Hi Paul,
Isn't this kinda off-topic for the thread? I though we were first considering
"create an IKEv2 extension that mixes in the PSK" as the simplest way to get
around the "go back to IKEv1" guidance.
So that was not entire clear to me from the title, but it seems you are
right.
Perhaps we can change the title from:
Postquantum Preshared Keys for IKEv2
to:
Postquantum protection for IKEv2 Preshared Keys SA's
That's incorrect title. The original title is correct.
The draft provides postquantum protection to any SA, regardless
of the authentication methods used. In other words, PPKs (as specified in the
draft)
don't replace preshred keys authentication in IKEv2, they augment
any authentication method to provide postquantum security.
The original title to me reads like a "new feature" instead of like a
"fix for old feature".
I think it is more like a new feature.
Regards,
Valery.
Paul
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec