Hi Guilin, Just a heads up that this draft may be vulnerable to the attack described here: https://datatracker.ietf.org/doc/draft-smyslov-ipsecme-ikev2-downgrade-prevention/
Note that the ML-KEM draft ( https://datatracker.ietf.org/doc/draft-ietf-ipsecme-ikev2-mlkem/) is vulnerable in exactly the same manner, so not something specific to your draft. Mitigations are being discussed here: https://github.com/csosto-pk/pq-mlkem-ikev2/issues/5 It might make sense to coordinate. Best, Chris P. On Tue, Jul 8, 2025 at 4:51 AM Wang Guilin <Wang.Guilin= [email protected]> wrote: > Dear all, > > Our draft "Post-quantum Hybrid Key Exchange in the IKEv2 with FrodoKEM" > has been updated to v01. Here are the two main changes made, as a response > to comments received at 122 meeting: > > * Restructured the draft. > * Reduced the point codes from 12 to 6 (eFrodoKEM). > > Also, we would like to ask group adoption, based on the mostly positive > discussions in mailing list, which were summarized on my presentation > slides at IETF 122 > https://datatracker.ietf.org/meeting/122/materials/slides-122-ipsecme-post-quantum-hybrid-key-exchange-in-the-ikev2-with-frodokem-00 > > The original discussion are also available at > https://mailarchive.ietf.org/arch/search/?q=Frodo&f_list=ipsec > > Dear chairs, > > We will appreciate if a time slot could be assigned for us to present this > draft at Mardid. > > Thanks, > > Guilin (On behalf of Leonie and Valery as well) > > -----Original Message----- > From: [email protected] <[email protected]> > Sent: Monday, 7 July 2025 7:13 pm > To: Wang Guilin <[email protected]>; Wang Guilin < > [email protected]>; Leonie Bruckert <[email protected]>; > Leonie Bruckert <[email protected]>; Valery Smyslov < > [email protected]> > Subject: New Version Notification for > draft-wang-ipsecme-hybrid-kem-ikev2-frodo-01.txt > > A new version of Internet-Draft > draft-wang-ipsecme-hybrid-kem-ikev2-frodo-01.txt has been successfully > submitted by Guilin Wang and posted to the IETF repository. > > Name: draft-wang-ipsecme-hybrid-kem-ikev2-frodo > Revision: 01 > Title: Post-quantum Hybrid Key Exchange in the IKEv2 with FrodoKEM > Date: 2025-07-07 > Group: Individual Submission > Pages: 12 > URL: > https://www.ietf.org/archive/id/draft-wang-ipsecme-hybrid-kem-ikev2-frodo-01.txt > Status: > https://datatracker.ietf.org/doc/draft-wang-ipsecme-hybrid-kem-ikev2-frodo/ > HTML: > https://www.ietf.org/archive/id/draft-wang-ipsecme-hybrid-kem-ikev2-frodo-01.html > HTMLized: > https://datatracker.ietf.org/doc/html/draft-wang-ipsecme-hybrid-kem-ikev2-frodo > Diff: > https://author-tools.ietf.org/iddiff?url2=draft-wang-ipsecme-hybrid-kem-ikev2-frodo-01 > > Abstract: > > Multiple key exchanges in the Internet Key Exchange Protocol Version > 2 (IKEv2) [RFC9370] specifies a framework that supports multiple key > encapsulation mechanisms (KEMs) in the Internet Key Exchange Protocol > Version 2 (IKEv2) by allowing up to 7 layers of additional KEMs to > derive the final shared secret keys for IPsec protocols. The primary > goal is to mitigate the "harvest now and decrypt later" threat posed > by cryptanalytically relevant quantum computers (CRQC). For this > purpose, usually one or more post-quantum KEMs are performed in > addition to the traditional (EC)DH key exchange. This draft > specifies how the post-quantum KEM FrodoKEM is instantiated in the > IKEv2 as an additional key exchange mechanism. > > [EDNOTE: IANA KE code points for FrodoKEM may need to be assigned, as > the code points for ML-KEM has been considered in [I-D.KR24]. ] > > > > The IETF Secretariat > > > _______________________________________________ > IPsec mailing list -- [email protected] > To unsubscribe send an email to [email protected] >
_______________________________________________ IPsec mailing list -- [email protected] To unsubscribe send an email to [email protected]
