IETF Logo Mail Archive

Re: [IPsec] John Scudder's No Objection on draft-ietf-ipsecme-ikev2-multiple-ke-10: (with COMMENT)

John Scudder <jgs@juniper.net> Wed, 30 November 2022 23:41 UTC

Return-Path: <jgs@juniper.net>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AD37BC0D7C33; Wed, 30 Nov 2022 15:41:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.797
X-Spam-Level:
X-Spam-Status: No, score=-2.797 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net header.b=dfeJH4Di; dkim=pass (1024-bit key) header.d=juniper.net header.b=kMzw1Qu2
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZXxbAr9BstNv; Wed, 30 Nov 2022 15:41:13 -0800 (PST)
Received: from mx0b-00273201.pphosted.com (mx0b-00273201.pphosted.com [67.231.152.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0A4CBC157B4F; Wed, 30 Nov 2022 15:41:12 -0800 (PST)
Received: from pps.filterd (m0108162.ppops.net [127.0.0.1]) by mx0b-00273201.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 2AUFnEP3007389; Wed, 30 Nov 2022 15:41:12 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=PPS1017; bh=ndT38pP1m3ldq1nri8pHz9LlLCy3ChRUzyeRPtPO7oE=; b=dfeJH4DiXdA5OPYPhpEQdFz6dnxzzhoVG4sftjZuQxjYjsVda8/0F+Pkkr7stnUIUrIm /Y03Khyn1xDDJIaD8H2DR/c5OQ2Yhp8A7i14rBYQJ67aOwdLp+xdCutXkTbSkKYe26gp PVQu30hXule8GHciwLHBrN+srTdMoe2A5zUoJ9EZFQ0/QhLxYUmjKhXnRLisuD5OOLTB GyH+7Hqf+b+uWdllWH3T6SG7kKn5GRqaIamwgd+nmSfjw7fKJAja6IqPVjj0VMOTCZ+g G7olyLpPABJQtre+ykdAxxJpOznLI/eOKHRqe4ij/0bnqI8q8x2ODWFEyCHaW6mI0orh BA==
Received: from bl0pr02cu005-vft-obe.outbound.protection.outlook.com (mail-eastusazlp17012020.outbound.protection.outlook.com [40.93.11.20]) by mx0b-00273201.pphosted.com (PPS) with ESMTPS id 3m5n3rk4yn-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 30 Nov 2022 15:41:11 -0800
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=fo+vhq50zExFFUhIkFDZIWRzmg5hnhqIAYeXg1fddXRRDIbFdazFtiC6U2TGCjd21G68cVLbUNBiuINZ+J5d8w4bid0SnCg7QQYtH1K2+UtOJy1tLMiLJ5nyLYQ48dpqx5znyqUPRrgF7VBTL4+C5QVhmGVbEkeH1LqvvLFJlqqFT7ZOKXrp4aI1tZnpj7xp5B+Guxt4RC+AIQp4UTEJeNtaPAv2MaKrkXSd/c9DuYChn+nl7RK0xmX3Tr8UBCNW3k7meG8QkCX3iADMoj3x4BWvHAYT01O2It3wrKNcAzG3kLEaAt954ImJqriFygWT3AAzMejAWBcOQ7pD5mwrew==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ndT38pP1m3ldq1nri8pHz9LlLCy3ChRUzyeRPtPO7oE=; b=UrgUa/MQtvpXLcOluuFMshuemKWpkAu8UQgaBiIXQoEkxpSB8vyubLOkaXudyn+MT2TkjiIA4FfB1Dfewe979KeEsnRN7t0s7lz4+l1BPLojxlKypOcItHxyHXkTsclYQ3uUpc3d64E+0lCUlFxRTtUYkuzvvDWgpNU+OSHuC+G5gAEVlEwiZDqX2fIPMadm+qFPxOwh1eimt1xyoGMJ3fQmaOsXIkMH6TqlwvxC2SsLnPTQg/Ozz4WhroA/sK8rhmp/EMOAx/0JJKDu9NKOTcAeYlqZW9HEdCrPiJe13GilwBkDpwMhIsDfQMDdMPfszZ01z90diWy5h9kR28O1pw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=juniper.net; dmarc=pass action=none header.from=juniper.net; dkim=pass header.d=juniper.net; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ndT38pP1m3ldq1nri8pHz9LlLCy3ChRUzyeRPtPO7oE=; b=kMzw1Qu262txxc3DxfBYrRoFkdq5SYS/ZMI6u2Rl6Tw07+F01hxSLynpHYmXbbakSheiLCUO/RPUVRAYlNWPl38/Jeooa6AZ2bGGMUEA+j0U2SndUm4+8HbuY3BUrCB2uud+AXdDikmSIoSrvUosOGqgnAV7uiQIBQ9hqeJ/E7s=
