My comment "this shouldn't block draft-ietf-ipsecme-ikev2-mlkem was aimed at the working group, and not to the draft authors.
That said, to the working group, what is blocking draft-ietf-ipsecme-ikev2-mlkem? The draft is needed, quite straight-forward, and there are interoperable implementations out there. What's stopping us? ________________________________ From: Valery Smyslov <[email protected]> Sent: Wednesday, July 30, 2025 3:54 AM To: Scott Fluhrer (sfluhrer) <[email protected]>; 'ipsec' <[email protected]> Subject: RE: [IPsec] draft-smyslov-ipsecme-ikev2-downgrade-prevention Hi Scott, thank you for this review. * It would appear to me that draft-ietf-ipsecme-ikev2-mlkem is being blocked because of this. If my perception is correct, I don't see the reason behind this; this attack would be possible without any PQ algorithm at all (e.g. The policy states that group 19 is preferred, but group 1 is allowed), and there is nothing that draft-ietf-ipsecme-ikev2-mlkem could do to address this attack in the first place. By no meant this draft should block draft-ietf-ipsecme-ikev2-mlkem.
_______________________________________________ IPsec mailing list -- [email protected] To unsubscribe send an email to [email protected]
