Hi Paul,
Isn't this kinda off-topic for the thread? I though we were first considering "create an IKEv2 extension that mixes in the PSK" as the simplest way to get around the "go back to IKEv1" guidance.So that was not entire clear to me from the title, but it seems you are right. Perhaps we can change the title from: Postquantum Preshared Keys for IKEv2 to: Postquantum protection for IKEv2 Preshared Keys SA's
That's incorrect title. The original title is correct. The draft provides postquantum protection to any SA, regardless of the authentication methods used. In other words, PPKs (as specified in the draft) don't replace preshred keys authentication in IKEv2, they augment any authentication method to provide postquantum security.
The original title to me reads like a "new feature" instead of like a "fix for old feature".
I think it is more like a new feature. Regards, Valery.
Paul
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
