[IPsec] Re: FW: New Version Notification for draft-wang-ipsecme-hybrid-kem-ikev2-frodo-01.txt

[Wang Guilin]

Hi, Chris,

Yes, the downgrading issue is very relevant. Thanks for your message and the 
detailed links.

Happy to think more and coordinate with you and other experts here. It is very 
halpful for reading discussions on this IKEv2 general issue in the past two 
weeks.

Cheers,

Guilin
________________________________

Wang Guilin
Mobile: +65-86920345
Mail: wang.gui...@huawei.com

发件人：Christopher Patton <cpat...@cloudflare.com<mailto:cpat...@cloudflare.com>>
收件人：Wang Guilin 
<Wang.Guilin=40huawei....@dmarc.ietf.org<mailto:Wang.Guilin=40huawei....@dmarc.ietf.org>>
抄 送：ipsec <ipsec@ietf.org<mailto:ipsec@ietf.org>>;ipsecme-chairs 
<ipsecme-cha...@ietf.org<mailto:ipsecme-cha...@ietf.org>>;Leonie.Bruckert 
<leonie.bruck...@secunet.com<mailto:leonie.bruck...@secunet.com>>;smyslov.ietf 
<smyslov.i...@gmail.com<mailto:smyslov.i...@gmail.com>>;Wang Guilin 
<wang.gui...@huawei.com<mailto:wang.gui...@huawei.com>>
时 间：2025-07-10 04:31:47
主 题：Re: [IPsec] FW: New Version Notification for 
draft-wang-ipsecme-hybrid-kem-ikev2-frodo-01.txt

Hi Guilin,

Just a heads up that this draft may be vulnerable to the attack described here:
https://datatracker.ietf.org/doc/draft-smyslov-ipsecme-ikev2-downgrade-prevention/

Note that the ML-KEM draft 
(https://datatracker.ietf.org/doc/draft-ietf-ipsecme-ikev2-mlkem/) is 
vulnerable in exactly the same manner, so not something specific to your draft.

Mitigations are being discussed here:
https://github.com/csosto-pk/pq-mlkem-ikev2/issues/5

It might make sense to coordinate.

Best,
Chris P.

On Tue, Jul 8, 2025 at 4:51 AM Wang Guilin 
<Wang.Guilin=40huawei....@dmarc.ietf.org<mailto:40huawei....@dmarc.ietf.org>> 
wrote:
Dear all,

Our draft "Post-quantum Hybrid Key Exchange in the IKEv2 with FrodoKEM" has 
been updated to v01. Here are the two main changes made, as a response to 
comments received at 122 meeting:

   *  Restructured the draft.
   *  Reduced the point codes from 12 to 6 (eFrodoKEM).

Also, we would like to ask group adoption, based on the mostly positive 
discussions in mailing list, which were summarized on my presentation slides at 
IETF 122 
https://datatracker.ietf.org/meeting/122/materials/slides-122-ipsecme-post-quantum-hybrid-key-exchange-in-the-ikev2-with-frodokem-00

The original discussion are also available at 
https://mailarchive.ietf.org/arch/search/?q=Frodo&f_list=ipsec

Dear chairs,

We will appreciate if a time slot could be assigned for us to present this 
draft at Mardid.

Thanks,

Guilin (On behalf of Leonie and Valery as well)

-----Original Message-----
From: internet-dra...@ietf.org<mailto:internet-dra...@ietf.org> 
<internet-dra...@ietf.org<mailto:internet-dra...@ietf.org>>
Sent: Monday, 7 July 2025 7:13 pm
To: Wang Guilin <wang.gui...@huawei.com<mailto:wang.gui...@huawei.com>>; Wang 
Guilin <wang.gui...@huawei.com<mailto:wang.gui...@huawei.com>>; Leonie Bruckert 
<leonie.bruck...@secunet.com<mailto:leonie.bruck...@secunet.com>>; Leonie 
Bruckert <leonie.bruck...@secunet.com<mailto:leonie.bruck...@secunet.com>>; 
Valery Smyslov <smyslov.i...@gmail.com<mailto:smyslov.i...@gmail.com>>
Subject: New Version Notification for 
draft-wang-ipsecme-hybrid-kem-ikev2-frodo-01.txt

A new version of Internet-Draft
draft-wang-ipsecme-hybrid-kem-ikev2-frodo-01.txt has been successfully 
submitted by Guilin Wang and posted to the IETF repository.

Name:     draft-wang-ipsecme-hybrid-kem-ikev2-frodo
Revision: 01
Title:    Post-quantum Hybrid Key Exchange in the IKEv2 with FrodoKEM
Date:     2025-07-07
Group:    Individual Submission
Pages:    12
URL:      
https://www.ietf.org/archive/id/draft-wang-ipsecme-hybrid-kem-ikev2-frodo-01.txt
Status:   
https://datatracker.ietf.org/doc/draft-wang-ipsecme-hybrid-kem-ikev2-frodo/
HTML:     
https://www.ietf.org/archive/id/draft-wang-ipsecme-hybrid-kem-ikev2-frodo-01.html
HTMLized: 
https://datatracker.ietf.org/doc/html/draft-wang-ipsecme-hybrid-kem-ikev2-frodo
Diff:     
https://author-tools.ietf.org/iddiff?url2=draft-wang-ipsecme-hybrid-kem-ikev2-frodo-01

Abstract:

   Multiple key exchanges in the Internet Key Exchange Protocol Version
   2 (IKEv2) [RFC9370] specifies a framework that supports multiple key
   encapsulation mechanisms (KEMs) in the Internet Key Exchange Protocol
   Version 2 (IKEv2) by allowing up to 7 layers of additional KEMs to
   derive the final shared secret keys for IPsec protocols.  The primary
   goal is to mitigate the "harvest now and decrypt later" threat posed
   by cryptanalytically relevant quantum computers (CRQC).  For this
   purpose, usually one or more post-quantum KEMs are performed in
   addition to the traditional (EC)DH key exchange.  This draft
   specifies how the post-quantum KEM FrodoKEM is instantiated in the
   IKEv2 as an additional key exchange mechanism.

   [EDNOTE: IANA KE code points for FrodoKEM may need to be assigned, as
   the code points for ML-KEM has been considered in [I-D.KR24]. ]



The IETF Secretariat


_______________________________________________
IPsec mailing list -- ipsec@ietf.org<mailto:ipsec@ietf.org>
To unsubscribe send an email to 
ipsec-le...@ietf.org<mailto:ipsec-le...@ietf.org>

_______________________________________________
IPsec mailing list -- ipsec@ietf.org
To unsubscribe send an email to ipsec-le...@ietf.org