I’ve already pulled in the changes into draft-reddy-ipsecme-ikev2-pqc-auth (at least, the one in github – that update will be published Real Soon Now).
Except, one of my coauthors preferred the RFC8420 approach and no one else (including me) had an opinion, so that’s what we’ll be doing for now… From: Daniel Van Geest <[email protected]> Sent: Monday, February 10, 2025 11:09 AM To: Scott Fluhrer (sfluhrer) <[email protected]>; [email protected] Subject: Re: [IPsec] FW: New Version Notification for draft-sfluhrer-ipsecme-ikev2-mldsa-00.txt I support this work, but there is already a draft specifying both ML-DSA and SLH-DSA in IKEv2: https://datatracker.ietf.org/doc/draft-reddy-ipsecme-ikev2-pqc-auth/ Scott, as you're an author on both you'll have no problem reconciling the two drafts :) Regards, Daniel On 2025-01-31 7:40 p.m., Scott Fluhrer (sfluhrer) wrote: I just noticed that IKE was missing a draft to how to support pure (ML-DSA only) PQ authentication, so I threw this together. Any comments are fine (and I expect them to range from "this is completely stupid" to "this is mostly stupid, but it might be salvageable") -----Original Message----- From: [email protected]<mailto:[email protected]> <[email protected]><mailto:[email protected]> Sent: Friday, January 31, 2025 2:01 PM To: Scott Fluhrer (sfluhrer) <[email protected]><mailto:[email protected]> Subject: New Version Notification for draft-sfluhrer-ipsecme-ikev2-mldsa-00.txt A new version of Internet-Draft draft-sfluhrer-ipsecme-ikev2-mldsa-00.txt has been successfully submitted by Scott Fluhrer and posted to the IETF repository. Name: draft-sfluhrer-ipsecme-ikev2-mldsa Revision: 00 Title: IKEv2 Support of ML-DSA Date: 2025-01-31 Group: Individual Submission Pages: 8 URL: https://www.ietf.org/archive/id/draft-sfluhrer-ipsecme-ikev2-mldsa-00.txt Status: https://datatracker.ietf.org/doc/draft-sfluhrer-ipsecme-ikev2-mldsa/ HTML: https://www.ietf.org/archive/id/draft-sfluhrer-ipsecme-ikev2-mldsa-00.html HTMLized: https://datatracker.ietf.org/doc/html/draft-sfluhrer-ipsecme-ikev2-mldsa Abstract: One IPsec area that would be impacted by Cryptographically Relevant Quantum Computer (CRQC) is IKEv2 authentication based on traditional asymmetric cryptograph algorithms: e.g RSA, ECDSA; which are widely deployed authentication options of IKEv2. NIST has recently standardized ML-DSA, which is a signature algorithm believed to be secure against Quantum Computers. This document describes how to use ML-DSA with IKEv2 as an auhentication scheme. The IETF Secretariat _______________________________________________ IPsec mailing list -- [email protected]<mailto:[email protected]> To unsubscribe send an email to [email protected]<mailto:[email protected]>
_______________________________________________ IPsec mailing list -- [email protected] To unsubscribe send an email to [email protected]
