By "mandating use of PPK" I meant in RFC8784 PPK is already a negotiated option, but in order to prevent attacker remove the USE_PPK notification, both sides need to have policy to mandate PPK must be used. Of course, we can't assume all implementations support PPK, but it is same we can't assume all implementations will support new protocol changes this draft introduces specifically the changes in the draft is not trivial; at least RFC8784 has been out for a while, and I know quite some ipsec implementations already supported it. I think if the WG adopt this draft, there should be texts in the draft mentioning all these mitigations beside protocol changes.
From: Christopher Patton <[email protected]> Sent: Thursday, July 31, 2025 6:08 AM To: Blumenthal, Uri - 0553 - MITLL <[email protected]> Cc: Jun Hu (Nokia) <[email protected]>; Michael Richardson <[email protected]>; Valery Smyslov <[email protected]>; Scott Fluhrer <[email protected]>; ipsec <[email protected]> Subject: Re: [EXT] [IPsec] Re: draft-smyslov-ipsecme-ikev2-downgrade-prevention CAUTION: This is an external email. Please be very careful when clicking links or opening attachments. See the URL nok.it/ext for additional information. Hi Uri and Jun, I agree - mandating use of PPK may not work. However, suggesting use of PPK, i.e., as a (negotiable?) option would be a very good thing: those who have the ability to employ it, and want better security - would opt in. While those who don't care or for various reasons cannot manage the distribution - could opt out. This sounds like a good idea to me! https://github.com/smyslov/ikev2-downgrade-prevention/issues/5 Chris P.
_______________________________________________ IPsec mailing list -- [email protected] To unsubscribe send an email to [email protected]
