Re: [IPsec] draft-ietf-ipsecme-ikev2-multiple-ke new

Tue, 11 Apr 2023 07:29:13 -0700 

Thanks Valery. Makes sense.

> This may be a very short document referencing generic Kyber specification and 
> clarifying implementation details for IKEv2 (e.g. the format of the public 
> key etc.).

Would that be a draft towards ratification in IPSECME or something like 
https://datatracker.ietf.org/doc/html/draft-tls-westerbaan-xyber768d00 which 
does not need to be ratified and can just serve as the "Specification Required" 
for the TLS 1.3 IANA registry?


From: Valery Smyslov <[email protected]>
Sent: Tuesday, April 11, 2023 2:53 AM
To: Kampanakis, Panos <[email protected]>; 
[email protected]
Cc: [email protected]
Subject: RE: [EXTERNAL]draft-ietf-ipsecme-ikev2-multiple-ke new


CAUTION: This email originated from outside of the organization. Do not click 
links or open attachments unless you can confirm the sender and know the 
content is safe.


Hi Panos,

Hi draft-ietf-ipsecme-ikev2-multiple-ke authors, ipsecme WG,

We have seen attempts to get early codepoints allocated for PQ-hybrid key 
exchanges in TLS 1.3 and HPKE in other IETF WGs. These, I think, are are good 
steps. Note for these IANA registries the requirement is "Specification 
Required".

How about new PQ Transform Type 4 identifiers in IKEv2? Currently the 
draft-ietf-ipsecme-ikev2-multiple-ke draft says
     It is assumed that new Transform Type 4 identifiers will be assigned later 
for various post-quantum key exchanges 
[IKEV2TYPE4ID<https://datatracker.ietf.org/doc/html/draft-ietf-ipsecme-ikev2-multiple-ke-12>].

So, if draft-ietf-ipsecme-ikev2-multiple-ke will not assign new identifiers for 
Kyber-768 in 
https://www.iana.org/assignments/ikev2-parameters/ikev2-parameters.xhtml#ikev2-parameters-8,
 should we be asking the Experts (Tero, Valery) consider a new allocation?

          Yes, that's correct.

          However, while it is possible to ask IANA for new allocation without 
any referencing document,
          as designated expert I would be much more comfortable if some 
document (even I-D) exists describing
          how to use Kyber-768 in specific environment of IKEv2. This may be a 
very short document referencing
          generic Kyber specification and clarifying implementation details for 
IKEv2 (e.g. the format of the public key etc.).

          Regards,
          Valery.

Thx,
Panos


_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec

Reply via email to