Dear all, I have updated KEM based Authentication for the IKEv2 to version 01. Here are the two changes made, as a response to comments received at 122 meeting:
- More details about how each side does for running KEM authentication in Section 5.1. - Added Section 5.2 for KEM authentication with preshared public key. Dear chairs, Will appreciate if a time slot could be assigned for me to present this draft at Madrid. All comments are welcome! Cheers, Guilin -----Original Message----- From: [email protected] <[email protected]> Sent: Tuesday, 8 July 2025 6:16 am To: Wang Guilin <[email protected]>; Wang Guilin <[email protected]> Subject: New Version Notification for draft-wang-ipsecme-kem-auth-ikev2-01.txt A new version of Internet-Draft draft-wang-ipsecme-kem-auth-ikev2-01.txt has been successfully submitted by Guilin Wang and posted to the IETF repository. Name: draft-wang-ipsecme-kem-auth-ikev2 Revision: 01 Title: KEM based Authentication for the IKEv2 with Post-quantum Security Date: 2025-07-07 Group: Individual Submission Pages: 16 URL: https://www.ietf.org/archive/id/draft-wang-ipsecme-kem-auth-ikev2-01.txt Status: https://datatracker.ietf.org/doc/draft-wang-ipsecme-kem-auth-ikev2/ HTML: https://www.ietf.org/archive/id/draft-wang-ipsecme-kem-auth-ikev2-01.html HTMLized: https://datatracker.ietf.org/doc/html/draft-wang-ipsecme-kem-auth-ikev2 Diff: https://author-tools.ietf.org/iddiff?url2=draft-wang-ipsecme-kem-auth-ikev2-01 Abstract: This draft specifies a new authentication mechanism, called KEM based authentication, for the Internet Key Exchange Protocol Version 2 (IKEv2) [RFC7296]. This is motivated by the fact that ML-KEM is much more efficient that ML-DSA, which are the post-quantum algoirhtms for mitigating the pontential security threats again quantum computers. The KEM based authenticationth for the IKV2 is achieved via introduing a new value of the IKEv2 Authentication Method registry mantained by IANA. For using the new authentication method, two peers MUST send the SUPPORTED_AUTH_METHODS Notify, defined by [RFC9593],to negotiate the supported KEM algorithms. After that, the correponding KEM certificates and cipthertext are exchanged via the INTERMEDIATE Exchange. Finally,the IKE messages are authenticated via the shared secret encapsulated between the two peers. This documents also specifies the instantiation with ML-KEM for this new general authenticaiton method for the IKEv2. [EDNOTE: Code points for KEM-based authentication may need to be assigned in the IKEv2 Authenticaion Method registry, maintained by IANA] The IETF Secretariat _______________________________________________ IPsec mailing list -- [email protected] To unsubscribe send an email to [email protected]
