Re: [IPsec] Last Call: <draft-ietf-ipsecme-qr-ikev2-09.txt> (Postquantum Preshared Keys for IKEv2) to Proposed Standard
"David McGrew (mcgrew)" <mcgrew@cisco.com> Wed, 11 December 2019 17:59 UTC
Return-Path: <mcgrew@cisco.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2499A120088; Wed, 11 Dec 2019 09:59:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.501
X-Spam-Level:
X-Spam-Status: No, score=-14.501 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=jHrw3ZnG; dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=cisco.onmicrosoft.com header.b=L8p/iF78
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WEPUr84pSFYR; Wed, 11 Dec 2019 09:59:56 -0800 (PST)
Received: from alln-iport-8.cisco.com (alln-iport-8.cisco.com [173.37.142.95]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1216A1200B9; Wed, 11 Dec 2019 09:59:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=6838; q=dns/txt; s=iport; t=1576087196; x=1577296796; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=iD5ciUoFs687kut/4w8HAxBa/tNLjNVRTjSoQ4psy4s=; b=jHrw3ZnGgLsX8D3ue65kWePCrC3IUvRckBNmAAes/6FpdsQCnp79Oo5v jZKxXQbo8B+xGcRnY3gm521w7q0aTAUEERKRPUtA6tpQVf1gqYwW4LVSj 0vHjNlhpSSxcnXZPe6UojJyFzjYeqy8iG+YNJRU+LDeURgew9tJVtEZ+x U=;
X-Files: smime.p7s : 3012
IronPort-PHdr: 9a23:TNNC0xfZdcZF87vKhg5acRdNlGMj4e+mNxMJ6pchl7NFe7ii+JKnJkHE+PFxlwKYD57D5adCjOzb++D7VGoM7IzJkUhKcYcEFnpnwd4TgxRmBceEDUPhK/u/aic1BsldfFRk5Hq8d0NSHZW2ag==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AdAQD2LfFd/5tdJa1lGgEBAQEBAQEBAQMBAQEBEQEBAQICAQEBAYF+gUtQBWwrLSAECyoKg3mDRgOLCk6CEZgGglIDVAIHAQEBCQMBASUIAgEBhEACggUkOBMCAw0BAQQBAQECAQUEbYU3DIVeAQEBAQIBEhEdAQE3AQQHBAIBCBEEAQEBIwcCAgIwHQgCBA4FDhSDAAGCRgMOEQ8BDqMSAoE4iGF1gTKCfgEBBYE5A4NZGIIQBwMGgTaBU4kCgUMaggCBEScggkw+gmQCAgEZgV6CeTKCLI90nnsKgi+DVYI2gRmOUhuaQJcTkW8CBAIEBQIOAQEFgWkigVhwFWUBgkFQERSMZgwXFYM7hRSFP3SBKIxsAYEPAQE
X-IronPort-AV: E=Sophos;i="5.69,302,1571702400"; d="p7s'?scan'208";a="391096378"
Received: from rcdn-core-4.cisco.com ([173.37.93.155]) by alln-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 11 Dec 2019 17:59:55 +0000
Received: from XCH-RCD-004.cisco.com (xch-rcd-004.cisco.com [173.37.102.14]) by rcdn-core-4.cisco.com (8.15.2/8.15.2) with ESMTPS id xBBHxsX3016385 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 11 Dec 2019 17:59:55 GMT
Received: from xhs-rcd-002.cisco.com (173.37.227.247) by XCH-RCD-004.cisco.com (173.37.102.14) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Wed, 11 Dec 2019 11:59:54 -0600
Received: from xhs-rtp-002.cisco.com (64.101.210.229) by xhs-rcd-002.cisco.com (173.37.227.247) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Wed, 11 Dec 2019 11:59:53 -0600
Received: from NAM02-BL2-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-002.cisco.com (64.101.210.229) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Wed, 11 Dec 2019 12:59:53 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Xr5w5zO0uhfEwUCPANm4RscB/u0m0sMqMfW7eVtRHtQb77kz2RPT7T2j7ufrTwgyDKgCUvumXEu6+DCCePw6Yxvnx8ndD5uQKcXNNxf9+x6CqtopoCsmhUPOORjLSNaItbsy7Qa0RVADOEiwQXgDoqjCgT9VZM28+C0LxY4TSpJuE8NeJ1Emt8R0Y9HVanG6x/FjfF5vkjC3q+9Byp86qJMwfh1TW/5rpl96hc4a5btnAgtENgzbNbfU2HPSk+MzD/dNaxNzkuS6HmupslGNJX7Ix9wh8+LkBQq3j26YqNlK/lJOkx2nIhANK3+y+aR5OqrjNnpWr53sKwR0mOZVgg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=4BGzHgI8e48pINngwvu69yPHgQ4ehME8yO3Z/Kt3Sz4=; b=bw2cGfuGb3GKoSCbLHt0VkIvA561MwEQ5tgois4acpCKnmnntVB/58Jj85vr3kHtV+qzE5SmHNjqFgUbR0U8OXwNZG0xPVqpW0ZnZruIIOz7MhaXPAuVehWQJv6OUlxLVHQ7Zeuqisi/t0jNMunkk/sRZEi8vYZrXZvTH/kS/VvCffm+CwRjIP1mssD4pNz8WBXuBqsuOIpbCCE/vbiCJQipYOrS41tJrjtES2Qcmr03lrrNgGO7iXz59ddZd5dIjHsDesXVwHo5W2eIzWQWS5NIiqOD0WtOK5jzAIMHa0CmK8Jo1G1C2MDnvgACtet8S1UcXvFE7Xve/hLADzhs1Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=4BGzHgI8e48pINngwvu69yPHgQ4ehME8yO3Z/Kt3Sz4=; b=L8p/iF78L1T17RGYYxaMde9GR7Mg7ViA/4punF/sIo2l5f7tG+DFTmQleM6QYlbTJqXt/xkGngkBl3J+uYvi7ftuTSDkrwXJIqlp1bRTd8kfgItjklNP9X/XS3j2gWmWf7tSd6WMwnpwW0eP70XYPuZeoiegliCnu0OuF+d4QrM=
