg89vKrmeEkiosr12K1PjFRU871H3wKTrq3rhlCWkB97bxRoLVk2K r5eQ+qZ+QdiVmj+4RqcDXmgEa/w2h/G6iNjQDHMbhN8rL/Z7QFS/OtjDKMK8JaZMcCqY BZcrFVsSwqZVK+c3eNppkPdYWQfBmNj/QEQQ4Pzp5ejycv2KoyWAvyZezN7M7e9uYDsW tNguneUgi+f4bD4FBfuFtS/ZICLluw0uJu5mmZ8dUU13yfPsTYSyKeiJy0tlGm+LT5GU tYSg==
X-Gm-Message-State: AOAM530NHeLOFnZBUeDTnxotVqK7scRFF0b27DRAQ0ILeE0H42KiaMSe Lo1f7qRrISa9aWAloyji84p/kmb2XcgMGqfp56ikqDcRljXBJNsw3EfHeJy4S6ChM7RqZ6Kpocg 5XVg9X8xVM0MHaqkHIVyND49dgg==
X-Google-Smtp-Source: ABdhPJz+wpQzzhQGisBZEF2ysKEOAEE79HKBFhuiFh7tgINRw4/tppM9dH9Jue5I1UaU2Uw4tk91Q56Ca1rrCHYGKaE=
X-Received: by 2002:a25:814f:: with SMTP id j15mr37721946ybm.358.1628603555560; Tue, 10 Aug 2021 06:52:35 -0700 (PDT)
MIME-Version: 1.0
References: <BLAPR09MB72493A82600FAA04CC41B844FCF69@BLAPR09MB7249.namprd09.prod.outlook.com>
In-Reply-To: <BLAPR09MB72493A82600FAA04CC41B844FCF69@BLAPR09MB7249.namprd09.prod.outlook.com>
From: CJ Tjhai <cjt@post-quantum.com>
Date: Tue, 10 Aug 2021 14:52:24 +0100
Message-ID: <CANs=h-WKmcxtwzQ4fVkCimjxYnSmjmA3j_meUnPxV9KNhm0FOA@mail.gmail.com>
To: "rmguthr@uwe.nsa.gov" <rmguthr=40uwe.nsa.gov@dmarc.ietf.org>
Cc: "ipsec@ietf.org" <ipsec@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000068d4f705c934d095"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/r28E71qmtdliznqlN9FgvaUBZcs>
Subject: Re: [IPsec] WGLC for draft-ietf-ipsecme-ikev2-multiple-ke
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Aug 2021 13:52:45 -0000

Hi Rebecca,

The draft document aims to be as generic as possible, treating the KE
payload as opaque. It should cater for cases such as:
- multiple key exchanges involving more than one (EC)DH groups (perhaps due
to policy requirements);
- combinations of (EC)DH and KEM;
- KEM only, either single or multiple key-exchanges;
- or perhaps future post-quantum key-exchange that is analogous to DH
key-exchange;

I expect that, as in the case of RFC8031 describing how to use Curve25519
and Curve448 on IKEv2, there will be specific documents on how to use a
post-quantum key-establishment algorithm that follows this draft. So if the
algorithm is a KEM, I expect the detail of the KEi and KEr to be described
there.

Best regards,
CJ



On Mon, 9 Aug 2021 at 20:05, rmguthr@uwe.nsa.gov <rmguthr=
40uwe.nsa.gov@dmarc.ietf.org> wrote:

>
>
> Good afternoon,
>
>
>
> Has there been any thought on whether to include more information on KEMs
> specifically, with regard to the KeyGen, Encaps, and Decaps algorithms? It
> is my understanding that a public key (pk) will be sent in the KEi payload
> and that a ciphertext (ct) will be sent in the KEr payload. The hybrid
> draft for TLS 1.3 does provide this info and gives a brief explanation of
> how the KEM data maps to TLS, included below:
>
>
>
> "For the client's share, the "key_exchange" are the "pk" outputs of the
> corresponding KEMs' "KeyGen" algorithms, if that algorithm corresponds to a
> KEM; or the (EC)DH ephemeral key share, if that algorithm corresponds to an
> (EC)DH group.  For the server's share, the "key_exchange" values are the
> "ct" outputs of the corresponding KEMs' "Encaps" algorithms, if that
> algorithm corresponds to a KEM; or the (EC)DH ephemeral key share, if that
> algorithm corresponds to an (EC)DH group."
>
>
>
> Thanks,
>
>
>
> Rebecca Guthrie
>
> NSA’s Center for Cybersecurity Standards
> _______________________________________________
> IPsec mailing list
> IPsec@ietf.org
> https://www.ietf.org/mailman/listinfo/ipsec
>

-- 

PQ Solutions Limited (trading as ‘Post-Quantum’) is a private limited 
company incorporated in England and Wales with registered number 06808505.
 

This email is meant only for the intended recipient. If you have received 
this email in error, any review, use, dissemination, distribution, or 
copying of this email is strictly prohibited. Please notify us immediately 
of the error by return email and please delete this message from your 
system. Thank you in advance for your cooperation.


For more information 
about Post-Quantum, please visit www.post-quantum.com 
<http://www.post-quantum.com>.

In the course of our business relationship, 
we may collect, store and transfer information about you. Please see our 
privacy notice at www.post-quantum.com/privacy-notice 
<http://www.post-quantum.com/privacy-notice> to learn about how we use this 
information.