Greetings all,
DoD has customers who are interested in incorporating a PSK into the initial IKEv2 SA. While RFC 8784 already defines a PSK mechanism, the PSK is not rolled into the encryption until creation of the first Child SA. On the other hand, Alternative Approach for Mixing Preshared Keys in IKEv2 for Post-Quantum Security (draft-smyslov-ipsecme-ikev2-qr-alt) proposes a mechanism for incorporating a PSK that leverages RFC 9242's Intermediate Exchange in order to enable use of the PSK prior to IKE_AUTH. While RFC 8784 is useful as an immediate post-quantum solution, the proposed mechanism in draft-smyslov-ipsecme-ikev2-qr-alt provides PSK-fortified confidentiality earlier in the IKEv2 exchanges, and is simple to implement (given existing support for RFC 9242). I support the adoption of this draft, and am willing to contribute as a reviewer. Would the WG be interested in adopting this draft? Rebecca Guthrie she/her Center for Cybersecurity Standards (CCSS) Cybersecurity Collaboration Center (CCC) National Security Agency (NSA)
_______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