Received: from MWHPR11MB0079.namprd11.prod.outlook.com (10.164.204.138) by MWHPR11MB1710.namprd11.prod.outlook.com (10.169.235.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2516.13; Wed, 11 Dec 2019 17:59:52 +0000
Received: from MWHPR11MB0079.namprd11.prod.outlook.com ([fe80::d849:db34:3479:6d3e]) by MWHPR11MB0079.namprd11.prod.outlook.com ([fe80::d849:db34:3479:6d3e%7]) with mapi id 15.20.2516.018; Wed, 11 Dec 2019 17:59:51 +0000
From: "David McGrew (mcgrew)" <mcgrew@cisco.com>
To: "Salz, Rich" <rsalz@akamai.com>
CC: "Scott Fluhrer (sfluhrer)" <sfluhrer@cisco.com>, "last-call@ietf.org" <last-call@ietf.org>, "ipsec@ietf.org" <ipsec@ietf.org>, "ipsecme-chairs@ietf.org" <ipsecme-chairs@ietf.org>, "david.waltermire@nist.gov" <david.waltermire@nist.gov>, "draft-ietf-ipsecme-qr-ikev2@ietf.org" <draft-ietf-ipsecme-qr-ikev2@ietf.org>, Kenny Paterson <kenny.paterson@rhul.ac.uk>
Thread-Topic: Last Call: <draft-ietf-ipsecme-qr-ikev2-09.txt> (Postquantum Preshared Keys for IKEv2) to Proposed Standard
Thread-Index: AQHVsDGfAoxccpvdWECBsX/5DhLMP6e1HjkAgABXWID//613gIAAFhyA
Date: Wed, 11 Dec 2019 17:59:51 +0000
Message-ID: <1601E041-8E1A-49CE-BB0D-3DA9A3EA8CA9@cisco.com>
References: <157607548927.11531.316316195814237240.idtracker@ietfa.amsl.com> <A4AC9EAC-7BAB-489D-81BA-9BF11BFED59F@akamai.com> <BN8PR11MB3666ECEE1DF004E1F29168D4C15A0@BN8PR11MB3666.namprd11.prod.outlook.com> <ADABC075-B6B2-4C1B-BEEC-C38ED20562DF@akamai.com>
In-Reply-To: <ADABC075-B6B2-4C1B-BEEC-C38ED20562DF@akamai.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=mcgrew@cisco.com;
x-originating-ip: [173.38.117.69]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 06602070-131d-4f5e-b8a1-08d77e63ebcd
x-ms-traffictypediagnostic: MWHPR11MB1710:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <MWHPR11MB1710CD59BD5F2454FEB8C326C95A0@MWHPR11MB1710.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8273;
x-forefront-prvs: 024847EE92
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(396003)(136003)(376002)(39860400002)(366004)(346002)(13464003)(189003)(199004)(316002)(26005)(66476007)(6506007)(53546011)(5660300002)(66556008)(6916009)(64756008)(36756003)(66946007)(186003)(91956017)(66616009)(66446008)(4326008)(86362001)(76116006)(2616005)(8676002)(71200400001)(478600001)(8936002)(81166006)(6512007)(81156014)(33656002)(6486002)(2906002)(966005)(54906003); DIR:OUT; SFP:1101; SCL:1; SRVR:MWHPR11MB1710; H:MWHPR11MB0079.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: lGQhMlj2MQ/4suMQVL7faxkeQP+bQVR9O7F3etj4ZxC/90P9yavGJlnuVQxF9LP/weY4BgiSmI3q/fVz8vGHGcORwMUZNArBrNmBenarrQC04yshJaqRY3rXC/0vid/HPECO9/6h7toI9k5BLJaBnHfi0YUGtXpoGlR+TRvtKvRr2w1i9Xfa1dQmYGUX9y2eMOdhid9Byuahm7Rh9t5RZv+aWzp8jdGdkKU0YvaWZsOvb1RAKfM4FsI39kWXFhXTZ02wyWdVlB7n8fvFTPVrtZ1Cmkv6HDp+7stXmen2f/PSFyMx/c4uWjxNrZDOfm2TzWhSR/0WXRnPoBrX2osW34Xg4aAKYBYvkKJWqFBR03h+ru3Su0y44jOp6jEfjqFWUbAvi/oVlN6bbYNsaXbqJVX4E3qestKyHFGWh6t+0cXUXLf6Qe1aXLld7jqFX/5k4wM0q4XVOc81hLb7sojm9k/ZYLe7keYV5lOQACAXJk8RpxZaA6VkuKB7d6kl0AKNSkBMzjUgOBeWWzIWp402e6UublF6KLdbIesm1M5ky2Y=
Content-Type: multipart/signed; boundary="Apple-Mail=_5C448BD0-908E-4594-801D-30F46539B825"; protocol="application/pkcs7-signature"; micalg="sha-256"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 06602070-131d-4f5e-b8a1-08d77e63ebcd
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Dec 2019 17:59:51.6825 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Mo/qrEuCgEIyYG1CcuHZFL+zcsm+ph4pV69UtIgRZX9ovYkeGpgP7RLETw0eLoe/o+6ny4xy+S4iS0uJlJ46jw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR11MB1710
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.14, xch-rcd-004.cisco.com
X-Outbound-Node: rcdn-core-4.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/wFDqndihNAJ5j3BtljdbM3j5iJc>
Subject: Re: [IPsec] Last Call: <draft-ietf-ipsecme-qr-ikev2-09.txt> (Postquantum Preshared Keys for IKEv2) to Proposed Standard
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Dec 2019 17:59:59 -0000
Hi Rich, I strongly disagree with your statement that “this is premature”, and the slides that you cite do not support that claim. I totally agree with the points in Kenny’s slides, especially as they pertain to QKD and SDO-shopping, but they say nothing about improvements to security protocols that use quantum-resistant *symmetric* cryptography. The Postquantum Preshared Keys for IKEv2 specification is a sound and mature specification that uses existing crypto algorithms with parameters that are widely believed to be post quantum secure. David > On Dec 11, 2019, at 11:40 AM, Salz, Rich <rsalz@akamai.com> wrote: > > Slides: https://datatracker.ietf.org/meeting/99/materials/slides-99-saag-post-quantum-cryptography > > Video: https://www.youtube.com/watch?v=abmd1n5WUvc&t=1451s > > > On 12/11/19, 11:36 AM, "Scott Fluhrer (sfluhrer)" <sfluhrer@cisco.com> wrote: > > Did Kenny make this statement in the context of postquantum cryptography (that is, public key algorithms that are believed to be secure even if the adversary has a quantum computer)? > > That would certainly be a reasonable statement (as most postquantum algorithms are fairly new, and are still being cryptographically vetted). > > On the other hand, this specific draft doesn't involve any postquantum algorithms; it relies only on currently accepted algorithms, and so Kenny's caution would not apply. > >> -----Original Message----- >> From: Salz, Rich <rsalz@akamai.com> >> Sent: Wednesday, December 11, 2019 11:23 AM >> To: last-call@ietf.org >> Cc: ipsec@ietf.org; ipsecme-chairs@ietf.org; david.waltermire@nist.gov; >> draft-ietf-ipsecme-qr-ikev2@ietf.org >> Subject: Re: Last Call: <draft-ietf-ipsecme-qr-ikev2-09.txt> (Postquantum >> Preshared Keys for IKEv2) to Proposed Standard >> >> We are seeing a flurry of these kind of “post quantum protection” things. >> This is premature. The co-chair of the CFRG, Kenny Paterson, said so awhile >> back. >> >> At best, this should be EXPERIMENTAL. >> >> I would like to see an IESG policy that makes all drafts on this topic be >> EXPERIMENTAL. >> > > >
- Re: [IPsec] [Last-Call] Last Call: <draft-ietf-ip… Yoav Nir
- [IPsec] Last Call: <draft-ietf-ipsecme-qr-ikev2-0… The IESG
- Re: [IPsec] Last Call: <draft-ietf-ipsecme-qr-ike… Paul Hoffman
- Re: [IPsec] Last Call: <draft-ietf-ipsecme-qr-ike… Salz, Rich
- Re: [IPsec] Last Call: <draft-ietf-ipsecme-qr-ike… Scott Fluhrer (sfluhrer)
- Re: [IPsec] Last Call: <draft-ietf-ipsecme-qr-ike… Salz, Rich
- Re: [IPsec] Last Call: <draft-ietf-ipsecme-qr-ike… David McGrew (mcgrew)
- Re: [IPsec] [Last-Call] Last Call: <draft-ietf-ip… Paul Hoffman
- Re: [IPsec] [Last-Call] Last Call: <draft-ietf-ip… Salz, Rich
- Re: [IPsec] Last Call: <draft-ietf-ipsecme-qr-ike… Valery Smyslov
- Re: [IPsec] Last Call: <draft-ietf-ipsecme-qr-ike… Paul Hoffman
- Re: [IPsec] [Last-Call] Last Call: <draft-ietf-ip… Paul Wouters