Hi, The draft specifies how to use additional key exchanges for Child SAs. It states that if several key exchanges are negotiated in CREATE_CHILD_SA, key shares are transmitted in a series of INFORMATIONAL exchanges. So I was wondering if keys are updated after each INFORMATIONAL exchange, similar as its done with the INTERMEDIATE exchange?
Besides, has anybody experiences with fragmenting INFORMATIONAL exchange? I’m not aware that INFORMATIONAL exchange has been used to transmit such large payloads before. Regards, Leonie > -----Ursprüngliche Nachricht----- > Von: IPsec [mailto:ipsec-boun...@ietf.org] Im Auftrag von Valery Smyslov > Gesendet: Mittwoch, 16. Januar 2019 08:16 > An: IPsecME WG > Cc: draft-tjhai-ipsecme-hybrid-qske-ik...@ietf.org > Betreff: Re: [IPsec] New Version Notification for draft-tjhai-ipsecme-hybrid- > qske-ikev2-03.txt > > Hi, > > a new version (-03) of the QSKE draft is published. It contains quite a lot of > changes from the -02 version: > > 1. Negotiation method is changed to standard (via new Transform Types in > SA payload) > 2. Using multiple key exchanges in the CREATE_CHILD_SA exchange is > addressed > 3. "IKE_AUX" is changed to "INTERMEDIATE" (to align with the draft-smyslov- > ipsecme-ikev2-aux-02) > 4. IANA considerations section is added > 5. Temporary IDs for PQ KE methods (using VendorID) are removed > > Please, review the draft. Some issues have already been discussed and the > changes reflect the WG consensus, > some are new and the text reflects only the authors' current opinion. > > Regards, > Valery (for the authors) > > > A new version of I-D, draft-tjhai-ipsecme-hybrid-qske-ikev2-03.txt > > has been successfully submitted by C. Tjhai and posted to the > > IETF repository. > > > > Name: draft-tjhai-ipsecme-hybrid-qske-ikev2 > > Revision: 03 > > Title: Framework to Integrate Post-quantum Key Exchanges into > Internet Key Exchange Protocol > > Version 2 (IKEv2) > > Document date: 2019-01-14 > > Group: Individual Submission > > Pages: 19 > > URL: https://www.ietf.org/internet-drafts/draft-tjhai-ipsecme- > hybrid-qske-ikev2-03.txt > > Status: https://datatracker.ietf.org/doc/draft-tjhai-ipsecme-hybrid- > qske-ikev2/ > > Htmlized: https://tools.ietf.org/html/draft-tjhai-ipsecme-hybrid-qske- > ikev2-03 > > Htmlized: https://datatracker.ietf.org/doc/html/draft-tjhai-ipsecme- > hybrid-qske-ikev2 > > Diff: > > https://www.ietf.org/rfcdiff?url2=draft-tjhai-ipsecme-hybrid- > qske-ikev2-03 > > > > Abstract: > > This document describes how to extend Internet Key Exchange Protocol > > Version 2 (IKEv2) so that the shared secret exchanged between peers > > has resistance against quantum computer attacks. The basic idea is > > to exchange one or more post-quantum key exchange payloads in > > conjunction with the existing (Elliptic Curve) Diffie-Hellman > > payload. > > > > > > > > > > Please note that it may take a couple of minutes from the time of > submission > > until the htmlized version and diff are available at tools.ietf.org. > > > > The IETF Secretariat > > _______________________________________________ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
