Or maybe downgrade attack due to key-compromise? Downgrade attack is easy to understand. Also, it highlights the consequence. Impersonation attack also highlights the consequence but not so exact, as impersonation attack more likes an intermediate result, not the final result.
Key-compromise highlights the reason or the assumption of the attack. Guilin 发件人:Christopher Patton <[email protected]<mailto:[email protected]>> 收件人:Michael Richardson <[email protected]<mailto:[email protected]>> 抄 送:Kampanakis, Panos <[email protected]<mailto:[email protected]>>;ipsec <[email protected]<mailto:[email protected]>> 时 间:2025-07-31 01:49:04 主 题:[IPsec] Re: draft-ietf-ipsecme-ikev2-mlkem downgrade text (was Re: draft-smyslov-ipsecme-ikev2-downgrade-prevention) Hi Michael, just one clarification (though I don't think it changes your analysis very much): I understand calling this a downgrade attack, but I think it deserves a more specific name. Given existence of a CRQC, then it's effectively the same as at least one end point revealing their private key. You're thinking of the key-compromise impersonation attack. There is also the identity misbinding attack, which doesn't require either end point to reveal their key. (Imagine each endpoint is using ML-DSA for signing.). See [1] for details. Best, Chris P. [1] https://datatracker.ietf.org/doc/html/draft-smyslov-ipsecme-ikev2-downgrade-prevention-01#section-4-7
_______________________________________________ IPsec mailing list -- [email protected] To unsubscribe send an email to [email protected]
