Dear Leonie, Sorry for missing your email and reply now a little late. Thanks a lot for your comments.
As mentioned in the draft (last half of Section 1), our motivation is to describe concretely how the frame of hybrid KEMs for the IKEv2 specified in RFC 9370 can be run via hybriding the original ECDH and two PQ KEMs, i.e, ML-KEM and FrodoKEM. The diversity of KEMs is important for the IKEv2 (and also other security protocols), by taking the progress of cryptoanalysis on PQ algorithms (say Dr. Liyei Chen's recent work, https://eprint.iacr.org/2024/555, though a bug was found in the algorithm). Yes, I am happy to remove ML-KEM in this draft, if other experts also think that the combination of ECDH+ ML-KEM+FrodoKEM is not necessary to be described here. Best wishes, Guilin -----Original Message----- From: Bruckert, Leonie <[email protected]> Sent: Wednesday, 15 May 2024 6:10 pm To: Wang Guilin <[email protected]>; [email protected] Cc: Wang Guilin <[email protected]> Subject: AW: New Version Notification for draft-wang-hybrid-kem-ikev2-frodo-01.txt Dear Guilin, I really appreciate the intention to use FrodoKEM in IKEv2. However, I do not understand why the draft describes the combination of FrodoKEM and ML-KEM instead of just FrodoKEM. I think draft-kampanakis-ml-kem-ikev2 gives us all necessary information how to use ML-KEM in IKEv2. In my opinion, an analogue draft describing the use of FrodoKEM in IKEv2 including assignment of IDs would be very helpful. I do not see the need to describe combinations of KEMs. If we do this, we will soon have large number of drafts describing every possible combination of KEMs. Best regards, Leonie > -----Ursprüngliche Nachricht----- > Von: Wang Guilin <[email protected]> > Gesendet: Mittwoch, 8. Mai 2024 13:52 > An: [email protected] > Cc: Wang Guilin <[email protected]> > Betreff: [IPsec] FW: New Version Notification for > draft-wang-hybrid-kem- ikev2-frodo-01.txt > > Dear all, > > Here is my first draft for IETF. Your kind comments and suggestions > are welcome! > > Also, it will be great to know if anyone may be interested in working > together on this draft. > > Best wishes, > > Guilin > > -----Original Message----- > From: [email protected] <[email protected]> > Sent: Wednesday, 8 May 2024 7:45 pm > To: Wang Guilin <[email protected]>; Wang Guilin > <[email protected]> > Subject: New Version Notification for > draft-wang-hybrid-kem-ikev2-frodo- > 01.txt > > A new version of Internet-Draft > draft-wang-hybrid-kem-ikev2-frodo-01.txt > has been successfully submitted by Guilin Wang and posted to the IETF > repository. > > Name: draft-wang-hybrid-kem-ikev2-frodo > Revision: 01 > Title: Post-quantum Hybrid Key Exchange in the IKEv2 with ECDH, ML-KEM, > and FrodoKEM > Date: 2024-05-08 > Group: Individual Submission > Pages: 10 > URL: https://www.ietf.org/archive/id/draft-wang-hybrid-kem-ikev2- > frodo-01.txt > Status: https://datatracker.ietf.org/doc/draft-wang-hybrid-kem-ikev2- > frodo/ > HTML: https://www.ietf.org/archive/id/draft-wang-hybrid-kem-ikev2- > frodo-01.html > HTMLized: https://datatracker.ietf.org/doc/html/draft-wang-hybrid-kem- > ikev2-frodo > Diff: https://author-tools.ietf.org/iddiff?url2=draft-wang-hybrid-kem- > ikev2-frodo-01 > > Abstract: > > RFC 9370 specifies a framework that supports mulitple key > encapsulation mechanisms (KEMs) in the Internet Key Exchange Protocol > Version 2 (IKEv2) by allowing up to 7 layers of additiona KEMs > employed with the oringal ECDH to derive the final shared secret keys > for IPsec protocols. The primitive goal is to mitigate the security > threat against quantum computers by hybriding additional post-quantum > (PQ) KEMs with the orinigal ECDH key exchange. This draft describes > concretely how two specific QP KEMs, namely, ML-KEM and FrodoKEM, can > be instantiated in the IKEv2 as the additional KEMs with the main > ECDH to achieve hybrid key agreement. > > [EDNOTE: IANA KE code points for FrodoKEM may need to be assigned, > when considering the code points for ML-KEM has been considered in > [I-D.D24]. ] > > > > The IETF Secretariat > > > _______________________________________________ > IPsec mailing list -- [email protected] > To unsubscribe send an email to [email protected] _______________________________________________ IPsec mailing list -- [email protected] To unsubscribe send an email to [email protected]