Received: from MN2PR05MB6109.namprd05.prod.outlook.com (2603:10b6:208:c4::20) by CO1PR05MB8508.namprd05.prod.outlook.com (2603:10b6:303:eb::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5857.17; Wed, 30 Nov 2022 23:41:08 +0000
Received: from MN2PR05MB6109.namprd05.prod.outlook.com ([fe80::2b47:6afc:ba5a:1615]) by MN2PR05MB6109.namprd05.prod.outlook.com ([fe80::2b47:6afc:ba5a:1615%7]) with mapi id 15.20.5857.023; Wed, 30 Nov 2022 23:41:08 +0000
From: John Scudder <jgs@juniper.net>
To: CJ Tjhai <cjt@post-quantum.com>
CC: The IESG <iesg@ietf.org>, "draft-ietf-ipsecme-ikev2-multiple-ke@ietf.org" <draft-ietf-ipsecme-ikev2-multiple-ke@ietf.org>, "ipsecme-chairs@ietf.org" <ipsecme-chairs@ietf.org>, "ipsec@ietf.org" <ipsec@ietf.org>, "kivinen@iki.fi" <kivinen@iki.fi>
Thread-Topic: John Scudder's No Objection on draft-ietf-ipsecme-ikev2-multiple-ke-10: (with COMMENT)
Thread-Index: AQHZBP5GhCaod83FQkSRi3lQy4MQKK5YGE0AgAAB6QCAAAY8gA==
Date: Wed, 30 Nov 2022 23:41:07 +0000
Message-ID: <34E98A37-1264-4BB3-B2DC-11CF04C31EDA@juniper.net>
References: <166984180574.51822.3552394396097010007@ietfa.amsl.com> <CANs=h-W8Ayo8CZODhqGtVJ6HVvBg2cS1Z95_THgwvJLi74iBVA@mail.gmail.com> <CANs=h-UwwymvY0yzFtpgWGx-nxPD_H59Bg=STGe3rVc+nRLM0w@mail.gmail.com>
In-Reply-To: <CANs=h-UwwymvY0yzFtpgWGx-nxPD_H59Bg=STGe3rVc+nRLM0w@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3696.120.41.1.1)
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: MN2PR05MB6109:EE_|CO1PR05MB8508:EE_
x-ms-office365-filtering-correlation-id: 01ee5e52-fa3e-44bb-77da-08dad32c5ab8
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: K1BHeqZQjaisIZhQ3TXJAL7dovTXz515EqXCANUMoTWpq6W6CUgi13CYgayhvagWXLwyUTuIOHACXUpgj+X3jc+ogqx9ggXCgvYIOSdaR+CB4ch4ZsGn+iRIszAIwKochT0AKFiVkNxf73K62GTi1k1znl1y7AY/FkMP0vNsOv1SzvIzCjLhQ4dCbQQHnlixDi2xJGFzutSEw4DGMYVx4ankEpNXzKnVhGuVdHq/ZAKWSVa7WcGLzmJmmAfwA3jLVFk42hqM1fPckX0QqBQuOIj6gddLUB/USntoo/nruiLfVcm4sQfC0R3E5Rj708rFVbnz27Gp3cC2EBRfzPusu1fg266fXWAxpoO/eIByHLgz7u2+AYpwMRHRmDEKXoxtP6s8WunDSSDiplQ+Zbx4iOkwBAe6z308OcfF8ztqMptuSUwLjuw6n05aLCNBWLnKboPYD33AN7hP9UdE0RF2xgz/jvs5bWnb/ucehEGjTayYM60LDj5zxyYiK9KnbFEmQFTT3V8j7QaGK40oP3EzW7WK1beU9CDdcsuo+AwN3CMeDJnCBnDIMNFWmRFyh4DMa2xQyOm7TAfB4QbeBUM40Q7eY8L2HbKScYCr7ibMQxy/s3IOvn4yNhawfsNJOHKWZR9zawiqNKpLPWRNjpplz/H4ATnfZsYMbSWRlnesB11mdKGcb9MmqHWwpKk5FBZ+Fi+ahNwZGKgmGLX8viTojBljb0Mw7sJpuIi9CIFAxcW7xiXlG567eq9QeCnyNZXHx2Jr4CXJWkRtBKn/YrKqIQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MN2PR05MB6109.namprd05.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(4636009)(346002)(136003)(396003)(366004)(39860400002)(376002)(451199015)(83380400001)(66899015)(86362001)(54906003)(6486002)(15974865002)(71200400001)(6506007)(6916009)(38070700005)(33656002)(36756003)(5660300002)(38100700002)(6512007)(8676002)(122000001)(2616005)(26005)(186003)(478600001)(8936002)(64756008)(53546011)(66446008)(41300700001)(66946007)(66476007)(4326008)(2906002)(76116006)(316002)(91956017)(66556008)(45980500001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: