Do you mean the post-quantum cryptography competition (https://csrc.nist.gov/Projects/post-quantum-cryptography)?
That's why I felt confused. The draft isn't concerned with any post-quantum cryptography stuff, it uses only well-studied methods of classical cryptography. I don't think this particular competition is relevant here. However, taking into consideration Grover's algorithm, it seems that 128 bit level is the maximum available for the current off-the-shelf crypto algorithms (I'm not aware of any widely used cipher with key length more than 256 bit). Regards, Valery. I'm talking about the ongoing NIST quantum cryptography competition, which targets at the lowest level security equivalent to AES-128. On Wed, Dec 25, 2019 at 10:24 AM Uri Blumenthal <u...@mit.edu> wrote: NIST produces standards and recommendations. US government organizations and companies doing business with them are usually required to comply. Organizations and businesses (both US and non-US) that are not bound by US regulations, often pay attention to what NIST recommends. To repeat myself, it mages sense to add reference to the NIST levels, even if Watson doesn't insist. ;-) On Dec 25, 2019, at 12:29, Valery Smyslov <val...@smyslov.net> wrote: On Wed, Dec 25, 2019 at 3:57 AM Uri Blumenthal < <mailto:u...@mit.edu> u...@mit.edu> wrote: NIST standards are mandatory for a subset of US citizens. But enough of businesses outside the US pay attention to what NIST says to make adding the reference relevant and useful. It's not about standards, it's about the competition and the relevant security level definitions. Not that I feel strongly about it, just a suggestion.. Then I'm a bit confused. What competition do you mean? Regards, Valery. On Dec 25, 2019, at 01:52, Valery Smyslov <s...@elvis.ru> wrote: Hi Watson, thank you for spending your time on this review in Christmas Eve. The capitalization issue has been already noticed and fixed. I’m not sure the draft should mention NIST levels, because they are relevant mostly for US customers. I think that generic recommendations on key sizes are more appropriate for this document. Regards, Valery. Damn misclick. I meant With Nits. On Tue, Dec 24, 2019 at 8:02 PM Watson Ladd via Datatracker <nore...@ietf.org> wrote: Reviewer: Watson Ladd Review result: Not Ready Twas the night before Christmas when all through the house someone was desperately trying to get a review done on time. I didn't see anything wrong per se in the draft itself, but I found the capitalization of quantum computer an odd choice. IKEv2 is a complicated protocol, and I am not 100% sure that this draft does what we want it to: It would be great if someone could check very carefully in some symbolic model, ala what has been done in TLS. The guidance on sizes seems to rule out NIST level 1, but not any higher levels: might be worth calling out this explicitly. _______________________________________________ secdir mailing list sec...@ietf.org https://www.ietf.org/mailman/listinfo/secdir wiki: http://tools.ietf.org/area/sec/trac/wiki/SecDirReview -- "Man is born free, but everywhere he is in chains". --Rousseau. _______________________________________________ secdir mailing list sec...@ietf.org https://www.ietf.org/mailman/listinfo/secdir wiki: http://tools.ietf.org/area/sec/trac/wiki/SecDirReview -- "Man is born free, but everywhere he is in chains". --Rousseau.. -- "Man is born free, but everywhere he is in chains". --Rousseau.
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec