Hi all, https://datatracker.ietf.org/doc/draft-kampanakis-ml-kem-ikev2/ This new draft brings ML-KEM to IKEv2 by using RFC 9370. It basically says how ML-KEM will be negotiated as an additional Key Exchange and requests codepoints for ML-KEM. The intention is not to get temporary codepoints like we did with Kyber in TLS. We are close to the final specs, so codepoints next year would suffice.
It could be a standards track draft given that ML-KEM will see a lot of adoption, an AD sponsored draft, or even an individual stable draft which gets codepoints from Expert Review. The approach is to be decided by the IPSECME WG. Feedback is welcome. Thx, Panos ~~~ A new version of Internet-Draft draft-kampanakis-ml-kem-ikev2-00.txt has been successfully submitted by Panos Kampanakis and posted to the IETF repository. Name: draft-kampanakis-ml-kem-ikev2 Revision: 00 Title: Post-quantum Hybrid Key Exchange with ML-KEM in the Internet Key Exchange Protocol Version 2 (IKEv2) Date: 2023-11-12 Group: Individual Submission Pages: 11 URL: https://www.ietf.org/archive/id/draft-kampanakis-ml-kem-ikev2-00.txt Status: https://datatracker.ietf.org/doc/draft-kampanakis-ml-kem-ikev2/ HTML: https://www.ietf.org/archive/id/draft-kampanakis-ml-kem-ikev2-00.html HTMLized: https://datatracker.ietf.org/doc/html/draft-kampanakis-ml-kem-ikev2 Abstract: [EDNOTE: The intention of this draft is to get IANA KE codepoints for ML-KEM. It could be a standards track draft given that ML-KEM will see a lot of adoption, an AD sponsored draft, or even a individual stable draft which gets codepoints from Expert Review. The approach is to be decided by the IPSECME WG. ] NIST recently standardized ML-KEM, a new key encapsulation mechanism, which can be used for quantum-resistant key establishment. This draft specifies how to use ML-KEM as an additionall key exchange mechanism in IKEv2 along with traditional (Elliptic Curve) Diffie- Hellman. This hybrid approach allows for negotiating IKE and Child SA keys which are safe against cryptanalytically-relevant quantum computers and theoretical weaknesses in ML-KEM as it is relatively new. The IETF Secretariat _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
