During the WG meeting in London, somebody (I forget who) asked me whether KE 
payloads larger than 64k.  I thought I ought to clarify matters (as they are 
more complex than the brief answer I gave indicated).

Of the proposed postquantum key exchange (and public key encryption algorithms, 
which can be used to transport keys) submitted to NIST, the majority of them 
have key shares (or public keys/ciphertexts) smaller than 64k; there are a 
handful that are larger.  Now, it is possible (albeit unlikely) that all the 
algorithms with key shares < 64k will be broken; unless this happens, it would 
be reasonable (IMHO) that we mandate that any algorithm he allow have a KE 
payload that fits within 64k.  Now, in the event that we feel the need to 
support larger key shares, there are possible ways to support that; I don't 
feel that we need to talk about those options now.
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec

Reply via email to