mHkaevHDURcwoLxq1D7/CTQtu2YStDBSEYamUu9IXLg1UudhtdPJknnTNz7HGnaf3g1R3avLQlv75RaGy7VaaaXigjl0ZVbt5lH2eDiT9dVYqaGqrC7cSUlI27nUU5GXn5wVxY4F3jKsaNLp800KtQEwRMLn2gXLtYmt5r7kNQShBTtLFlkDijXDM1Yz3lyUVmjEKbsAGzXxeX/HyAHc9GAbYZIc6QeQFM0dMCytoGq8k2y2WTviz0v1HV7NJcvFTtMp4OP5++Mn/PpU1gqe/ANXI/Qb2Yue91bcBeSZB94WX6VTSjfah5Gf3Zh1sxr6UnRN9ShtIhdyhIUWgZu3KFty0YGpmiG4o7xZKw8pi2a3ecjnERQf7h8mJKtomcJGxVhEulCg/N4xIso3rKrpplYm7vEceCe80Kq7U7YwjdstUxBzWICP4o55mznnzp3aTDyIR5OKILuAuueEZwAnQwByLAEibbD8g1AguRroNKBZlzUuKsFbVaYYDJiAim87QUsVnStlO0Dp18ccAMWiiAd2PGqt5m3Yf+cedrjfw79R5lLoDK0xi6HTAU6oMVDbtlQ4pazmjF3etUlg/aaawAu8Iv4/9BSSY2VCQpABAVI71yfn39IYMG7joeNfVQ7BVJsjtGvBsNn486UiGQ6p8Umu5N0C5WK1s+Ao5PQPWGvF9//jMftwrs0J6SLhBML5A7r1ZL8Kehb+LqkkzWOJ+U5MM55CGc3c1E70cL8T76w6j/KjWOo20HqMCAzwroims4BWtsROeokbD1+qbxjgpOLZIFElhazxpKwMwv8hN8WqJZ97PW0QpBoElpq3ykBzSmMzCfaM9waUQ7k3ujA6+KQVd0EBmFHW7Uzt0V1bMUUx/oV+dje20eB9tzF+IvtZheKl4Mt6jzHKE00hoqbig47o0l0qXUAgrg/VTd9v+NDFX/Rjrds9RfRlI3+Xf5t/Ba82txqKfYVokwDD6IUbk+R1790DyNEz3Vn4aF0QuPOAj+x+3Yu2o53vgq54Wbf7+0uRIi9cpNaIPhAICTUtbvj9fx3fSwDJXT/qcH6J4wtZ6tDPGkgV4H8RqoTOD7DWWlxT7ZNjljO09Nba/surHMa75VU71PApgXqjLbQRLQp78vvxfrhkXiowtQlDshttinvIgyeVbboLUS64HUm6F3+F5Ciknj1wHtkqhHj+BwPGkYF9VT5uk3JvPahoXqJEfVVsEEVzWsqLh4ZTkufzaGEsXyuM+6ZFyXjZB1V8M3mHvgfVvDcZTJxQ/ZOJWGZBmCl2LbwdXtw5CfNX3uFPCsOHx1IV7dYSniwdFJQ4A/iNYgA+FmozjTvMnxG7Y2drq5tppb6kMYWRmFmex29s0uH/KMGQG0NeeBfYpKSaxes9nL4YzzoC0UpoEb4eATK47FR2b+vVZLV+kKBmlK05dyE5M8uNWoxOkU4wfNfUj1IH1sykdCRyf47gL+Q1iY1weFXCv17Ywws/3Ydw7DY+3FDfFF3KGuT2w+HJJ62tY9U5Q0bP1KMFjC5dud47egZ1YNaSj5OFRLmr6jDhHxGr2Ug5K7ZQvcKtvUK65IZ0K0iDkxHQj+qW6sPMxkmB+JsJ
Content-Type: text/plain; charset="utf-8"
Content-ID: <54072594CD44DD48A1989D2554AA7EFD@namprd05.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MN2PR05MB6109.namprd05.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 01ee5e52-fa3e-44bb-77da-08dad32c5ab8
X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Nov 2022 23:41:07.9782 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: DHXD22DZI6qPMyHILtKreUWQ6Z4gLGqja1X+04+jop96s37VBtMb4J0KoTMOraSO
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO1PR05MB8508
X-Proofpoint-ORIG-GUID: dmdD867l_-z7ahkKruQuixrDjT4mxlXM
X-Proofpoint-GUID: dmdD867l_-z7ahkKruQuixrDjT4mxlXM
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.895,Hydra:6.0.545,FMLib:17.11.122.1 definitions=2022-11-30_04,2022-11-30_02,2022-06-22_01
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 malwarescore=0 bulkscore=0 adultscore=0 clxscore=1011 lowpriorityscore=0 phishscore=0 spamscore=0 suspectscore=0 impostorscore=0 mlxscore=0 mlxlogscore=985 priorityscore=1501 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2210170000 definitions=main-2211300167
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/rxTIH38L8rD5d3jTk9_3SZrNLm8>
Subject: Re: [IPsec] John Scudder's No Objection on draft-ietf-ipsecme-ikev2-multiple-ke-10: (with COMMENT)
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Nov 2022 23:41:17 -0000

Yes, that’s just fine — sorry for the duplicate effort, I hadn’t noticed Paul’s comment.

—John

> On Nov 30, 2022, at 6:18 PM, CJ Tjhai <cjt@post-quantum.com> wrote:
> 
> 
> Hi John,
> 
> I've just realised that Paul Wouters has also commented on the same sentence and he has suggested the following:
> 
> A hybrid post-quantum algorithm to be introduced along with
> the well-established primitives addresses this concern, since the overall
> security is at least as strong as each individual primitive.
> 
> This has been committed into our latest PR. Hope this works with you.
> 
> Cheers,
> CJ
> 
> 
> On Wed, 30 Nov 2022 at 23:11, CJ Tjhai <cjt@post-quantum.com> wrote:
> Hi John,
> 
> Many thanks for your review. Please see the response inline below.
> 
> Best wishes,
> CJ
> 
> 
> On Wed, 30 Nov 2022 at 20:56, John Scudder via Datatracker <noreply@ietf.org> wrote:
> John Scudder has entered the following ballot position for
> draft-ietf-ipsecme-ikev2-multiple-ke-10: No Objection
> 
> 
>  
> [snipped]
> 
> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
> 
> Thanks for this. I have just one comment, about what's probably just a
> typographical error but it interfered with my understanding of the point in
> question so it seemed worth mentioning.
> 
> ### Section 2, (2) is missing a verb, but what verb?
> 
> ```
> Hybrid. Currently, there does not exist a post-quantum key exchange that is
> trusted at the level that (EC)DH is trusted against conventional (non-quantum)
> adversaries. A hybrid post-quantum algorithm to be introduced next to
> well-established primitives, since the overall security is at least as strong
> as each individual primitive. ```
> 
> The second sentence seems, at minimum, to be missing a verb. For instance you
> could interpolate "needs" between "algorithm" and "to be", but I'm not sure if
> that properly captures your intended meaning.
> 
> I see your point, perhaps we should rephrase the sentence to the following:
> 
> Combining a post-quantum algorithm next to well-established primitives
> in a hybrid arrangement, would alleviate this concern since the overall security
> is at least as strong as each individual primitive.
> 
> Would this work with you?  
> 
> PQ Solutions Limited (trading as ‘Post-Quantum’) is a private limited company incorporated in England and Wales with registered number 06808505.
>  
> This email is meant only for the intended recipient. If you have received this email in error, any review, use, dissemination, distribution, or copying of this email is strictly prohibited. Please notify us immediately of the error by return email and please delete this message from your system. Thank you in advance for your cooperation.
> 
> For more information about Post-Quantum, please visit www.post-quantum.com.
> 
> In the course of our business relationship, we may collect, store and transfer information about you. Please see our privacy notice at www.post-quantum.com/privacy-policy/ to learn about how we use this information.

v2.23.0 | Report a Bug | By Email